SCIM API (ServicePrincipals)SCIM API (ServicePrincipals)
重要
此功能目前以公共预览版提供。This feature is in Public Preview.
可以通过 SCIM (ServicePrincipals) 在 Azure Databricks 中管理 Azure Active Directory 服务主体。SCIM (ServicePrincipals) lets you manage Azure Active Directory service principals in Azure Databricks.
获取服务主体Get service principals
端点Endpoint | HTTP 方法HTTP Method |
---|---|
2.0/preview/scim/v2/ServicePrincipals |
GET |
在 Azure Databricks 工作区中检索所有服务主体的列表。Retrieve a list of all service principals in the Azure Databricks workspace.
示例请求Example request
GET /api/2.0/preview/scim/v2/ServicePrincipals HTTP/1.1
Host: <databricks-instance>
Accept: application/scim+json
Authorization: Bearer dapi48…a6138b
可以使用筛选器指定服务主体的子集。You can use filters to specify subsets of service principals. 例如,可以将 eq
(“等于”)筛选器参数应用到 applicationId
以检索特定服务主体:For example, you can apply the eq
(equals) filter parameter to applicationId
to retrieve a specific service principal:
GET /api/2.0/preview/scim/v2/ServicePrincipals?filter=applicationId+eq+b4647a57-063a-43e3-a6b4-c9a4e9f9f0b7 HTTP/1.1
Host: <databricks-instance>
Accept: application/scim+json
Authorization: Bearer dapi48…a6138b
按 ID 获取服务主体Get service principal by ID
端点Endpoint | HTTP 方法HTTP Method |
---|---|
2.0/preview/scim/v2/ServicePrincipals/{id} |
GET |
在给定 Azure Databricks ID 的情况下,从 Azure Databricks 工作区中检索单个服务主体资源。Retrieve a single service principal resource from the Azure Databricks workspace, given an Azure Databricks ID.
示例请求Example request
GET /api/2.0/preview/scim/v2/ServicePrincipals/7535194597985784 HTTP/1.1
Host: <databricks-instance>
Accept: application/scim+json
Authorization: Bearer dapi48…a6138b
添加服务主体Add service principal
端点Endpoint | HTTP 方法HTTP Method |
---|---|
2.0/preview/scim/v2/ServicePrincipals |
POST |
在 Azure Databricks 工作区中添加服务主体。Add a service principal in the Azure Databricks workspace.
请求参数遵循标准 SCIM 2.0 协议。Request parameters follow the standard SCIM 2.0 protocol.
请求应包含以下属性:Requests should include the following attributes:
schemas
:设置为urn:ietf:params:scim:schemas:core:2.0:ServicePrincipal
schemas
: set tourn:ietf:params:scim:schemas:core:2.0:ServicePrincipal
applicationId
:(服务主体的 Azure AD 应用程序 ID)applicationId
: (The Azure AD application ID of the service principal)displayName
:(可选)displayName
: (optional)
示例请求Example request
POST /api/2.0/preview/scim/v2/ServicePrincipals HTTP/1.1
Host: <databricks-instance>
Authorization: Bearer dapi48…a6138b
Content-Type: application/scim+json
{
"schemas":[
"urn:ietf:params:scim:schemas:core:2.0:ServicePrincipal"
],
"applicationId":"b4647a57-063a-43e3-a6b4-c9a4e9f9f0b7",
"displayName":"test-service-principal",
"groups":[
{
"value":"123456"
}
],
"entitlements":[
{
"value":"allow-cluster-create"
}
]
}
按 ID 更新服务主体 (PATCH)Update service principal by ID (PATCH)
端点Endpoint | HTTP 方法HTTP Method |
---|---|
2.0/preview/scim/v2/ServicePrincipals/{id} |
PATCH |
使用对特定属性(不可变属性除外)的操作来更新服务主体资源。Update a service principal resource with operations on specific attributes, except those that are immutable. 建议使用 PATCH
方法(而不是 PUT
方法)来设置或更新用户权利。The PATCH
method is recommended over the PUT
method for setting or updating user entitlements.
