Google Cloud ID認証

Google Cloud ID 認証

Google Cloud ID 認証では、Google Cloud CLI を使用して、対象の Google Cloud サービス アカウントを認証します。

Google Cloud 認証情報認証を使用する準備をするには、 Google Cloud ID 認証の設定と使用をご覧ください。

Databricks で Google Cloud ID 認証を構成するには、 Google Cloud ID 認証 がローカルにインストールされている必要があります。 また、次の関連する環境変数 ( .databrickscfg フィールド、Terraform フィールド、または Config フィールド) も設定する必要があります。

• Databricksホスト

  • アカウント操作の場合は、https://accounts.gcp.databricks.com を指定します。
  • ワークスペース操作の場合は、 ワークスペースの URL を指定します (例: https://1234567890123456.7.gcp.databricks.com)。

• アカウント操作の場合、Databricks アカウント ID。

• Google Cloud サービス アカウントは、サービス アカウントの Eメール アドレスとして指定されます。

Databricks で Google Cloud ID 認証を実行するには、参加しているツールまたは SDK に基づいて、コード内に以下を統合します。

Environment

To use environment variables for a specific Databricks authentication type with a tool or SDK, see Authorizing access to Databricks resources or the tool’s or SDK’s documentation. See also Environment variables and fields for client unified authentication and the Default methods for client unified authentication.

For account-level operations, set the following environment variables:

• DATABRICKS_HOST, set to the value of your Databricks account console URL, https://accounts.gcp.databricks.com.
• DATABRICKS_ACCOUNT_ID
• GOOGLE_SERVICE_ACCOUNT

For workspace-level operations, set the following environment variables:

• DATABRICKS_HOST, set to the value of your Databricks workspace URL, for example https://1234567890123456.7.gcp.databricks.com.
• GOOGLE_SERVICE_ACCOUNT

Profile

Create or identify a Databricks configuration profile with the following fields in your .databrickscfg file. If you create the profile, replace the placeholders with the appropriate values. To use the profile with a tool or SDK, see Authorizing access to Databricks resources or the tool’s or SDK’s documentation. See also Environment variables and fields for client unified authentication and the Default methods for client unified authentication.

For account-level operations, set the following values in your .databrickscfg file. In this case, the Databricks account console URL is https://accounts.gcp.databricks.com:

[<some-unique-configuration-profile-name>]
host                   = <account-console-url>
account_id             = <account-id>
google_service_account = <google-cloud-service-account-email-address>

For workspace-level operations, set the following values in your .databrickscfg file. In this case, the host is the Databricks workspace URL, for example https://1234567890123456.7.gcp.databricks.com:

[<some-unique-configuration-profile-name>]
host                   = <workspace-url>
google_service_account = <google-cloud-service-account-email-address>

CLI

For the Databricks CLI, do one of the following:

• Set the environment variables as specified in this article’s “Environment” section.
• Set the values in your .databrickscfg file as specified in this article’s “Profile” section.

Environment variables always take precedence over values in your .databrickscfg file.

See also Google Cloud ID authentication.

Connect

注記

Google Cloud ID authentication is supported on the following Databricks Connect versions:

• For Python, Databricks Connect for Databricks Runtime 13.3 LTS and above. The Databricks SDK for Python 0.14.0 or above must also be installed.

• For Scala, Databricks Connect for Databricks Runtime 13.3 LTS and above. The Databricks SDK for Java 0.14.0 or above must also be installed.

For Databricks Connect, you can do one of the following:

• Set the values in your .databrickscfg file for Databricks workspace-level operations as specified in this article’s “Profile” section. Also set the cluster_id environment variable in your profile to your workspace instance URL, for example https://1234567890123456.7.gcp.databricks.com.
• Set the environment variables for Databricks workspace-level operations as specified in this article’s “Environment” section. Also set the DATABRICKS_CLUSTER_ID environment variable to your workspace instance URL, for example https://1234567890123456.7.gcp.databricks.com.

Values in your .databrickscfg file always take precedence over environment variables.

To initialize the Databricks Connect client with these environment variables or values in your .databrickscfg file, see Compute configuration for Databricks Connect.

VS Code

For the Databricks extension for Visual Studio Code, do the following:

1. Set the values in your .databrickscfg file for Databricks workspace-level operations as specified in this article’s “Profile” section.
2. In the Configuration pane of the Databricks extension for Visual Studio Code, click Configure Databricks.
3. In the Command Palette, for Databricks Host, enter your workspace URL, for example https://1234567890123456.7.gcp.databricks.com, and then press Enter.
4. In the Command Palette, select your target profile’s name in the list for your URL.

For more details, see Set up authorization for the Databricks extension for Visual Studio Code.

Terraform

For account-level operations, for default authentication:

provider "databricks" {
  alias = "accounts"
}

For direct configuration (replace the retrieve placeholders with your own implementation to retrieve the values from the console or some other configuration store, such as HashiCorp Vault. See also Vault Provider). In this case, the Databricks account console URL is https://accounts.gcp.databricks.com:

provider "databricks" {
  alias                  = "accounts"
  host                   = <retrieve-account-console-url>
  account_id             = <retrieve-account-id>
  google_service_account = <retrieve-google-service-account>
}

For workspace-level operations, for default authentication:

provider "databricks" {
  alias = "workspace"
}

For direct configuration (replace the retrieve placeholders with your own implementation to retrieve the values from the console or some other configuration store, such as HashiCorp Vault. See also Vault Provider). In this case, the host is the Databricks workspace URL, for example https://1234567890123456.7.gcp.databricks.com:

provider "databricks" {
  alias                  = "workspace"
  host                   = <retrieve-workspace-url>
  google_service_account = <retrieve-google-service-account>
}

For more information about authenticating with the Databricks Terraform provider, see Authentication.

