w.service_principals: Service Principals¶
- class databricks.sdk.service.iam.ServicePrincipalsAPI¶
Identities for use with jobs, automated tools, and systems such as scripts, apps, and CI/CD platforms. Databricks recommends creating service principals to run production jobs or modify production data. If all processes that act on production data run with service principals, interactive users do not need any write, delete, or modify privileges in production. This eliminates the risk of a user overwriting production data by accident.
- create([, active: Optional[bool], application_id: Optional[str], display_name: Optional[str], entitlements: Optional[List[ComplexValue]], external_id: Optional[str], groups: Optional[List[ComplexValue]], id: Optional[str], roles: Optional[List[ComplexValue]], schemas: Optional[List[ServicePrincipalSchema]]]) ServicePrincipal¶
Usage:
import time from databricks.sdk import WorkspaceClient from databricks.sdk.service import iam w = WorkspaceClient() groups = w.groups.group_display_name_to_id_map(iam.ListGroupsRequest()) spn = w.service_principals.create(display_name=f'sdk-{time.time_ns()}', groups=[iam.ComplexValue(value=groups["admins"])]) # cleanup w.service_principals.delete(id=spn.id)
Create a service principal.
Creates a new service principal in the Databricks workspace.
- Parameters:
active – bool (optional) If this user is active
application_id – str (optional) UUID relating to the service principal
display_name – str (optional) String that represents a concatenation of given and family names.
entitlements –
List[
ComplexValue] (optional) Entitlements assigned to the service principal. See [assigning entitlements] for a full list of supported values.[assigning entitlements]: https://docs.databricks.com/administration-guide/users-groups/index.html#assigning-entitlements
external_id – str (optional)
groups – List[
ComplexValue] (optional)id – str (optional) Databricks service principal ID.
roles – List[
ComplexValue] (optional) Corresponds to AWS instance profile/arn role.schemas – List[
ServicePrincipalSchema] (optional) The schema of the List response.
- Returns:
- delete(id: str)¶
Delete a service principal.
Delete a single service principal in the Databricks workspace.
- Parameters:
id – str Unique ID for a service principal in the Databricks workspace.
- get(id: str) ServicePrincipal¶
Usage:
import time from databricks.sdk import WorkspaceClient w = WorkspaceClient() created = w.service_principals.create(display_name=f'sdk-{time.time_ns()}') by_id = w.service_principals.get(id=created.id) # cleanup w.service_principals.delete(id=created.id)
Get service principal details.
Gets the details for a single service principal define in the Databricks workspace.
- Parameters:
id – str Unique ID for a service principal in the Databricks workspace.
- Returns:
- list([, attributes: Optional[str], count: Optional[int], excluded_attributes: Optional[str], filter: Optional[str], sort_by: Optional[str], sort_order: Optional[ListSortOrder], start_index: Optional[int]]) Iterator[ServicePrincipal]¶
Usage:
import time from databricks.sdk import AccountClient a = AccountClient() sp_create = a.service_principals.create(active=True, display_name=f'sdk-{time.time_ns()}') sp = a.service_principals.get(id=sp_create.id) sp_list = a.service_principals.list(filter="displayName eq %v" % (sp.display_name)) # cleanup a.service_principals.delete(id=sp_create.id)
List service principals.
Gets the set of service principals associated with a Databricks workspace.
- Parameters:
attributes – str (optional) Comma-separated list of attributes to return in response.
count – int (optional) Desired number of results per page.
excluded_attributes – str (optional) Comma-separated list of attributes to exclude in response.
filter –
str (optional) Query by which the results have to be filtered. Supported operators are equals(eq), contains(co), starts with(sw) and not equals(ne). Additionally, simple expressions can be formed using logical operators - and and or. The [SCIM RFC] has more details but we currently only support simple expressions.
[SCIM RFC]: https://tools.ietf.org/html/rfc7644#section-3.4.2.2
sort_by – str (optional) Attribute to sort the results.
sort_order –
ListSortOrder(optional) The order to sort the results.start_index – int (optional) Specifies the index of the first result. First item is number 1.
- Returns:
Iterator over
ServicePrincipal
- patch(id: str [, operations: Optional[List[Patch]], schemas: Optional[List[PatchSchema]]])¶
Usage:
import time from databricks.sdk import AccountClient from databricks.sdk.service import iam a = AccountClient() sp_create = a.service_principals.create(active=True, display_name=f'sdk-{time.time_ns()}') sp = a.service_principals.get(id=sp_create.id) a.service_principals.patch(id=sp.id, operations=[iam.Patch(op=iam.PatchOp.REPLACE, path="active", value="false")], schemas=[iam.PatchSchema.URN_IETF_PARAMS_SCIM_API_MESSAGES_2_0_PATCH_OP]) # cleanup a.service_principals.delete(id=sp_create.id)
Update service principal details.
Partially updates the details of a single service principal in the Databricks workspace.
- Parameters:
id – str Unique ID for a service principal in the Databricks workspace.
operations – List[
Patch] (optional)schemas – List[
PatchSchema] (optional) The schema of the patch request. Must be [”urn:ietf:params:scim:api:messages:2.0:PatchOp”].
- update(id: str [, active: Optional[bool], application_id: Optional[str], display_name: Optional[str], entitlements: Optional[List[ComplexValue]], external_id: Optional[str], groups: Optional[List[ComplexValue]], roles: Optional[List[ComplexValue]], schemas: Optional[List[ServicePrincipalSchema]]])¶
Usage:
import time from databricks.sdk import WorkspaceClient from databricks.sdk.service import iam w = WorkspaceClient() created = w.service_principals.create(display_name=f'sdk-{time.time_ns()}') w.service_principals.update(id=created.id, display_name=f'sdk-{time.time_ns()}', roles=[iam.ComplexValue(value="xyz")]) # cleanup w.service_principals.delete(id=created.id)
Replace service principal.
Updates the details of a single service principal.
This action replaces the existing service principal with the same name.
- Parameters:
id – str Databricks service principal ID.
active – bool (optional) If this user is active
application_id – str (optional) UUID relating to the service principal
display_name – str (optional) String that represents a concatenation of given and family names.
entitlements –
List[
ComplexValue] (optional) Entitlements assigned to the service principal. See [assigning entitlements] for a full list of supported values.[assigning entitlements]: https://docs.databricks.com/administration-guide/users-groups/index.html#assigning-entitlements
external_id – str (optional)
groups – List[
ComplexValue] (optional)roles – List[
ComplexValue] (optional) Corresponds to AWS instance profile/arn role.schemas – List[
ServicePrincipalSchema] (optional) The schema of the List response.