steve/databricks-cli
steve
/
databricks-cli
mirror of https://github.com/databricks/cli.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
databricks-cli/libs/databrickscfg/loader.go

127 lines
3.3 KiB
Go
Raw Normal View History

Try to resolve a profile if only the host is specified (#287) ## Changes This improves out of the box usability where a user who already configured a `.databrickscfg` file will be able to reference the workspace host in their `bundle.yml` and it will automatically pick up the right profile. ## Tests * Newly added tests pass. * Manual testing confirms intended behavior. --------- Co-authored-by: shreyas-goenka <88374338+shreyas-goenka@users.noreply.github.com>
2023-03-29 18:44:19 +00:00
package databrickscfg
import (
"context"
Add profile on `databricks auth login` (#423) ## Changes - added saving profile to `~/.databrickscfg` whenever we do `databricks auth login`. - we either match profile by account id / canonical host or introduce the new one from deployment name. - fail on multiple profiles with matching accounts or workspace hosts. - overriding `~/.databrickscfg` keeps the (valid) comments, but reformats the file. ## Tests <!-- How is this tested? --> - `make test` - `go run main.go auth login --account-id XXX --host https://accounts.cloud.databricks.com/` - `go run main.go auth token --account-id XXX --host https://accounts.cloud.databricks.com/` - `go run main.go auth login --host https://XXX.cloud.databricks.com/`
2023-06-02 11:49:39 +00:00
"errors"
Try to resolve a profile if only the host is specified (#287) ## Changes This improves out of the box usability where a user who already configured a `.databrickscfg` file will be able to reference the workspace host in their `bundle.yml` and it will automatically pick up the right profile. ## Tests * Newly added tests pass. * Manual testing confirms intended behavior. --------- Co-authored-by: shreyas-goenka <88374338+shreyas-goenka@users.noreply.github.com>
2023-03-29 18:44:19 +00:00
"fmt"
"os"
"strings"
Rename bricks -> databricks (#389) ## Changes Rename all instances of "bricks" to "databricks". ## Tests * Confirmed the goreleaser build works, uses the correct new binary name, and produces the right archives. * Help output is confirmed to be correct. * Output of `git grep -w bricks` is minimal with a couple changes remaining for after the repository rename.
2023-05-16 16:35:39 +00:00
"github.com/databricks/cli/libs/log"
Try to resolve a profile if only the host is specified (#287) ## Changes This improves out of the box usability where a user who already configured a `.databrickscfg` file will be able to reference the workspace host in their `bundle.yml` and it will automatically pick up the right profile. ## Tests * Newly added tests pass. * Manual testing confirms intended behavior. --------- Co-authored-by: shreyas-goenka <88374338+shreyas-goenka@users.noreply.github.com>
2023-03-29 18:44:19 +00:00
"github.com/databricks/databricks-sdk-go/config"
"gopkg.in/ini.v1"
)
var ResolveProfileFromHost = profileFromHostLoader{}
Add profile on `databricks auth login` (#423) ## Changes - added saving profile to `~/.databrickscfg` whenever we do `databricks auth login`. - we either match profile by account id / canonical host or introduce the new one from deployment name. - fail on multiple profiles with matching accounts or workspace hosts. - overriding `~/.databrickscfg` keeps the (valid) comments, but reformats the file. ## Tests <!-- How is this tested? --> - `make test` - `go run main.go auth login --account-id XXX --host https://accounts.cloud.databricks.com/` - `go run main.go auth token --account-id XXX --host https://accounts.cloud.databricks.com/` - `go run main.go auth login --host https://XXX.cloud.databricks.com/`
2023-06-02 11:49:39 +00:00
var errNoMatchingProfiles = errors.New("no matching config profiles found")
type errMultipleProfiles []string
func (e errMultipleProfiles) Error() string {
return fmt.Sprintf("multiple profiles matched: %s", strings.Join(e, ", "))
}
func findMatchingProfile(configFile *config.File, matcher func(*ini.Section) bool) (*ini.Section, error) {
// Look for sections in the configuration file that match the configured host.
var matching []*ini.Section
for _, section := range configFile.Sections() {
if !matcher(section) {
continue
}
matching = append(matching, section)
}
// If there are no matching sections, we don't do anything.
