cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Community Discussions
Connect with fellow community members to discuss general topics related to the Databricks platform, industry trends, and best practices. Share experiences, ask questions, and foster collaboration within the community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

run datarbicks worflow as service pricipal (managed identity) reads from azure dev ops repo Failed

jannemanson
New Contributor III

‎01-15-2024 05:47 AM - edited ‎01-15-2024 05:56 AM

Hello,

we are running a workflow as a service principal, that is a aad managed identity. This does result in the issue: run databricks workflow as service principal the reads from azure dev ops repo Failed to checkout Git repository: PERMISSION_DENIED: Encountered an error with your Azure Active Directory credentials. Please try logging out of Azure Active Directory (Azure Portal) and logging back in.

If I run the workflow as my own user role it works. The Managed Identity is set as a Contributor in the AzureDevOps repository and has the same rights, as my own user has. The only difference is, that it is a aad manged identity and my role is a aad user. 

3 REPLIES 3

Debayan
Esteemed Contributor III
Esteemed Contributor III

‎01-19-2024 10:10 PM

Hi, this issue has to be checked from the AAD end. Could you please check the credentials and confirm?

0 Kudos

IvanK
New Contributor II

‎04-09-2024 01:08 AM

@jannemansonDid you manage to solve this issue? If so, how? We are having the same problem

0 Kudos

m997al
Contributor

‎05-10-2024 05:45 PM

@Debayan I'm having the same issue.  I'm trying to run a Databricks workflow using an Azure service principal (not a Databricks service principal).  The Azure service principal shows up in Databricks (via SCIM provisioning) as a "user" in Databricks.

The documentation from Azure on allowing the Azure service principal to clone a git repo is confusing, especially in light of how the git settings in the task of the Databricks workflow are set up.  

I tried initially using a Databricks service principal, for which I could generate a client_id and a client_secret_id.  However, of course the Databricks service principal has no access at all to Azure DevOps (git repos).  So that didn't work.

It would be great if someone published an example of how to do this.  Azure service principal running Databricks workflows that clone Azure DevOps repos to run code. 

Thanks!

0 Kudos
Join 100K+ Data Experts: Register Now & Grow with Us!

Excited to expand your horizons with us? Click here to Register and begin your journey to success!

Already a member? Login and join your local regional user group! If there isn’t one near you, fill out this form and we’ll create one for you to join!

Announcements