it is a quick post on how to query Onelake Iceberg REST Catalog using pure SQL with DuckDB, and yes you need a service principal that has access to the lakehouse
CREATE or replace PERSISTENT secret onelake_identity_iceberg (
TYPE ICEBERG,
CLIENT_ID 'xxxxxxxxxxxxxx',
CLIENT_SECRET 'yyyyyyyyyyyyyyyyyyy' ,
OAUTH2_SCOPE 'https://storage.azure.com/.default' ,
OAUTH2_SERVER_URI 'https://login.microsoftonline.com/TENANT_ID /oauth2/v2.0/token' ,
ENDPOINT 'https://onelake.table.fabric.microsoft.com/iceberg'
);
CREATE or replace PERSISTENT secret azure_spn (
TYPE azure,
PROVIDER service_principal,
TENANT_ID 'ccccccc',
CLIENT_ID 'iiiiiiiiiiiiii',
CLIENT_SECRET 'xbndlfrewi' ,
ACCOUNT_NAME 'onelake'
);it works reasonably well assuming your region is not far from your laptop, or even better , if you run it inside Fabric then there is no network shenanigans, I recorded a video showing my experience
Why read operations do not always need full consistency checks
I hope DuckDB eventually adds an option that allows turning off table state checks for purely read scenarios. The current behaviour is correct because you always need the latest state when writing in order to guarantee consistency. However, for read queries it feels unnecessary and hurts the overall user experience. PowerBI solved this problem very well with its concept of framing, and something similar in DuckDB would make a big difference, notice duckdb delta reader already support pin version.
Small Data And self service 