search

databricks / databricks-sdk-go

Databricks SDK for Go
https://docs.databricks.com/dev-tools/sdk-go.html
Apache License 2.0
51 stars 42 forks source link

Unable to create or authenticate the Personal Access Token for Service Principal #953

Open vutlan96 opened 4 months ago

vutlan96 commented 4 months ago

Description I had installed databricks cli using winget and issued a personal access token for the service principal . The token worked fine for a day however the next day I'm unable to authenticate/authorize using the same personal access token I had configured for the application.

Reproduction databricks token-management create-obo-token application-id --lifetime-seconds 7776000

Expected behavior I would be asked to enter the host name and the token and it would issue the PAT to the application id I entered above.

Is it a regression? i only have the latest version available - 0.221.1

Debug Logs Error: unexpected error handling request: json: cannot unmarshal number into Go struct field APIErrorBody.error_code of type string. This is likely a bug in the Databricks SDK for Go or the underlying REST API. Please report this issue with the following debugging information to the SDK issue tracker at https://github.com/databricks/databricks-sdk-go/issues. Request log:

POST /api/2.0/token-management/on-behalf-of/tokens
> * Host:
> * Accept: application/json
> * Authorization: REDACTED
> * Content-Type: application/json
> * Traceparent: 00-7465c4b228f0279b24449f275e87b7b4-307695736655b113-01
> * User-Agent: cli/0.221.1 databricks-sdk-go/0.42.0 go/1.21.10 os/windows cmd/token-management_create-obo-token auth/pat
> {
>   "application_id": "for privacy reasons not disclosing the id",
>   "lifetime_seconds": 7776000
> }
< HTTP/2.0 401 Unauthorized
< * Content-Length: 98
< * Content-Type: application/json; charset=utf-8
< * Date: Sun, 23 Jun 2024 09:10:03 GMT
< * Server: databricks
< * Vary: Accept-Encoding
< * Www-Authenticate: Bearer realm="DatabricksRealm"
< * X-Databricks-Reason-Phrase: Credential was not sent or was of an unsupported type for this API.
< {
<   "error_code": 401,
<   "message": "Credential was not sent or was of an unsupported type for this API."
< }

Other Information

Additional context this is very critical and would appreciate all the help at the latest

gthomson31 commented 4 months ago

Any help ?

joe-koch-kard commented 2 months ago

Same issue here, currently using v0.227.0. The error message has less info, just 

  databricks bundle validate -t stage
  shell: /usr/bin/bash -e {0}
  env:
    DATABRICKS_TOKEN: ***
Error: Credential was not sent or was of an unsupported type for this API.
joe-koch-kard commented 3 hours ago

What worked for me was, instead of setting a DATABRICKS_TOKEN, setting a DATABRICKS_CLIENT_ID and DATABRICKS_CLIENT_SECRET generated for the service principal. E.g.

env:
  DATABRICKS_TOKEN: ${{ secrets.STAGING_WORKSPACE_TOKEN }}

becomes

env:
  DATABRICKS_CLIENT_SECRET: ${{ secrets.DATABRICKS_CLIENT_SECRET }} 
  DATABRICKS_CLIENT_ID: ${{ secrets.DATABRICKS_CLIENT_ID }}

Here's how I generated the secret, you do have to be an admin.

Used databricks/setup-cli@v0.232.1.