cancel
Showing results for 
Search instead for 
Did you mean: 
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Showing results for 
Search instead for 
Did you mean: 

Configure Service Principle access to GiLab

drag7ter
New Contributor III

I'm facing an issue while trying to run my job in db and my notebooks located in Git Lab. When I run job under my personal user_Id it works fine, because I added Git Lab token to my user_Id profile and job able to pull branch from repository. But when I change run as and choose Service Principle id it fails with an error:

run failed with error message
Failed to access Git repository: PERMISSION_DENIED: Invalid Git provider credentials. Go to User Settings > Git Integration to ensure that:
1. You have entered a username with your Git provider credentials.
2. You have selected the correct Git provider with your credentials.
3. Your personal access token or app password has the correct repository access.
4. Your personal access token has not expired.
5. If you have single sign on enabled with your Git provider, be sure to authorize your token.

What has been done so far:

  1. Job was created under my personal user_Id, but run as Service Principle id. The location of notebooks - Git Lab repository branch
  2. In Git Lab I created PAT for my Git Lab personal ID git_lab_personal_user_Id
  3. Service Principle was created in db account console and has admin access and assigned to workspace where job was created (if notebooks located in workspace job runs)
  4. Under my personal db user_Id with (my PAT) I created a token for my Service Principle here token-management on-behalf-of tokens 
  5. Then I checked which git credentials my personal use_Id has in db git-credentials 

 

    "credentials": [
        {
            "credential_id": 434149623900468,
            "git_provider": "gitLabEnterpriseEdition",
            "git_username": "git_lab_personal_user_Id"
        }
    ]

6. Then with a help of PAT, generated in step (4) I created git credentials for my Service Principle POST git-credentials 

"personal_access_token": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",

"git_username": "git_lab_personal_user_Id",

"git_provider": "gitLabEnterpriseEdition"

 

Here "personal_access_token" I've send in create git credentials for service principle - is my PAT for my git_lab_personal_user_Id from Git Lab. I've just added it to Service principle for tests. 

And I thought it should work also with service principle as well as with my databricks personal user_Id in db.

Why I'm getting the error, which step I missed when I configured Service Principle to be able to pull from Git Lab repository?

Failed to access Git repository: PERMISSION_DENIED: Invalid Git provider credentials. Go to User Settings > Git Integration to ensure that:

I'm not able to Go to User Settings > Git Integration because I'm using Service Principle for Git lab and service principle doesn't have User Settings

1 REPLY 1

nicole_lu_PM
Databricks Employee
Databricks Employee

Hello from the Databricks Git PM:

We have a section in the documentation for setting up Git credentials for a SP. The important step is to use the OBO token for the SP when you call the git credential API. https://docs.databricks.com/en/repos/ci-cd-techniques-with-repos.html#use-a-service-principal-with-d...

 

Let me know if this helps!

Nicole

 

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group