Databricks Connection¶
The Databricks connection type enables the Databricks & Databricks SQL Integration.
Authenticating to Databricks¶
There are several ways to connect to Databricks using Airflow.
Use a Personal Access Token (PAT) i.e. add a token to the Airflow connection. This is the recommended method.
Use Databricks login credentials i.e. add the username and password used to login to the Databricks account to the Airflow connection. Note that username/password authentication is discouraged and not supported for
DatabricksSqlOperator
.Using Azure Active Directory (AAD) token generated from Azure Service Principal’s ID and secret (only on Azure Databricks). Service principal could be defined as a user inside workspace, or outside of workspace having Owner or Contributor permissions
Using Azure Active Directory (AAD) token obtained for Azure managed identity, when Airflow runs on the VM with assigned managed identity (system-assigned or user-assigned)
Default Connection IDs¶
Hooks and operators related to Databricks use databricks_default
by default.
Configuring the Connection¶
- Host (required)
Specify the Databricks workspace URL
- Login (optional)
If authentication with Databricks login credentials is used then specify the
username
used to login to Databricks.If authentication with Azure Service Principal is used then specify the ID of the Azure Service Principal
If authentication with PAT is used then either leave this field empty or use ‘token’ as login (both work, the only difference is that if login is empty then token will be sent in request header as Bearer token, if login is ‘token’ then it will be sent using Basic Auth which is allowed by Databricks API, this may be useful if you plan to reuse this connection with e.g. HttpOperator)
If authentication with Databricks Service Principal OAuth is used then specify the ID of the Service Principal (Databricks on AWS)
- Password (optional)
If authentication with Databricks login credentials is used then specify the
password
used to login to Databricks.If authentication with Azure Service Principal is used then specify the secret of the Azure Service Principal
If authentication with PAT is used, then specify PAT (recommended)
If authentication with Databricks Service Principal OAuth is used then specify the secret of the Service Principal (Databricks on AWS)
- Extra (optional)
Specify the extra parameter (as json dictionary) that can be used in the Databricks connection.
Following parameter could be used if using the PAT authentication method:
token
: Specify PAT to use. Consider to switch to specification of PAT in the Password field as it’s more secure.
Following parameters are necessary if using authentication with OAuth token for AWS Databricks Service Principal:
service_principal_oauth
: required boolean flag. If specified astrue
, use the Client ID and Client Secret as the Username and Password. See Authentication using OAuth for service principals.
Following parameters are necessary if using authentication with AAD token:
azure_tenant_id
: ID of the Azure Active Directory tenantazure_resource_id
: optional Resource ID of the Azure Databricks workspace (required if Service Principal isn’t a user inside workspace)azure_ad_endpoint
: optional host name of Azure AD endpoint if you’re using special Azure Cloud (GovCloud, China, Germany). The value must contain a protocol. For example:https://login.microsoftonline.de
.
Following parameters are necessary if using authentication with AAD token for Azure managed identity:
use_azure_managed_identity
: required boolean flag to specify if managed identity needs to be used instead of service principaluse_default_azure_credential
: required boolean flag to specify if the DefaultAzureCredential class should be used to retrieve a AAD token. For example, this can be used when authenticating with workload identity within an Azure Kubernetes Service cluster. Note that this option can’t be set together with the use_azure_managed_identity parameter.azure_resource_id
: optional Resource ID of the Azure Databricks workspace (required if managed identity isn’t a user inside workspace)
Following parameters could be set when using
DatabricksSqlOperator
:http_path
: optional HTTP path of Databricks SQL endpoint or Databricks cluster. See documentation.session_configuration
: optional map containing Spark session configuration parameters.named internal arguments to the
Connection
object fromdatabricks-sql-connector
package.
When specifying the connection using an environment variable you should specify it using URI syntax.
Note that all components of the URI should be URL-encoded.
For example:
export AIRFLOW_CONN_DATABRICKS_DEFAULT='databricks://@host-url?token=yourtoken'