Databricks API 2.0-创建秘密范围-TEMPORARILY_UNAVAILABLE
Databricks API 2.0- Create Secret Scope - TEMPORARILY_UNAVAILABLE
我正在自动部署包含 Azure Databricks 实例的基础结构。为了能够在 Databricks 中使用 Azure Blob 存储,我想通过 Databricks REST API 2.0 在我的 DevOps 管道 运行 中创建一个秘密范围 Python 作业。
当我尝试创建秘密作用域时,我得到了响应
{"message":"Authentication is temporarily unavailable. Please try again later.", "error_code": "TEMPORARILY_UNAVAILABLE"}
我已经能够使用 API 创建数据块访问令牌,即端点 /token/create 运行良好。
我正在使用这个问题的答案中的代码对数据块进行身份验证:
这就是我能够创建令牌的方式以及我尝试生成范围的方式:
import requests
import adal
import json
# set variables
clientId = "<Service Principal Id>"
tenantId = "<Tenant Id>"
clientSecret = "<Service Principal Secret>"
subscription_id = "<Subscription Id>"
resource_group = "<Resource Group Name>"
databricks_workspace = "<Databricks Workspace Name>"
dbricks_url = "<Databricks Azure URL>"
# Acquire a token to authenticate against Azure management API
authority_url = 'https://login.microsoftonline.com/'+tenantId
context = adal.AuthenticationContext(authority_url)
token = context.acquire_token_with_client_credentials(
resource='https://management.core.windows.net/',
client_id=clientId,
client_secret=clientSecret
)
azToken = token.get('accessToken')
# Acquire a token to authenticate against the Azure Databricks Resource
token = context.acquire_token_with_client_credentials(
resource="2ff814a6-3304-4ab8-85cb-cd0e6f879c1d",
client_id=clientId,
client_secret=clientSecret
)
adbToken = token.get('accessToken')
# Format Request API Url
dbricks_api = "https://{}/api/2.0".format(dbricks_url)
# Request Authentication
dbricks_auth = {
"Authorization": "Bearer {}".format(adbToken),
"X-Databricks-Azure-SP-Management-Token": azToken,
"X-Databricks-Azure-Workspace-Resource-Id": ("/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Databricks/workspaces/{}".format(subscription_id, resource_group, databricks_workspace) )
}
# Creating a databricks token
payload = {
"comment": "This token is created by API call"
}
requests.post(f"{dbricks_api}/token/create", headers=dbricks_auth, json=payload)
# works
# Creating a databricks secret scope
payload = {
"scope": "my-databricks-secret-scope",
"initial_manage_principal": "users"
}
requests.post(f"{dbricks_api}/secrets/scopes/create", headers=dbricks_auth, json=payload)
# returns {"message":"Authentication is temporarily unavailable. Please try again later.", "error_code": "TEMPORARILY_UNAVAILABLE"}
Databricks 在西欧运行。
Python 3.8.5 x64
代码段中使用的包
- adal-1.2.4
- requests-2.24.0
数据块有问题吗API还是我做错了什么?
根据我的测试,当我们使用 Databricks Rest API 创建 Secret Scope 时,我们应该使用 person 访问令牌。
例如
- 创建服务主体
az login
az ad sp create-for-rbac -n "MyApp"
- 代码
import requests
import adal
import json
# set variables
clientId = "<Service Principal Id>"
tenantId = "<Tenant Id>"
clientSecret = "<Service Principal Secret>"
subscription_id = "<Subscription Id>"
resource_group = "<Resource Group Name>"
databricks_workspace = "<Databricks Workspace Name>"
dbricks_url = "<Databricks Azure URL>"
# Acquire a token to authenticate against Azure management API
authority_url = 'https://login.microsoftonline.com/'+tenantId
context = adal.AuthenticationContext(authority_url)
token = context.acquire_token_with_client_credentials(
resource='https://management.core.windows.net/',
client_id=clientId,
client_secret=clientSecret
)
azToken = token.get('accessToken')
# Acquire a token to authenticate against the Azure Databricks Resource
token = context.acquire_token_with_client_credentials(
resource="2ff814a6-3304-4ab8-85cb-cd0e6f879c1d",
client_id=clientId,
client_secret=clientSecret
)
adbToken = token.get('accessToken')
# Format Request API Url
dbricks_api = "https://{}/api/2.0".format(dbricks_url)
# Request Authentication
dbricks_auth = {
"Authorization": "Bearer {}".format(adbToken),
"X-Databricks-Azure-SP-Management-Token": azToken,
"X-Databricks-Azure-Workspace-Resource-Id": ("/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Databricks/workspaces/{}".format(subscription_id, resource_group, databricks_workspace) )
}
# Creating a databricks token
payload = {
"lifetime_seconds": 3600, # the token lifetime
"comment": "This token is created by API call"
}
data =requests.post(f"{dbricks_api}/token/create", headers=dbricks_auth, json=payload)
dict_content = json.loads(data.content.decode('utf-8'))
token = dict_content.get('token_value')
payload = {
"scope": "my-databricks-secret-scope",
"initial_manage_principal": "users"
}
res=requests.post(f"{dbricks_api}/secrets/scopes/create", headers={
"Authorization": "Bearer {}".format(token),
