Issue:
- Mounted ADLS gen2 container using service principal secret as secret from Azure Key Vault-backed secret scope. All good, can access the data.
- Deleted secret from service principal in AAD, added new, updated Azure Key Vault secret (added the new version, disabled the old secret). All was still good, could access the data.
- Restarted cluster. Unable to access mount point, error:
“AADToken: HTTP connection failed for getting token from AzureAD. Http response: 401 Unauthorized”
- Unmount/mount using the same config helped.
Is there a way to refresh the secret used for mount point that I could add to init scripts to avoid this issue? I would rather avoid unmounting/mounting all mount points in init scripts and was hoping that there is something like dbutils.fs.refreshMounts() (refreshMounts didn't help with this) that would help.
I mounted ADLS Gen2 using service principal, oauth2.0, and azure key vault-backed secret scope, following this documentation: https://learn.microsoft.com/en-us/azure/databricks/data/data-sources/azure/azure-datalake-gen2#mount-azure-data-lake-gen2
I was also wondering - how long does the token live for accessing the ADLS Gen2? I changed the service principal secret (deleted previous one, added new) from AAD and was able to access the mnt point data for more than 12 hours after that (until cluster was restarted).