This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 70%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPR%3C/text%3E%3C/svg%3E)
Not able to run query on external (ADLS) delta table.
my SQL WH setting is as follows
spark.hadoop.fs.azure.account.auth.type.platbillingdatabricks.dfs.core.windows.net OAuth
spark.hadoop.fs.azure.account.oauth.provider.type.platbillingdatabricks.dfs.core.windows.net org.apache.hadoop.fs.azurebfs.oauth2.ClientCredsTokenProvider
spark.hadoop.fs.azure.account.oauth2.client.id.platbillingdatabricks.dfs.core.windows.net {{secrets/azure-billing-platform-team/reader-client-id}}
spark.hadoop.fs.azure.account.oauth2.client.secret.platbillingdatabricks.dfs.core.windows.net {{secrets/azure-billing-platform-team/reader-secret}}
spark.hadoop.fs.azure.account.oauth2.client.endpoint.platbillingdatabricks.dfs.core.windows.net https://login.microsoftonline.com/88ed286b-88d8-4faf-918f-883d693321ae/oauth2/token
my secret scope is backed by Azure KV
KV has mentioned keys
but when i am trying to boot my SQL WH, i am getting following error
If i replace following 2 tags with real value, then server comes up fine. also same config backed by ADB local keyvault works fine too.
{{secrets/azure-billing-platform-team/reader-client-id}}
{{secrets/azure-billing-platform-team/reader-secret}}
Hi @Prasad, Rakesh ,
Thank you for posting query in Microsoft Q&A Platform.
Please let us know how it goes.
1) secret scope is working fine, as i am able to access it via CLI and in my notebook.
2) Cluster (SQL) was working fine before i added Spark config. infact if i remove curly braces and put real value. it come up just fine.
Thank you for details. Regarding #1, I mean to ask is, Were you able to run cluster before with this secret scope in past and suddenly you are seeing this error? Or from starting its same?
it never worked. since start.
it works when config is
spark.hadoop.fs.azure.account.auth.type.storage_acc_name.dfs.core.windows.net OAuth
spark.hadoop.fs.azure.account.oauth.provider.type.storage_acc_name.dfs.core.windows.net org.apache.hadoop.fs.azurebfs.oauth2.ClientCredsTokenProvider
spark.hadoop.fs.azure.account.oauth2.client.id.storage_acc_name.dfs.core.windows.net *********************
spark.hadoop.fs.azure.account.oauth2.client.secret.storage_acc_name.dfs.core.windows.net *****************************
spark.hadoop.fs.azure.account.oauth2.client.endpoint.storage_acc_name.dfs.core.windows.net https://login.microsoftonline.com/88ed286b-88d8-4faf-918f-883d693321ae/oauth2/token
but doesnt work when i do following
spark.hadoop.fs.azure.account.auth.type.storage_acc_name.dfs.core.windows.net OAuth
spark.hadoop.fs.azure.account.oauth.provider.type.storage_acc_name.dfs.core.windows.net org.apache.hadoop.fs.azurebfs.oauth2.ClientCredsTokenProvider
spark.hadoop.fs.azure.account.oauth2.client.id.storage_acc_name.dfs.core.windows.net {{secrets/my_sec_scope/reader-client-id}}
spark.hadoop.fs.azure.account.oauth2.client.secret.storage_acc_name.dfs.core.windows.net {{secrets/my_sec_scope/rreader-secret}}
spark.hadoop.fs.azure.account.oauth2.client.endpoint.storage_acc_name.dfs.core.windows.net https://login.microsoftonline.com/88ed286b-88d8-4faf-918f-883d693321ae/oauth2/token
with help of MSFT support, i was able to find the issue and resolve it too.
issue was, owner of SQL DW (the name that comes in front of "created by") had no access to my secret scope.
so i ran following
databricks secrets put-acl --scope my_sec_scope --principal ******@mycompany.com --permission READ --profile 001
now it worked.
Hi @Prasad, Rakesh - Thank you for sharing solution details with community. This helps everyone in community as well. Thank you.