Databricks CLI
Go to file
Serge Smertin b87b4b0f40
Added `bricks auth login` and `bricks auth token` (#158)
# Auth challenge (happy path)

Simplified description of [PKCE](https://oauth.net/2/pkce/)
implementation:

```mermaid
sequenceDiagram
    autonumber
    actor User
    
    User ->> CLI: type `bricks auth login HOST`
    CLI ->>+ HOST: request OIDC endpoints
    HOST ->>- CLI: auth & token endpoints
    CLI ->> CLI: start embedded server to consume redirects (lock)
    CLI -->>+ Auth Endpoint: open browser with RND1 + SHA256(RND2)

    User ->>+ Auth Endpoint: Go through SSO
    Auth Endpoint ->>- CLI: AUTH CODE + 'RND1 (redirect)

    CLI ->>+ Token Endpoint: Exchange: AUTH CODE + RND2
    Token Endpoint ->>- CLI: Access Token (JWT) + refresh + expiry
    CLI ->> Token cache: Save Access Token (JWT) + refresh + expiry
    CLI ->> User: success
```

# Token refresh (happy path)

```mermaid
sequenceDiagram
    autonumber
    actor User
    
    User ->> CLI: type `bricks token HOST`
    
    CLI ->> CLI: acquire lock (same local addr as redirect server)
    CLI ->>+ Token cache: read token

    critical token not expired
    Token cache ->>- User: JWT (without refresh)

    option token is expired
    CLI ->>+ HOST: request OIDC endpoints
    HOST ->>- CLI: auth & token endpoints
    CLI ->>+ Token Endpoint: refresh token
    Token Endpoint ->>- CLI: JWT (refreshed)
    CLI ->> Token cache: save JWT (refreshed)
    CLI ->> User: JWT (refreshed)
    
    option no auth for host
    CLI -X User: no auth configured
    end
```
2023-01-06 16:15:57 +01:00
.github Work on release actions (#153) 2022-12-22 11:01:50 +01:00
.vscode Added `bricks auth login` and `bricks auth token` (#158) 2023-01-06 16:15:57 +01:00
bundle Define flags for running jobs and pipelines (#146) 2022-12-23 15:17:16 +01:00
cmd Added `bricks auth login` and `bricks auth token` (#158) 2023-01-06 16:15:57 +01:00
experimental/github Make tests pass (#40) 2022-09-07 20:08:42 +02:00
folders Don't depend on working directory in folders.FindDirWithLeaf (#54) 2022-09-14 15:08:55 +02:00
git Run Go formatting with 1.19 (#137) 2022-12-14 15:59:47 +01:00
internal Use []byte for files in workspace (#162) 2023-01-05 12:03:31 +01:00
libs Added `bricks auth login` and `bricks auth token` (#158) 2023-01-06 16:15:57 +01:00
project Use Databricks Go SDK v0.1.0 (#110) 2022-12-01 12:17:36 +01:00
python Update to Go SDK v0.2.0 (#157) 2022-12-28 11:32:04 +01:00
retries Experimental sync command 2022-07-07 20:56:59 +02:00
sandbox updated dependencies 2022-05-14 19:56:09 +02:00
terraform Ensure Go code is formatted (#37) 2022-09-07 15:15:23 +02:00
.gitignore Implement Terraform state synchronization and deploy (#98) 2022-12-06 00:40:45 +01:00
.goreleaser.yaml Remove version suffix from snapshot binaries (#159) 2023-01-03 12:15:21 +01:00
Makefile updated dependencies 2022-05-14 19:56:09 +02:00
README.md Update README.md 2022-05-16 13:31:47 +02:00
go.mod Added `bricks auth login` and `bricks auth token` (#158) 2023-01-06 16:15:57 +01:00
go.sum Update to Go SDK v0.2.0 (#157) 2022-12-28 11:32:04 +01:00
main.go Added `bricks auth login` and `bricks auth token` (#158) 2023-01-06 16:15:57 +01:00

README.md

Bricks CLI 🧱 build

Where's "data"? Secured by the unity catalog. Projects build lifecycle is secured by bricks 🧱

This is an early PoC at this stage. make build (or download the latest from releases page).

Reuses authentication from Databricks CLI. And terraform provider. See details here: https://registry.terraform.io/providers/databrickslabs/databricks/latest/docs#environment-variables

Supports:

  • Databricks CLI
  • Databricks CLI Profiles
  • Azure CLI Auth
  • Azure MSI Auth
  • Azure SPN Auth
  • Google OIDC Auth
  • Direct DATABRICKS_HOST, DATABRICKS_TOKEN or DATABRICKS_USERNAME + DATABRICKS_PASSWORD variables.

What works:

  • ./bricks fs ls /
  • ./bricks test
  • ./bricks launch test.py

What doesn't work:

  • Everything else.

This project reuses some code from Databricks Terraform Provider