The error message you're receiving indicates that the method or utility you're using to obtain the credentials (mssparkutils.credentials.getConnectionStringOrCreds("LS_MI_CosmosDb")
) does not support the Managed Identity authentication type for Cosmos DB, at least in the way it's configured.
To use System Assigned Managed Identity with Azure Cosmos DB, you'll generally follow these steps:
- Grant the System Assigned Managed Identity of your Synapse workspace permissions to your Cosmos DB.
- Use Azure Identity libraries to authenticate the client.
However, in the Synapse context, the mssparkutils.credentials.getConnectionStringOrCreds
method doesn't provide the expected token or credential type for Cosmos DB when using Managed Identities.
- Make sure you have the
azure-identity
package installed in your Synapse environment. - Use the
DefaultAzureCredential
from theazure.identity
library to get the token for Cosmos DB. - Use that token with the Cosmos DB SDK.
import pandas as pd
import json
from azure.identity import DefaultAzureCredential
from azure.cosmos import CosmosClient
# Read CSV data
csv_file_path = "https://snmpjpedevsa.blob.core.windows.net/alitest/MachinesData.csv"
data_frame = pd.read_csv(csv_file_path, encoding='latin1')
# Convert DataFrame to JSON
json_data = data_frame.to_json(orient='records')
# Initialize Cosmos DB client with managed identity
cosmosdb_endpoint = "https://snmp-jpe-dev-cosmos.documents.azure.com:443/"
database_name = "SNM"
container_name = "AliTest"
# Use DefaultAzureCredential to obtain a token credential
credential = DefaultAzureCredential()
client = CosmosClient(cosmosdb_endpoint, credential=credential)
# Get a reference to the Cosmos DB container
container = client.get_database_client(database_name).get_container_client(container_name)
# Insert JSON data into Cosmos DB container
for item in json.loads(json_data):
container.upsert_item(item)
Make sure your Managed Identity has been given appropriate permissions on the Cosmos DB. Typically, this involves:
- Going to the Azure Portal.
- Navigate to your Cosmos DB.
- In the settings pane, select "Identity & Access Management (IAM)".
- Add a role assignment and select the system-assigned identity of your Synapse instance and grant it the necessary permissions.
The above code uses DefaultAzureCredential
, which will seamlessly use the Managed Identity when run inside Synapse. Ensure your Synapse workspace's managed identity has been given the necessary permissions on Cosmos DB.