Skip to content

Auth: resolve positional arg as profile name first#4840

Open
simonfaltum wants to merge 17 commits intomainfrom
simonfaltum/auth-positional-profile
Open

Auth: resolve positional arg as profile name first#4840
simonfaltum wants to merge 17 commits intomainfrom
simonfaltum/auth-positional-profile

Conversation

@simonfaltum
Copy link
Copy Markdown
Member

@simonfaltum simonfaltum commented Mar 25, 2026
edited
Loading

Why

Running databricks auth login logfood treats logfood as a host URL, which fails confusingly. Running databricks auth token e2-logfood (a typo) falls through to host resolution, producing a misleading DNS error. The three auth commands handle positional arguments inconsistently: login only accepts hosts, token tries profile-first, logout tries profile-first.

Changes

All three auth commands now share a resolvePositionalArg function that resolves positional arguments as profile names first. If no profile matches and the argument doesn't look like a profile name, it returns a clear error.

Before: databricks auth login logfood tries to resolve logfood as a hostname and fails.
Now: databricks auth login logfood loads the logfood profile and logs into its configured host.

Before: databricks auth token e2-logfood produces a confusing DNS/OAuth error.
Now: databricks auth token e2-logfood produces no profile named "e2-logfood" found.

The usage strings show [PROFILE] as the positional argument, reinforcing that profile is the primary concept. Host URLs still work as a silent fallback for backwards compatibility.

Also removes the local --profile flag from auth logout in favor of the global persistent flag, restoring -p shorthand consistency.

Test plan

  • New unit tests for resolvePositionalArg (7 table-driven cases)
  • New unit tests for resolveHostToProfile (4 cases)
  • New token test for non-host non-profile error message
  • Updated logout tests for new resolution flow
  • make checks passes
  • make lintfull passes
  • go test ./cmd/auth/ passes

@eng-dev-ecosystem-bot
Copy link
Copy Markdown
Collaborator

eng-dev-ecosystem-bot commented Mar 25, 2026
edited
Loading

Commit: 62ee5d5

Run: 23620221952

Env 🔄​flaky 💚​RECOVERED 🙈​SKIP ✅​pass 🙈​skip Time
💚​ aws linux 7 10 270 807 6:00
💚​ aws windows 7 10 272 805 5:23
💚​ aws-ucws linux 7 10 366 723 6:58
💚​ aws-ucws windows 7 10 368 721 5:50
💚​ azure linux 1 12 273 805 8:01
💚​ azure windows 1 12 275 803 9:00
💚​ azure-ucws linux 1 12 371 719 7:40
🔄​ azure-ucws windows 3 12 371 717 9:52
💚​ gcp linux 1 12 269 808 5:51
💚​ gcp windows 1 12 271 806 5:12
19 interesting tests: 10 SKIP, 6 RECOVERED, 3 flaky
Test Name aws linux aws windows aws-ucws linux aws-ucws windows azure linux azure windows azure-ucws linux azure-ucws windows gcp linux gcp windows
🔄​ TestAccept 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 🔄​f 💚​R 💚​R
🙈​ TestAccept/bundle/resources/permissions 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🔄​ TestAccept/bundle/resources/permissions/jobs/delete_one/cloud 🙈​s 🙈​s ✅​p ✅​p 🙈​s 🙈​s ✅​p 🔄​f 🙈​s 🙈​s
🔄​ TestAccept/bundle/resources/permissions/jobs/delete_one/cloud/DATABRICKS_BUNDLE_ENGINE=terraform ✅​p ✅​p ✅​p 🔄​f
💚​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions 💚​R 💚​R 💚​R 💚​R 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
💚​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions/DATABRICKS_BUNDLE_ENGINE=direct 💚​R 💚​R 💚​R 💚​R
💚​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions/DATABRICKS_BUNDLE_ENGINE=terraform 💚​R 💚​R 💚​R 💚​R
💚​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions 💚​R 💚​R 💚​R 💚​R 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
💚​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions/DATABRICKS_BUNDLE_ENGINE=direct 💚​R 💚​R 💚​R 💚​R
💚​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions/DATABRICKS_BUNDLE_ENGINE=terraform 💚​R 💚​R 💚​R 💚​R
🙈​ TestAccept/bundle/resources/postgres_branches/basic 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/recreate 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/update_protected 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/without_branch_id 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_endpoints/basic 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_endpoints/recreate 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_projects/update_display_name 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/synced_database_tables/basic 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/ssh/connection 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
Top 20 slowest tests (at least 2 minutes):
duration env testname
7:49 azure-ucws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
6:47 azure windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
5:17 azure linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
4:58 azure-ucws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
4:26 azure-ucws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
4:21 azure linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:48 gcp linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:42 gcp linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:40 gcp windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:19 aws-ucws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:17 aws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:15 aws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:12 aws-ucws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:11 gcp windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:10 azure-ucws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:09 aws-ucws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:49 aws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:41 aws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:33 aws-ucws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:06 azure windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct

@simonfaltum simonfaltum marked this pull request as ready for review March 25, 2026 22:56
@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 25, 2026

Suggested reviewers

Based on git history of the changed files, these people are best suited to review:

Confidence: high

Eligible reviewers

Based on CODEOWNERS, these people or teams could also review:

@andrewnester, @anton-107, @denik, @shreyas-goenka

Suggestions based on git history of 8 changed files (6 scored). See CODEOWNERS for path-specific ownership rules.

renaudhartert-db
renaudhartert-db reviewed Apr 7, 2026
View reviewed changes
@simonfaltum simonfaltum requested review from renaudhartert-db and removed request for pietern April 7, 2026 17:39
simonfaltum added 11 commits April 8, 2026 11:18
@simonfaltum
Add shared resolvePositionalArg for auth commands
501a39c
@simonfaltum
Refactor resolve tests to table-driven, tighten looksLikeHost check
6f0541c 
Co-authored-by: Isaac
@simonfaltum
auth login: treat positional arg as profile name first
a56e29e 
Co-authored-by: Isaac
@simonfaltum
auth token: use resolvePositionalArg for better error messages
487244e 
Co-authored-by: Isaac
@simonfaltum
auth logout: use shared resolvePositionalArg, remove local --profile
9037a5c 
Co-authored-by: Isaac
@simonfaltum
Reword login error message, co-locate resolveHostToProfile tests
5d92ceb 
Co-authored-by: Isaac
@simonfaltum
Fix whitespace and lint in logout.go and resolve.go
bd2673c 
Co-authored-by: Isaac
@simonfaltum
Fix review findings for auth positional profile resolution
1bf93ff 
- Fix token command skipping resolver when DATABRICKS_CONFIG_PROFILE is
  set by moving positional arg resolution before the env var read
- Add test for login's --host + positional argument conflict guard
- Align token command's Use string to PROFILE_OR_HOST for consistency
- Add host:port detection (e.g., localhost:8080) to looksLikeHost
- Improve resolveHostToProfile prompt label to "Select one to use"

Co-authored-by: Isaac
@simonfaltum
Add NEXT_CHANGELOG entry for auth positional profile resolution
01e1167 
Co-authored-by: Isaac
@simonfaltum
Use [PROFILE] in usage strings, keep host fallback silent
b6db124 
The positional argument is primarily a profile name. Host URL support
is backwards compatibility, not the intended path forward, so we
don't advertise it in --help output.

Co-authored-by: Isaac
@simonfaltum
Address review feedback: sentinel errors, nil guard removal, profile+…
dc1b3bc 
…arg conflict

- Use errNoProfileFound sentinel error instead of formatted string for
  resolvePositionalArg, enabling errors.Is checks in tests
- Remove unnecessary nil guard on global --profile flag in logout and token
  commands (profile is always registered as a persistent root flag)
- Add positional arg + --profile conflict check in login command

Co-authored-by: Isaac
@simonfaltum
Fix lint (assert.ErrorIs) and remove incorrect login profile+arg conf…
8f180cd 
…lict

The testifylint linter requires assert.ErrorIs over assert.True(errors.Is).

The blanket rejection of positional arg + --profile in login was wrong:
`databricks auth login https://host --profile myprofile` is valid (host as
positional arg with explicit profile). The profile-first resolution already
skips when profileName is set, so no extra guard is needed.

Co-authored-by: Isaac
@simonfaltum
Error when positional arg is combined with --host or --profile
83bf8b9 
The positional argument is a shorthand that resolves to either a profile
or a host. Combining it with explicit flags is ambiguous, so we now error
with a user-friendly message that echoes the argument and suggests using
the flags directly. This is consistent across login, logout, and token.

Co-authored-by: Isaac
@simonfaltum
Align login help text with #4906 and document profile-first resolution
6599d8b 
Co-authored-by: Isaac
@simonfaltum
Use [PROFILE] in login usage string
f4bf117 
We silently support host URLs as positional args but don't want to
advertise it in the usage line.

Co-authored-by: Isaac
@simonfaltum simonfaltum force-pushed the simonfaltum/auth-positional-profile branch from fdfea5a to f4bf117 Compare April 8, 2026 09:22
simonfaltum and others added 2 commits April 8, 2026 17:13
@simonfaltum
Fix host-arg-overrides-profile test to expect conflict error
f5bc0c3 
The profileHostConflictCheck PreRunE hook now rejects login when
--profile and --host specify different hosts. Update the test to
expect the conflict error instead of a successful override.

Co-authored-by: Isaac
@simonfaltum
Merge branch 'main' into simonfaltum/auth-positional-profile
9f58730
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@renaudhartert-db renaudhartert-db Awaiting requested review from renaudhartert-db

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@simonfaltum @eng-dev-ecosystem-bot @renaudhartert-db