![]() A Databricks account contains zero, one, or more Databricks workspaces. You may have one or more Databricks accounts. To understand authentication to use Databricks REST APIs, you must understand the types of REST APIs and their relationship to the Databricks resource hierarchy. Use one Google Cloud service account for both SA-1 and SA-2.Īccount-level APIs and workspace-level APIs ![]() The user account must have the role roles/iam.serviceAccountTokenCreator. Use your Google user account to impersonate SA-2. You can adapt these instructions for non-production use and testing using one of the following strategies: This article describes in detail how to perform these steps for production use. Because you only grant the impersonation permissions as needed, this approach offers security and flexibility to your organization. With this impersonation model, one team can manage workload security and another team can manage resource security. Grant SA-1 permission to impersonate SA-2 to call Databricks REST APIs. The important differences are called out in the instructions.įor a production environment, Databricks recommends that you use two service accounts to work with Databricks REST APIs.Ĭreate one service account (SA-1) to run your workloads.Ĭreate another service account (SA-2) to hold permissions to your Databricks and Google Cloud resources. The steps for setting up tokens for workspace-level and account-level APIs are mostly the same. This article describes the steps to authenticate to use Databricks REST APIs and how to create the required Google Cloud service accounts and generate tokens for these accounts.Ī single Google ID token can be used for account-level APIs or workspace-level APIs, but cannot be used for both purposes. To reduce confusion, the rest of this article uses the term Google ID token not OIDC token. Google Cloud ID authentication walkthroughĭatabricks REST APIs support only the Google-issued OIDC tokens, which are commonly known as Google ID tokens.Google Cloud ID authentication overview.Google Cloud credentials authentication walkthrough.Google Cloud credentials authentication overview.Databricks personal access token authentication.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |