IvanK
New Contributor III

ā€Ž06-27-2024 01:43 AM

We managed to solve this problem, however it is not an elegant solution. Databricks should simplify this.

The steps that have to be done are listed below. We are using user assigned managed identity (MI), but I assume this should work for Azure Service Principals as well.

Step 1 - Create a PAT

Create a PAT in Azure DevOps with scope Code (Read). This is done with your own account in Azure DevOps

Step 2 - Generate Databricks Entra ID access token for the MI

Note: This requires you to have attached the MI to a VM or VMSS, to connect to a bash terminal as the MI.

To get the access token, run the following command:

 
az account get-access-token --resource 2ff814a6-3304-4ab8-85cb-cd0e6f879c1dā€‹
 
Note: that the resource ID 2ff814a6-3304-4ab8-85cb-cd0e6f879c1d corresponds to Azure Databricks programmatic ID [1].

Step 3 - Create Databricks Git credentials for the MI

Use the REST API documentation for creating the Databricks Git credentials [2].

Use the generated access token as "Authorization: Bearer token". For the body use the PAT you created and your Azure DevOps username (your email):

{ "personal_access_token": "<paste-devops-PAT-here>", "git_username": "<paste-your-devops-username>", "git_provider": "azureDevOpsServices" } 

[1] https://learn.microsoft.com/en-us/azure/databricks/dev-tools/service-prin-aad-token#--get-a-microsof...

[2] https://docs.databricks.com/api/azure/workspace/gitcredentials/create

0 Kudos