I need to create a token in Azure Databricks using ARM template.
I am able to create Azure Databricks using ARM template but unable to create token in Azure Databricks using ARM template
Following is the template which i have used to create Azure Databricks
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-
01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"workspaceName": {
"type": "string",
"metadata": {
"description": "The name of the Azure Databricks workspace to create."
}
},
"pricingTier": {
"type": "string",
"defaultValue": "premium",
"allowedValues": [
"standard",
"premium"
],
"metadata": {
"description": "The pricing tier of workspace."
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
}
},
"variables": {
"managedResourceGroupName": "[concat('databricks-rg-',
parameters('workspaceName'), '-', uniqueString(parameters('workspaceName'),
resourceGroup().id))]"
},
"resources": [
{
"type": "Microsoft.Databricks/workspaces",
"name": "[parameters('workspaceName')]",
"location": "[parameters('location')]",
"apiVersion": "2018-04-01",
"sku": {
"name": "[parameters('pricingTier')]"
},
"properties": {
"ManagedResourceGroupId": "[concat(subscription().id, '/resourceGroups/', variables('managedResourceGroupName'))]"
}
}
],
"outputs": {
"workspace": {
"type": "object",
"value": "[reference(resourceId('Microsoft.Databricks/workspaces', parameters('workspaceName')))]"
}
}
}
Kindly let me know how to create tokens in Azure Databricks using ARM template
I see in a comment that you ask if it is possible to create a token using a script. It is now possible!
Databricks has a token API: https://docs.databricks.com/dev-tools/api/latest/tokens.html
Check out this blog: https://cloudarchitected.com/2020/01/using-azure-ad-with-the-azure-databricks-api/
It shows how easy it is to create a databricks token using AAD, and a few other methods.
I have some Python Code that I use automate this task. I would extend it to automatically add the token to a key vault of some sort. Here is a sample:
import requests
import adal
import json
# set variables
clientId = "<Service Principal Id>"
tenantId = "<Tenant Id>"
clientSecret = "<Service Principal Secret>"
subscription_id = "<Subscription Id>"
resource_group = "<Resource Group Name>"
databricks_workspace = "<Databricks Workspace Name>"
dbricks_location = "<Databricks Azure Region i.e. westus>"
# Acquire a token to authenticate against Azure management API
authority_url = 'https://login.microsoftonline.com/'+tenantId
context = adal.AuthenticationContext(authority_url)
token = context.acquire_token_with_client_credentials(
resource='https://management.core.windows.net/',
client_id=clientId,
client_secret=clientSecret
)
azToken = token.get('accessToken')
# Acquire a token to authenticate against the Azure Databricks Resource
token = context.acquire_token_with_client_credentials(
resource="2ff814a6-3304-4ab8-85cb-cd0e6f879c1d",
client_id=clientId,
client_secret=clientSecret
)
adbToken = token.get('accessToken')
# Format Request API Url
dbricks_api = "https://{}.azuredatabricks.net/api/2.0".format(dbricks_location)
# Request Authentication
dbricks_auth = {
"Authorization": "Bearer {}".format(adbToken),
"X-Databricks-Azure-SP-Management-Token": azToken,
"X-Databricks-Azure-Workspace-Resource-Id": ("/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Databricks/workspaces/{}".format(subscription_id, resource_group, databricks_workspace) )
}
# Optional Paramters
payload = {
"comment": "This token is generated through AAD and Databricks APIs", # optional parameter
# "lifetime_seconds": 3600 # optional parameter. If not passed then it is indefinte
}
# Request and Send Data to Create a Databricks Token
data = requests.post("{}/token/create".format(dbricks_api), headers= dbricks_auth, json=payload)
# display the response data
data.status_code
data.content
# Decode response, get token, and print token
dict_content = json.loads(data.content.decode('utf-8'))
token = dict_content.get('token_value')
print("This is the databricks token: {}".format(token))
This isn't possible today. It is a requested feature here on uservoice https://feedback.azure.com/forums/909463-azure-databricks/suggestions/35257819-expose-api-key-during-arm-deployment
(Please upvote)
Currently you have to log into the web UI manually and generate a token. Even the REST API doesn't support this.
You can actually use azure.databricks.cicd.tools in your CD pipeline to create a new bearer token.
