databricks-cli/cmd/auth/describe_test.go

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

227 lines
8.1 KiB
Go
Raw Normal View History

Added `auth describe` command (#1244) ## Changes This command provide details on auth configuration user is using as well as authenticated user and auth mechanism used. Relies on https://github.com/databricks/databricks-sdk-go/pull/838 (tests will fail until merged) Examples of output ``` Workspace: https://test.com User: andrew.nester@databricks.com Authenticated with: pat ----- Configuration: ✓ auth_type: pat ✓ host: https://test.com (from bundle) ✓ profile: DEFAULT (from --profile flag) ✓ token: ******** (from /Users/andrew.nester/.databrickscfg config file) ``` ``` DATABRICKS_AUTH_TYPE=azure-msi databricks auth describe -p "Azure 2" Unable to authenticate: inner token: Post "https://foobar.com/oauth2/token": AADSTS900023: Specified tenant identifier foobar_aaaaaaa' is neither a valid DNS name, nor a valid external domain. See https://login.microsoftonline.com/error?code=900023 ----- Configuration: ✓ auth_type: azure-msi (from DATABRICKS_AUTH_TYPE environment variable) ✓ azure_client_id: 8470f3ba-aaaa-bbbb-cccc-xxxxyyyyzzzz (from /Users/andrew.nester/.databrickscfg config file) ~ azure_client_secret: ******** (from /Users/andrew.nester/.databrickscfg config file, not used for auth type azure-msi) ~ azure_tenant_id: foobar_aaaaaaa (from /Users/andrew.nester/.databrickscfg config file, not used for auth type azure-msi) ✓ azure_use_msi: true (from /Users/andrew.nester/.databrickscfg config file) ✓ host: https://foobar.com (from /Users/andrew.nester/.databrickscfg config file) ✓ profile: Azure 2 (from --profile flag) ``` For account ``` Unable to authenticate: default auth: databricks-cli: cannot get access token: Error: token refresh: Post "https://xxxxxxx.com/v1/token": http 400: {"error":"invalid_request","error_description":"Refresh token is invalid"} . Config: host=https://xxxxxxx.com, account_id=ed0ca3c5-fae5-4619-bb38-eebe04a4af4b, profile=ACCOUNT-ed0ca3c5-fae5-4619-bb38-eebe04a4af4b ----- Configuration: ✓ account_id: ed0ca3c5-fae5-4619-bb38-eebe04a4af4b (from /Users/andrew.nester/.databrickscfg config file) ✓ auth_type: databricks-cli (from /Users/andrew.nester/.databrickscfg config file) ✓ host: https://xxxxxxxxx.com (from /Users/andrew.nester/.databrickscfg config file) ✓ profile: ACCOUNT-ed0ca3c5-fae5-4619-bb38-eebe04a4af4b ``` ## Tests Added unit tests --------- Co-authored-by: Julia Crawford (Databricks) <julia.crawford@databricks.com>
2024-04-03 08:14:04 +00:00
package auth
import (
"context"
"errors"
Added `auth describe` command (#1244) ## Changes This command provide details on auth configuration user is using as well as authenticated user and auth mechanism used. Relies on https://github.com/databricks/databricks-sdk-go/pull/838 (tests will fail until merged) Examples of output ``` Workspace: https://test.com User: andrew.nester@databricks.com Authenticated with: pat ----- Configuration: ✓ auth_type: pat ✓ host: https://test.com (from bundle) ✓ profile: DEFAULT (from --profile flag) ✓ token: ******** (from /Users/andrew.nester/.databrickscfg config file) ``` ``` DATABRICKS_AUTH_TYPE=azure-msi databricks auth describe -p "Azure 2" Unable to authenticate: inner token: Post "https://foobar.com/oauth2/token": AADSTS900023: Specified tenant identifier foobar_aaaaaaa' is neither a valid DNS name, nor a valid external domain. See https://login.microsoftonline.com/error?code=900023 ----- Configuration: ✓ auth_type: azure-msi (from