cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Repos configuration for Azure Service Principal

Go to solution
pantelis_mare
Contributor III

‎11-22-2021 08:24 AM

Hello community!

I would like to update a repo from within my Azure DevOps release pipeline.

In the pipeline I generate a token using a AAD Service Principal as recommended, and I setup the databricks api using that token.

When I pass the databricks repos update command, I receive an authenitcation error, which is expected and the service principal has not git configured on the workspace side.

My question is:

Can I configure the repos for the SPN programmatically?

Or, is there a way to provide an Azure Devops token when I make the databricks api call? I have tried passing a token by setting the git AZURE_DEVOPS_EXT_PAT but it doesn't seem to work.

Thank you in advance!

31 REPLIES 31

Go to solution
davidfengler
New Contributor II

‎06-02-2023 04:26 AM

Microsoft released "Service principal and managed identity support in Azure DevOps

" end of march -> https://learn.microsoft.com/en-us/azure/devops/release-notes/2023/sprint-219-update#service-principa...

does this helps to get this working? my job shows the same issue as before when executing with the service principal without setting git_credentials

0 Kudos

Go to solution
xiangzhu
Contributor II

‎06-02-2023 12:09 PM

traditional PAT may have long lifespn, but the new SP feature uses an AAD token which should have a much shorter lifespqn, maybe around one hour, this could be a limiting factor.

However, I haven't tested this yet, so these are merely hypotheses.

Nevertheless, even if it does work with SP, running dbt or notebooks through Git or workspace does not seem like a good idea in terms of operational risk. Packaging everything into an artifact, such as a spark_python_task, appears to be a much better approach.

0 Kudos
Join 100K+ Data Experts: Register Now & Grow with Us!

Excited to expand your horizons with us? Click here to Register and begin your journey to success!

Already a member? Login and join your local regional user group! If there isn’t one near you, fill out this form and we’ll create one for you to join!

Announcements