You need to use Connect-Databricks to connect to your workspace first. I usually use the AADwithOrgId method to authenticate to the Databricks workspace:
Connect-Databricks -Region <String> -ApplicationId <String> -Secret <String> -DatabricksOrgId <String> -TenantId <String>
The service principal should have the Contributor role on your resource group and be added a an admin in your Databricks workspace.
Related
`Hi All,
After LinkedIn API versioning, it seems that below projection parameter is not supported with creatives API call now :
com.linkedin.ads.SponsoredVideoCreativeVariables
com.linkedin.ads.SponsoredUpdateCarouselCreativeVariables
com.linkedin.ads.SpotlightCreativeVariablesV2
com.linkedin.ads.SponsoredUpdateCreativeVariables
com.linkedin.ads.JobsCreativeVariablesV2
com.linkedin.ads.SponsoredInMailCreativeVariables
Due to this, we are not able to fetch response similar to Old API call with new API now. This seems to be big impact to us.
For example , We are not receiving any of fields like 'showMemberProfilePhoto', 'forumName' for SpotlightCreativeVariablesV2 with new API which we used to get previously like mentioned below.
We have 2 headers in request as mentioned in LinkedIn API migration document.
X-Restli-Protocol-Version : 2.0.0
LinkedIn-Version : 202210
Old API call : https://api.linkedin.com/v2/adCreativesV2?ids=List({$creative_id})&projection=(results(*(variables(*,data(*,com.linkedin.ads.SpotlightCreativeVariablesV2(*,share~(*)))))))
Old API Response :
{
"results": {
"46524875": {
"variables": {
"clickUri": "$clickUri",
"data": {
"com.linkedin.ads.SpotlightCreativeVariablesV2": {
"showMemberProfilePhoto": true,
"forumName": "$forumName",
"description": "$description",
"logo": "$logo",
"headline": "$headline",
"callToAction": "$callToAction"
}
}
}
}
}
}
New API Call : https://api.linkedin.com/rest/creatives?ids=List(urn%3Ali%3AsponsoredCreative%3A{$creative_id})
New API Response :
{
"results": {
"urn:li:sponsoredCreative:$creative_id": {
"servingHoldReasons": ["$servingHoldReasons"],
"lastModifiedAt": 12345678000,
"lastModifiedBy": "",
"content": {
"reference": "urn:li:ugcPost:$ugc_post"
},
"createdAt": 1234562340000,
"isTest": false,
"createdBy": "$createdBy",
"review": {
"status": "APPROVED"
},
"isServing": false,
"campaign": "urn:li:sponsoredCampaign:$campaign_id",
"id": "urn:li:sponsoredCreative:$creative_id",
"intendedStatus": "ACTIVE",
"account": "urn:li:sponsoredAccount:$account_id"
}
},
"statuses": {
"urn:li:sponsoredCreative:creative_id": 200
},
"errors": {}
}
Is there any way to get all those fields we used to get in old API call with new API as we need these fields for processing.
`
I'm using GithubAuthProvider with the added scope repo to get the user's access token which is later used to access the GitHub GraphQL API (the GitHub App has the permissions for Contents and Metadata set to Read-only).
The problem is when I'm trying to list private repos. The API returns an empty array as if I don't have the required permissions. Moreover, when I try to list branches of a user's repo it returns an error of type FORBIDDEN.
Query:
query {
viewer {
repository(name: "some-repo") {
refs(refPrefix: "refs/heads/", first: 10) {
nodes {
name
}
}
}
}
}
Response:
{
"data": {
"viewer": {
"repository": {
"refs": null
}
}
},
"errors": [
{
"type": "FORBIDDEN",
"path": [
"viewer",
"repository",
"refs"
],
"extensions": {
"saml_failure": false
},
"locations": [
{
"line": 7,
"column": 7
}
],
"message": "Resource not accessible by integration"
}
]
}
What am I missing?
For GitHub GraphQL API, only scope repo may not be enough.
Following are scopes requested for reference. Authenticating with GraphQL
user
public_repo
repo
repo_deployment
repo:status
read:repo_hook
read:org
read:public_key
read:gpg_key
The API returns an empty array as if I don't have the required permissions.