DATABRICKS_AUTH_TYPE environment variable) ✓ azure_client_id: 8470f3ba-aaaa-bbbb-cccc-xxxxyyyyzzzz (from /Users/andrew.nester/.databrickscfg config file) ~ azure_client_secret: ******** (from /Users/andrew.nester/.databrickscfg config file, not used for auth type azure-msi) ~ azure_tenant_id: foobar_aaaaaaa (from /Users/andrew.nester/.databrickscfg config file, not used for auth type azure-msi) ✓ azure_use_msi: true (from /Users/andrew.nester/.databrickscfg config file) ✓ host: https://foobar.com (from /Users/andrew.nester/.databrickscfg config file) ✓ profile: Azure 2 (from --profile flag) ``` For account ``` Unable to authenticate: default auth: databricks-cli: cannot get access token: Error: token refresh: Post "https://xxxxxxx.com/v1/token": http 400: {"error":"invalid_request","error_description":"Refresh token is invalid"} . Config: host=https://xxxxxxx.com, account_id=ed0ca3c5-fae5-4619-bb38-eebe04a4af4b, profile=ACCOUNT-ed0ca3c5-fae5-4619-bb38-eebe04a4af4b ----- Configuration: ✓ account_id: ed0ca3c5-fae5-4619-bb38-eebe04a4af4b (from /Users/andrew.nester/.databrickscfg config file) ✓ auth_type: databricks-cli (from /Users/andrew.nester/.databrickscfg config file) ✓ host: https://xxxxxxxxx.com (from /Users/andrew.nester/.databrickscfg config file) ✓ profile: ACCOUNT-ed0ca3c5-fae5-4619-bb38-eebe04a4af4b ``` ## Tests Added unit tests --------- Co-authored-by: Julia Crawford (Databricks) <julia.crawford@databricks.com>
2024-04-03 08:14:04 +00:00
"testing"
"github.com/databricks/cli/cmd/root"
"github.com/databricks/databricks-sdk-go/config"
"github.com/databricks/databricks-sdk-go/experimental/mocks"
"github.com/databricks/databricks-sdk-go/service/iam"
"github.com/spf13/cobra"
"github.com/stretchr/testify/mock"
"github.com/stretchr/testify/require"
)
func TestGetWorkspaceAuthStatus(t *testing.T) {
ctx := context.Background()
m := mocks.NewMockWorkspaceClient(t)
ctx = root.SetWorkspaceClient(ctx, m.WorkspaceClient)
cmd := &cobra.Command{}
cmd.SetContext(ctx)
showSensitive := false
currentUserApi := m.GetMockCurrentUserAPI()
currentUserApi.EXPECT().Me(mock.Anything).Return(&iam.User{
UserName: "test-user",
}, nil)
cmd.Flags().String("host", "", "")
cmd.Flags().String("profile", "", "")
err := cmd.Flag("profile").Value.Set("my-profile")
require.NoError(t, err)
cmd.Flag("profile").Changed = true
cfg := &config.Config{
Profile: "my-profile",
}
m.WorkspaceClient.Config = cfg
t.Setenv("DATABRICKS_AUTH_TYPE", "azure-cli")
err = config.ConfigAttributes.Configure(cfg)
require.NoError(t, err)
status, err := getAuthStatus(cmd, []string{}, showSensitive, func(cmd *cobra.Command, args []string) (*config.Config, bool, error) {
err := config.ConfigAttributes.ResolveFromStringMap(cfg, map[string]string{
"host": "https://test.com",
"token": "test-token",
"auth_type": "azure-cli",
})
require.NoError(t, err)
return cfg, false, nil
})
require.NoError(t, err)
require.NotNil(t, status)
require.Equal(t, "success", status.Status)
require.Equal(t, "test-user", status.Username)
require.Equal(t, "https://test.com", status.Details.Host)
require.Equal(t, "azure-cli", status.Details.AuthType)
require.Equal(t, "azure-cli", status.Details.Configuration["auth_type"].Value)
require.Equal(t, "DATABRICKS_AUTH_TYPE environment variable", status.Details.Configuration["auth_type"].Source.String())
require.False(t, status.Details.Configuration["auth_type"].AuthTypeMismatch)
require.Equal(t, "********", status.Details.Configuration["token"].Value)
require.Equal(t, "dynamic configuration", status.Details.Configuration["token"].Source.String())
