10-22-2024 02:11 AM
Hi all,
I have a question about how to use Databricks CLI on my local environment as a service principal?
I have installed Databricks CLI and configured the file `.databrickscfg` as shown below.
[DEFAULT]
host = https://adb-123123123.1.azuredatabricks.net
auth_type = databricks-cli
[devsp]
host = https://adb-123123123.1.azuredatabricks.net
azure_tenant_id = <my-azure-tenant-id>
azure_client_id = <my-ms-entra-id-service-principal-client-id>
azure_client_secret = <my-ms-entra-id-service-principal-client-secret>
I use Microsoft Entra ID service principal and added the service principal to the Databricks workspace.
However, when I run the command `databricks current-user me -p devsp`, I still see my personal user information. When I run the command `databricks tokens create -p devsp`, I still create a PAT for my personal user.
Any help will be appreciated!
Regards,
Albert
10-22-2024 08:45 AM
got you.
I found a working solution. Try this one:
[devsp]
azure_workspace_resource_id = /subscriptions/bc0cd1..././.../Databricks/workspaces/my-workspace
azure_tenant_id = bc0cd1...
azure_client_id = fa0cd1...
azure_client_secret = aBC1D~...
worked for me:
10-22-2024 03:34 AM
I assume, you want to connect for account-level operation, then the configuration in your .databrickscfg file looks like this:
[<some-unique-configuration-profile-name>]
host = <account-console-url>
account_id = <account-id>
client_id = <service-principal-client-id>
client_secret = <service-principal-oauth-secret>
For workspace-level commands, set the following values in your .databrickscfg file:
[<some-unique-configuration-profile-name>]
host = <workspace-url>
client_id = <service-principal-client-id>
client_secret = <service-principal-oauth-secret>
See also: https://learn.microsoft.com/en-us/azure/databricks/dev-tools/cli/authentication
10-22-2024 03:46 AM
Thank you for your reply. However, I refer to this Authentication for the Databricks CLI - Azure Databricks | Microsoft Learn - Microsoft Entra ID serv.... This is for authentication using Microsoft Entra ID's client id and secret.
The one you mentioned is Authentication for the Databricks CLI - Azure Databricks | Microsoft Learn - OAuth machine-to-machin... As I understand, this is for authentication using Databricks Service Principal client id and secret.
10-22-2024 08:45 AM
got you.
I found a working solution. Try this one:
[devsp]
azure_workspace_resource_id = /subscriptions/bc0cd1..././.../Databricks/workspaces/my-workspace
azure_tenant_id = bc0cd1...
azure_client_id = fa0cd1...
azure_client_secret = aBC1D~...
worked for me:
10-22-2024 12:32 PM
Thank you, Stefan-Koch. Your solution works.
Interesting, the document mentions:
I thought the targe identity indicates the service principal, and I have added the service principal to the databricks workspace. However, either my understanding is wrong, or the document is incorrect.
Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.
If there isn’t a group near you, start one and help create a community that brings people together.
Request a New Group