I wonder whether you are query under the viewer. viewer can get the private repos he/she owned. For repos owned by other people, you can try
repository(name: "repo-name", owner: "login") {
name
}
It will return NOT_FOUND error if you don't have the required permissions.
Your query works fine for me :)
It turns out I read through the Firebase instructions too fast and created a Github App instead of an OAuth App.
It's now working as it should.
We have created a Custom Activity with Marketo web portal, and we are able to create leads with REST API. So now, how can we log Custom Activity data using Marketo REST API?
Custom Activity structure is as follows:
{
"id": 100001,
"name": "TEST_ACTIVITY",
"apiName": "test_api_c",
"description": "",
"primaryAttribute": {
"name": "event_id",
"apiName": "event_id",
"dataType": "string"
},
"attributes": [
{
"name": "email",
"apiName": "email",
"dataType": "email"
},
{
"name": "event_data",
"apiName": "event_data",
"dataType": "string"
}
]
}
You can push your custom activity records to the Add Custom Activities endpoint, which is available at the POST /rest/v1/activities/external.json url.
First, worth to note, that in order to use the endpoint, the API user has to have the “Read-Write Activity” permission.
The endpoint expects a payload with a single input key, that can hold up to 300 activity records. For each activity record the leadId, activityDate, activityTypeId, primaryAttributeValue and attributes fields are required, and in case of the attributes array, the name is the normal “name” field, not the “apiName”.
In your case the payload would look something like this:
{
"input":[// Note the array of records
{
"activityDate":"2018-03-20T22:43:12+02:00",
"activityTypeId":100001,
"leadId":<LEAD_ID>,
"primaryAttributeValue":"<YOUR_EVENT_ID>",
"attributes":[
{
"name":"email",// This is the `name` field of the attribute, not the `apiName`!
"value":"<EMAIL_ADDRESS>"
},
{
"name":"event_data",// This is the `name` field of the attribute, not the `apiName`!
"value":"<EVENT_DATA>"
}
]
},
//{
// …other activity records…
//}
]
}
I'm referring to use Openstack API to get quota usage from Openstack Cloud. I did exactly as document at https://developer.openstack.org/api-ref/compute/.
But It didn't work, with api:
<host>/v2/{tenant_id}/os-quota-sets/{tenant_id}/detail
or
<host>/v2/{tenant_id}/os-quota-sets/detail
It worked with api:
<host>/v2/{tenant_id}/os-quota-sets/{tenant_id}
But, I want to get details. Did I do anything wrong?
OpenStack client can be used... And you can use command line tools.... Below is the link which can help you.
https://docs.openstack.org/nova/pike/admin/quotas.html
You can install OpenStack SDK, you can go through API documentation section for networking.
Below is the link:
https://docs.openstack.org/openstacksdk/latest/user/proxies/network.html#openstack.network.v2._proxy.Proxy.update_quota
You may find methods like:
delete_quota(quota, ignore_missing=True)
get_quota(quota, details=False)
API for getting project quota can be called as,
requests.get('http://'+url+':8774/v2.1/os-quota-sets/'+projectid+'/detail',headers={'content-type': 'application/json', 'X-Auth-Token': token})
You will have to pass your project id in path and 'X-Auth-Token' parameter in headers which can be extracted as,
url = [Your Cloud Machine IP Goes here]
def gettokenForUser(username,password):
payload1 = {
"auth": {
"identity": {
"methods": [
"password"
],
"password": {
"user": {
"name": username,
"domain": {
"name": "Default"
},
"password": password
}
}
}
}
}
response = requests.post('http://'+url+':5000/v3/auth/tokens',
headers={'content-type': 'application/json'},
data=json.dumps(payload1))
return response.headers['X-Subject-Token']
I'd like to be able to store custom data in the JSON object returned by the auth.login - AngularFire2 method
After authentication using the email/password method in Ionic2 - AngularFire2 library.
signin(credentials) {
return this.af.auth.login(credentials);
}
The this.af.auth.login method returns a json object containing the below data.