if len(matching) == 0 {
return nil, errNoMatchingProfiles
}
// If there are multiple matching sections, let the user know it is impossible
// to unambiguously select a profile to use.
if len(matching) > 1 {
var names errMultipleProfiles
for _, section := range matching {
names = append(names, section.Name())
}
return nil, names
}
return matching[0], nil
}
Try to resolve a profile if only the host is specified (#287) ## Changes This improves out of the box usability where a user who already configured a `.databrickscfg` file will be able to reference the workspace host in their `bundle.yml` and it will automatically pick up the right profile. ## Tests * Newly added tests pass. * Manual testing confirms intended behavior. --------- Co-authored-by: shreyas-goenka <88374338+shreyas-goenka@users.noreply.github.com>
2023-03-29 18:44:19 +00:00
type profileFromHostLoader struct{}
func (l profileFromHostLoader) Name() string {
return "resolve-profile-from-host"
}
func (l profileFromHostLoader) Configure(cfg *config.Config) error {
// Skip an attempt to resolve a profile from the host if any authentication
// is already configured (either directly, through environment variables, or
// if a profile was specified).
if cfg.Host == "" || l.isAnyAuthConfigured(cfg) {
return nil
}
Add profile on `databricks auth login` (#423) ## Changes - added saving profile to `~/.databrickscfg` whenever we do `databricks auth login`. - we either match profile by account id / canonical host or introduce the new one from deployment name. - fail on multiple profiles with matching accounts or workspace hosts. - overriding `~/.databrickscfg` keeps the (valid) comments, but reformats the file. ## Tests <!-- How is this tested? --> - `make test` - `go run main.go auth login --account-id XXX --host https://accounts.cloud.databricks.com/` - `go run main.go auth token --account-id XXX --host https://accounts.cloud.databricks.com/` - `go run main.go auth login --host https://XXX.cloud.databricks.com/`
2023-06-02 11:49:39 +00:00
ctx := context.Background()
Bump github.com/databricks/databricks-sdk-go from 0.5.0 to 0.6.0 (#299)
2023-04-03 19:33:21 +00:00
configFile, err := config.LoadFile(cfg.ConfigFile)
Try to resolve a profile if only the host is specified (#287) ## Changes This improves out of the box usability where a user who already configured a `.databrickscfg` file will be able to reference the workspace host in their `bundle.yml` and it will automatically pick up the right profile. ## Tests * Newly added tests pass. * Manual testing confirms intended behavior. --------- Co-authored-by: shreyas-goenka <88374338+shreyas-goenka@users.noreply.github.com>
2023-03-29 18:44:19 +00:00
if err != nil {
if os.IsNotExist(err) {
return nil
}
return fmt.Errorf("cannot parse config file: %w", err)
}
// Normalized version of the configured host.
host := normalizeHost(cfg.Host)
Add profile on `databricks auth login` (#423) ## Changes - added saving profile to `~/.databrickscfg` whenever we do `databricks auth login`. - we either match profile by account id / canonical host or introduce the new one from deployment name. - fail on multiple profiles with matching accounts or workspace hosts. - overriding `~/.databrickscfg` keeps the (valid) comments, but reformats the file. ## Tests <!-- How is this tested? --> - `make test` - `go run main.go auth login --account-id XXX --host https://accounts.cloud.databricks.com/` - `go run main.go auth token --account-id XXX --host https://accounts.cloud.databricks.com/` - `go run main.go auth login --host https://XXX.cloud.databricks.com/`
2023-06-02 11:49:39 +00:00
match, err := findMatchingProfile(configFile, func(s *ini.Section) bool {
key, err := s.GetKey("host")
Try to resolve a profile if only the host is specified (#287) ## Changes This improves out of the box usability where a user who already configured a `.databrickscfg` file will be able to reference the workspace host in their `bundle.yml` and it will automatically pick up the right profile. ## Tests * Newly added tests pass. * Manual testing confirms intended behavior. --------- Co-authored-by: shreyas-goenka <88374338+shreyas-goenka@users.noreply.github.com>
