Using Sempy to Authenticate to Fabric/Power BI APIs using Service Principal and Azure Key Vault – FourMoo | Fabric


I have been doing a fair amount of work lately with Fabric Notebooks.

I am always conscious to ensure that when I am authenticating using a Service Principal, I can make sure it is as secure as possible. To do this I have found that I can use the Azure Key Vault and Azure identity to successfully authenticate.

By using the Azure Key Vault I do not have to store any details in clear text.

Another advantage of the Azure Key Vault is that when my client secret expires (every 2 years), I will just have to update the secret in the key vault and everything else will get the new value. This is way easier than trying to remember where I used the service principal account.

Below is how to authenticate with Service Principal using Azure Key Vault.

All the additional details are included in the comments below. The rest of the code is the default details for the authentication.

######################################################################################### 
# Read secretes from Azure Key Vault
#########################################################################################
## This is the name of my Azure Key Vault 
key_vault = "https://fourmoomoomoo.vault.azure.net/"
## I have stored my tenant id as one of the secrets to make it easier to use when needed 
tenant = mssparkutils.credentials.getSecret(key_vault , "myteantid") 
## This is my application Id for my service principal account 
client = mssparkutils.credentials.getSecret(key_vault , "applicationid") 
## This is my Client Secret for my service principal account 
client_secret = mssparkutils.credentials.getSecret(key_vault , "cs")  

######################################################################################### 
# Authentication - Replace string variables with your relevant values 
#########################################################################################  

import json, requests, pandas as pd 
import datetime  

try: 
    from azure.identity import ClientSecretCredential 
except Exception:
     !pip install azure.identity 
     from azure.identity import ClientSecretCredential 

# Generates the access token for the Service Principal 
api = 'https://analysis.windows.net/powerbi/api/.default' 
auth = ClientSecretCredential(authority = 'https://login.microsoftonline.com/', 
               tenant_id = tenant, 
               client_id = client, 
               client_secret = client_secret) 
access_token = auth.get_token(api)
access_token = access_token.token 

## This is where I store my header with the Access Token, because this is required when authenticating 
## to the Power BI Admin APIs 
header = {'Authorization': f'Bearer {access_token}'}  

print('\nSuccessfully authenticated.')

header = {'Authorization': f'Bearer {access_token}'} 

## Below is an example where I am querying the datasets Admin API and I need the access token in the
## headers 
base_url="https://api.powerbi.com/v1.0/myorg/" 
refreshables_url = "admin/datasets"  
refreshables_response = requests.get(base_url + refreshables_url, headers=header)
df = refreshables_response.content  
display(df)

I then run the code and as shown below it is successfully authenticated.

I can then continue with my notebook code using the Power BI Admin APIs, as shown below the display from the df

In this blog post I have shown you how I authenticated using the Azure Key Vault and then successfully querying a Power BI Admin API.

I hope that you found this useful and as always thanks for reading.

You can download the Notebook code here: Azure Key Vault Auth with Service Principal.ipynb



Source link

Be the first to comment

Leave a Reply

Your email address will not be published.


*