SCIM API (ServicePrincipals)SCIM API (ServicePrincipals)

• 07/29/2020
• • m

可以通过 SCIM (ServicePrincipals) 在 Azure Databricks 中管理 Azure Active Directory 服务主体。SCIM (ServicePrincipals) lets you manage Azure Active Directory service principals in Azure Databricks.

获取服务主体Get service principals

在 Azure Databricks 工作区中检索所有服务主体的列表。Retrieve a list of all service principals in the Azure Databricks workspace.

示例请求Example request

GET /api/2.0/preview/scim/v2/ServicePrincipals  HTTP/1.1
Host: <databricks-instance>
Accept: application/scim+json
Authorization: Bearer dapi48…a6138b

可以使用筛选器指定服务主体的子集。You can use filters to specify subsets of service principals. 例如，可以将 eq（“等于”）筛选器参数应用到 applicationId 以检索特定服务主体：For example, you can apply the eq (equals) filter parameter to applicationId to retrieve a specific service principal:

GET /api/2.0/preview/scim/v2/ServicePrincipals?filter=applicationId+eq+b4647a57-063a-43e3-a6b4-c9a4e9f9f0b7  HTTP/1.1
Host: <databricks-instance>
Accept: application/scim+json
Authorization: Bearer dapi48…a6138b

按 ID 获取服务主体Get service principal by ID

在给定 Azure Databricks ID 的情况下，从 Azure Databricks 工作区中检索单个服务主体资源。Retrieve a single service principal resource from the Azure Databricks workspace, given an Azure Databricks ID.

示例请求Example request

GET /api/2.0/preview/scim/v2/ServicePrincipals/7535194597985784  HTTP/1.1
Host: <databricks-instance>
Accept: application/scim+json
Authorization: Bearer dapi48…a6138b

添加服务主体Add service principal

在 Azure Databricks 工作区中添加服务主体。Add a service principal in the Azure Databricks workspace.

请求参数遵循标准 SCIM 2.0 协议。Request parameters follow the standard SCIM 2.0 protocol.

请求应包含以下属性：Requests should include the following attributes:

• schemas：设置为 urn:ietf:params:scim:schemas:core:2.0:ServicePrincipalschemas: set to urn:ietf:params:scim:schemas:core:2.0:ServicePrincipal
• applicationId：（服务主体的 Azure AD 应用程序 ID）applicationId: (The Azure AD application ID of the service principal)
• displayName：（可选）displayName: (optional)

示例请求Example request

POST /api/2.0/preview/scim/v2/ServicePrincipals HTTP/1.1
Host: <databricks-instance>
Authorization: Bearer dapi48…a6138b
Content-Type: application/scim+json

{
  "schemas":[
    "urn:ietf:params:scim:schemas:core:2.0:ServicePrincipal"
  ],
  "applicationId":"b4647a57-063a-43e3-a6b4-c9a4e9f9f0b7",
  "displayName":"test-service-principal",
  "groups":[
    {
       "value":"123456"
    }
  ],
  "entitlements":[
    {
       "value":"allow-cluster-create"
    }
  ]
}

按 ID 更新服务主体 (PATCH)Update service principal by ID (PATCH)

使用对特定属性（不可变属性除外）的操作来更新服务主体资源。Update a service principal resource with operations on specific attributes, except those that are immutable. 建议使用 PATCH 方法（而不是 PUT 方法）来设置或更新用户权利。The PATCH method is recommended over the PUT method for setting or updating user entitlements.

请求参数遵循标准 SCIM 2.0 协议，并依赖于 schemas 属性的值。Request parameters follow the standard SCIM 2.0 protocol and depend on the value of the schemas attribute.

添加权利Add entitlements

示例请求Example request

PATCH /api/2.0/preview/scim/v2/ServicePrincipals/654321  HTTP/1.1
Host: <databricks-instance>
Content-Type: application/scim+json
Authorization: Bearer dapi48…a6138b

{
  "schemas":[
    "urn:ietf:params:scim:api:messages:2.0:PatchOp"
  ],
  "Operations":[
    {
      "op":"add",
      "path":"entitlements",
      "value":[
        {
           "value":"allow-cluster-create"
        }
      ]
    }
  ]
}

删除权利Remove entitlements

示例请求Example request

PATCH /api/2.0/preview/scim/v2/ServicePrincipals/654321  HTTP/1.1
Host: <databricks-instance>
Content-Type: application/scim+json
Authorization: Bearer dapi48…a6138b

{
  "schemas":[
    "urn:ietf:params:scim:api:messages:2.0:PatchOp"
  ],
  "Operations":[
    {
      "op":"remove",
      "path":"entitlements",
      "value":[
        {
           "value":"allow-cluster-create"
        }
      ]
    }
  ]
}

添加到组Add to a group

示例请求Example request

PATCH /api/2.0/preview/scim/v2/ServicePrincipals/654321  HTTP/1.1
Host: <databricks-instance>
Content-Type: application/scim+json
Authorization: Bearer dapi48…a6138b

{
  "schemas":[
    "urn:ietf:params:scim:api:messages:2.0:PatchOp"
  ],
  "Operations":[
    {
      "op":"add",
      "path":"groups",
      "value":[
        {
           "value":"123456"
        }
      ]
    }
  ]
}

从组中删除Remove from a group

示例请求Example request

PATCH /api/2.0/preview/scim/v2/Groups/<group_id>  HTTP/1.1
Host: <databricks-instance>
Content-Type: application/scim+json
Authorization: Bearer dapi48…a6138b

{
  "schemas":[
    "urn:ietf:params:scim:api:messages:2.0:PatchOp"
  ],
  "Operations":[
    {
      "op":"remove",
      "path":"members[value eq \"<service_principal_id>\"]"
    }
  ]
}

按 ID 更新服务主体 (PUT)Update service principal by ID (PUT)

跨多个属性（不可变属性除外）覆盖服务主体资源。Overwrite the service principal resource across multiple attributes, except those that are immutable.

请求必须包含设置为 urn:ietf:params:scim:schemas:core:2.0:ServicePrincipal 的 schemas 属性。Request must include the schemas attribute, set to urn:ietf:params:scim:schemas:core:2.0:ServicePrincipal.

示例请求Example request

PUT /api/2.0/preview/scim/v2/ServicePrincipals/654321 HTTP/1.1
Host: <databricks-instance>
Authorization: Bearer dapi48…a6138b
Content-Type: application/scim+json

{
  "schemas":[
    "urn:ietf:params:scim:schemas:core:2.0:ServicePrincipal"
  ],
  "applicationId":"b4647a57-063a-43e3-a6b4-c9a4e9f9f0b7",
  "displayName":"test-service-principal",
  "groups":[
    {
       "value":"123456"
    }
  ],
  "entitlements":[
    {
       "value":"allow-cluster-create"
    }
  ]
}

按 ID 删除服务主体Delete service principal by ID

停用服务主体资源。Deactivate a service principal resource. 不拥有或不属于 Azure Databricks 工作区的服务主体将在 30 天后被自动清除。A service principal that does not own or belong to an Azure Databricks workspace is automatically purged after 30 days.

DELETE /api/2.0/preview/scim/v2/ServicePrincipals/654321  HTTP/1.1
Host: <databricks-instance>
Accept: application/scim+json
Authorization: Bearer dapi48…a6138b