{
"auth": {
"uid": "d901fffb-********8099",
"displayName": null,
"photoURL": null,
"email": "****#gmail.com",
"emailVerified": false,
"isAnonymous": false,
"providerData": [
{
"uid": "*****#gmail.com",
"displayName": null,
"photoURL": null,
"email": "****#gmail.com",
"providerId": "password"
}
],
"apiKey": "AB*********",
"appName": "[DEFAULT]",
"authDomain": "******",
"stsTokenManager": {
"apiKey": "***********",
"refreshToken": "ADDl5SEJAWQ90BDG8q1uN6_mn2QYpkMLALUog1ax8lkkmHSQp3jM6CE9BM34ur59Es99rlPnuNM5dsIGAqPZQ3HXRYXpmvr4Jy5UHLgyQEgSg9NydfjXeRuTgajnsPu5bGlJqt679hl_Fv-y_7LIXewW0fr9tzjyH3ur3-_QoXNT99wHazLIwqD4CdsKI95Ka64CI4O12PikH6Huti4vqzxdXy6jq-8jTA",
"accessToken": "eyJhbGciOiJSUzI1NiIsImtpZCI6Ijk5ZGI1MDc4ZDRkOWUyMTAyZDg1NzA0MWMzMjExNjZiZGE3OGUxZjAifQ.eyJpc3MiOiJodHRwczovL3NlY3VyZXRva2VuLmdvb2dsZS5jb20vcm9hZGJhbmd2YXBwIiwiYXVkIjoicm9hZGJhbmd2YXBwIiwiYXV0aF90aW1lIjoxNDg0MTk1MjY3LCJ1c2VyX2lkIjoiZDkwMWZmZmItNzJkMy00YzVhLThjZGEtOGY0MWYyZjQ4MDk5Iiwic3ViIjoiZDkwMWZmZmItNzJkMy00YzVhLThjZGEtOGY0MWYyZjQ4MDk5IiwiaWF0IjoxNDg0MTk1MjY3LCJleHAiOjE0ODQxOTg4NjcsImVtYWlsIjoibWFnbnVzLm1lbHdpbkBnbWFpbC5jb20iLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsImZpcmViYXNlIjp7ImlkZW50aXRpZXMiOnsiZW1haWwiOlsibWFnbnVzLm1lbHdpbkBnbWFpbC5jb20iXX0sInNpZ25faW5fcHJvdmlkZXIiOiJwYXNzd29yZCJ9fQ.tyqjKCJ_QhBGTRw9ji2iq8bbwmyT4i5vt4MsYpoQHwgicew9PWV1OKoGCHQho0l5ilGHkUeXrDAg3xD7_RHhM_CLNnqNJl-m76-F3uYM1AEjzLMPd2j6q6aO6m3E3fWSa5t9rJYtvuCNaKexpAB9g_l_HTOjNsX4E9XNCB5-v0_vjt9uYPsHM5G-yjuOxru-FJYhNwCCpN3rN97XzP9vkBhWSCQTCHBM3yS4xKCgzMeUb909OUxZK4ZrQFLP0BYPB3U1izmYlSdWd_tuLHm5GMqmerdXf08W_737UpOHOZuLls2pO9RVok-FjYAji-wxQTVEI0hq-hr7v1-mCqiIOw",
"expirationTime": 1484198865797
},
"redirectEventId": null
},
"uid": "d901f***********8099",
"provider": 4
}
What I am trying to do is add in fields like Company Name, Mobile No, Landline No...and a few such fields to the above json object returned.
So auth.login json promise call stores the profile data, rather than me having to store additional data in the firebase database separately.
Any help will be much appreciated.
my system information as given below:
Cordova CLI: 6.4.0
Ionic Framework Version: 2.0.0-rc.3
Ionic CLI Version: 2.1.18
Ionic App Lib Version: 2.1.9
Ionic App Scripts Version: 0.0.48
ios-deploy version: Not installed
ios-sim version: Not installed
OS: Linux 4.4
Node Version: v6.9.0
Xcode version: Not installed
Using Angularfire2 and firebase 3
According to https://docs.ionic.io/services/auth/#storing-data
it should be as simple as
auth.user.set('birthdate', '5/17/1985');
though note that you will have to import the cloud auth service
EDIT: 3/13 Ah, realized I forgot to note you must also call
auth.user.save()
after setting all fields and you can call .load() to fetch the freshest data.
You can also try it like this, without the auth.user I call only user
this.user.set('birthday', '3/04/1999');
this.user.set('username', 'JaneDoe');
this.user.save();