Add acceptance tests for auth resolution (#2285)

## Changes This PR adds acceptance tests for native Databricks auth methods: basic, oauth, and pat. In the future we could compare this with auth credentials used by downstream tools like TF or the telemetry process to ensure consistent auth credentials are picked up and used. Note: We do not add acceptance tests for other auth methods like Azure because they communicate with external endpoints. To test them locally, we would need to set up a reverse proxy server, which is out of scope for this change. ## Tests N/A
2025-02-11 21:20:03 +05:30 · 2025-02-11 21:20:03 +05:30 · 24ac8d8d59
parent 5d392acbef
commit 24ac8d8d59
13 changed files with 134 additions and 0 deletions
--- a/acceptance/auth/credentials/basic/out.requests.txt
+++ b/acceptance/auth/credentials/basic/out.requests.txt
@ -0,0 +1,12 @@
+{
+  "headers": {
+    "Authorization": [
+      "Basic [ENCODED_AUTH]"
+    ],
+    "User-Agent": [
+      "cli/[DEV_VERSION] databricks-sdk-go/[SDK_VERSION] go/[GO_VERSION] os/[OS] cmd/current-user_me cmd-exec-id/[UUID] auth/basic"
+    ]
+  },
+  "method": "GET",
+  "path": "/api/2.0/preview/scim/v2/Me"
+}
--- a/acceptance/auth/credentials/basic/output.txt
+++ b/acceptance/auth/credentials/basic/output.txt
@ -0,0 +1,4 @@
+{
+  "id":"[USERID]",
+  "userName":"[USERNAME]"
+}
--- a/acceptance/auth/credentials/basic/script
+++ b/acceptance/auth/credentials/basic/script
@ -0,0 +1,8 @@
+# Unset the token which is configured by default
+# in acceptance tests
+export DATABRICKS_TOKEN=""
+
+export DATABRICKS_USERNAME=username
+export DATABRICKS_PASSWORD=password
+
+$CLI current-user me
--- a/acceptance/auth/credentials/basic/test.toml
+++ b/acceptance/auth/credentials/basic/test.toml
@ -0,0 +1,4 @@
+# "username:password" in base64 is dXNlcm5hbWU6cGFzc3dvcmQ=, expect to see this in Authorization header
+[[Repls]]
+Old = "dXNlcm5hbWU6cGFzc3dvcmQ="
+New = "[ENCODED_AUTH]"
--- a/acceptance/auth/credentials/oauth/out.requests.txt
+++ b/acceptance/auth/credentials/oauth/out.requests.txt
@ -0,0 +1,34 @@
+{
+  "headers": {
+    "User-Agent": [
+      "cli/[DEV_VERSION] databricks-sdk-go/[SDK_VERSION] go/[GO_VERSION] os/[OS]"
+    ]
+  },
+  "method": "GET",
+  "path": "/oidc/.well-known/oauth-authorization-server"
+}
+{
+  "headers": {
+    "Authorization": [
+      "Basic [ENCODED_AUTH]"
+    ],
+    "User-Agent": [
+      "cli/[DEV_VERSION] databricks-sdk-go/[SDK_VERSION] go/[GO_VERSION] os/[OS]"
+    ]
+  },
+  "method": "POST",
+  "path": "/oidc/v1/token",
+  "raw_body": "grant_type=client_credentials\u0026scope=all-apis"
+}
+{
+  "headers": {
+    "Authorization": [
+      "Bearer oauth-token"
+    ],
+    "User-Agent": [
+      "cli/[DEV_VERSION] databricks-sdk-go/[SDK_VERSION] go/[GO_VERSION] os/[OS] cmd/current-user_me cmd-exec-id/[UUID] auth/oauth-m2m"
+    ]
+  },
+  "method": "GET",
+  "path": "/api/2.0/preview/scim/v2/Me"
+}
--- a/acceptance/auth/credentials/oauth/output.txt