require.True(t, status.Details.Configuration["token"].AuthTypeMismatch)
require.Equal(t, "my-profile", status.Details.Configuration["profile"].Value)
require.Equal(t, "--profile flag", status.Details.Configuration["profile"].Source.String())
require.False(t, status.Details.Configuration["profile"].AuthTypeMismatch)
}
func TestGetWorkspaceAuthStatusError(t *testing.T) {
ctx := context.Background()
m := mocks.NewMockWorkspaceClient(t)
ctx = root.SetWorkspaceClient(ctx, m.WorkspaceClient)
cmd := &cobra.Command{}
cmd.SetContext(ctx)
showSensitive := false
cmd.Flags().String("host", "", "")
cmd.Flags().String("profile", "", "")
err := cmd.Flag("profile").Value.Set("my-profile")
require.NoError(t, err)
cmd.Flag("profile").Changed = true
cfg := &config.Config{
Profile: "my-profile",
}
m.WorkspaceClient.Config = cfg
t.Setenv("DATABRICKS_AUTH_TYPE", "azure-cli")
err = config.ConfigAttributes.Configure(cfg)
require.NoError(t, err)
status, err := getAuthStatus(cmd, []string{}, showSensitive, func(cmd *cobra.Command, args []string) (*config.Config, bool, error) {
err = config.ConfigAttributes.ResolveFromStringMap(cfg, map[string]string{
"host": "https://test.com",
"token": "test-token",
"auth_type": "azure-cli",
})
return cfg, false, errors.New("auth error")
Added `auth describe` command (#1244) ## Changes This command provide details on auth configuration user is using as well as authenticated user and auth mechanism used. Relies on https://github.com/databricks/databricks-sdk-go/pull/838 (tests will fail until merged) Examples of output ``` Workspace: https://test.com User: andrew.nester@databricks.com Authenticated with: pat ----- Configuration: ✓ auth_type: pat ✓ host: https://test.com (from bundle) ✓ profile: DEFAULT (from --profile flag) ✓ token: ******** (from /Users/andrew.nester/.databrickscfg config file) ``` ``` DATABRICKS_AUTH_TYPE=azure-msi databricks auth describe -p "Azure 2" Unable to authenticate: inner token: Post "https://foobar.com/oauth2/token": AADSTS900023: Specified tenant identifier foobar_aaaaaaa' is neither a valid DNS name, nor a valid external domain. See https://login.microsoftonline.com/error?code=900023 ----- Configuration: ✓ auth_type: azure-msi (from DATABRICKS_AUTH_TYPE environment variable) ✓ azure_client_id: 8470f3ba-aaaa-bbbb-cccc-xxxxyyyyzzzz (from /Users/andrew.nester/.databrickscfg config file) ~ azure_client_secret: ******** (from /Users/andrew.nester/.databrickscfg config file, not used for auth type azure-msi) ~ azure_tenant_id: foobar_aaaaaaa (from /Users/andrew.nester/.databrickscfg config file, not used for auth type azure-msi) ✓ azure_use_msi: true (from /Users/andrew.nester/.databrickscfg config file) ✓ host: https://foobar.com (from /Users/andrew.nester/.databrickscfg config file) ✓ profile: Azure 2 (from --profile flag) ``` For account ``` Unable to authenticate: default auth: databricks-cli: cannot get access token: Error: token refresh: Post "https://xxxxxxx.com/v1/token": http 400: {"error":"invalid_request","error_description":"Refresh token is invalid"} . Config: host=https://xxxxxxx.com, account_id=ed0ca3c5-fae5-4619-bb38-eebe04a4af4b, profile=ACCOUNT-ed0ca3c5-fae5-4619-bb38-eebe04a4af4b ----- Configuration: ✓ account_id: ed0ca3c5-fae5-4619-bb38-eebe04a4af4b (from /Users/andrew.nester/.databrickscfg config file) ✓ auth_type: databricks-cli (from /Users/andrew.nester/.databrickscfg config file) ✓ host: https://xxxxxxxxx.com (from /Users/andrew.nester/.databrickscfg config file) ✓ profile: ACCOUNT-ed0ca3c5-fae5-4619-bb38-eebe04a4af4b ``` ## Tests Added unit tests --------- Co-authored-by: Julia Crawford (Databricks) <julia.crawford@databricks.com>
