1
00:00:00,320 --> 00:00:01,440
Hey, what's up, Gurus?

2
00:00:01,440 --> 00:00:03,560
In this lesson, we are going to talk about

3
00:00:03,560 --> 00:00:07,800
how to implement resource tokens in Azure Databricks.

4
00:00:07,800 --> 00:00:10,030
So we're going to talk first a little bit,

5
00:00:10,030 --> 00:00:13,550
conceptually, about how we authenticate in Azure Databricks,

6
00:00:13,550 --> 00:00:15,230
and then we're going to spend most of our time

7
00:00:15,230 --> 00:00:16,860
actually in the portal.

8
00:00:16,860 --> 00:00:18,610
I'm going to jump over, and I'm going to show you

9
00:00:18,610 --> 00:00:20,753
how to actually set this up.

10
00:00:21,920 --> 00:00:23,540
So with that, let's get started.

11
00:00:23,540 --> 00:00:26,110
So when we authenticate in Databricks,

12
00:00:26,110 --> 00:00:28,580
there's basically 2 different options.

13
00:00:28,580 --> 00:00:31,130
The first option is to authenticate

14
00:00:31,130 --> 00:00:35,340
using an Azure Active Directory token that you can create.

15
00:00:35,340 --> 00:00:36,420
And so to do that,

16
00:00:36,420 --> 00:00:40,680
you're going to define the service principal in Azure AD,

17
00:00:40,680 --> 00:00:43,910
and then you're going to get an Azure AD access token.

18
00:00:43,910 --> 00:00:45,220
That's really the 2 steps

19
00:00:45,220 --> 00:00:46,800
that you need to do in order to get

20
00:00:46,800 --> 00:00:50,550
an Azure Active Directory token for Databricks.

21
00:00:50,550 --> 00:00:52,370
The second option is to use

22
00:00:52,370 --> 00:00:55,135
an Azure Databricks personal access token,

23
00:00:55,135 --> 00:00:59,350
and I'll show you how to do that as well.

24
00:00:59,350 --> 00:01:01,000
When you look at authentication,

25
00:01:01,000 --> 00:01:04,343
tokens should be used in place of passwords

26
00:01:04,343 --> 00:01:06,630
as much as possible.

27
00:01:06,630 --> 00:01:09,281
You certainly don't want to hardcode any passwords

28
00:01:09,281 --> 00:01:13,360
into your environment or into your scripts or codes.

29
00:01:13,360 --> 00:01:14,850
So you want to use these tokens

30
00:01:14,850 --> 00:01:17,370
and these authentication methods instead,

31
00:01:17,370 --> 00:01:18,673
because it's so much easier

32
00:01:18,673 --> 00:01:23,330
and safer to retract those tokens, to expire those tokens,

33
00:01:23,330 --> 00:01:26,560
and to manage who has access to the environments.

34
00:01:26,560 --> 00:01:29,640
So with that, let's actually hop into the portal,

35
00:01:29,640 --> 00:01:32,090
and spend the rest of the time taking a look

36
00:01:32,090 --> 00:01:36,203
at how we create and revoke tokens in Databricks.

37
00:01:37,114 --> 00:01:40,650
So let me jump you over, and let's go ahead

38
00:01:40,650 --> 00:01:44,270
and actually tackle the Azure Active Directory one first.

39
00:01:44,270 --> 00:01:47,740
So I'll take you into Azure Active Directory,

40
00:01:47,740 --> 00:01:51,680
and we've gone down to Manage and then App Registrations.

41
00:01:51,680 --> 00:01:56,300
So we need to create an application registration first.

42
00:01:56,300 --> 00:01:58,230
And so I've actually done that here,

43
00:01:58,230 --> 00:01:59,830
but I'll show you what this looks like.

44
00:01:59,830 --> 00:02:01,940
If I click on New Registration,

45
00:02:01,940 --> 00:02:04,453
basically I just create a name.

46
00:02:05,980 --> 00:02:09,950
And then I choose who can use the application.

47
00:02:09,950 --> 00:02:12,460
Generally, you're probably going to have a single tenant,

48
00:02:12,460 --> 00:02:13,960
but again, if this is not-

49
00:02:13,960 --> 00:02:15,260
if this is a production environment,

50
00:02:15,260 --> 00:02:18,060
it very likely may be multi-tenant, or whatever.

51
00:02:18,060 --> 00:02:21,740
So for our case, we would just choose single tenant.

52
00:02:21,740 --> 00:02:25,900
Then, we would just create a redirect URI if we have that,

53
00:02:25,900 --> 00:02:28,080
otherwise, we can just leave that alone.

