Azure Databricks
An Apache Spark-based analytics platform optimized for Azure.
1,947 questions
How to connect to Azure Databricks' Hive using a SQLAlchemy from a third party app using a service principal?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 9%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
arsaalandailyUK
26
Reputation points
I want to connect Superset to a Databricks for querying the tables. Superset uses SQLAlchemy to connect to databases which requires a PAT (Personal Access Token) to access.
It is possible to connect and run queries when I use the PAT I generated on my account through Databricks web UI? But I do not want to use my personal token in a production env. Even so, I was not able to find how to generate a PAT like token for a Service Principal.
The working SQLAlchemy URI is looks like this:
databricks+pyhive://token:XXXXXXXXXX@aaa-111111111111.1.azuredatabricks.net:443/default?http_path=sql%2Fprotocolv1%qqq%wwwwwwwwwww1%eeeeeeee-1111111-foobar00
After checking the Azure docs, there are two ways on how to run queries between Databricks and another service:
Create a PAT for a Service Principal to be associated with Superset.
Create a user AD account for Superset.
For the first and preferred method, I was able to advance, but I was not able to generate the Service Principal's PAT: I was able to register an app on Azure's AD. So I got the tenant ID, client ID and create a secret for the registered app. With this info, I was able to curl Azure and receive a JWT token for that app. But all the tokens referred in the docs are JTW's OAUTH2 tokens, which does not seems to work with SQLAlchemy URI.
I know it's possible to generate a PAT for a Service Principal since there is a mention on how to read, update and delete a Service Principal's PAT on the documentation ( https://learn.microsoft.com/en-us/azure/databricks/administration-guide/access-control/tokens ). But it has no information on how to create a PAT for a Service Principal.
I prefer to avoid using the second method (creating an AD user for Superset) since I am not allowed to create/manage users for the AD.
In summary, I have a working SQLAlchemy URI, but I want to use a generated token, associated with a Service Principal, instead of using my PAT. But I can't find how to generate that token (I only found documentation on how to generate OAUTH2 tokens
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 70%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
MartinJaffer-MSFT 26,036 Reputation points2021-06-24T21:51:24.117+00:00 Hello @arsaalandailyUK and welcome to Microsoft Q&A.
This query took some digging, but I think I have a handle on it now.
Assuming you have Azure Databricks Premium Plan, you need to:
- Add the service principle to Databricks using the SCIM API (as Administrator)
- Give this service principle can make and use token permissions (as Administrator)
- Get Azure AD token (as service principle)
- Authenticate using the Azure AD token (as service principle)
- Call Databricks token API to create token (as service principle)
-
MartinJaffer-MSFT 26,036 Reputation points
2021-06-29T16:49:53.083+00:00 @arsaalandailyUK did my response help you? If not ,please let me know how I may better assist.
-
MartinJaffer-MSFT 26,036 Reputation points
2021-06-30T16:42:00.697+00:00 arsaalandailyUK-7019 if you found your own solution, please share it here with the community.
Sign in to comment