A PDM package to sync Azure users, roles and service principals to Databricks
Project description
databricks-azure-ad-sync-provider
Prerequisites: Authentication
There are multiple options to authenticate to Microsoft Entra ID and Azure Databricks, we used the following two and you could choose in between.
Option 1: If you have Azure CLI installed
- Run 'az login' on your machine to authenticate yourself as an Azure user.
- Setup environment variables for DATABRICKS_HOST and DATABRICKS_ACCOUNT_ID, or create a .databrickscfg file (~ for Linux or macOS, and %USERPROFILE% for Windows) containing the following info:
[DEFAULT]
host = https://accounts.azuredatabricks.net/
account_id = <Databricks account id>
Option 2: Use Microsoft Entra ID service principal:
-
Create a service principal in Microsoft Entra ID and add it to Azure Databricks and grant it target permissions (see reference documentation)
-
Add the following environment varialbes:
- For Azure: AZURE_CLIENT_ID, AZURE_TENANT_ID, AZURE_CLIENT_SECRET (see Microsoft Entra ID authentication)
- For Databricks: DATABRICKS_HOST, DATABRICKS_ACCOUNT_ID, DATABRICKS_CLIENT_ID, DATABRICKS_CLIENT_SECRET (see Databricks authentication)
- Alternatively, you can setup databricks environment varialbes in a .databrickscfg file (~ for Linux or macOS, and %USERPROFILE% for Windows) containing the following info:
[DEFAULT]
host = https://accounts.azuredatabricks.net/
account_id = <Databricks account id>
azure_tenant_id = <Azure tenant id>
azure_client_id = <Azure service principal application ID>
azure_client_secret = <Azure service principal secret>
Install
Run the following to install this package:
pip install db_az_sync_provider
Usage
Yaml file To use the package, it's required to provide:
- Object ID(s) of Azure groups and (optionally) exclude object ID(s) in a yaml file (see syncgroups.yaml for example).
- Existing relations between Azure and Databricks objects in a json file (see syncstates.json from example).
Executions The following two arguments are asked when you execute the sync:
- -f/--file
- -j/--json
- -d/--delete (if this option provided, you enable to delete identities in Databricks, it's recommended to not use this option though)
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for db_az_sync_provider-0.1.6.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | a9a4d35c4a42dc70da603ff6f1608d79327658d97a6380cc35f11a0b6b4b8a76 |
|
MD5 | a994d1c1daebe581bd140d6cbb45ed3f |
|
BLAKE2b-256 | 3bedd5c6c9a35bbd20ee9e9c41017a75e92f1411f1298f9b46fe53caa962afa0 |
Hashes for db_az_sync_provider-0.1.6-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 9afb749948dcecb90acff8b0666dde893f438d991f5cb4ac7737294113c536c1 |
|
MD5 | 1a313b283a3ff2aba9b2af59cab894af |
|
BLAKE2b-256 | e672779a2fce8907aa5a70939e3a472e6c9b600f1288ac6beca86b61fbba3b12 |