Reputation: 147
Azure Databricks PAT token creation for Azure Service Principal Name
I could not add Azure AD Service Principal Name into Azure Databricks through portal but I was able to add my Service Principal with help of Databricks APIs Endpoints. How can I create PAT Token for my Service Principal Name.
Upvotes: 6
Views: 12920
Answers (3)
Reputation: 1
After adding service principal to databricks, you can use curl to create a databrick token/PAT for the service principal.
curl -X POST \
${DATABRICKS_HOST}/api/2.0/token-management/on-behalf-of/tokens \
--header "Content-type: application/json" \
--header "Authorization: Bearer ${DATABRICKS_TOKEN}" \
--data @create-service-principal-token.json \
| jq .
Upvotes: -1
Reputation: 306
You can use the service principal to create an Azure Active Directory Token and use that to authenticate into Databricks.
To create an AAD token
curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=client_credentials&client_id=<client-id>&resource=2ff814a6-3304-4ab8-85cb-cd0e6f879c1d&client_secret=<application-secret>' \
https://login.microsoftonline.com/<tenant-id>/oauth2/token
Replace <client-id> and <application-secret> with the application ID and secret of your service principal and <tenant-id> with your tenant ID.
The response will include the value of the access token
{
"access_token": "<token value>"
}
Since you have already added the service principal into the Databricks workspace, so now you can directly use the generated token to invoke the Databricks REST endpoints as the service principal:
curl -X GET \
-H 'Authorization: Bearer <token-value>' \
https://<databricks-instance>/api/2.0/clusters/list
You can also create additional tokens for the service principal using the Databricks Token API
curl -X POST -H 'Authorization: Bearer <token-value>' \
--data '{ "comment": "This is an example token", "lifetime_seconds": 7776000 }' \
https://<databricks-instance>/api/2.0/token/create
More details are available here.
Upvotes: 13
Reputation: 12768
Note: You add the Azure AD service principal to a workspace using the SCIM API.
Unfortunately, you cannot create Azure Databricks token programmatically.
You’ll use an Azure Databricks personal access token (PAT) to authenticate against the Databricks REST API. To create a PAT that can be used to make API requests:
- Go to your Azure Databricks workspace.
- Click the user icon in the top-right corner of the screen and click User Settings.
- Click Access Tokens > Generate New Token.
- Copy and save the token value.
Even for creating using APIs, initial authentication to this API is the same as for all of the Azure Databricks API endpoints: you must first authenticate as described in Authentication.
For more details, refer Tutorial: Run a job with an Azure service principal
Upvotes: 1
Related Questions
- Databricks API 2.0 - create secret scope in powershell using service principal credentials
- Using DataBricks API 2.0 with Tokens
- Databricks - How can we use a single common PAT Token access for multiple databricks Workspaces which is under the same admin databricks account
- Authorizing Databricks CLI with SPN based Azure AD Token in ADO YML Pipeline throwing Error: Authorization Failed
- How to create Azure databricks cluster using Service Principal
- Generate Azure Databricks Token using Powershell script
- Call Databricks API from DevOps Pipeline using Service principal
- Create Azure Databricks Token using ARM template
- How to create first Azure Databrics token programmatically (powershell)
- Azure Databricks accessing Azure Data Lake Storage Gen2 via Service principal