โ06-14-2023 08:36 AM
I am trying to deploy a workflow where the owner is a service principal and I am using git integration (backend with azure devops), when I run the workflow it says that it doesn't have permissions to checkout the repo.
run failed with error message
Failed to checkout Git repository: PERMISSION_DENIED: Encountered an error with your Azure Active Directory credentials. Please try logging out of Azure Active Directory (https://portal.azure.com) and logging back in.
โ06-15-2023 12:22 AM
Hi, To use a service principal with Repos API first add the Git PAT token for the service principal via the Git Credential API. You can then use Repos API and Jobs APIs with your service principal.
Could you please see if this helps. Also, please tag @Debayan Mukherjeeโ with your next update so that I will be getting notified.
โ11-13-2023 07:28 AM - edited โ11-13-2023 07:31 AM
Hello,
I am facing the same issue and I am using the following for the git-credentials REST api from postman
1) databricks PAT for authorization bearer token
2) personal_access_token = Azure Devops PAT
3) git_username = Service Principal display name (This is the owner/ Run-as on my databricks workflow and it needs to access notebooks from my Azure DevOps repo)
4) git_provider = azureDevOpsServices.
Questions:
1) Where am I going wrong while using the API?
2) When I choose Azure DevOps Services AAD authentication for the service principal, why doesn't the Databricks - Azure Devops (ADO) integration work without having to work with PATs?
The reason for using a service principal is, I don't want my personal ADO PAT to be used for any configuration.
Plus, service principals can't have PATs in ADO. (Another reason why SPNs are used and are more secure)
The service principal has access to both databricks workspace and ADO repo
โ06-15-2023 12:27 AM
@Debayan Mukherjeeโ Hello, thanks for you answer. I am wondering creating a new credential entry as git_username should i use the service principal client id right? while for the PAT since azure devops doesn't provide a way to create it for service principal should i create one from a user account?
โ06-15-2023 11:27 PM
Yes, as GIT credentials, registers personal access token for Databricks to do operations on behalf of the user.
โ06-16-2023 12:33 AM
Hi @Giuseppe Griecoโ
Hope everything is going great.
Just wanted to check in if you were able to resolve your issue. If yes, would you be happy to mark an answer as best so that other members can find the solution more quickly? If not, please tell us so we can help you.
Cheers!
Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonโt want to miss the chance to attend and share knowledge.
If there isnโt a group near you, start one and help create a community that brings people together.
Request a New Group