cancel
Showing results for 
Search instead for 
Did you mean: 
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Showing results for 
Search instead for 
Did you mean: 

How to use Databricks CLI as a service principal?

AlbertWang
Contributor III

Hi all,

I have a question about how to use Databricks CLI on my local environment as a service principal?

I have installed Databricks CLI and configured the file `.databrickscfg` as shown below.

 

[DEFAULT]
host      = https://adb-123123123.1.azuredatabricks.net
auth_type = databricks-cli

[devsp]
host                = https://adb-123123123.1.azuredatabricks.net
azure_tenant_id     = <my-azure-tenant-id>
azure_client_id     = <my-ms-entra-id-service-principal-client-id>
azure_client_secret = <my-ms-entra-id-service-principal-client-secret>

 

I use Microsoft Entra ID service principal and added the service principal to the Databricks workspace.

However, when I run the command `databricks current-user me -p devsp`, I still see my personal user information. When I run the command `databricks tokens create -p devsp`, I still create a PAT for my personal user.

Any help will be appreciated!

Regards,

Albert

 

1 ACCEPTED SOLUTION

Accepted Solutions

Stefan-Koch
Contributor III

got you.

I found a working solution. Try this one:

[devsp]
azure_workspace_resource_id = /subscriptions/bc0cd1..././.../Databricks/workspaces/my-workspace
azure_tenant_id             = bc0cd1...
azure_client_id             = fa0cd1...
azure_client_secret         = aBC1D~...

worked for me: 

cli.png

View solution in original post

4 REPLIES 4

Stefan-Koch
Contributor III

I assume, you want to connect for account-level operation, then the configuration in your .databrickscfg file looks like this:

 

[<some-unique-configuration-profile-name>]
host          = <account-console-url>
account_id    = <account-id>
client_id     = <service-principal-client-id>
client_secret = <service-principal-oauth-secret>

 

 For workspace-level commands, set the following values in your .databrickscfg file:

 

[<some-unique-configuration-profile-name>]
host          = <workspace-url>
client_id     = <service-principal-client-id>
client_secret = <service-principal-oauth-secret>

 

See also: https://learn.microsoft.com/en-us/azure/databricks/dev-tools/cli/authentication 

Thank you for your reply. However, I refer to this Authentication for the Databricks CLI - Azure Databricks | Microsoft Learn - Microsoft Entra ID serv.... This is for authentication using Microsoft Entra ID's client id and secret.

AlbertWang_0-1729593900588.png

The one you mentioned is Authentication for the Databricks CLI - Azure Databricks | Microsoft Learn - OAuth machine-to-machin... As I understand, this is for authentication using Databricks Service Principal client id and secret.

AlbertWang_1-1729593950045.png

 

Stefan-Koch
Contributor III

got you.

I found a working solution. Try this one:

[devsp]
azure_workspace_resource_id = /subscriptions/bc0cd1..././.../Databricks/workspaces/my-workspace
azure_tenant_id             = bc0cd1...
azure_client_id             = fa0cd1...
azure_client_secret         = aBC1D~...

worked for me: 

cli.png

Thank you, Stefan-Koch. Your solution works.

Interesting, the document mentions:

AlbertWang_0-1729625428812.png

I thought the targe identity indicates the service principal, and I have added the service principal to the databricks workspace. However, either my understanding is wrong, or the document is incorrect.

 

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group