Databricks

jannemanson · ‎01-15-2024

Hello,

we are running a workflow as a service principal, that is a aad managed identity. This does result in the issue: run databricks workflow as service principal the reads from azure dev ops repo Failed to checkout Git repository: PERMISSION_DENIED: Encountered an error with your Azure Active Directory credentials. Please try logging out of Azure Active Directory (Azure Portal) and logging back in.

If I run the workflow as my own user role it works. The Managed Identity is set as a Contributor in the AzureDevOps repository and has the same rights, as my own user has. The only difference is, that it is a aad manged identity and my role is a aad user.

Debayan · ‎01-19-2024

Hi, this issue has to be checked from the AAD end. Could you please check the credentials and confirm?

IvanK · ‎04-09-2024

@jannemansonDid you manage to solve this issue? If so, how? We are having the same problem

m997al · a week ago

@Debayan I'm having the same issue. I'm trying to run a Databricks workflow using an Azure service principal (not a Databricks service principal). The Azure service principal shows up in Databricks (via SCIM provisioning) as a "user" in Databricks.

The documentation from Azure on allowing the Azure service principal to clone a git repo is confusing, especially in light of how the git settings in the task of the Databricks workflow are set up.

I tried initially using a Databricks service principal, for which I could generate a client_id and a client_secret_id. However, of course the Databricks service principal has no access at all to Azure DevOps (git repos). So that didn't work.

It would be great if someone published an example of how to do this. Azure service principal running Databricks workflows that clone Azure DevOps repos to run code.

Thanks!