How to mount ADLSgen2 to Synapse notebook via linked service?

Question

How to mount ADLSgen2 to Synapse notebook via linked service?

Peter Michalik 20

I have created linked service for ADLS gen2. I chose authentication type SAS URI - when click on test connection - everything is fine. When I use that linked service in notebook it does not work because of this error:

"An error occurred while calling z:mssparkutils.fs.mount. : com.microsoft.spark.notebook.msutils.InvalidCredentialsException: fetch Token from linkedService failed with POST failed with 'Bad Request' (400) and message: {"result":"DependencyError","errorId":"BadRequest","errorMessage":"[Code=400, Target=ADLS_personal, Message=Missing required property 'url' on ADLS_personal]. TraceId : ff2af9cc-4f01-45af-bd3b-78f312347a94 | client-request-id : 48ef6f9c-3309-4614-9680-cc1766c73cfe. Error Component : LSR"}, no any user credential info available for authorization"

This is my code which does not work (When I use the same code with same sasToken from linked service - it is working):

from notebookutils import mssparkutils
mssparkutils.fs.mount(  
    "abfss://******@adlsasa.dfs.core.windows.net/", #ADLS GEN 2 PATH  
    "/testisko", #Mount Point Name  
    { "linkedService" : "ADLS_personal"}  
)

Smaran Thoomu 22,505 Reputation points Microsoft External Staff

2024-02-09T10:02:41+00:00
Hi @Peter Michalik

Welcome to Microsoft Q&A forum and thanks for reaching out here.

Based on the error message suggests that the required property 'url' is missing on the ADLS_personal linked service. Please ensure that you have provided the correct SAS URI and that the linked service is configured correctly.

Also, please note that when using SAS URI authentication, you need to provide the complete URI including the SAS token in the mount command. Here's an example:

from notebookutils import mssparkutils mssparkutils.fs.mount( "abfss://<container-name>@<storage-account-name>.dfs.core.windows.net", "/mnt/<mount-name>", {"linkedService": "<linked-service-name>", "sasToken": "<complete-sas-token>"} )

Replace <container-name>, <storage-account-name>, <mount-name>, <linked-service-name>, and <complete-sas-token> with the appropriate values.

I hope this helps! Let me know if you have any further questions.
Peter Michalik 20 Reputation points

2024-02-09T10:20:55.5366667+00:00

Hi @Smaran Thoomu ,thank for your reply. So even in a case I´m using linked service I need to add SAS URI? Then I do not understand what is difference between method with using linked service and another one when I just past directly SAS token without name of my linked service. My idea was to keep SAS tokens inside Key Vault which would be mapped in linked service. I don´t want to hardcode my SAS token in notebooks.

Thanks for help!

Peter
Smaran Thoomu 22,505 Reputation points Microsoft External Staff

2024-02-13T05:11:26.2333333+00:00

@Peter Michalik We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Peter Michalik 20 Reputation points

2024-02-19T12:28:15.04+00:00

@Smaran Thoomu thanks, you solution worked.

Accepted answer

0 additional answers

Your answer

Smaran Thoomu 22,505 Reputation points Microsoft External Staff

2024-02-09T10:02:41+00:00

Hi @Peter Michalik

Welcome to Microsoft Q&A forum and thanks for reaching out here.

Based on the error message suggests that the required property 'url' is missing on the ADLS_personal linked service. Please ensure that you have provided the correct SAS URI and that the linked service is configured correctly.

Also, please note that when using SAS URI authentication, you need to provide the complete URI including the SAS token in the mount command. Here's an example:

from notebookutils import mssparkutils mssparkutils.fs.mount( "abfss://<container-name>@<storage-account-name>.dfs.core.windows.net", "/mnt/<mount-name>", {"linkedService": "<linked-service-name>", "sasToken": "<complete-sas-token>"} )

Replace <container-name>, <storage-account-name>, <mount-name>, <linked-service-name>, and <complete-sas-token> with the appropriate values.

I hope this helps! Let me know if you have any further questions.
Peter Michalik 20 Reputation points

2024-02-09T10:20:55.5366667+00:00

Hi @Smaran Thoomu ,thank for your reply. So even in a case I´m using linked service I need to add SAS URI? Then I do not understand what is difference between method with using linked service and another one when I just past directly SAS token without name of my linked service. My idea was to keep SAS tokens inside Key Vault which would be mapped in linked service. I don´t want to hardcode my SAS token in notebooks.

Thanks for help!

Peter
Smaran Thoomu 22,505 Reputation points Microsoft External Staff

2024-02-13T05:11:26.2333333+00:00

@Peter Michalik We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Peter Michalik 20 Reputation points

2024-02-19T12:28:15.04+00:00

@Smaran Thoomu thanks, you solution worked.

Answer 1

Hi @Peter Michalik

Yes, even when using a linked service, you need to provide the SAS URI in the mount command. The linked service only provides the authentication details, but the mount command still requires the complete URI to access the storage account.

The difference between using a linked service and directly pasting the SAS token is that using a linked service allows you to manage the authentication details in a centralized location. This means that you can update the authentication details in the linked service, and all the pipelines and notebooks that use that linked service will automatically use the updated details.

If you want to keep your SAS tokens in Key Vault, you can use Azure Key Vault-backed secrets to store the SAS token, and then reference the secret in the linked service. This way, you can keep your SAS tokens secure and still use them in your pipelines and notebooks.

Here's an example of how to use a Key Vault-backed secret in a linked service:

Create a secret in Key Vault with the SAS token value.
Create a Key Vault-linked service in Azure Data Factory.
In the Key Vault-linked service, reference the secret using the syntax @Microsoft.KeyVault(SecretUri=<secret-uri>). Replace <secret-uri> with the URI of the secret in Key Vault.
Use the Key Vault-linked service in your pipelines and notebooks.

I hope this helps! Let me know if you have any further questions.

Share via

How to mount ADLSgen2 to Synapse notebook via linked service?

0 additional answers

Your answer