2024-04-03 08:14:04 +00:00
})
require.NoError(t, err)
require.NotNil(t, status)
require.Equal(t, "error", status.Status)
require.Equal(t, "azure-cli", status.Details.Configuration["auth_type"].Value)
require.Equal(t, "DATABRICKS_AUTH_TYPE environment variable", status.Details.Configuration["auth_type"].Source.String())
require.False(t, status.Details.Configuration["auth_type"].AuthTypeMismatch)
require.Equal(t, "********", status.Details.Configuration["token"].Value)
require.Equal(t, "dynamic configuration", status.Details.Configuration["token"].Source.String())
require.True(t, status.Details.Configuration["token"].AuthTypeMismatch)
require.Equal(t, "my-profile", status.Details.Configuration["profile"].Value)
require.Equal(t, "--profile flag", status.Details.Configuration["profile"].Source.String())
require.False(t, status.Details.Configuration["profile"].AuthTypeMismatch)
}
func TestGetWorkspaceAuthStatusSensitive(t *testing.T) {
ctx := context.Background()
m := mocks.NewMockWorkspaceClient(t)
ctx = root.SetWorkspaceClient(ctx, m.WorkspaceClient)
cmd := &cobra.Command{}
cmd.SetContext(ctx)
showSensitive := true
cmd.Flags().String("host", "", "")
cmd.Flags().String("profile", "", "")
err := cmd.Flag("profile").Value.Set("my-profile")
require.NoError(t, err)
cmd.Flag("profile").Changed = true
cfg := &config.Config{
Profile: "my-profile",
}
m.WorkspaceClient.Config = cfg
t.Setenv("DATABRICKS_AUTH_TYPE", "azure-cli")
err = config.ConfigAttributes.Configure(cfg)
require.NoError(t, err)
status, err := getAuthStatus(cmd, []string{}, showSensitive, func(cmd *cobra.Command, args []string) (*config.Config, bool, error) {
err = config.ConfigAttributes.ResolveFromStringMap(cfg, map[string]string{
"host": "https://test.com",
"token": "test-token",
"auth_type": "azure-cli",
})
return cfg, false, errors.New("auth error")
Added `auth describe` command (#1244) ## Changes This command provide details on auth configuration user is using as well as authenticated user and auth mechanism used. Relies on https://github.com/databricks/databricks-sdk-go/pull/838 (tests will fail until merged) Examples of output ``` Workspace: https://test.com User: andrew.nester@databricks.com Authenticated with: pat ----- Configuration: ✓ auth_type: pat ✓ host: https://test.com (from bundle) ✓ profile: DEFAULT (from --profile flag) ✓ token: ******** (from /Users/andrew.nester/.databrickscfg config file) ``` ``` DATABRICKS_AUTH_TYPE=azure-msi databricks auth describe -p "Azure 2" Unable to authenticate: inner token: Post "https://foobar.com/oauth2/token": AADSTS900023: Specified tenant identifier foobar_aaaaaaa' is neither a valid DNS name, nor a valid external domain. See https://login.microsoftonline.com/error?code=900023 ----- Configuration: ✓ auth_type: azure-msi (from DATABRICKS_AUTH_TYPE environment variable) ✓ azure_client_id: 8470f3ba-aaaa-bbbb-cccc-xxxxyyyyzzzz (from /Users/andrew.nester/.databrickscfg config file) ~ azure_client_secret: ******** (from /Users/andrew.nester/.databrickscfg config file, not used for auth type azure-msi) ~ azure_tenant_id: foobar_aaaaaaa (from /Users/andrew.nester/.databrickscfg config file, not used for auth type azure-msi) ✓ azure_use_msi: true (from /Users/andrew.nester/.databrickscfg config file) ✓ host: https://foobar.com (from /Users/andrew.nester/.databrickscfg config file) ✓ profile: Azure 2 (from --profile flag) ``` For account ``` Unable to authenticate: default auth: databricks-cli: