3

I am fairly new to Azure Devops and Azure Databricks.

I have created Azure Databricks workspace using Azure Devops CI/CD Pipeline. Now I am looking for a solution to Add Users to Azure Databricks workspace using DevOps Pipeline.

Alex Ott
  • 80,552
  • 8
  • 87
  • 132
Saurabh Mehta
  • 91
  • 1
  • 2
  • 9

1 Answers1

1

There are several methods:

  • Use databricks_user resource from Databricks Terraform provider - it could be as simple as example below, or you can combine it with azuread provider, and pull users from Azure Active Directory. Another advantage of Terraform provider is that you can combine it with user groups, and other things.
resource "databricks_user" "me" {
  user_name = "me@example.com"
}

  • Use Databricks SCIM API for Users (part of general SCIM API) - creation is quite straightforward, you just need to form correct JSON as described in docs (I didn't want to copy JSON from there), and do a call with curl or something like that. Also,

  • There is a collection of PowerShell scripts developed by the DataThirst company, that include scripts for adding & removing users, etc. These scripts are using REST API under the hood, and could be simpler than to use REST API. Some of these tasks are also available on the DevOps marketplace.

In any case, you need to authenticate to the workspace. For automated pipelines you have two choices - service principals or managed identity associated with DevOps worker, and they should have Owner or Contributor permissions on the workspace level, or be added into workspace as admin users.

  • For REST API authentication of service principal is described in details in documentation, for managed identity you just get the token from internal REST API.
  • Databricks Terraform provider also supports both service principals and managed identity.
Alex Ott
  • 80,552
  • 8
  • 87
  • 132
  • Hi Alex, Thanks for suggesting different ways, I am trying to use SCIM 2.0 API. I have created a premium tier DB Workspace, and I have added my User as admin .. However when I try to get User details using below url: https://adb-5084807039519483.3.azuredatabricks.net/api/2.0/preview/scim/v2/Me It gives unauthorized error: HTTP ERROR 401 Problem accessing /api/2.0/preview/scim/v2/Me. Reason: Unauthorized I have tried with Me, Users and Groups Service endpoints. Any idea/comment on this. – Saurabh Mehta Nov 01 '21 at 11:06
  • are you follow the steps to generate AAD token? – Alex Ott Nov 01 '21 at 11:25
  • I have generated a PAT on Databricks workspace.. and now the Curl command is working.. I need to see now how to generate AAD or PAT from Azure Devops pipeline.. I think for PAT again API needs to be used but not sure if for using Token API as well, require a PAT or not. – Saurabh Mehta Nov 01 '21 at 12:26
  • you can use PAT, but it will be user's PAT... on Azure, there is no PAT for service principals – Alex Ott Nov 01 '21 at 12:34