Share via

Service principal for custom Spark app

Minh NGUYEN 126 Reputation points
2020-11-25T11:42:14.303+00:00

I've got a custom Spark app built on top of a custom PaaS (OpenShift based) deployed on Azure IaaS. Is it possible to assign a service principal to my app for the purpose of access control? If so, how do I do it?

Azure Databricks
Azure Databricks
An Apache Spark-based analytics platform optimized for Azure.
2,091 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,705 questions
0 comments
Accepted answer
  1. Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,436 Reputation points
    2020-11-26T22:19:56.663+00:00

    Hello @Minh NGUYEN , my knowledge of Spark is very limited but from what I find it looks like you can develop Spark application with programming languages such as Java or Scala. If that's your case then you can register an Azure AD application and service principal to access Azure resources such as Azure Data Lake using libraries such as Microsoft Authentication Library (MSAL) for Java or Azure Identity client library for Java (Azure Data Lake Storage Gen2 sample here) or akka-http-oauth2-client (not supported by Microsoft) for Scala and authenticate against Azure AD as an application using the client credentials flow.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,436 Reputation points
    2020-11-26T01:15:47.823+00:00

    Hello @Minh NGUYEN , Azure resources support RBAC to allow fine grained control for them. Also, some resources can be linked to service principals known as managed identities which can be used to access other resourcers (and thus be subject to access controls) . EG: Managed OpenShift on Azure. If you can elaborate more about your current solution and goals I will gladly review what is possible within your scenario.

    Let us know if this answer was helpful to you. If so, please accept it so that others in the community with similar questions can more easily find a solution.