2023-03-29 18:44:19 +00:00
if err != nil {
Add profile on `databricks auth login` (#423) ## Changes - added saving profile to `~/.databrickscfg` whenever we do `databricks auth login`. - we either match profile by account id / canonical host or introduce the new one from deployment name. - fail on multiple profiles with matching accounts or workspace hosts. - overriding `~/.databrickscfg` keeps the (valid) comments, but reformats the file. ## Tests <!-- How is this tested? --> - `make test` - `go run main.go auth login --account-id XXX --host https://accounts.cloud.databricks.com/` - `go run main.go auth token --account-id XXX --host https://accounts.cloud.databricks.com/` - `go run main.go auth login --host https://XXX.cloud.databricks.com/`
2023-06-02 11:49:39 +00:00
log.Tracef(ctx, "section %s: %s", s.Name(), err)
return false
Try to resolve a profile if only the host is specified (#287) ## Changes This improves out of the box usability where a user who already configured a `.databrickscfg` file will be able to reference the workspace host in their `bundle.yml` and it will automatically pick up the right profile. ## Tests * Newly added tests pass. * Manual testing confirms intended behavior. --------- Co-authored-by: shreyas-goenka <88374338+shreyas-goenka@users.noreply.github.com>
2023-03-29 18:44:19 +00:00
}
Add profile on `databricks auth login` (#423) ## Changes - added saving profile to `~/.databrickscfg` whenever we do `databricks auth login`. - we either match profile by account id / canonical host or introduce the new one from deployment name. - fail on multiple profiles with matching accounts or workspace hosts. - overriding `~/.databrickscfg` keeps the (valid) comments, but reformats the file. ## Tests <!-- How is this tested? --> - `make test` - `go run main.go auth login --account-id XXX --host https://accounts.cloud.databricks.com/` - `go run main.go auth token --account-id XXX --host https://accounts.cloud.databricks.com/` - `go run main.go auth login --host https://XXX.cloud.databricks.com/`
2023-06-02 11:49:39 +00:00
// Check if this section matches the normalized host
return normalizeHost(key.Value()) == host
})
if err == errNoMatchingProfiles {
Try to resolve a profile if only the host is specified (#287) ## Changes This improves out of the box usability where a user who already configured a `.databrickscfg` file will be able to reference the workspace host in their `bundle.yml` and it will automatically pick up the right profile. ## Tests * Newly added tests pass. * Manual testing confirms intended behavior. --------- Co-authored-by: shreyas-goenka <88374338+shreyas-goenka@users.noreply.github.com>
2023-03-29 18:44:19 +00:00
return nil
}
Add profile on `databricks auth login` (#423) ## Changes - added saving profile to `~/.databrickscfg` whenever we do `databricks auth login`. - we either match profile by account id / canonical host or introduce the new one from deployment name. - fail on multiple profiles with matching accounts or workspace hosts. - overriding `~/.databrickscfg` keeps the (valid) comments, but reformats the file. ## Tests <!-- How is this tested? --> - `make test` - `go run main.go auth login --account-id XXX --host https://accounts.cloud.databricks.com/` - `go run main.go auth token --account-id XXX --host https://accounts.cloud.databricks.com/` - `go run main.go auth login --host https://XXX.cloud.databricks.com/`
2023-06-02 11:49:39 +00:00
if err, ok := err.(errMultipleProfiles); ok {
Try to resolve a profile if only the host is specified (#287) ## Changes This improves out of the box usability where a user who already configured a `.databrickscfg` file will be able to reference the workspace host in their `bundle.yml` and it will automatically pick up the right profile. ## Tests * Newly added tests pass. * Manual testing confirms intended behavior. --------- Co-authored-by: shreyas-goenka <88374338+shreyas-goenka@users.noreply.github.com>
