cancel
Showing results for 
Search instead for 
Did you mean: 
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Showing results for 
Search instead for 
Did you mean: 

Configure Service Principle access to GiLab

drag7ter
New Contributor III

I'm facing an issue while trying to run my job in db and my notebooks located in Git Lab. When I run job under my personal user_Id it works fine, because I added Git Lab token to my user_Id profile and job able to pull branch from repository. But when I change run as and choose Service Principle id it fails with an error:

run failed with error message
Failed to access Git repository: PERMISSION_DENIED: Invalid Git provider credentials. Go to User Settings > Git Integration to ensure that:
1. You have entered a username with your Git provider credentials.
2. You have selected the correct Git provider with your credentials.
3. Your personal access token or app password has the correct repository access.
4. Your personal access token has not expired.
5. If you have single sign on enabled with your Git provider, be sure to authorize your token.

What has been done so far:

  1. Job was created under my personal user_Id, but run as Service Principle id. The location of notebooks - Git Lab repository branch
  2. In Git Lab I created PAT for my Git Lab personal ID git_lab_personal_user_Id
  3. Service Principle was created in db account console and has admin access and assigned to workspace where job was created (if notebooks located in workspace job runs)
  4. Under my personal db user_Id with (my PAT) I created a token for my Service Principle here token-management on-behalf-of tokens 
  5. Then I checked which git credentials my personal use_Id has in db git-credentials 

 

    "credentials": [
        {
            "credential_id": 434149623900468,
            "git_provider": "gitLabEnterpriseEdition",
            "git_username": "git_lab_personal_user_Id"
        }
    ]

6. Then with a help of PAT, generated in step (4) I created git credentials for my Service Principle POST git-credentials 

"personal_access_token": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",

"git_username": "git_lab_personal_user_Id",

"git_provider": "gitLabEnterpriseEdition"

 

Here "personal_access_token" I've send in create git credentials for service principle - is my PAT for my git_lab_personal_user_Id from Git Lab. I've just added it to Service principle for tests. 

And I thought it should work also with service principle as well as with my databricks personal user_Id in db.

Why I'm getting the error, which step I missed when I configured Service Principle to be able to pull from Git Lab repository?

Failed to access Git repository: PERMISSION_DENIED: Invalid Git provider credentials. Go to User Settings > Git Integration to ensure that:

I'm not able to Go to User Settings > Git Integration because I'm using Service Principle for Git lab and service principle doesn't have User Settings

1 REPLY 1

Kaniz
Community Manager
Community Manager

Hi @drag7ter, There might be a missing piece in the setup.

  • Ensure that you’ve correctly entered the Git provider credentials (username and personal access token) for your Service Principle.
  • Confirm that you’ve selected the correct Git provider (GitLab) when configuring the credentials.
  • Double-check that the personal access token (PAT) you generated for your Git Lab personal ID (git_lab_personal_user_Id) has the necessary repository access.
  • Make sure the PAT hasn’t expired.
  • Confirm that the Service Principle you created in the Databricks account console has admin access.
  • Ensure that the Service Principle is assigned to the workspace where the job was created (if the notebooks are located in that workspace).
  • You’ve created Git credentials for your Service Principle using the PAT from your Git Lab personal ID. This step looks correct.
  • However, let’s verify that the git_username in the credentials matches the Service Principle’s Git username.
  • If you have SSO enabled with your Git provider, make sure to authorize the token.
  • Note that Service Principles don’t have User Settings, so you won’t be able to access Git Integration through User Settings.
  • Check if there are any specific Git Lab settings or permissions required for Service Principles.
Join 100K+ Data Experts: Register Now & Grow with Us!

Excited to expand your horizons with us? Click here to Register and begin your journey to success!

Already a member? Login and join your local regional user group! If there isn’t one near you, fill out this form and we’ll create one for you to join!