+++ b/acceptance/auth/credentials/oauth/output.txt
@ -0,0 +1,4 @@
+{
+  "id":"[USERID]",
+  "userName":"[USERNAME]"
+}
--- a/acceptance/auth/credentials/oauth/script
+++ b/acceptance/auth/credentials/oauth/script
@ -0,0 +1,8 @@
+# Unset the token which is configured by default
+# in acceptance tests
+export DATABRICKS_TOKEN=""
+
+export DATABRICKS_CLIENT_ID=client_id
+export DATABRICKS_CLIENT_SECRET=client_secret
+
+$CLI current-user me
--- a/acceptance/auth/credentials/oauth/test.toml
+++ b/acceptance/auth/credentials/oauth/test.toml
@ -0,0 +1,5 @@
+# "client_id:client_secret" in base64 is Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ=, expect to
+# see this in Authorization header
+[[Repls]]
+Old = "Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ="
+New = "[ENCODED_AUTH]"
--- a/acceptance/auth/credentials/pat/out.requests.txt
+++ b/acceptance/auth/credentials/pat/out.requests.txt
@ -0,0 +1,12 @@
+{
+  "headers": {
+    "Authorization": [
+      "Bearer dapi1234"
+    ],
+    "User-Agent": [
+      "cli/[DEV_VERSION] databricks-sdk-go/[SDK_VERSION] go/[GO_VERSION] os/[OS] cmd/current-user_me cmd-exec-id/[UUID] auth/pat"
+    ]
+  },
+  "method": "GET",
+  "path": "/api/2.0/preview/scim/v2/Me"
+}
--- a/acceptance/auth/credentials/pat/output.txt
+++ b/acceptance/auth/credentials/pat/output.txt
@ -0,0 +1,4 @@
+{
+  "id":"[USERID]",
+  "userName":"[USERNAME]"
+}
--- a/acceptance/auth/credentials/pat/script
+++ b/acceptance/auth/credentials/pat/script
@ -0,0 +1,3 @@
+export DATABRICKS_TOKEN=dapi1234
+
+$CLI current-user me
--- a/acceptance/auth/credentials/test.toml
+++ b/acceptance/auth/credentials/test.toml
@ -0,0 +1,20 @@
+LocalOnly = true
+
+RecordRequests = true
+IncludeRequestHeaders = ["Authorization", "User-Agent"]
+
+[[Repls]]
+Old = '(linux|darwin|windows)'
+New = '[OS]'
+
+[[Repls]]
+Old = " upstream/[A-Za-z0-9.-]+"
+New = ""
+
+[[Repls]]
+Old = " upstream-version/[A-Za-z0-9.-]+"
+New = ""
+
+[[Repls]]
+Old = " cicd/[A-Za-z0-9.-]+"
+New = ""
--- a/acceptance/server_test.go
+++ b/acceptance/server_test.go
@ -166,6 +166,22 @@ func AddHandlers(server *testserver.Server) {
 	server.Handle("GET", "/api/2.1/jobs/list", func(fakeWorkspace *testserver.FakeWorkspace, r *http.Request) (any, int) {
 		return fakeWorkspace.JobsList()
 	})
+
+	server.Handle("GET", "/oidc/.well-known/oauth-authorization-server", func(fakeWorkspace *testserver.FakeWorkspace, r *http.Request) (any, int) {
+		return map[string]string{
+			"authorization_endpoint": server.URL + "oidc/v1/authorize",
+			"token_endpoint":         server.URL + "/oidc/v1/token",
+		}, http.StatusOK
+	})
+
+	server.Handle("POST", "/oidc/v1/token", func(fakeWorkspace *testserver.FakeWorkspace, r *http.Request) (any, int) {
+		return map[string]string{
+			"access_token": "oauth-token",
+			"expires_in":   "3600",
+			"scope":        "all-apis",
+			"token_type":   "Bearer",
+		}, http.StatusOK
+	})
 }

 func internalError(err error) (any, int) {