cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Azure IMDS is not accesbile selecting shared compute policy

sharukh_lodhi
New Contributor III

‎08-19-2024 01:58 AM - edited ‎08-19-2024 01:59 AM

Hi, Databricks community,
I recently encountered an issue while using the 'azure.identity' Python library on a cluster set to the personal compute policy in Databricks. In this case, Databricks successfully returns the Azure Databricks managed user identity. However, when I change the cluster policy to shared compute, this functionality stops working.

Here's the code I've been using:

 

from azure.identity import DefaultAzureCredential
credential = DefaultAzureCredential()

 

Please note that I've also attached a screenshot of the error that occurs only when selecting the shared compute cluster policy.

image.png

0 Kudos
4 REPLIES 4

tyler-xorbix
New Contributor III

‎08-19-2024 11:22 AM

This appears to be a long-standing issue with Azure and Databricks. I found this stack overflow post from a few months back discussing the same issue with no outcome. ManagedIdentityCredential in Shared Compute - Databricks - Stack Overflow. I suspect it is either a glitch or a security override since a shared cluster can be used by multiple users. Hopefully someone from Databricks end can look into this issue further.

Retired_mod
Esteemed Contributor III

‎08-20-2024 05:05 AM

Hi @sharukh_lodhi and @tyler-xorbix, From the error it looks like azure.identity library is trying to connect to the azure IMDS endpoint which is (169.254.169.254) Ip address endpoint and this looks to be a known limitation with shared access mode which is mentioned below document:
https://learn.microsoft.com/en-us/azure/databricks/compute/access-mode-limitations#network-and-file-....

Retired_mod
Esteemed Contributor III

‎08-21-2024 01:56 AM

Hi @sharukh_lodhi,Thanks for reaching out! Please review the responses and let us know which best addresses your question. Your feedback is valuable to us and the community. If the response resolves your issue, kindly mark it as the accepted solution. This will help close the thread and assist others with similar queries. We appreciate your participation and are here if you need further assistance!

0 Kudos

daisy08
New Contributor II

‎12-02-2024 07:02 AM

I'm having a similar problem, my aim is from an Azure DataBricks notebook to invoke an AzureDataDactory pipeline I created an Access Connector for Azure Databricks to which I gave Data Factory Contributor permissions. Using these lines python

from azure.identity import ManagedIdentityCredential

credential = ManagedIdentityCredential(client_id="63d0a80e-de48-4dfe-b4ce-a1b2cb90d494")
credential.get_token("https://management.azure.com/.default")

#client_id value is yhe object id of Access Connector for Azure Databricks

I'have error 

WARNING:azure.identity._internal.msal_managed_identity_client:ImdsCredential.get_token failed: ManagedIdentityCredential authentication unavailable, no response from the IMDS endpoint. invalid_request
WARNING:azure.identity._internal.decorators:ManagedIdentityCredential.get_token failed: ManagedIdentityCredential authentication unavailable, no response from the IMDS endpoint. invalid_request

any suggestion?

0 Kudos

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local community—sign up today to get started!

Sign Up Now
Announcements
Top