Search code examples
azureapidatabricksazure-databricksdatabricks-rest-api

Azure Databricks API

Trying to use the Databricks API to work with resources programmatically. I am using this microsoft documentto authenticate with a service principal.

https://learn.microsoft.com/en-us/azure/databricks/dev-tools/api/latest/aad/service-prin-aad-token

But I'm getting the following error

"Invoke-RestMethod : {"error":"invalid_resource","error_description":"AADSTS500011: The resource principal named https://management.core.azure.com was not found in the tenant"

This is my full script. What am I missing?

$ApiCommand = "clusters/get"

$DataBrick = "https://adb-3522222096750220.0.azuredatabricks.net"

$DataBricksResourceID = ""

$VaultName = ""
$KeyName = ""

$apiEndpointUri = "https://management.core.azure.com"  
$tenantId = ""  
$applicationId = ""  
$secret = Get-AzKeyVaultSecret -VaultName $VaultName -Name $KeyName -AsPlainText

$RequestAccessTokenUri = "https://login.microsoftonline.com/$tenantId/oauth2/token"
$body = "grant_type=client_credentials&client_id=$applicationId&client_secret=$secret&resource=2ff814a6-3304-4ab8-85cb-cd0e6f879c1d" 
$Managementbody = "grant_type=client_credentials&client_id=$applicationId&client_secret=$secret&resource=$apiEndpointUri"  
$contentType = 'application/x-www-form-urlencoded' 

$AccessToken = Invoke-RestMethod -Method Post -Uri $RequestAccessTokenUri -Body $body -ContentType $contentType  
Write-Output $AccessToken
$ManagementToken = Invoke-RestMethod -Method Post -Uri $RequestAccessTokenUri -Body $Managementbody -ContentType $contentType
Write-Output $ManagementToken

$apiuri = $DataBrick +"/api/2.0/$ApiCommand"
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", "Bearer " + $AccessToken.access_token)
$headers.Add("X-Databricks-Azure-SP-Management-Token", $ManagementToken.access_token)
$headers.Add("X-Databricks-Azure-Workspace-Resource-Id", $DataBricksResourceID)

Invoke-RestMethod -Uri $apiuri -Headers $headers
Solution

  • The trailing / character in the management endpoint URI is really important - you need to specify it as in the documentation: https://management.core.windows.net/

    You can also add this SP into the workspace itself, then you will need to get only one AAD token (see the docs).