个人中心
gpt4 book ai didi

python - Databricks API 2.0 - 创建 secret 范围 - TEMPORARILY_UNAVAILABLE

转载 作者:行者123 更新时间:2023-12-03 04:58:32 24 4
gpt4 key购买 nike

我正在自动部署包含 Azure Databricks 实例的基础结构。为了能够在 Databricks 中使用 Azure Blob 存储,我想通过运行 Python 作业的 DevOps Pipeline 中的 Databricks REST API 2.0 创建一个 secret 范围。

当我尝试创建 secret 范围时,我得到响应

{"message":"Authentication is temporarily unavailable. Please try again later.", "error_code": "TEMPORARILY_UNAVAILABLE"}

我已经能够使用 API 创建 databricks 访问 token ,即端点/token/create 工作完美。

我正在使用此问题答案中的代码对 databricks 进行身份验证:https://stackoverflow.com/a/61826488/2196531
这就是我创建 token 以及尝试生成范围的方式:

import requests
import adal
import json

# set variables 
clientId = "<Service Principal Id>"
tenantId = "<Tenant Id>"
clientSecret = "<Service Principal Secret>"
subscription_id = "<Subscription Id>"
resource_group = "<Resource Group Name>"
databricks_workspace = "<Databricks Workspace Name>"
dbricks_url = "<Databricks Azure URL>"

# Acquire a token to authenticate against Azure management API
authority_url = 'https://login.microsoftonline.com/'+tenantId
context = adal.AuthenticationContext(authority_url)
token = context.acquire_token_with_client_credentials(
    resource='https://management.core.windows.net/',
    client_id=clientId,
    client_secret=clientSecret
)
azToken = token.get('accessToken')

# Acquire a token to authenticate against the Azure Databricks Resource
token = context.acquire_token_with_client_credentials(
    resource="2ff814a6-3304-4ab8-85cb-cd0e6f879c1d",
    client_id=clientId,
    client_secret=clientSecret
)
adbToken = token.get('accessToken')

# Format Request API Url
dbricks_api = "https://{}/api/2.0".format(dbricks_url)

# Request Authentication
dbricks_auth = {
    "Authorization": "Bearer {}".format(adbToken),
    "X-Databricks-Azure-SP-Management-Token": azToken,
    "X-Databricks-Azure-Workspace-Resource-Id": ("/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Databricks/workspaces/{}".format(subscription_id, resource_group, databricks_workspace) )
    }

# Creating a databricks token
payload = {
    "comment": "This token is created by API call"
}
requests.post(f"{dbricks_api}/token/create", headers=dbricks_auth, json=payload)
# works

# Creating a databricks secret scope
payload = {
    "scope": "my-databricks-secret-scope",
    "initial_manage_principal": "users"
}
requests.post(f"{dbricks_api}/secrets/scopes/create", headers=dbricks_auth, json=payload)
# returns {"message":"Authentication is temporarily unavailable. Please try again later.", "error_code": "TEMPORARILY_UNAVAILABLE"}

Databricks 正在西欧运行。
Python 3.8.5 x64
代码片段中使用的包

  • adal-1.2.4
  • 请求-2.24.0

databricks API 有问题还是我做错了什么?

最佳答案

根据我的测试,当我们使用 Databricks Rest API 创建 Secret Scope 时,我们应该使用 person 访问 token 。

例如

  1. 创建服务主体
az login
az ad sp create-for-rbac -n "MyApp"
  • 代码
    • import requests
    import adal
    import json

    # set variables 
    clientId = "<Service Principal Id>"
    tenantId = "<Tenant Id>"
    clientSecret = "<Service Principal Secret>"
    subscription_id = "<Subscription Id>"
    resource_group = "<Resource Group Name>"
    databricks_workspace = "<Databricks Workspace Name>"
    dbricks_url = "<Databricks Azure URL>"

    # Acquire a token to authenticate against Azure management API
    authority_url = 'https://login.microsoftonline.com/'+tenantId
    context = adal.AuthenticationContext(authority_url)
    token = context.acquire_token_with_client_credentials(
        resource='https://management.core.windows.net/',
        client_id=clientId,
        client_secret=clientSecret
    )
    azToken = token.get('accessToken')

    # Acquire a token to authenticate against the Azure Databricks Resource
    token = context.acquire_token_with_client_credentials(
        resource="2ff814a6-3304-4ab8-85cb-cd0e6f879c1d",
        client_id=clientId,
        client_secret=clientSecret
    )
    adbToken = token.get('accessToken')

    # Format Request API Url
    dbricks_api = "https://{}/api/2.0".format(dbricks_url)

    # Request Authentication
    dbricks_auth = {
        "Authorization": "Bearer {}".format(adbToken),
        "X-Databricks-Azure-SP-Management-Token": azToken,
        "X-Databricks-Azure-Workspace-Resource-Id": ("/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Databricks/workspaces/{}".format(subscription_id, resource_group, databricks_workspace) )
        }

    # Creating a databricks token
    payload = {
        "lifetime_seconds": 3600, # the token lifetime
        "comment": "This token is created by API call"
    }

    data =requests.post(f"{dbricks_api}/token/create", headers=dbricks_auth, json=payload)
    dict_content = json.loads(data.content.decode('utf-8'))
    token = dict_content.get('token_value')


    payload = {
        "scope": "my-databricks-secret-scope",
        "initial_manage_principal": "users"
    }
    res=requests.post(f"{dbricks_api}/secrets/scopes/create", headers={
        "Authorization": "Bearer {}".format(token),
        }, json=payload)

    print(res.status_code)

    enter image description here

    关于python - Databricks API 2.0 - 创建 secret 范围 - TEMPORARILY_UNAVAILABLE,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/63246097/

    24 4 0
    文章推荐: azure - 如何使用 Powershell 在 Azure 漏洞评估中应用 "Approve as Baseline"
    文章推荐: flutter - 是否可以在dart中使用C++之类的模板参数?
    文章推荐: android - Android Studio,等级:请使用-dontwarn或-ignorewarnings禁止显示它们
    文章推荐: android - 使用ListTile并获取异常:未布局RenderBox
    行者123
    个人简介

    我是一名优秀的程序员,十分优秀!

    滴滴打车优惠券免费领取
    滴滴打车优惠券
    全站热门文章
    Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
    广告合作:1813099741@qq.com 6ren.com