2023-03-29 18:44:19 +00:00
return fmt.Errorf(
Correctly use --profile flag passed for all bundle commands (#571) ## Changes Correctly use --profile flag passed for all bundle commands. Also adds a validation that if bundle configured host mismatches provided profile, it throws an error. Co-authored-by: Pieter Noordhuis <pieter.noordhuis@databricks.com>
2023-07-12 12:09:25 +00:00
"%s: %w: please set DATABRICKS_CONFIG_PROFILE or provide --profile flag to specify one",
Add profile on `databricks auth login` (#423) ## Changes - added saving profile to `~/.databrickscfg` whenever we do `databricks auth login`. - we either match profile by account id / canonical host or introduce the new one from deployment name. - fail on multiple profiles with matching accounts or workspace hosts. - overriding `~/.databrickscfg` keeps the (valid) comments, but reformats the file. ## Tests <!-- How is this tested? --> - `make test` - `go run main.go auth login --account-id XXX --host https://accounts.cloud.databricks.com/` - `go run main.go auth token --account-id XXX --host https://accounts.cloud.databricks.com/` - `go run main.go auth login --host https://XXX.cloud.databricks.com/`
2023-06-02 11:49:39 +00:00
host, err)
}
if err != nil {
return err
Try to resolve a profile if only the host is specified (#287) ## Changes This improves out of the box usability where a user who already configured a `.databrickscfg` file will be able to reference the workspace host in their `bundle.yml` and it will automatically pick up the right profile. ## Tests * Newly added tests pass. * Manual testing confirms intended behavior. --------- Co-authored-by: shreyas-goenka <88374338+shreyas-goenka@users.noreply.github.com>
2023-03-29 18:44:19 +00:00
}
Add profile on `databricks auth login` (#423) ## Changes - added saving profile to `~/.databrickscfg` whenever we do `databricks auth login`. - we either match profile by account id / canonical host or introduce the new one from deployment name. - fail on multiple profiles with matching accounts or workspace hosts. - overriding `~/.databrickscfg` keeps the (valid) comments, but reformats the file. ## Tests <!-- How is this tested? --> - `make test` - `go run main.go auth login --account-id XXX --host https://accounts.cloud.databricks.com/` - `go run main.go auth token --account-id XXX --host https://accounts.cloud.databricks.com/` - `go run main.go auth login --host https://XXX.cloud.databricks.com/`
2023-06-02 11:49:39 +00:00
log.Debugf(ctx, "Loading profile %s because of host match", match.Name())
Added `auth describe` command (#1244) ## Changes This command provide details on auth configuration user is using as well as authenticated user and auth mechanism used. Relies on https://github.com/databricks/databricks-sdk-go/pull/838 (tests will fail until merged) Examples of output ``` Workspace: https://test.com User: andrew.nester@databricks.com Authenticated with: pat ----- Configuration: ✓ auth_type: pat ✓ host: https://test.com (from bundle) ✓ profile: DEFAULT (from --profile flag) ✓ token: ******** (from /Users/andrew.nester/.databrickscfg config file) ``` ``` DATABRICKS_AUTH_TYPE=azure-msi databricks auth describe -p "Azure 2" Unable to authenticate: inner token: Post "https://foobar.com/oauth2/token": AADSTS900023: Specified tenant identifier foobar_aaaaaaa' is neither a valid DNS name, nor a valid external domain. See https://login.microsoftonline.com/error?code=900023 ----- Configuration: ✓ auth_type: azure-msi (from DATABRICKS_AUTH_TYPE environment variable) ✓ azure_client_id: 8470f3ba-aaaa-bbbb-cccc-xxxxyyyyzzzz (from /Users/andrew.nester/.databrickscfg config file) ~ azure_client_secret: ******** (from /Users/andrew.nester/.databrickscfg config file, not used for auth type azure-msi) ~ azure_tenant_id: foobar_aaaaaaa (from /Users/andrew.nester/.databrickscfg config file, not used for auth type azure-msi) ✓ azure_use_msi: true (from /Users/andrew.nester/.databrickscfg config file) ✓ host: https://foobar.com (from /Users/andrew.nester/.databrickscfg config file) ✓ profile: Azure 2 (from --profile flag) ``` For account ``` Unable to authenticate: default auth: databricks-cli: cannot get access token: Error: token refresh: Post "https://xxxxxxx.com/v1/token": http 400: {"error":"invalid_request","error_description":"Refresh token is invalid"} . Config: host=https://xxxxxxx.com, account_id=ed0ca3c5-fae5-4619-bb38-eebe04a4af4b, profile=ACCOUNT-ed0ca3c5-fae5-4619-bb38-eebe04a4af4b ----- Configuration: ✓ account_id: ed0ca3c5-fae5-4619-bb38-eebe04a4af4b (from /Users/andrew.nester/.databrickscfg config file) ✓ auth_type: databricks-cli (from /Users/andrew.nester/.databrickscfg config file) ✓ host: https://xxxxxxxxx.com (from /Users/andrew.nester/.databrickscfg config file) ✓ profile: ACCOUNT-ed0ca3c5-fae5-4619-bb38-eebe04a4af4b ``` ## Tests Added unit tests --------- Co-authored-by: Julia Crawford (Databricks) <julia.crawford@databricks.com>
2024-04-03 08:14:04 +00:00
err = config.ConfigAttributes.ResolveFromStringMapWithSource(cfg, match.KeysHash(), config.Source{
Type: config.SourceFile,
Name: configFile.Path(),
})
Try to resolve a profile if only the host is specified (#287) ## Changes This improves out of the box usability where a user who already configured a `.databrickscfg` file will be able to reference the workspace host in their `bundle.yml` and it will automatically pick up the right profile. ## Tests * Newly added tests pass. * Manual testing confirms intended behavior. --------- Co-authored-by: shreyas-goenka <88374338+shreyas-goenka@users.noreply.github.com>
2023-03-29 18:44:19 +00:00
if err != nil {
return fmt.Errorf("%s %s profile: %w", configFile.Path(), match.Name(), err)
}
Resolve configuration before performing verification (#890) ## Changes If a bundle configuration specifies a workspace host, and the user specifies a profile to use, we perform a check to confirm that the workspace host in the bundle configuration and the workspace host from the profile are identical. If they are not, we return an error. The check was introduced in #571. Previously, the code included an assumption that the client configuration was already loaded from the environment prior to performing the check. This was not the case, and as such if the user intended to use a non-default path to `.databrickscfg`, this path was not used when performing the check. The fix does the following: * Resolve the configuration prior to performing the check. * Don't treat the configuration file not existing as an error. * Add unit tests. Fixes #884. ## Tests Unit tests and manual confirmation.
2023-10-20 13:10:31 +00:00
cfg.Profile = match.Name()
Try to resolve a profile if only the host is specified (#287) ## Changes This improves out of the box usability where a user who already configured a `.databrickscfg` file will be able to reference the workspace host in their `bundle.yml` and it will automatically pick up the right profile. ## Tests * Newly added tests pass. * Manual testing confirms intended behavior. --------- Co-authored-by: shreyas-goenka <88374338+shreyas-goenka@users.noreply.github.com>
2023-03-29 18:44:19 +00:00
return nil
}
func (l profileFromHostLoader) isAnyAuthConfigured(cfg *config.Config) bool {
Skip profile resolution if `DATABRICKS_AUTH_TYPE` is set (#1068) ## Changes If a user configures a workspace host in a bundle and wants to use the "azure-cli" authentication type, we would still run profile resolution. If the databrickscfg has a matching profile, we still load it, even though it should be a fallback. ## Tests * Unit test. * Manually confirmed that setting `DATABRICKS_AUTH_TYPE=azure-cli` now works as expected.
2023-12-18 09:57:07 +00:00
// If any of the auth-specific attributes are set, we can skip profile resolution.
