Reputation: 8137
Azure PowerShell Az module: generate bearer token for Databricks
I need to generate token for Databricks usage (it will be used to generate Databricks token)
In Azure CLI az account get-access-token --resource '2ff814a6-3304-4ab8-85cb-cd0e6f879c1d' --out tsv --query '[accessToken]' worked perfectly well
I know that there's no alternative in Azure PowerShell Az module so I did research and found the following:
$context = Get-AzContext
$profile = [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile
$profileClient = New-Object -TypeName Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient -ArgumentList ($profile)
$token = $profileClient.AcquireAccessToken($context.Subscription.TenantId)
$token.AccessToken
It does work, but generated token has https://management.core.windows.net/ claim instead of 2ff814a6-3304-4ab8-85cb-cd0e6f879c1d required for Databricks
Any ideas how to run alternative to az account get-access-token --resource '2ff814a6-3304-4ab8-85cb-cd0e6f879c1d' in Azure PowerShell with Az module?
I have service principal with certificate auth protected by password and can't use az cli / python /etc, just Azure PowerShell Az module
Upvotes: 3
Views: 3102
Answers (2)
Reputation: 31
# ResourceId for Databricks
$resourceId="2ff814a6-3304-4ab8-85cb-cd0e6f879c1d"
# Get the Azure token
$tokenInfoFromAzure = Get-AzAccessToken -ResourceUrl $resourceId
Upvotes: 3
Reputation: 23151
If you want to call Azure Databricks REST API with Azure Powershell, please refer to the following script
$teantId
$subId="the id of the subscription which contains the databrick"
Connect-AzAccount -Subscription $subId -Tenant $teantId
$context= Get-AzContext
$resource="2ff814a6-3304-4ab8-85cb-cd0e6f879c1d"
$token = [Microsoft.Azure.Commands.Common.Authentication.AzureSession]::Instance.AuthenticationFactory.Authenticate($context.Account,
$context.Environment,
$context.Tenant.Id.ToString(),
$null, [Microsoft.Azure.Commands.Common.Authentication.ShowDialog]::Never, $null, $resource).AccessToken
$groupName="the databrick resource group name"
$workSpaceName="the databrick workspace name"
$headers=@{
"Authorization"= "Bearer " + $token;
"X-Databricks-Azure-Workspace-Resource-Id" = "/subscriptions/$($subId)/resourceGroups/$($groupName)/providers/Microsoft.Databricks/workspaces/$($workSpaceName)"
}
$databricksInstance="" # such as adb-976301816870846.6.azuredatabricks.net
$url="https://$($databricksInstance)/api/2.0/clusters/list"
$result=Invoke-RestMethod -Method Get -Uri $url -Headers $headers -ContentType "application/json" -UseBasicParsing
$result| ConvertTo-Json
For more details about how to call Azure Databricks REST API, please refer to the document
Upvotes: 4
Related Questions
- How to provide a SAS token to Azure CLI within PowerShell
- Databricks API 2.0 - create secret scope in powershell using service principal credentials
- How to generate bearer token via azure data factory
- Create SAS token for Azure Data Lake directory in Powershell
- How to create Azure Container SAS Token signed with Account key with PowerShell?
- Generate Azure Databricks Token using Powershell script
- New-AzADAppCredential Generate Client Secret
- Create Azure Databricks Token using ARM template
- How to create first Azure Databrics token programmatically (powershell)
- Can't create a Databricks from a powershell script