Please, I need your help... I am struggling for days now to get working code to checkout a Azure Devops repos git branch in Databricks CLI with this command: "databricks repos update etc..." This is working fine with a personal Databricks PAT (in a DevOps CI pipeline), but I want to change this to 1) a short lived token for 2) a Service Principle.
I am using Azure CLI and Databricks CLI (both latest) on a self hosted Ubuntu VM. I am referring this doc: .
This is what I have so far:
sp_name="<name of the Azure App registration>"
sp_id="<the app id (client id) of $sp_name>"
sp_secret="<the secret of the app id of $sp_name>"
tenant_id="<tenant id>"
resource_id_databricks="2ff814a6-3304-4ab8-85cb-cd0e6f879c1d" #Databricks
oauth_databrick_secret="<oauth secret for $sp_name in Databricks>"
az login --allow-no-subscriptions --service-principal -u $sp_id -p $sp_secret --tenant $tenant_id
access_token=$(az account get-access-token --query accessToken -o tsv --resource $resource_id_databricks)
export DATABRICKS_HOST="/"
export DATABRICKS_CLIENT_ID=$sp_id
export DATABRICKS_CLIENT_SECRET=$oauthDatabrickSecret
databricks git-credentials create azureDevOpsServices --personal-access-token $access_token --git-username $sp_name
databricks repos update xxxxx
$sp_name has a basic Devops licence in the organization and is member of the Contributor group of the project. $sp_secret is current. $sp_name has an OAuth secret in Databricks ($oauth_databrick_secret) and is admin in the workspace. I did not create the .databrickscfg file, but instead use environment variables as per this doc: .
The error I get when creating the git-credentials is:
Error: accepts 1 arg(s), received 3
Usage:
databricks git-credentials create GIT_PROVIDER [flags]
Flags:
--git-username string The username or email provided with your Git provider account, depending on which provider you are using.
-h, --help help for create
--json JSON either inline JSON string or @path/to/file.json with request body (default JSON (0 bytes))
--personal-access-token string The personal access token used to authenticate to the corresponding Git provider.
What am I missing here?
Edit: is this relevant? :
Please, I need your help... I am struggling for days now to get working code to checkout a Azure Devops repos git branch in Databricks CLI with this command: "databricks repos update etc..." This is working fine with a personal Databricks PAT (in a DevOps CI pipeline), but I want to change this to 1) a short lived token for 2) a Service Principle.
I am using Azure CLI and Databricks CLI (both latest) on a self hosted Ubuntu VM. I am referring this doc: https://learn.microsoft.com/en-us/azure/databricks/dev-tools/ci-cd/use-ms-entra-sp-with-devops.
This is what I have so far:
sp_name="<name of the Azure App registration>"
sp_id="<the app id (client id) of $sp_name>"
sp_secret="<the secret of the app id of $sp_name>"
tenant_id="<tenant id>"
resource_id_databricks="2ff814a6-3304-4ab8-85cb-cd0e6f879c1d" #Databricks
oauth_databrick_secret="<oauth secret for $sp_name in Databricks>"
az login --allow-no-subscriptions --service-principal -u $sp_id -p $sp_secret --tenant $tenant_id
access_token=$(az account get-access-token --query accessToken -o tsv --resource $resource_id_databricks)
export DATABRICKS_HOST="https://adb-xxxxxxxxxx.xx.azuredatabricks.net/"
export DATABRICKS_CLIENT_ID=$sp_id
export DATABRICKS_CLIENT_SECRET=$oauthDatabrickSecret
databricks git-credentials create azureDevOpsServices --personal-access-token $access_token --git-username $sp_name
databricks repos update xxxxx
$sp_name has a basic Devops licence in the organization and is member of the Contributor group of the project. $sp_secret is current. $sp_name has an OAuth secret in Databricks ($oauth_databrick_secret) and is admin in the workspace. I did not create the .databrickscfg file, but instead use environment variables as per this doc: https://learn.microsoft.com/en-us/azure/databricks/dev-tools/auth/oauth-m2m#environment.
The error I get when creating the git-credentials is:
Error: accepts 1 arg(s), received 3
Usage:
databricks git-credentials create GIT_PROVIDER [flags]
Flags:
--git-username string The username or email provided with your Git provider account, depending on which provider you are using.
-h, --help help for create
--json JSON either inline JSON string or @path/to/file.json with request body (default JSON (0 bytes))
--personal-access-token string The personal access token used to authenticate to the corresponding Git provider.
What am I missing here?
Edit: is this relevant? :
Share Improve this question edited Jan 28 at 19:29 qkfang 1,1991 silver badge19 bronze badges asked Jan 20 at 9:47 JudithJudith 556 bronze badges1 Answer
Reset to default 0I found the solution: you should not use the name of the service principle when creating the credentials, but the app id. For completeness, here is the full working code:
sp_id="<the app id (client id) of the app registration"
sp_secret="<the secret of the app id of the app registration>"
tenant_id="<tenant id>"
resource_id_databricks="2ff814a6-3304-4ab8-85cb-cd0e6f879c1d"
oauth_databrick_secret="<oauth secret in Databricks for $sp_id>"
az login --allow-no-subscriptions --service-principal -u $sp_id -p $sp_secret --tenant $tenant_id
access_token=$(az account get-access-token --query accessToken -o tsv --resource $resource_id_databricks)
export DATABRICKS_HOST="https://adb-xxxxxxxxxx.xx.azuredatabricks.net/"
export DATABRICKS_CLIENT_ID=$sp_id
export DATABRICKS_CLIENT_SECRET=$oauthDatabrickSecret
databricks git-credentials create azureDevOpsServices --personal-access-token $access_token --git-username $sp_id
databricks repos update /Repos/your/path_to_repo --branch feature_branch_name