steve/databricks-cli
steve
/
databricks-cli
mirror of https://github.com/databricks/cli.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
databricks-cli/cmd/auth
History
Denis Bilenko 8d5351c1c3
Enable errcheck everywhere and fix or silent remaining issues (#1987) 
## Changes
Enable errcheck linter for the whole codebase.

Fix remaining complaints:
- If we can propagate error to caller, do that
- If we writing to stdout, continue ignoring errors (to avoid crashing
in "cli | head" case)
- Add exception for cobra non-critical API such as
MarkHidden/MarkDeprecated/RegisterFlagCompletionFunc. This keeps current
code and behaviour, to be decided later if we want to change this.
- Continue ignoring errors where that is desired behaviour (e.g.
git.loadConfig).
- Continue ignoring errors where panicking seems riskier than ignoring
the error.
- Annotate cases in libs/dyn with //nolint:errcheck - to be addressed
later.

Note, this PR is not meant to come up with the best strategy for each
case, but to be a relative safe change to enable errcheck linter.
  
## Tests
Existing tests.
 		2024-12-11 13:26:00 +01:00
..
testdata Fix host resolution order in `auth login` (#1370) 2024-08-14 13:01:00 +00:00
README.md Rename bricks -> databricks (#389) 2023-05-16 18:35:39 +02:00
auth.go Fix host resolution order in `auth login` (#1370) 2024-08-14 13:01:00 +00:00
describe.go Enable errcheck everywhere and fix or silent remaining issues (#1987) 2024-12-11 13:26:00 +01:00
describe_test.go Add error checking in tests and enable errcheck there (#1980) 2024-12-09 13:56:41 +01:00
env.go Enable errcheck everywhere and fix or silent remaining issues (#1987) 2024-12-11 13:26:00 +01:00
login.go Do not error if we cannot prompt for a profile in `auth login` (#1745) 2024-09-04 07:14:21 +00:00
login_test.go Fix host resolution order in `auth login` (#1370) 2024-08-14 13:01:00 +00:00
profiles.go Update error checks that use the `os` package to use `errors.Is` (#1461) 2024-06-03 12:39:36 +00:00
profiles_test.go Pass `DATABRICKS_CONFIG_FILE` env var to sdk config during `auth profiles` (#1394) 2024-04-24 09:18:13 +00:00
token.go Enable errcheck everywhere and fix or silent remaining issues (#1987) 2024-12-11 13:26:00 +01:00
token_test.go Improve token refresh flow (#1434) 2024-05-16 10:22:09 +00:00

README.md

Auth challenge (happy path)

Simplified description of PKCE implementation:

sequenceDiagram
    autonumber
    actor User

    User ->> CLI: type `databricks auth login HOST`
    CLI ->>+ HOST: request OIDC endpoints
    HOST ->>- CLI: auth & token endpoints
    CLI ->> CLI: start embedded server to consume redirects (lock)
    CLI -->>+ Auth Endpoint: open browser with RND1 + SHA256(RND2)

    User ->>+ Auth Endpoint: Go through SSO
    Auth Endpoint ->>- CLI: AUTH CODE + 'RND1 (redirect)

    CLI ->>+ Token Endpoint: Exchange: AUTH CODE + RND2
    Token Endpoint ->>- CLI: Access Token (JWT) + refresh + expiry
    CLI ->> Token cache: Save Access Token (JWT) + refresh + expiry
    CLI ->> User: success

Token refresh (happy path)

sequenceDiagram
    autonumber
    actor User

    User ->> CLI: type `databricks token HOST`

    CLI ->> CLI: acquire lock (same local addr as redirect server)
    CLI ->>+ Token cache: read token

    critical token not expired
    Token cache ->>- User: JWT (without refresh)

    option token is expired
    CLI ->>+ HOST: request OIDC endpoints
    HOST ->>- CLI: auth & token endpoints
    CLI ->>+ Token Endpoint: refresh token
    Token Endpoint ->>- CLI: JWT (refreshed)
    CLI ->> Token cache: save JWT (refreshed)
    CLI ->> User: JWT (refreshed)

    option no auth for host
    CLI -X User: no auth configured
    end