cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to create a Unity Catalog Connection to SQL Server using service principal??

Go to solution
ScottH
New Contributor III

yesterday

I am trying to use the Databricks Python SDK (v 0.63.0) to create a Unity Catalog connection to a Azure-hosted SQL Server database using an Azure service principal to authenticate. I have successfully done this via the Workspace UI, but I am trying to replicate programmatically it using the Databricks Python SDK.

Below is the code that I am trying to use to create the connection, but it doesn't authenticate successfully. The login to SQL Server fails when I try to create a foreign catalog using the connection.

 

# Authenticate to workspace
w = WorkspaceClient(...)
 
db_host = "<SQL Server host>"
db_port: "1433"
db_user = "<service principal client ID">
db_password = "<service principal client secret">
 
# Create the connection using the ConnectionsAPI
connection = w.connections.create(
    name=connection_name,
    connection_type=ConnectionType.SQLSERVER,
    comment=connection_comment,
    options={
        "host": db_host,
        "port": db_port,
        "user": db_user,         
        "password": db_password, 
        "applicationIntent": "ReadOnly",
        "trustServerCertificate": "true"
    },
)
 
I'm thinking that I am missing something that indicates that the credentials are a service principal and not a local SQL Server user. What am I missing? I don't see how to do this in the Python SDK documentation.
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
szymon_dybczak
Esteemed Contributor III

yesterday - last edited yesterday

Hi @ScottH ,

You need to configure it in following way (I've tested it and it works). In a place where a red arrow is pointing you need to provide your own tenant_id:

szymon_dybczak_0-1764710136658.png

 

View solution in original post

4 REPLIES 4

Go to solution
nayan_wylde
Esteemed Contributor

yesterday

@ScottH Can you please try this in options.

options={
        "host": "<sql-server-host>.database.windows.net",
        "port": "1433",
        "authentication": "ActiveDirectoryServicePrincipal",
        "client_id": "<service-principal-client-id>",
        "client_secret": "<service-principal-client-secret>",
        "tenant_id": "<azure-ad-tenant-id>",
        "applicationIntent": "ReadOnly",
        "trustServerCertificate": "true"
    }

Go to solution
szymon_dybczak
Esteemed Contributor III

yesterday - last edited yesterday

Hi @ScottH ,

You need to configure it in following way (I've tested it and it works). In a place where a red arrow is pointing you need to provide your own tenant_id:

szymon_dybczak_0-1764710136658.png

 

Go to solution
ScottH
New Contributor III
In response to szymon_dybczak

yesterday

Awesome! That worked perfectly! I really appreciate your help - you saved me a bunch of time. Thank you!

Go to solution
szymon_dybczak
Esteemed Contributor III
In response to ScottH

yesterday

No problem @ScottH , cool that it worked for you 🙂

0 Kudos

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local community—sign up today to get started!

Sign Up Now
Announcements