Python

For account-level operations, use default authentication:

Python

from databricks.sdk import AccountClient

a = AccountClient()
# ...

For direct configuration, replace the retrieve placeholders with your implementation to retrieve the values from the console or some other configuration store, such as Google Cloud Secret Manager. In this case, the Databricks account console URL is https://accounts.gcp.databricks.com:

Python

from databricks.sdk import AccountClient

a = AccountClient(
  host                   = retrieve_account_console_url(),
  account_id             = retrieve_account_id(),
  google_service_account = retrieve_google_service_account()
)
# ...

For workspace-level operations, for default authentication:

Python

from databricks.sdk import WorkspaceClient

w = WorkspaceClient()
# ...

For direct configuration, replace the retrieve placeholders with your implementation to retrieve the values from the console or some other configuration store, such as Google Cloud Secret Manager. In this case, the host is the Databricks workspace URL, for example https://1234567890123456.7.gcp.databricks.com:

Python

from databricks.sdk import WorkspaceClient

w = WorkspaceClient(
  host                   = retrieve_workspace_url(),
  google_service_account = retrieve_google_service_account()
)
# ...

For more information about authenticating with Databricks’ Python tools and SDKs that implement Databricks client unified authentication, see:

• Set up the Databricks Connect client for Python
• Set up authorization for the Databricks extension for Visual Studio Code
• Authenticate the Databricks SDK for Python with your Databricks account or workspace

Java

For account-level operations, use default authentication:

Java

import com.databricks.sdk.AccountClient;
// ...
AccountClient a = new AccountClient();
// ...

For direct configuration, replace the retrieve placeholders with your implementation to retrieve the values from the console or some other configuration store, such as Google Cloud Secret Manager. In this case, the Databricks account console URL is https://accounts.gcp.databricks.com:

Java

import com.databricks.sdk.AccountClient;
import com.databricks.sdk.core.DatabricksConfig;
// ...
DatabricksConfig cfg = new DatabricksConfig()
  .setHost(retrieveAccountConsoleUrl())
  .setAccountId(retrieveAccountId())
  .setGoogleServiceAccount(retrieveGoogleServiceAccount());
AccountClient a = new AccountClient(cfg);
// ...

For workspace-level operations, use default authentication:

Java

import com.databricks.sdk.WorkspaceClient;
// ...
WorkspaceClient w = new WorkspaceClient();
// ...

For direct configuration, replace the retrieve placeholders with your implementation to retrieve the values from the console or some other configuration store, such as Google Cloud Secret Manager. In this case, the host is the Databricks workspace URL, for example https://1234567890123456.7.gcp.databricks.com:

Java

import com.databricks.sdk.WorkspaceClient;
import com.databricks.sdk.core.DatabricksConfig;
// ...
DatabricksConfig cfg = new DatabricksConfig()
  .setHost(retrieveWorkspaceUrl())
  .setGoogleServiceAccount(retrieveGoogleServiceAccount());
WorkspaceClient w = new WorkspaceClient(cfg);
// ...

For more information about authenticating with Databricks’ Java tools and SDKs that implement Databricks client unified authentication, see:

• Set up the Databricks Connect client for Scala
• Authenticate the Databricks SDK for Java with your Databricks account or workspace

Go

For account-level operations, for default authentication:

Go

import (
  "github.com/databricks/databricks-sdk-go"
)
// ...
a := databricks.Must(databricks.NewAccountClient())
// ...

For direct configuration (replace the retrieve placeholders with your own implementation to retrieve the values from the console or some other configuration store, such as Google Cloud Secret Manager). In this case, the Databricks account console URL is https://accounts.gcp.databricks.com:

Go

import (
  "github.com/databricks/databricks-sdk-go"
)
// ...
a := databricks.Must(databricks.NewAccountClient(&databricks.Config{
  Host:                 retrieveAccountConsoleUrl(),
  AccountId:            retrieveAccountId(),
  GoogleServiceAccount: retrieveGoogleServiceAccount(),
}))
// ...

For workspace-level operations, for default authentication:

Go

import (
  "github.com/databricks/databricks-sdk-go"
)
// ...
w := databricks.Must(databricks.NewWorkspaceClient())
// ...

For direct configuration (replace the retrieve placeholders with your own implementation to retrieve the values from the console or some other configuration store, such as Google Cloud Secret Manager). In this case, the host is the Databricks workspace URL, for example https://1234567890123456.7.gcp.databricks.com:

Go

import (
  "github.com/databricks/databricks-sdk-go"
)
// ...
w := databricks.Must(databricks.NewWorkspaceClient(&databricks.Config{
  Host:                 retrieveWorkspaceUrl(),
  GoogleServiceAccount: retrieveGoogleServiceAccount(),
}))
// ...

For more information about authenticating with Databricks tools and SDKs that use Go and that implement Databricks client unified authentication, see Authenticate the Databricks SDK for Go with your Databricks account or workspace.