w.token_management: Token management¶
- class databricks.sdk.service.settings.TokenManagementAPI¶
Enables administrators to get all tokens and delete tokens for other users. Admins can either get every token, get a specific token by ID, or get all tokens for a particular user.
- create_obo_token(application_id: str [, comment: Optional[str], lifetime_seconds: Optional[int]]) CreateOboTokenResponse¶
Usage:
import time from databricks.sdk import WorkspaceClient from databricks.sdk.service import iam w = WorkspaceClient() groups = w.groups.group_display_name_to_id_map(iam.ListGroupsRequest()) spn = w.service_principals.create( display_name=f"sdk-{time.time_ns()}", groups=[iam.ComplexValue(value=groups["admins"])], ) obo = w.token_management.create_obo_token(application_id=spn.application_id, lifetime_seconds=60) # cleanup w.service_principals.delete(id=spn.id) w.token_management.delete(token_id=obo.token_info.token_id)
Create on-behalf token.
Creates a token on behalf of a service principal.
- Parameters:
application_id – str Application ID of the service principal.
comment – str (optional) Comment that describes the purpose of the token.
lifetime_seconds – int (optional) The number of seconds before the token expires.
- Returns:
- delete(token_id: str)¶
Delete a token.
Deletes a token, specified by its ID.
- Parameters:
token_id – str The ID of the token to revoke.
- get(token_id: str) GetTokenResponse¶
Usage:
import time from databricks.sdk import WorkspaceClient from databricks.sdk.service import iam w = WorkspaceClient() groups = w.groups.group_display_name_to_id_map(iam.ListGroupsRequest()) spn = w.service_principals.create( display_name=f"sdk-{time.time_ns()}", groups=[iam.ComplexValue(value=groups["admins"])], ) obo = w.token_management.create_obo_token(application_id=spn.application_id, lifetime_seconds=60) by_id = w.token_management.get(token_id=obo.token_info.token_id) # cleanup w.service_principals.delete(id=spn.id) w.token_management.delete(token_id=obo.token_info.token_id)
Get token info.
Gets information about a token, specified by its ID.
- Parameters:
token_id – str The ID of the token to get.
- Returns:
- get_permission_levels() GetTokenPermissionLevelsResponse¶
Get token permission levels.
Gets the permission levels that a user can have on an object.
- Returns:
- get_permissions() TokenPermissions¶
Get token permissions.
Gets the permissions of all tokens. Tokens can inherit permissions from their root object.
- Returns:
- list([, created_by_id: Optional[int], created_by_username: Optional[str]]) Iterator[TokenInfo]¶
Usage:
from databricks.sdk import WorkspaceClient from databricks.sdk.service import settings w = WorkspaceClient() all = w.token_management.list(settings.ListTokenManagementRequest())
List all tokens.
Lists all tokens associated with the specified workspace or user.
- Parameters:
created_by_id – int (optional) User ID of the user that created the token.
created_by_username – str (optional) Username of the user that created the token.
- Returns:
Iterator over
TokenInfo
- set_permissions([, access_control_list: Optional[List[TokenAccessControlRequest]]]) TokenPermissions¶
Set token permissions.
Sets permissions on an object, replacing existing permissions if they exist. Deletes all direct permissions if none are specified. Objects can inherit permissions from their root object.
- Parameters:
access_control_list – List[
TokenAccessControlRequest] (optional)- Returns:
- update_permissions([, access_control_list: Optional[List[TokenAccessControlRequest]]]) TokenPermissions¶
Update token permissions.
Updates the permissions on all tokens. Tokens can inherit permissions from their root object.
- Parameters:
access_control_list – List[
TokenAccessControlRequest] (optional)- Returns: