Azure Databricks API, cannot add repos using service principal and API calls
I need to add Azure DevOps repos to azure databricks repo by using databricks API at this link. I am using a service principal credentials for this. The service principal is already added as admin user to databricks. With my service principal I can get the list of repos and even delete them. But when I want to add a repo to a folder, it raises the following error:
{
"error_code": "PERMISSION_DENIED",
"message": "Missing Git provider credentials. Go to User Settings > Git Integration to add your personal access token."
}
I am not using my own credentials to use a PAT token, instead I am getting a bearer token by sending request to https://login.microsoftonline.com/directory-id/oauth2/token and use it to authenticate. This works for get repos, delete repos and get repos/repo-id. Just for creating a repo (adding repo by using post method to /repos) it is failing.
If I still use a PAT instead of bearer token, I get the following error:
{
"error_code": "PERMISSION_DENIED",
"message": "Azure Active Directory credentials missing. Ensure you are either logged in with your Azure
Active Directory account or have setup an Azure DevOps personal access token (PAT) in User Settings > Git Integration.
If you are not using a PAT and are using Azure DevOps with the Repos API, you must use an AAD access token. See https://learn.microsoft.com/en-us/azure/databricks/dev-tools/api/latest/aad/app-aad-token for steps to acquire an AAD access token."
}
I am using postman to construct the requests. To generate the error I am getting I am using the following:
method: post
url-endpoint: https://adb-databricksid.azuredatabricks.net/api/2.0/repos
body:
url: azure-devops-repo
provider: azureDevOpsServices
path: /Repos/folder-name/testrepo
header:
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbG... (Construct it by appending bearer token to key wor "Bearer")
X-Databricks-Azure-SP-Management-Token: management token (get it like bearer token by using resource https://management.core.windows.net/)
X-Databricks-Azure-Workspace-Resource-Id: /subscriptions/azure-subscription-id/resourceGroups/resourcegroup-name/providers/Microsoft.Databricks/workspaces/workspace-name
Here the screen shot of the postman:
Please note that I have used exactly same method of authentication for even creating clusters and jobs and deleting repos. Just for adding and updating repos it is failing. I'd like to know how I can resolve the error PERMISSION_DENIED mentioned above.
Have you setup the git credentials using this endpoint before creating the repo through the APIĀ ?
https://docs.databricks.com/dev-tools/api/latest/gitcredentials.html#section/Authentication
If you do not setup this first, you can get the error when trying to create a repo.
Listing & deleting a repo only require a valid authentication to Databricks (Bearer token or PAT) and doesn't require valid git credentials. When trying to create a repo, you need authorizations on the target repository that is on Azure Devops in your case.
So you need to call the git-credentials endpoint (it's the same syntax on AWS and Azure) to create it.
Once your git credentials up-to-date, the creation of the repo should work as intended.
- Web App Azure nextjs didn't respond to HTTP pings on port: 8080
- Is there a short 7-digit version of $(SourceVersion) in Azure Devops?
- Azure DevOps Pipeline: Passing variables from a deployment job to another stage
- Unable to deploy Azure Data Factory Pipelines in Azure DevOPs: Configuration issue is preventing Authentication
- Why does VS Code give linting errors for a valid Azure Pipelines YAML file?
- Azure Devops - Get Org ID
- No template with an identifier of 'xamarinandroid' could be found
- Nuget restore fails on Azure Devops with message "unable to load the service index for source"
- How to resolve error TF401444 in PublishSymbols step in Azure DevOps build
- Azure Python Functions requirements.txt ignored when deployed from DevOps
- No pool was specified, although a pool is specified in the Azure pipeline
- How to set the iteration field automatically to latest iteration?
- Pass parameter to a different-project pipeline via REST api using System.AccessToken
- Azure DevOps share wiki as dedicated webpages
- Azure Devops: dotnet publish can't find the package because it's searching in the wrong source
- roleAssignment with current user id
- Can I use MSI Token for Azure DevOps REST APIs?
- Azure Deploy Code To Service Using ARM Template From VSTS Git Code
- AzureDevOps RestAPI does not return groups that are a member of a certain group
- Benefits of using Fabric-ADO Pipeline over Inbuilt MS Fabric Deployment pipeline
- Dependencies azure devops yaml
- Assigning tags to APIs in Azure APIM via Devops Pipeline
- Pull bicep modules from ACR to consume using AzurePowershell@5 task in Azure pipeline
- Azure DevOps pipeline trigger not working
- MS Fabric project Deployment using Azure Pipelines
- Azure self hosted agent failing to pick up jobs
- How to parameterize azure agent.name in azure pipeline?
- Getting "Unable to complete authentication for user due to looping logins" while making an api call through postman to azure
- Service Connection permissions error when trying to access Azure Key vault secrets from within an Azure DevOps pipeline with the task AzureKeyVault@2
- Download a Zip File from Azure DevOps Git Repo Using Azure DevOps SDK