steve/databricks-cli
steve
/
databricks-cli
mirror of https://github.com/databricks/cli.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
databricks-cli/cmd/auth
History
shreyas-goenka 10b245d10c
Move `ConfigUsed` to `libs/command` (#2440) 
## Changes
This PR moves `ConfigUsed` from the root package to `libs/command`.

## Why
Having the ConfigUsed function in the root package is a problem because
that means we cannot use that function from outside the `root` package
since doing so often leads to an import cycle (because `root` imports
everything implicitly).

Moving it to a separate package that consolidates the read interaction
and solves the import cycle issue. Example where this would have
simplified code:
https://github.com/databricks/cli/pull/2432#discussion_r1983368092

I'd like to send PRs to do the same for the workspace client and account
client as well. I'll wait however until this one is merged incase people
have concerns about the approach here.

## Tests
Existing tests.
 		2025-03-06 17:08:55 +00:00
..
testdata Fix host resolution order in `auth login` (#1370) 2024-08-14 13:01:00 +00:00
README.md Rename bricks -> databricks (#389) 2023-05-16 18:35:39 +02:00
auth.go Enable perfsprint linter and apply autofix (#2071) 2025-01-07 10:49:23 +00:00
describe.go Move `ConfigUsed` to `libs/command` (#2440) 2025-03-06 17:08:55 +00:00
describe_test.go Enable perfsprint linter and apply autofix (#2071) 2025-01-07 10:49:23 +00:00
env.go Enable perfsprint linter and apply autofix (#2071) 2025-01-07 10:49:23 +00:00
login.go Enable perfsprint linter and apply autofix (#2071) 2025-01-07 10:49:23 +00:00
login_test.go Fix host resolution order in `auth login` (#1370) 2024-08-14 13:01:00 +00:00
profiles.go Update error checks that use the `os` package to use `errors.Is` (#1461) 2024-06-03 12:39:36 +00:00
profiles_test.go Pass `DATABRICKS_CONFIG_FILE` env var to sdk config during `auth profiles` (#1394) 2024-04-24 09:18:13 +00:00
token.go Add doc string for the `auth token` command (#2302) 2025-02-07 11:51:37 +00:00
token_test.go Improve token refresh flow (#1434) 2024-05-16 10:22:09 +00:00

README.md

Auth challenge (happy path)

Simplified description of PKCE implementation:

sequenceDiagram
    autonumber
    actor User

    User ->> CLI: type `databricks auth login HOST`
    CLI ->>+ HOST: request OIDC endpoints
    HOST ->>- CLI: auth & token endpoints
    CLI ->> CLI: start embedded server to consume redirects (lock)
    CLI -->>+ Auth Endpoint: open browser with RND1 + SHA256(RND2)

    User ->>+ Auth Endpoint: Go through SSO
    Auth Endpoint ->>- CLI: AUTH CODE + 'RND1 (redirect)

    CLI ->>+ Token Endpoint: Exchange: AUTH CODE + RND2
    Token Endpoint ->>- CLI: Access Token (JWT) + refresh + expiry
    CLI ->> Token cache: Save Access Token (JWT) + refresh + expiry
    CLI ->> User: success

Token refresh (happy path)

sequenceDiagram
    autonumber
    actor User

    User ->> CLI: type `databricks token HOST`

    CLI ->> CLI: acquire lock (same local addr as redirect server)
    CLI ->>+ Token cache: read token

    critical token not expired
    Token cache ->>- User: JWT (without refresh)

    option token is expired
    CLI ->>+ HOST: request OIDC endpoints
    HOST ->>- CLI: auth & token endpoints
    CLI ->>+ Token Endpoint: refresh token
    Token Endpoint ->>- CLI: JWT (refreshed)
    CLI ->> Token cache: save JWT (refreshed)
    CLI ->> User: JWT (refreshed)

    option no auth for host
    CLI -X User: no auth configured
    end