Try to resolve a profile if only the host is specified (#287) ## Changes This improves out of the box usability where a user who already configured a `.databrickscfg` file will be able to reference the workspace host in their `bundle.yml` and it will automatically pick up the right profile. ## Tests * Newly added tests pass. * Manual testing confirms intended behavior. --------- Co-authored-by: shreyas-goenka <88374338+shreyas-goenka@users.noreply.github.com>
2023-03-29 18:44:19 +00:00
for _, a := range config.ConfigAttributes {
Added `auth describe` command (#1244) ## Changes This command provide details on auth configuration user is using as well as authenticated user and auth mechanism used. Relies on https://github.com/databricks/databricks-sdk-go/pull/838 (tests will fail until merged) Examples of output ``` Workspace: https://test.com User: andrew.nester@databricks.com Authenticated with: pat ----- Configuration: ✓ auth_type: pat ✓ host: https://test.com (from bundle) ✓ profile: DEFAULT (from --profile flag) ✓ token: ******** (from /Users/andrew.nester/.databrickscfg config file) ``` ``` DATABRICKS_AUTH_TYPE=azure-msi databricks auth describe -p "Azure 2" Unable to authenticate: inner token: Post "https://foobar.com/oauth2/token": AADSTS900023: Specified tenant identifier foobar_aaaaaaa' is neither a valid DNS name, nor a valid external domain. See https://login.microsoftonline.com/error?code=900023 ----- Configuration: ✓ auth_type: azure-msi (from DATABRICKS_AUTH_TYPE environment variable) ✓ azure_client_id: 8470f3ba-aaaa-bbbb-cccc-xxxxyyyyzzzz (from /Users/andrew.nester/.databrickscfg config file) ~ azure_client_secret: ******** (from /Users/andrew.nester/.databrickscfg config file, not used for auth type azure-msi) ~ azure_tenant_id: foobar_aaaaaaa (from /Users/andrew.nester/.databrickscfg config file, not used for auth type azure-msi) ✓ azure_use_msi: true (from /Users/andrew.nester/.databrickscfg config file) ✓ host: https://foobar.com (from /Users/andrew.nester/.databrickscfg config file) ✓ profile: Azure 2 (from --profile flag) ``` For account ``` Unable to authenticate: default auth: databricks-cli: cannot get access token: Error: token refresh: Post "https://xxxxxxx.com/v1/token": http 400: {"error":"invalid_request","error_description":"Refresh token is invalid"} . Config: host=https://xxxxxxx.com, account_id=ed0ca3c5-fae5-4619-bb38-eebe04a4af4b, profile=ACCOUNT-ed0ca3c5-fae5-4619-bb38-eebe04a4af4b ----- Configuration: ✓ account_id: ed0ca3c5-fae5-4619-bb38-eebe04a4af4b (from /Users/andrew.nester/.databrickscfg config file) ✓ auth_type: databricks-cli (from /Users/andrew.nester/.databrickscfg config file) ✓ host: https://xxxxxxxxx.com (from /Users/andrew.nester/.databrickscfg config file) ✓ profile: ACCOUNT-ed0ca3c5-fae5-4619-bb38-eebe04a4af4b ``` ## Tests Added unit tests --------- Co-authored-by: Julia Crawford (Databricks) <julia.crawford@databricks.com>
2024-04-03 08:14:04 +00:00
if !a.HasAuthAttribute() {
Try to resolve a profile if only the host is specified (#287) ## Changes This improves out of the box usability where a user who already configured a `.databrickscfg` file will be able to reference the workspace host in their `bundle.yml` and it will automatically pick up the right profile. ## Tests * Newly added tests pass. * Manual testing confirms intended behavior. --------- Co-authored-by: shreyas-goenka <88374338+shreyas-goenka@users.noreply.github.com>
2023-03-29 18:44:19 +00:00
continue
}
if !a.IsZero(cfg) {
return true
}
}
Skip profile resolution if `DATABRICKS_AUTH_TYPE` is set (#1068) ## Changes If a user configures a workspace host in a bundle and wants to use the "azure-cli" authentication type, we would still run profile resolution. If the databrickscfg has a matching profile, we still load it, even though it should be a fallback. ## Tests * Unit test. * Manually confirmed that setting `DATABRICKS_AUTH_TYPE=azure-cli` now works as expected.
2023-12-18 09:57:07 +00:00
// If the auth type is set, we can skip profile resolution.
// For example, to force "azure-cli", only the host and the auth type will be set.
return cfg.AuthType != ""
Try to resolve a profile if only the host is specified (#287) ## Changes This improves out of the box usability where a user who already configured a `.databrickscfg` file will be able to reference the workspace host in their `bundle.yml` and it will automatically pick up the right profile. ## Tests * Newly added tests pass. * Manual testing confirms intended behavior. --------- Co-authored-by: shreyas-goenka <88374338+shreyas-goenka@users.noreply.github.com>
2023-03-29 18:44:19 +00:00
}