w.service_principals: Service Principals

class databricks.sdk.service.iam.ServicePrincipalsAPI

Identities for use with jobs, automated tools, and systems such as scripts, apps, and CI/CD platforms. Databricks recommends creating service principals to run production jobs or modify production data. If all processes that act on production data run with service principals, interactive users do not need any write, delete, or modify privileges in production. This eliminates the risk of a user overwriting production data by accident.

create([, active: Optional[bool], application_id: Optional[str], display_name: Optional[str], entitlements: Optional[List[ComplexValue]], external_id: Optional[str], groups: Optional[List[ComplexValue]], id: Optional[str], roles: Optional[List[ComplexValue]], schemas: Optional[List[ServicePrincipalSchema]]]) ServicePrincipal

Usage:

import time

from databricks.sdk import WorkspaceClient
from databricks.sdk.service import iam

w = WorkspaceClient()

groups = w.groups.group_display_name_to_id_map(iam.ListGroupsRequest())

spn = w.service_principals.create(display_name=f'sdk-{time.time_ns()}',
                                  groups=[iam.ComplexValue(value=groups["admins"])])

# cleanup
w.service_principals.delete(id=spn.id)

Create a service principal.

Creates a new service principal in the Databricks workspace.

Parameters:
  • active – bool (optional) If this user is active

  • application_id – str (optional) UUID relating to the service principal

  • display_name – str (optional) String that represents a concatenation of given and family names.

  • entitlements

    List[ComplexValue] (optional) Entitlements assigned to the service principal. See [assigning entitlements] for a full list of supported values.

    [assigning entitlements]: https://docs.databricks.com/administration-guide/users-groups/index.html#assigning-entitlements

  • external_id – str (optional)

  • groups – List[ComplexValue] (optional)

  • id – str (optional) Databricks service principal ID.

  • roles – List[ComplexValue] (optional) Corresponds to AWS instance profile/arn role.

  • schemas – List[ServicePrincipalSchema] (optional) The schema of the List response.

Returns:

ServicePrincipal

delete(id: str)

Delete a service principal.

Delete a single service principal in the Databricks workspace.

Parameters:

id – str Unique ID for a service principal in the Databricks workspace.

get(id: str) ServicePrincipal

Usage:

import time

from databricks.sdk import WorkspaceClient

w = WorkspaceClient()

created = w.service_principals.create(display_name=f'sdk-{time.time_ns()}')

by_id = w.service_principals.get(id=created.id)

# cleanup
w.service_principals.delete(id=created.id)

Get service principal details.

Gets the details for a single service principal define in the Databricks workspace.

Parameters:

id – str Unique ID for a service principal in the Databricks workspace.

Returns:

ServicePrincipal

list([, attributes: Optional[str], count: Optional[int], excluded_attributes: Optional[str], filter: Optional[str], sort_by: Optional[str], sort_order: Optional[ListSortOrder], start_index: Optional[int]]) Iterator[ServicePrincipal]

Usage:

from databricks.sdk import WorkspaceClient
from databricks.sdk.service import iam

w = WorkspaceClient()

all = w.service_principals.list(iam.ListServicePrincipalsRequest())

List service principals.

Gets the set of service principals associated with a Databricks workspace.

Parameters:
  • attributes – str (optional) Comma-separated list of attributes to return in response.

  • count – int (optional) Desired number of results per page.

  • excluded_attributes – str (optional) Comma-separated list of attributes to exclude in response.

  • filter

    str (optional) Query by which the results have to be filtered. Supported operators are equals(eq), contains(co), starts with(sw) and not equals(ne). Additionally, simple expressions can be formed using logical operators - and and or. The [SCIM RFC] has more details but we currently only support simple expressions.

    [SCIM RFC]: https://tools.ietf.org/html/rfc7644#section-3.4.2.2

  • sort_by – str (optional) Attribute to sort the results.

  • sort_orderListSortOrder (optional) The order to sort the results.

  • start_index – int (optional) Specifies the index of the first result. First item is number 1.

Returns:

Iterator over ServicePrincipal

patch(id: str [, operations: Optional[List[Patch]], schemas: Optional[List[PatchSchema]]])

Usage:

import time

from databricks.sdk import WorkspaceClient
from databricks.sdk.service import iam

w = WorkspaceClient()

created = w.service_principals.create(display_name=f'sdk-{time.time_ns()}')

by_id = w.service_principals.get(id=created.id)

w.service_principals.patch(id=by_id.id,
                           operations=[iam.Patch(op=iam.PatchOp.REPLACE, path="active", value="false")],
                           schemas=[iam.PatchSchema.URN_IETF_PARAMS_SCIM_API_MESSAGES_2_0_PATCH_OP])

# cleanup
w.service_principals.delete(id=created.id)

Update service principal details.

Partially updates the details of a single service principal in the Databricks workspace.

Parameters:
update(id: str [, active: Optional[bool], application_id: Optional[str], display_name: Optional[str], entitlements: Optional[List[ComplexValue]], external_id: Optional[str], groups: Optional[List[ComplexValue]], roles: Optional[List[ComplexValue]], schemas: Optional[List[ServicePrincipalSchema]]])

Usage:

import time

from databricks.sdk import WorkspaceClient
from databricks.sdk.service import iam

w = WorkspaceClient()

created = w.service_principals.create(display_name=f'sdk-{time.time_ns()}')

w.service_principals.update(id=created.id,
                            display_name=f'sdk-{time.time_ns()}',
                            roles=[iam.ComplexValue(value="xyz")])

# cleanup
w.service_principals.delete(id=created.id)

Replace service principal.

Updates the details of a single service principal.

This action replaces the existing service principal with the same name.

Parameters:
  • id – str Databricks service principal ID.

  • active – bool (optional) If this user is active

  • application_id – str (optional) UUID relating to the service principal

  • display_name – str (optional) String that represents a concatenation of given and family names.

  • entitlements

    List[ComplexValue] (optional) Entitlements assigned to the service principal. See [assigning entitlements] for a full list of supported values.

    [assigning entitlements]: https://docs.databricks.com/administration-guide/users-groups/index.html#assigning-entitlements

  • external_id – str (optional)

  • groups – List[ComplexValue] (optional)

  • roles – List[ComplexValue] (optional) Corresponds to AWS instance profile/arn role.

  • schemas – List[ServicePrincipalSchema] (optional) The schema of the List response.