Skip to content

Commit 9aab143

Browse files
andrewnesterandrewnester
authored
Pass additional Azure DevOps SYSTEM_* environment variables to Terraform for OIDC authentication (#4318)
## Changes Pass additional Azure DevOps SYSTEM_* environment variables to Terraform for OIDC authentication ## Why Fixes #4311 ## Tests Added unit test <!-- If your PR needs to be included in the release notes for next release, add a separate entry in NEXT_CHANGELOG.md as part of your PR. -->
1 parent 48d2d47 commit 9aab143

3 files changed

Lines changed: 58 additions & 28 deletions

File tree

NEXT_CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@
77
### CLI
88

99
### Bundles
10+
* Pass additional Azure DevOps `SYSTEM_*` environment variables to Terraform for OIDC authentication: `SYSTEM_COLLECTIONURI`, `SYSTEM_DEFINITIONID`, `SYSTEM_HOSTTYPE`, `SYSTEM_JOBID`, `SYSTEM_TEAMPROJECT` ([#4318](https://github.com/databricks/cli/pull/4318))
1011
* Add support for valueFrom property (similar to app.yaml) inside Apps config field in bundle configuration ([#4297](https://github.com/databricks/cli/pull/4297))
1112
* engine/direct: Support bind & unbind. ([#4279](https://github.com/databricks/cli/pull/4279))
1213

bundle/deploy/terraform/init.go

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -170,11 +170,16 @@ func inheritEnvVars(ctx context.Context, environ map[string]string) error {
170170
// These variables are used by the Databricks Go SDK to authenticate with Azure DevOps OIDC.
171171
azureDevOpsVars := []string{
172172
"SYSTEM_ACCESSTOKEN",
173-
"SYSTEM_TEAMFOUNDATIONCOLLECTIONURI",
174-
"SYSTEM_PLANID",
175173
"SYSTEM_COLLECTIONID",
176-
"SYSTEM_TEAMPROJECTID",
174+
"SYSTEM_COLLECTIONURI",
175+
"SYSTEM_DEFINITIONID",
176+
"SYSTEM_HOSTTYPE",
177+
"SYSTEM_JOBID",
177178
"SYSTEM_OIDCREQUESTURI",
179+
"SYSTEM_PLANID",
180+
"SYSTEM_TEAMFOUNDATIONCOLLECTIONURI",
181+
"SYSTEM_TEAMPROJECT",
182+
"SYSTEM_TEAMPROJECTID",
178183
}
179184
for _, varName := range azureDevOpsVars {
180185
if val, ok := env.Lookup(ctx, varName); ok {

bundle/deploy/terraform/init_test.go

Lines changed: 49 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -281,41 +281,65 @@ func TestInheritOIDCTokenEnv(t *testing.T) {
281281
assert.Equal(t, "", env["DATABRICKS_OIDC_TOKEN_ENV"])
282282
}
283283

284-
func TestInheritSystemAccessToken(t *testing.T) {
285-
t.Setenv("SYSTEM_ACCESSTOKEN", "foobar")
286-
287-
ctx := context.Background()
288-
env := map[string]string{}
289-
err := inheritEnvVars(ctx, env)
290-
require.NoError(t, err)
291-
assert.Equal(t, "foobar", env["SYSTEM_ACCESSTOKEN"])
292-
}
284+
func TestInheritAzureDevOpsSystemVariablesIndividual(t *testing.T) {
285+
testCases := []struct {
286+
envVar string
287+
envValue string
288+
}{
289+
{"SYSTEM_ACCESSTOKEN", "test-token"},
290+
{"SYSTEM_COLLECTIONID", "collection-id-456"},
291+
{"SYSTEM_COLLECTIONURI", "https://dev.azure.com/myorg/"},
292+
{"SYSTEM_DEFINITIONID", "42"},
293+
{"SYSTEM_HOSTTYPE", "build"},
294+
{"SYSTEM_JOBID", "job-123"},
295+
{"SYSTEM_OIDCREQUESTURI", "https://oidc.example.com"},
296+
{"SYSTEM_PLANID", "plan-id-123"},
297+
{"SYSTEM_TEAMFOUNDATIONCOLLECTIONURI", "https://dev.azure.com/org/"},
298+
{"SYSTEM_TEAMPROJECT", "my-project"},
299+
{"SYSTEM_TEAMPROJECTID", "project-id-789"},
300+
}
293301

294-
func TestInheritSystemTeamFoundationCollectionUri(t *testing.T) {
295-
t.Setenv("SYSTEM_TEAMFOUNDATIONCOLLECTIONURI", "foobar")
302+
for _, tc := range testCases {
303+
t.Run(tc.envVar, func(t *testing.T) {
304+
t.Setenv(tc.envVar, tc.envValue)
296305

297-
ctx := context.Background()
298-
env := map[string]string{}
299-
err := inheritEnvVars(ctx, env)
300-
require.NoError(t, err)
301-
assert.Equal(t, "foobar", env["SYSTEM_TEAMFOUNDATIONCOLLECTIONURI"])
306+
ctx := context.Background()
307+
env := map[string]string{}
308+
err := inheritEnvVars(ctx, env)
309+
require.NoError(t, err)
310+
assert.Equal(t, tc.envValue, env[tc.envVar])
311+
})
312+
}
302313
}
303314

304315
func TestInheritAzureDevOpsSystemVariables(t *testing.T) {
305-
// Set Azure DevOps system variables
306-
t.Setenv("SYSTEM_PLANID", "plan-id-123")
307-
t.Setenv("SYSTEM_COLLECTIONID", "collection-id-456")
308-
t.Setenv("SYSTEM_TEAMPROJECTID", "project-id-789")
309-
t.Setenv("SYSTEM_OIDCREQUESTURI", "https://oidc.example.com")
316+
// Set all Azure DevOps system variables
317+
vars := map[string]string{
318+
"SYSTEM_ACCESSTOKEN": "test-token",
319+
"SYSTEM_COLLECTIONID": "collection-id-456",
320+
"SYSTEM_COLLECTIONURI": "https://dev.azure.com/myorg/",
321+
"SYSTEM_DEFINITIONID": "42",
322+
"SYSTEM_HOSTTYPE": "build",
323+
"SYSTEM_JOBID": "job-123",
324+
"SYSTEM_OIDCREQUESTURI": "https://oidc.example.com",
325+
"SYSTEM_PLANID": "plan-id-123",
326+
"SYSTEM_TEAMFOUNDATIONCOLLECTIONURI": "https://dev.azure.com/org/",
327+
"SYSTEM_TEAMPROJECT": "my-project",
328+
"SYSTEM_TEAMPROJECTID": "project-id-789",
329+
}
330+
331+
for k, v := range vars {
332+
t.Setenv(k, v)
333+
}
310334

311335
ctx := context.Background()
312336
env := map[string]string{}
313337
err := inheritEnvVars(ctx, env)
314338
require.NoError(t, err)
315-
assert.Equal(t, "plan-id-123", env["SYSTEM_PLANID"])
316-
assert.Equal(t, "collection-id-456", env["SYSTEM_COLLECTIONID"])
317-
assert.Equal(t, "project-id-789", env["SYSTEM_TEAMPROJECTID"])
318-
assert.Equal(t, "https://oidc.example.com", env["SYSTEM_OIDCREQUESTURI"])
339+
340+
for k, v := range vars {
341+
assert.Equal(t, v, env[k])
342+
}
319343
}
320344

321345
func TestSetUserProfileFromInheritEnvVars(t *testing.T) {

0 commit comments

Comments
 (0)