54
00:02:28,080 --> 00:02:29,860
And then we just click on Register.

55
00:02:29,860 --> 00:02:31,700
And it's just going to take a second here,

56
00:02:31,700 --> 00:02:32,580
and there you go.

57
00:02:32,580 --> 00:02:36,160
It's actually created that registration.

58
00:02:36,160 --> 00:02:38,460
Once we have that registration,

59
00:02:38,460 --> 00:02:41,700
we need to go in and create our token.

60
00:02:41,700 --> 00:02:42,850
And so to do that,

61
00:02:42,850 --> 00:02:47,300
I'm going to go under Manage, Certificates & Secrets,

62
00:02:47,300 --> 00:02:50,620
and then I'm going to create a new client secret.

63
00:02:50,620 --> 00:02:55,440
So I could just say this is my 'Databricks test'.

64
00:02:55,440 --> 00:02:57,640
I can choose my expiration date,

65
00:02:57,640 --> 00:03:00,665
custom or I can choose from a dropdown list here.

66
00:03:00,665 --> 00:03:05,665
Click on Add, and then it's going to give me my information.

67
00:03:05,780 --> 00:03:07,428
Now, another key point here.

68
00:03:07,428 --> 00:03:10,200
I am going to be deleting this as soon as we're done,

69
00:03:10,200 --> 00:03:13,400
so the secret ID and the value really isn't that important.

70
00:03:13,400 --> 00:03:15,540
However, in a real environment

71
00:03:15,540 --> 00:03:18,380
or in your environment, it is incredibly important,

72
00:03:18,380 --> 00:03:20,490
please don't share this with people. Okay?

73
00:03:20,490 --> 00:03:22,720
So if you want to use Azure Active Directory,

74
00:03:22,720 --> 00:03:25,560
this is how you would do that to generate a token.

75
00:03:25,560 --> 00:03:29,180
The other option is to go into Databricks,

76
00:03:29,180 --> 00:03:31,189
and I would come down to Settings,

77
00:03:31,189 --> 00:03:35,650
User Settings, and then that takes me here,

78
00:03:35,650 --> 00:03:38,310
and I can create an access token.

79
00:03:38,310 --> 00:03:40,030
I just click on Generate Token,

80
00:03:40,030 --> 00:03:45,030
and I would just say 'test', set my duration again,

81
00:03:45,270 --> 00:03:49,960
click on Generate. There's my token.

82
00:03:49,960 --> 00:03:53,890
And here is my token now displayed here.

83
00:03:53,890 --> 00:03:57,050
Now, let's say that I need to remove a token,

84
00:03:57,050 --> 00:04:00,026
because oops, I showed it to everyone in a video.

85
00:04:00,026 --> 00:04:02,980
I would come over here, and I can click on the X button,

86
00:04:02,980 --> 00:04:05,460
and I can revoke the token.

87
00:04:05,460 --> 00:04:07,780
So I just click on Revoke, and there you go.

88
00:04:07,780 --> 00:04:10,420
That quick, it has been deleted.

89
00:04:10,420 --> 00:04:12,250
Same thing is true over here.

90
00:04:12,250 --> 00:04:14,470
I can come back to this, and I can revoke

91
00:04:14,470 --> 00:04:17,390
a client's secret by simply coming over here

92
00:04:17,390 --> 00:04:20,670
and clicking on my trash can icon.

93
00:04:20,670 --> 00:04:22,020
And you can see that quickly,

94
00:04:22,020 --> 00:04:24,350
it has deleted my client's secret.

95
00:04:24,350 --> 00:04:28,190
So this is a fantastic way to manage tokens

96
00:04:28,190 --> 00:04:31,263
and manage access into your Databricks environment.

97
00:04:32,390 --> 00:04:33,850
Couple of key points to remember.

98
00:04:33,850 --> 00:04:36,860
One, you need an authentication flow.

99
00:04:36,860 --> 00:04:38,760
Make sure that you're not using passwords,

100
00:04:38,760 --> 00:04:41,246
make sure that you have a flow of authentication,

101
00:04:41,246 --> 00:04:44,430
and then you can remove that flow as needed.

102
00:04:44,430 --> 00:04:46,890
And don't forget, there's 2 ways to authenticate.

103
00:04:46,890 --> 00:04:49,290
This is important for the DP-203.

104
00:04:49,290 --> 00:04:51,460
You can use your Azure Active Directory tokens

105
00:04:51,460 --> 00:04:55,548
or you can use personal access tokens in Azure Databricks.

106
00:04:55,548 --> 00:04:57,126
That's it for this lesson.

107
00:04:57,126 --> 00:04:58,713
I'll see you in the next.