- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-22-2024 02:11 AM
Hi all,
I have a question about how to use Databricks CLI on my local environment as a service principal?
I have installed Databricks CLI and configured the file `.databrickscfg` as shown below.
[DEFAULT]
host = https://adb-123123123.1.azuredatabricks.net
auth_type = databricks-cli
[devsp]
host = https://adb-123123123.1.azuredatabricks.net
azure_tenant_id = <my-azure-tenant-id>
azure_client_id = <my-ms-entra-id-service-principal-client-id>
azure_client_secret = <my-ms-entra-id-service-principal-client-secret>
I use Microsoft Entra ID service principal and added the service principal to the Databricks workspace.
However, when I run the command `databricks current-user me -p devsp`, I still see my personal user information. When I run the command `databricks tokens create -p devsp`, I still create a PAT for my personal user.
Any help will be appreciated!
Regards,
Albert
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-22-2024 08:45 AM
got you.
I found a working solution. Try this one:
[devsp]
azure_workspace_resource_id = /subscriptions/bc0cd1..././.../Databricks/workspaces/my-workspace
azure_tenant_id = bc0cd1...
azure_client_id = fa0cd1...
azure_client_secret = aBC1D~...
worked for me:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-22-2024 03:34 AM
I assume, you want to connect for account-level operation, then the configuration in your .databrickscfg file looks like this:
[<some-unique-configuration-profile-name>]
host = <account-console-url>
account_id = <account-id>
client_id = <service-principal-client-id>
client_secret = <service-principal-oauth-secret>
For workspace-level commands, set the following values in your .databrickscfg file:
[<some-unique-configuration-profile-name>]
host = <workspace-url>
client_id = <service-principal-client-id>
client_secret = <service-principal-oauth-secret>
See also: https://learn.microsoft.com/en-us/azure/databricks/dev-tools/cli/authentication
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-22-2024 03:46 AM
Thank you for your reply. However, I refer to this Authentication for the Databricks CLI - Azure Databricks | Microsoft Learn - Microsoft Entra ID serv.... This is for authentication using Microsoft Entra ID's client id and secret.
The one you mentioned is Authentication for the Databricks CLI - Azure Databricks | Microsoft Learn - OAuth machine-to-machin... As I understand, this is for authentication using Databricks Service Principal client id and secret.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-22-2024 08:45 AM
got you.
I found a working solution. Try this one:
[devsp]
azure_workspace_resource_id = /subscriptions/bc0cd1..././.../Databricks/workspaces/my-workspace
azure_tenant_id = bc0cd1...
azure_client_id = fa0cd1...
azure_client_secret = aBC1D~...
worked for me:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-22-2024 12:32 PM
Thank you, Stefan-Koch. Your solution works.
Interesting, the document mentions:
I thought the targe identity indicates the service principal, and I have added the service principal to the databricks workspace. However, either my understanding is wrong, or the document is incorrect.