cannot get access token: Error: token refresh: Post "https://xxxxxxx.com/v1/token": http 400: {"error":"invalid_request","error_description":"Refresh token is invalid"} . Config: host=https://xxxxxxx.com, account_id=ed0ca3c5-fae5-4619-bb38-eebe04a4af4b, profile=ACCOUNT-ed0ca3c5-fae5-4619-bb38-eebe04a4af4b ----- Configuration: ✓ account_id: ed0ca3c5-fae5-4619-bb38-eebe04a4af4b (from /Users/andrew.nester/.databrickscfg config file) ✓ auth_type: databricks-cli (from /Users/andrew.nester/.databrickscfg config file) ✓ host: https://xxxxxxxxx.com (from /Users/andrew.nester/.databrickscfg config file) ✓ profile: ACCOUNT-ed0ca3c5-fae5-4619-bb38-eebe04a4af4b ``` ## Tests Added unit tests --------- Co-authored-by: Julia Crawford (Databricks) <julia.crawford@databricks.com>
2024-04-03 08:14:04 +00:00
})
require.NoError(t, err)
require.NotNil(t, status)
require.Equal(t, "error", status.Status)
require.Equal(t, "azure-cli", status.Details.Configuration["auth_type"].Value)
require.Equal(t, "DATABRICKS_AUTH_TYPE environment variable", status.Details.Configuration["auth_type"].Source.String())
require.False(t, status.Details.Configuration["auth_type"].AuthTypeMismatch)
require.Equal(t, "test-token", status.Details.Configuration["token"].Value)
require.Equal(t, "dynamic configuration", status.Details.Configuration["token"].Source.String())
require.True(t, status.Details.Configuration["token"].AuthTypeMismatch)
}
func TestGetAccountAuthStatus(t *testing.T) {
ctx := context.Background()
m := mocks.NewMockAccountClient(t)
ctx = root.SetAccountClient(ctx, m.AccountClient)
cmd := &cobra.Command{}
cmd.SetContext(ctx)
showSensitive := false
cmd.Flags().String("host", "", "")
cmd.Flags().String("profile", "", "")
err := cmd.Flag("profile").Value.Set("my-profile")
require.NoError(t, err)
cmd.Flag("profile").Changed = true
cfg := &config.Config{
Profile: "my-profile",
}
m.AccountClient.Config = cfg
t.Setenv("DATABRICKS_AUTH_TYPE", "azure-cli")
err = config.ConfigAttributes.Configure(cfg)
require.NoError(t, err)
wsApi := m.GetMockWorkspacesAPI()
wsApi.EXPECT().List(mock.Anything).Return(nil, nil)
status, err := getAuthStatus(cmd, []string{}, showSensitive, func(cmd *cobra.Command, args []string) (*config.Config, bool, error) {
err = config.ConfigAttributes.ResolveFromStringMap(cfg, map[string]string{
"account_id": "test-account-id",
"username": "test-user",
"host": "https://test.com",
"token": "test-token",
"auth_type": "azure-cli",
})
return cfg, true, nil
})
require.NoError(t, err)
require.NotNil(t, status)
require.Equal(t, "success", status.Status)
require.Equal(t, "test-user", status.Username)
require.Equal(t, "https://test.com", status.Details.Host)
require.Equal(t, "azure-cli", status.Details.AuthType)
require.Equal(t, "test-account-id", status.AccountID)
require.Equal(t, "azure-cli", status.Details.Configuration["auth_type"].Value)
require.Equal(t, "DATABRICKS_AUTH_TYPE environment variable", status.Details.Configuration["auth_type"].Source.String())
require.False(t, status.Details.Configuration["auth_type"].AuthTypeMismatch)
require.Equal(t, "********", status.Details.Configuration["token"].Value)
require.Equal(t, "dynamic configuration", status.Details.Configuration["token"].Source.String())
require.True(t, status.Details.Configuration["token"].AuthTypeMismatch)
require.Equal(t, "my-profile", status.Details.Configuration["profile"].Value)
require.Equal(t, "--profile flag", status.Details.Configuration["profile"].Source.String())
require.False(t, status.Details.Configuration["profile"].AuthTypeMismatch)
}