cancel
Showing results forย 
Search instead forย 
Did you mean:ย 
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Showing results forย 
Search instead forย 
Did you mean:ย 

Configure Service Principle access to GiLab

drag7ter
New Contributor III

I'm facing an issue while trying to run my job in db and my notebooks located in Git Lab. When I run job under my personal user_Id it works fine, because I added Git Lab token to my user_Id profile and job able to pull branch from repository. But when I change run as and choose Service Principle id it fails with an error:

run failed with error message
Failed to access Git repository: PERMISSION_DENIED: Invalid Git provider credentials. Go to User Settings > Git Integration to ensure that:
1. You have entered a username with your Git provider credentials.
2. You have selected the correct Git provider with your credentials.
3. Your personal access token or app password has the correct repository access.
4. Your personal access token has not expired.
5. If you have single sign on enabled with your Git provider, be sure to authorize your token.

What has been done so far:

  1. Job was created under my personal user_Id, but run as Service Principle id. The location of notebooks - Git Lab repository branch
  2. In Git Lab I created PAT for my Git Lab personal ID git_lab_personal_user_Id
  3. Service Principle was created in db account console and has admin access and assigned to workspace where job was created (if notebooks located in workspace job runs)
  4. Under my personal db user_Id with (my PAT) I created a token for my Service Principle here token-management on-behalf-of tokens 
  5. Then I checked which git credentials my personal use_Id has in db git-credentials 

 

    "credentials": [
        {
            "credential_id": 434149623900468,
            "git_provider": "gitLabEnterpriseEdition",
            "git_username": "git_lab_personal_user_Id"
        }
    ]

6. Then with a help of PAT, generated in step (4) I created git credentials for my Service Principle POST git-credentials 

"personal_access_token": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",

"git_username": "git_lab_personal_user_Id",

"git_provider": "gitLabEnterpriseEdition"

 

Here "personal_access_token" I've send in create git credentials for service principle - is my PAT for my git_lab_personal_user_Id from Git Lab. I've just added it to Service principle for tests. 

And I thought it should work also with service principle as well as with my databricks personal user_Id in db.

Why I'm getting the error, which step I missed when I configured Service Principle to be able to pull from Git Lab repository?

Failed to access Git repository: PERMISSION_DENIED: Invalid Git provider credentials. Go to User Settings > Git Integration to ensure that:

I'm not able to Go to User Settings > Git Integration because I'm using Service Principle for Git lab and service principle doesn't have User Settings

2 REPLIES 2

Kaniz_Fatma
Community Manager
Community Manager

Hi @drag7ter, There might be a missing piece in the setup.

  • Ensure that youโ€™ve correctly entered the Git provider credentials (username and personal access token) for your Service Principle.
  • Confirm that youโ€™ve selected the correct Git provider (GitLab) when configuring the credentials.
  • Double-check that the personal access token (PAT) you generated for your Git Lab personal ID (git_lab_personal_user_Id) has the necessary repository access.
  • Make sure the PAT hasnโ€™t expired.
  • Confirm that the Service Principle you created in the Databricks account console has admin access.
  • Ensure that the Service Principle is assigned to the workspace where the job was created (if the notebooks are located in that workspace).
  • Youโ€™ve created Git credentials for your Service Principle using the PAT from your Git Lab personal ID. This step looks correct.
  • However, letโ€™s verify that the git_username in the credentials matches the Service Principleโ€™s Git username.
  • If you have SSO enabled with your Git provider, make sure to authorize the token.
  • Note that Service Principles donโ€™t have User Settings, so you wonโ€™t be able to access Git Integration through User Settings.
  • Check if there are any specific Git Lab settings or permissions required for Service Principles.

nicole_lu_PM
Contributor III

Hello from the Databricks Git PM:

We have a section in the documentation for setting up Git credentials for a SP. The important step is to use the OBO token for the SP when you call the git credential API. https://docs.databricks.com/en/repos/ci-cd-techniques-with-repos.html#use-a-service-principal-with-d...

 

Let me know if this helps!

Nicole

 

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonโ€™t want to miss the chance to attend and share knowledge.

If there isnโ€™t a group near you, start one and help create a community that brings people together.

Request a New Group