Databricks Community

pantelis_mare · ‎11-22-2021

Hello community!

I would like to update a repo from within my Azure DevOps release pipeline.

In the pipeline I generate a token using a AAD Service Principal as recommended, and I setup the databricks api using that token.

When I pass the databricks repos update command, I receive an authenitcation error, which is expected and the service principal has not git configured on the workspace side.

My question is:

Can I configure the repos for the SPN programmatically?

Or, is there a way to provide an Azure Devops token when I make the databricks api call? I have tried passing a token by setting the git AZURE_DEVOPS_EXT_PAT but it doesn't seem to work.

Thank you in advance!

Srihasa_Akepati · ‎11-29-2021

@Pantelis Maroudis I would like to comment on the Azure SP supportability feature - Updating a databricks repo using Repos API to authenticate using Azure Service Principal AAD is not supported yet. Active work is in progress, We can expect it by Jan 2022.

View solution in original post

jose_gonzalez · ‎11-29-2021

Hi @Pantelis Maroudis ,

Let me reach out to the SME group to get help on your question.

Srihasa_Akepati · ‎11-29-2021

@Pantelis Maroudis I would like to comment on the Azure SP supportability feature - Updating a databricks repo using Repos API to authenticate using Azure Service Principal AAD is not supported yet. Active work is in progress, We can expect it by Jan 2022.

pantelis_mare · ‎12-09-2021

Thank you @Srihasa Reddy Akepati . Looking forward to it 🙂

JakeP · ‎03-14-2022

Hello, curious if any update on this? I too would like to use AAD token auth (as service principal) to call repos POST and PATCH from an Azure DevOps pipeline. Thanks!

pantelis_mare · ‎03-14-2022

Hello @Jake Panchyshyn

From my side I used a separate token generated from account for all steps in my pipeline that needed to use the repos api

JakeP · ‎03-14-2022

Thanks, though, could you elaborate as to what kind of token you generate as what account or identity? Are you authenticating as a user (rather than service principal) or ??

pantelis_mare · ‎04-08-2022

Sorry for the late reply @Jake Panchyshyn .

Yes, I use a token generated from my account to interact with the repos API in my pipeline. For the rest of the operations (eg job creation) I use the token generated by the service principal

Kirk1 · ‎03-24-2022

Is this supported now given that it is past the Jan 2022 date stated above? Because I have found that a SPN still can't authenticate via AAD.

venkad · ‎03-25-2022

Looking forward for this update

Ben_Templeton__ · ‎04-07-2022

@Srihasa Reddy Akepati Any update on this?

Srihasa_Akepati · ‎04-08-2022

@Ben Templeton Iam checking internally on the status of this feature. I will update the thread once i receive response.

Kirk1 · ‎04-08-2022

I got this response from Databricks on this topic: "The AAD support depends on Microsoft implementing token exchange for ADO. This is underway but we don't have a timeline for it."

Martin1337 · ‎05-09-2022

Has there been any updates here? Or any viable workaround?

FabriceDeseyn · ‎05-10-2022

The solution depends on accepting ServicePrincipal tokens credentials as authentication for ADO. There is mention of it on their roadmap (https://docs.microsoft.com/en-us/azure/devops/release-notes/features-timeline) but no timeline is defined yet.

As a workaround we use a user PAT for the time being.