}, json=payload)
print(res.status_code)
我正在自动部署包含 Azure Databricks 实例的基础结构。为了能够在 Databricks 中使用 Azure Blob 存储,我想通过 Databricks REST API 2.0 在我的 DevOps 管道 运行 中创建一个秘密范围 Python 作业。
当我尝试创建秘密作用域时,我得到了响应
{"message":"Authentication is temporarily unavailable. Please try again later.", "error_code": "TEMPORARILY_UNAVAILABLE"}
我已经能够使用 API 创建数据块访问令牌,即端点 /token/create 运行良好。
我正在使用这个问题的答案中的代码对数据块进行身份验证:
这就是我能够创建令牌的方式以及我尝试生成范围的方式:
import requests
import adal
import json
# set variables
clientId = "<Service Principal Id>"
tenantId = "<Tenant Id>"
clientSecret = "<Service Principal Secret>"
subscription_id = "<Subscription Id>"
resource_group = "<Resource Group Name>"
databricks_workspace = "<Databricks Workspace Name>"
dbricks_url = "<Databricks Azure URL>"
# Acquire a token to authenticate against Azure management API
authority_url = 'https://login.microsoftonline.com/'+tenantId
context = adal.AuthenticationContext(authority_url)
token = context.acquire_token_with_client_credentials(
resource='https://management.core.windows.net/',
client_id=clientId,
client_secret=clientSecret
)
azToken = token.get('accessToken')
# Acquire a token to authenticate against the Azure Databricks Resource
token = context.acquire_token_with_client_credentials(
resource="2ff814a6-3304-4ab8-85cb-cd0e6f879c1d",
client_id=clientId,
client_secret=clientSecret
)
adbToken = token.get('accessToken')
# Format Request API Url
dbricks_api = "https://{}/api/2.0".format(dbricks_url)
# Request Authentication
dbricks_auth = {
"Authorization": "Bearer {}".format(adbToken),
"X-Databricks-Azure-SP-Management-Token": azToken,
"X-Databricks-Azure-Workspace-Resource-Id": ("/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Databricks/workspaces/{}".format(subscription_id, resource_group, databricks_workspace) )
}
# Creating a databricks token
payload = {
"comment": "This token is created by API call"
}
requests.post(f"{dbricks_api}/token/create", headers=dbricks_auth, json=payload)
# works
# Creating a databricks secret scope
payload = {
"scope": "my-databricks-secret-scope",
"initial_manage_principal": "users"
}
requests.post(f"{dbricks_api}/secrets/scopes/create", headers=dbricks_auth, json=payload)
# returns {"message":"Authentication is temporarily unavailable. Please try again later.", "error_code": "TEMPORARILY_UNAVAILABLE"}
Databricks 在西欧运行。
Python 3.8.5 x64
代码段中使用的包
- adal-1.2.4
- requests-2.24.0
数据块有问题吗API还是我做错了什么?
根据我的测试,当我们使用 Databricks Rest API 创建 Secret Scope 时,我们应该使用 person 访问令牌。
例如
- 创建服务主体
az login
az ad sp create-for-rbac -n "MyApp"
- 代码
import requests
import adal
import json
# set variables
clientId = "<Service Principal Id>"
tenantId = "<Tenant Id>"
clientSecret = "<Service Principal Secret>"
subscription_id = "<Subscription Id>"
resource_group = "<Resource Group Name>"
databricks_workspace = "<Databricks Workspace Name>"
dbricks_url = "<Databricks Azure URL>"
# Acquire a token to authenticate against Azure management API
authority_url = 'https://login.microsoftonline.com/'+tenantId
context = adal.AuthenticationContext(authority_url)
token = context.acquire_token_with_client_credentials(
resource='https://management.core.windows.net/',
client_id=clientId,
client_secret=clientSecret
)
azToken = token.get('accessToken')
# Acquire a token to authenticate against the Azure Databricks Resource
token = context.acquire_token_with_client_credentials(
resource="2ff814a6-3304-4ab8-85cb-cd0e6f879c1d",
client_id=clientId,
client_secret=clientSecret
)
adbToken = token.get('accessToken')
# Format Request API Url
dbricks_api = "https://{}/api/2.0".format(dbricks_url)
# Request Authentication
dbricks_auth = {
"Authorization": "Bearer {}".format(adbToken),
"X-Databricks-Azure-SP-Management-Token": azToken,
"X-Databricks-Azure-Workspace-Resource-Id": ("/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Databricks/workspaces/{}".format(subscription_id, resource_group, databricks_workspace) )
}
# Creating a databricks token
payload = {
"lifetime_seconds": 3600, # the token lifetime
"comment": "This token is created by API call"
}
data =requests.post(f"{dbricks_api}/token/create", headers=dbricks_auth, json=payload)
dict_content = json.loads(data.content.decode('utf-8'))
token = dict_content.get('token_value')
payload = {
"scope": "my-databricks-secret-scope",
"initial_manage_principal": "users"
}
res=requests.post(f"{dbricks_api}/secrets/scopes/create", headers={
"Authorization": "Bearer {}".format(token),
}, json=payload)
print(res.status_code)