Reputation: 31
Authorizing Databricks CLI with SPN based Azure AD Token in ADO YML Pipeline throwing Error: Authorization Failed
I have created one yml pipeline in ADO to deploy the ADB notebooks. It's working perfectly fine with PAT based authentication but I need to use the AAD Token based authentication. I created one service principal. Granted API permissions to AzureDatabricks. Added the SPN as Contributor in ADB resource. SPN cannot be added into the databricks workspace.
Pipeline is throwing error Error: Authorization failed. Your token may be expired or lack the valid scope.
I was trying to authenticate the databricks cli with Azure AD based token but getting authorization failed error. Able to generate the AAD Token but it's throwing error Your token may be expired or lack the valid scope.
Upvotes: 3
Views: 4706
Answers (1)
Reputation: 8120
You can add a service principal to a Databricks workspace (this link is to use the SCIM API but you can also use the UI if you have account level access.) - in fact you must for its AAD token to have permissions to use the Databricks APIs.
EDIT: Link to tutorial using Terraform to set up SP in Databricks and give it permissions to run a job.
Upvotes: 1
Related Questions
- Error 403 User not authorized when trying to access Azure Databricks API through Active Directory
- Create Azure Key Vault backed secret scope in Databricks with AAD Token
- How to setup Databricks job using credentials passthrough on Azure
- Using DataBricks API 2.0 with Tokens
- Generate Azure Databricks Token using Powershell script
- Databricks Repo with Azure DevOps - 400 Bad Request when trying to add repo
- Grant Access to Azure Databricks using Azure Devops
- Call Databricks API from DevOps Pipeline using Service principal
- How to store Databricks token created from CLI in Yaml Bash step
- Azure pipeline issue running databricks workspace import_dir