There is a new blog post from the Microsoft Fabric team talking about the support for using a Service Principal with a Warehouse.

Reference: Service principal support for Fabric Data Warehouse | Microsoft Fabric Blog | Microsoft Fabric

In this blog post I am going to show you how to create a Microsoft Fabric Warehouse, where the owner will be the Service Principal.

As mentioned in the blog post here are some of the advantages of having the Service Principal as the Warehouse Owner.

Using a Service Principal to create the warehouse avoids issue where the person who created the warehouse leaves the organization and issues arise when the users account is deleted from Entra ID.
You avoid the painful logging in with the user account to ensure the password remains updated.
The organization now owns the warehouse and not an individual user.

I will show you how I created a Warehouse with the owner being a Service Principal this using a Microsoft Fabric Notebook

Notebook Code explanation

Below is the code that I used.

The first piece of code below is where I am getting the Current App Workspace ID

A screen shot of a computer code

Description automatically generated

In the section below is where I am getting my Service Principal account details from the Azure Key Vault

I have blogged about this before, and you can find the link here: Using Sempy to Authenticate to Fabric/Power BI APIs using Service Principal and Azure Key Vault – FourMoo | Fabric | Power BI

The final piece of code is where I am creating the Warehouse.

NOTE: In my example I am also creating a case in-sensitive warehouse.

Here is the API Reference for creating the Warehouse: Items – Create Warehouse – REST API (Warehouse) | Microsoft Learn

I could see the successful response in the notebook.

A screenshot of a computer

Description automatically generated

Once the notebook was completed, I then went and had a look and I could see my warehouse had been created and the owner is the Service Principal.

Summary

I have shown in this blog post how you can create a warehouse using a service principle.

If there are any questions or comments, please leave them in the section below.

And finally, if you want the complete code please find it below.

# Load mssparkutils
import notebookutils

# Get the current workspace ID
workspace_id = notebookutils.runtime.context.get("currentWorkspaceId")
# print(f'Workspace ID: {workspace_id}')

######################################################################################### 
# Read secretes from Azure Key Vault
#########################################################################################
## This is the name of my Azure Key Vault 
key_vault = "https://domain.vault.azure.net/"
## I have stored my tenant id as one of the secrets to make it easier to use when needed 
tenant = mssparkutils.credentials.getSecret(key_vault , "tenantid") 
## This is my application Id for my service principal account 
client = mssparkutils.credentials.getSecret(key_vault , "pbi-sp-applicationid") 
## This is my Client Secret for my service principal account 
client_secret = mssparkutils.credentials.getSecret(key_vault , "powerbi-sp-clientsecret")  

######################################################################################### 
# Authentication - Replace string variables with your relevant values 
#########################################################################################  

import json, requests, pandas as pd 
import datetime  

try: 
    from azure.identity import ClientSecretCredential 
except Exception:
     !pip install azure.identity 
     from azure.identity import ClientSecretCredential 

# Generates the access token for the Service Principal 
api = 'https://analysis.windows.net/powerbi/api/.default' 
auth = ClientSecretCredential(authority = 'https://login.microsoftonline.com/', 
               tenant_id = tenant, 
               client_id = client, 
               client_secret = client_secret) 
access_token = auth.get_token(api)
access_token = access_token.token 

## This is where I store my header with the Access Token, because this is required when authenticating 
## to the Power BI Admin APIs 
header = {'Authorization': f'Bearer {access_token}'}  

print('\nSuccessfully authenticated.')

# Create Case Insensitive Warehouse
import pandas as pd
import requests

# API to Create Warehouse
api_url = f"https://api.fabric.microsoft.com/v1/workspaces/{workspace_id}/items"

display(api_url)

# JSON Payload to Post to create the Case Insensitive Collation
payload = { 
  "type": "warehouse", 
  "displayName": "WH_Service_Principal", 
  "description": "New Lakehouse Service Principal case-insensitive collation", 
  "creationPayload": { 
    "defaultCollation": "Latin1_General_100_CI_AS_KS_WS_SC_UTF8" 
  } 
}

headers = {
    'Authorization': f'Bearer {access_token}',
    'Content-Type': 'application/json'
}

# Checking the Payload Looks Good
display(payload)

# Post the API Response to create the Warehouse
response = requests.post(api_url, headers=headers, json=payload)

Creating a Microsoft Fabric Warehouse using a Service Principal

Notebook Code explanation

Summary

Related

Tags In

Leave a Reply Cancel reply

Creating a Microsoft Fabric Warehouse using a Service Principal

Notebook Code explanation

Summary

Share this:

Related

Tags In

Related Posts

Stop and start your Fabric Capacity using Power Automate

How to calculate Microsoft Fabric costs

How to read and write to different Lakehouse’s in different App Workspaces when using a Fabric Notebook

Leave a Reply Cancel reply