请求参数遵循标准 SCIM 2.0 协议,并依赖于 schemas
属性的值。Request parameters follow the standard SCIM 2.0 protocol and depend on the value of the schemas
attribute.
添加权利Add entitlements
示例请求Example request
PATCH /api/2.0/preview/scim/v2/ServicePrincipals/654321 HTTP/1.1
Host: <databricks-instance>
Content-Type: application/scim+json
Authorization: Bearer dapi48…a6138b
{
"schemas":[
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations":[
{
"op":"add",
"path":"entitlements",
"value":[
{
"value":"allow-cluster-create"
}
]
}
]
}
删除权利Remove entitlements
示例请求Example request
PATCH /api/2.0/preview/scim/v2/ServicePrincipals/654321 HTTP/1.1
Host: <databricks-instance>
Content-Type: application/scim+json
Authorization: Bearer dapi48…a6138b
{
"schemas":[
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations":[
{
"op":"remove",
"path":"entitlements",
"value":[
{
"value":"allow-cluster-create"
}
]
}
]
}
添加到组Add to a group
示例请求Example request
PATCH /api/2.0/preview/scim/v2/ServicePrincipals/654321 HTTP/1.1
Host: <databricks-instance>
Content-Type: application/scim+json
Authorization: Bearer dapi48…a6138b
{
"schemas":[
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations":[
{
"op":"add",
"path":"groups",
"value":[
{
"value":"123456"
}
]
}
]
}
从组中删除Remove from a group
示例请求Example request
PATCH /api/2.0/preview/scim/v2/Groups/<group_id> HTTP/1.1
Host: <databricks-instance>
Content-Type: application/scim+json
Authorization: Bearer dapi48…a6138b
{
"schemas":[
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations":[
{
"op":"remove",
"path":"members[value eq \"<service_principal_id>\"]"
}
]
}
按 ID 更新服务主体 (PUT)Update service principal by ID (PUT)
端点Endpoint | HTTP 方法HTTP Method |
---|---|
2.0/preview/scim/v2/ServicePrincipals/{id} |
PUT |
跨多个属性(不可变属性除外)覆盖服务主体资源。Overwrite the service principal resource across multiple attributes, except those that are immutable.
请求必须包含设置为 urn:ietf:params:scim:schemas:core:2.0:ServicePrincipal
的 schemas
属性。Request must include the schemas
attribute, set to urn:ietf:params:scim:schemas:core:2.0:ServicePrincipal
.
备注
建议使用 PATCH
方法(而不是 PUT
方法)来设置或更新服务主体属性。The PATCH
method is recommended over the PUT
method for setting or updating service principal attributes.
示例请求Example request
PUT /api/2.0/preview/scim/v2/ServicePrincipals/654321 HTTP/1.1
Host: <databricks-instance>
Authorization: Bearer dapi48…a6138b
Content-Type: application/scim+json
{
"schemas":[
"urn:ietf:params:scim:schemas:core:2.0:ServicePrincipal"
],
"applicationId":"b4647a57-063a-43e3-a6b4-c9a4e9f9f0b7",
"displayName":"test-service-principal",
"groups":[
{
"value":"123456"
}
],
"entitlements":[
{
"value":"allow-cluster-create"
}
]
}
按 ID 删除服务主体Delete service principal by ID
端点Endpoint | HTTP 方法HTTP Method |
---|---|
2.0/preview/scim/v2/ServicePrincipals/{id} |
DELETE |
停用服务主体资源。Deactivate a service principal resource. 不拥有或不属于 Azure Databricks 工作区的服务主体将在 30 天后被自动清除。A service principal that does not own or belong to an Azure Databricks workspace is automatically purged after 30 days.
DELETE /api/2.0/preview/scim/v2/ServicePrincipals/654321 HTTP/1.1
Host: <databricks-instance>
Accept: application/scim+json
Authorization: Bearer dapi48…a6138b