account service-principal-federation-policy command group
This information applies to Databricks CLI versions 0.205 and above. The Databricks CLI is in Public Preview.
Databricks CLI use is subject to the Databricks License and Databricks Privacy Notice, including any Usage Data provisions.
The account service-principal-federation-policy command group within the Databricks CLI contains commands to manage service principal federation policies. Service principal federation, also known as Workload Identity Federation, allows your automated workloads running outside of Databricks to securely access Databricks APIs without the need for Databricks secrets. See Workload identity federation.
databricks account service-principal-federation-policy create
Create a service principal federation policy.
databricks account service-principal-federation-policy create SERVICE_PRINCIPAL_ID [flags]
Arguments
SERVICE_PRINCIPAL_ID
The service principal ID for the federation policy.
Options
--policy-id string
The identifier for the federation policy.
--description string
Description of the federation policy.
--json JSON
The inline JSON string or the @path to the JSON file with the request body
Examples
The following example creates a federation policy for GitHub Actions:
databricks account service-principal-federation-policy create 12345 --json '{"policy_id": "github-actions-policy", "issuer": "https://token.actions.githubusercontent.com", "audiences": ["https://github.com/my-github-org"], "subject": "repo:my-github-org/my-repo:environment:prod"}'
The following example creates a federation policy using a JSON file:
databricks account service-principal-federation-policy create 12345 --json @sp-federation-policy.json
The following example creates a federation policy with command-line flags:
databricks account service-principal-federation-policy create 12345 --policy-id "my-federation-policy" --description "Federation policy for CI/CD" --json @sp-federation-policy.json
databricks account service-principal-federation-policy delete
Delete a service principal federation policy.
databricks account service-principal-federation-policy delete SERVICE_PRINCIPAL_ID POLICY_ID [flags]
Arguments
SERVICE_PRINCIPAL_ID
The service principal ID for the federation policy.
POLICY_ID
The identifier for the federation policy.
Options
Examples
The following example deletes a federation policy:
databricks account service-principal-federation-policy delete 12345 github-actions-policy
databricks account service-principal-federation-policy get
Get a service principal federation policy.
databricks account service-principal-federation-policy get SERVICE_PRINCIPAL_ID POLICY_ID [flags]
Arguments
SERVICE_PRINCIPAL_ID
The service principal ID for the federation policy.
POLICY_ID
The identifier for the federation policy.
Options
Examples
The following example gets a federation policy:
databricks account service-principal-federation-policy get 12345 github-actions-policy
databricks account service-principal-federation-policy list
List all service principal federation policies for a service principal.
databricks account service-principal-federation-policy list SERVICE_PRINCIPAL_ID [flags]
Arguments
SERVICE_PRINCIPAL_ID
The service principal ID for the federation policy.
Options
--page-size int
Number of results to return per page.
--page-token string
Token to retrieve the next page of results.
Examples
The following example lists all federation policies for a service principal:
databricks account service-principal-federation-policy list 12345
The following example lists federation policies with pagination:
databricks account service-principal-federation-policy list 12345 --page-size 10
The following example lists the next page of federation policies:
databricks account service-principal-federation-policy list 12345 --page-token "next_page_token"
databricks account service-principal-federation-policy update
Update a service principal federation policy.
databricks account service-principal-federation-policy update SERVICE_PRINCIPAL_ID POLICY_ID [flags]
Arguments
SERVICE_PRINCIPAL_ID
The service principal ID for the federation policy.
POLICY_ID
The identifier for the federation policy.
Options
--description string
Description of the federation policy.
--update-mask string
The field mask specifies which fields of the policy to update.
--json JSON
The inline JSON string or the @path to the JSON file with the request body
Examples
The following example updates a federation policy description:
databricks account service-principal-federation-policy update 12345 github-actions-policy --description "Updated GitHub Actions policy"
The following example updates a federation policy using JSON:
databricks account service-principal-federation-policy update 12345 github-actions-policy --json '{"issuer": "https://token.actions.githubusercontent.com", "audiences": ["https://github.com/my-github-org", "databricks"]}'
The following example updates a federation policy using a JSON file:
databricks account service-principal-federation-policy update 12345 github-actions-policy --json @update-sp-federation-policy.json
The following example updates specific fields using an update mask:
databricks account service-principal-federation-policy update 12345 github-actions-policy --update-mask "audiences,subject" --json @update-sp-federation-policy.json
Global flags
--debug
Whether to enable debug logging.
-h or --help
Display help for the Databricks CLI or the related command group or the related command.
--log-file string
A string representing the file to write output logs to. If this flag is not specified then the default is to write output logs to stderr.
--log-format format
The log format type, text or json. The default value is text.
--log-level string
A string representing the log format level. If not specified then the log format level is disabled.
-o, --output type
The command output type, text or json. The default value is text.
-p, --profile string
The name of the profile in the ~/.databrickscfg file to use to run the command. If this flag is not specified then if it exists, the profile named DEFAULT is used.
--progress-format format
The format to display progress logs: default, append, inplace, or json
-t, --target string
If applicable, the bundle target to use