cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Generating Personal Access Token to service principle databricks cli

Go to solution
pedrojunqueira
New Contributor II

‎06-18-2024 02:33 PM - edited ‎06-18-2024 02:35 PM

Hi I am having issues generating personal access token to my service principle.

I followed the steps from here 

my `~/.databrickscfg` has the following

```

[my-profile-name]
host = <account-console-url>
account_id = <account-id>
azure_tenant_id = <azure-service-principal-tenant-id>
azure_client_id = <azure-service-principal-application-id>
azure_client_secret = <azure-service-principal-client-secret>

```

then if I do the command 

`databricks tokens create --comment <comment> --lifetime-seconds <lifetime-seconds> -p my-profile-name`

it DOES generates a token BUT to my user authenticated (my email)

then I try to do any other command to deploy dabs (Databricks Asset Bundle) and it always default to my authenticated user.

like if I do a [EDITED]

`databricks bundle deploy --profile my-profile-name`

then it deploys to my user not what I specified in the profile...

```

Name: python_package
Target: dev
Workspace:
Host: https://adb-1666302976490045.5.azuredatabricks.net
User: pedrocj@gmail.com
Path: /Users/pedrocj@gmail.com/.bundle/python_package/dev

Validation OK!

```

I would expect to validate or deploy to my service principle that is defined in the `~/.databrickscfg`

I added the service principle to be a workspace adm and give all the associated permissions in the the account console.

what I am doing wrong?

Cheers

Pedro

PS: I did it couple of days ago and all works like a charm. But now It is not working. 

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Walter_C
Databricks Employee
Databricks Employee

‎06-19-2024 11:05 AM

Hello Pedro, you can create tokens on behalf service principal by running command on CLI:

databricks token-management create-obo-token <application-id> --lifetime-seconds <lifetime-seconds> --comment <comment> -p <profile-name>

Or by API call https://docs.databricks.com/api/workspace/tokenmanagement/createobotoken

The command you are running is only set for user PAT token, this is why it authenticates with your user.

View solution in original post

4 REPLIES 4

Go to solution
Walter_C
Databricks Employee
Databricks Employee

‎06-19-2024 11:05 AM

Hello Pedro, you can create tokens on behalf service principal by running command on CLI:

databricks token-management create-obo-token <application-id> --lifetime-seconds <lifetime-seconds> --comment <comment> -p <profile-name>

Or by API call https://docs.databricks.com/api/workspace/tokenmanagement/createobotoken

The command you are running is only set for user PAT token, this is why it authenticates with your user.

Go to solution
pedrojunqueira
New Contributor II
In response to Walter_C

‎06-23-2024 03:49 AM

Hi Walter,

Thanks for the reply. I have not tried your method but will accept as an alternative solution. What end up working for me was to to a machine-to-machine authentication with the service principal and generating a token from the

authenticated used.

Had to have the profile configured as 

[your-sp-profile-name]
host = https://<host>.azuredatabricks.net
client_id = <appId>
client_secret = <service principle Oauth Token>


Then to generate a pat just do 

databricks tokens create --comment dab -p your-sp-profile-name

Docs for azure is here 

0 Kudos

Go to solution
PabloCSD
Valued Contributor

‎09-24-2024 02:13 PM

I want something similar, to use a service principal token instead of a PAT, have you ever done this?

https://community.databricks.com/t5/administration-architecture/use-a-service-principal-token-instea...

0 Kudos

Go to solution
dataeng42io
New Contributor III
In response to PabloCSD

‎09-24-2024 08:59 PM

Hi @PabloCSD I will reply in your original post about how you may be able to resolve this issue.

Regards

Pedro

0 Kudos

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements
Top