Skip to content

Auth: error when --profile and --host conflict#4841

Merged
simonfaltum merged 8 commits intomainfrom
simonfaltum/auth-profile-host-conflict
Apr 7, 2026
Merged

Auth: error when --profile and --host conflict#4841
simonfaltum merged 8 commits intomainfrom
simonfaltum/auth-profile-host-conflict

Conversation

@simonfaltum
Copy link
Copy Markdown
Member

@simonfaltum simonfaltum commented Mar 25, 2026

Why

Users can pass both --profile logfood and --host https://other-host.com on auth commands with no validation. The CLI silently picks one based on internal priority, which is confusing.

Changes

Before: databricks auth login --profile logfood --host https://other.com silently uses one of the two with no warning.
Now: produces an error explaining the conflict and suggesting to use --profile alone.

Adds a PersistentPreRunE on the auth parent command that validates when both --profile and --host are explicitly set. If the profile's host matches the --host value (after canonicalization), the command proceeds silently. If they conflict, it returns a clear error.

Test plan

  • New unit tests for validateProfileHostConflict (5 table-driven cases: matching hosts, trailing slash, conflict, profile not found, no host)
  • make checks passes
  • make lintfull passes
  • go test ./cmd/auth/ passes

@eng-dev-ecosystem-bot
Copy link
Copy Markdown
Collaborator

eng-dev-ecosystem-bot commented Mar 25, 2026
edited
Loading

Commit: 70e8eab

Run: 23621503408

Env 💚​RECOVERED 🙈​SKIP ✅​pass 🙈​skip Time
💚​ aws linux 7 10 270 807 5:56
💚​ aws windows 7 10 272 805 5:03
💚​ aws-ucws linux 7 10 366 723 8:41
💚​ aws-ucws windows 7 10 368 721 7:24
💚​ azure linux 1 12 273 805 7:08
💚​ azure windows 1 12 275 803 5:35
💚​ azure-ucws linux 1 12 371 719 7:57
💚​ azure-ucws windows 1 12 373 717 6:31
💚​ gcp linux 1 12 269 808 5:54
💚​ gcp windows 1 12 271 806 6:25
17 interesting tests: 10 SKIP, 7 RECOVERED
Test Name aws linux aws windows aws-ucws linux aws-ucws windows azure linux azure windows azure-ucws linux azure-ucws windows gcp linux gcp windows
💚​ TestAccept 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R
🙈​ TestAccept/bundle/resources/permissions 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
💚​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions 💚​R 💚​R 💚​R 💚​R 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
💚​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions/DATABRICKS_BUNDLE_ENGINE=direct 💚​R 💚​R 💚​R 💚​R
💚​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions/DATABRICKS_BUNDLE_ENGINE=terraform 💚​R 💚​R 💚​R 💚​R
💚​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions 💚​R 💚​R 💚​R 💚​R 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
💚​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions/DATABRICKS_BUNDLE_ENGINE=direct 💚​R 💚​R 💚​R 💚​R
💚​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions/DATABRICKS_BUNDLE_ENGINE=terraform 💚​R 💚​R 💚​R 💚​R
🙈​ TestAccept/bundle/resources/postgres_branches/basic 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/recreate 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/update_protected 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/without_branch_id 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_endpoints/basic 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_endpoints/recreate 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_projects/update_display_name 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/synced_database_tables/basic 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/ssh/connection 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
Top 20 slowest tests (at least 2 minutes):
duration env testname
4:47 azure linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
4:42 gcp windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
4:19 gcp linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
4:08 gcp linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:58 azure linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:15 azure windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:12 azure-ucws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:09 gcp windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:49 aws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:48 azure-ucws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:46 aws-ucws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:45 aws-ucws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:45 aws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:42 aws-ucws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:42 azure-ucws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:41 aws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:40 aws-ucws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:39 aws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:38 azure windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:15 azure-ucws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform

@simonfaltum simonfaltum marked this pull request as ready for review March 25, 2026 22:53
@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 25, 2026

Suggested reviewers

Based on git history of the changed files, these people are best suited to review:

Confidence: high

Eligible reviewers

Based on CODEOWNERS, these people or teams could also review:

@andrewnester, @anton-107, @denik, @shreyas-goenka

Suggestions based on git history of 4 changed files (3 scored). See CODEOWNERS for path-specific ownership rules.

@simonfaltum simonfaltum force-pushed the simonfaltum/auth-profile-host-conflict branch from a07aa55 to c758131 Compare March 26, 2026 22:24
@simonfaltum
fix: remove stale promptForWorkspaceID, update custom-config-file test
70e8eab 
Remove promptForWorkspaceID that was deleted on main but accidentally
reintroduced during rebase. Update the custom-config-file acceptance
test to expect the new profile/host conflict error.

Co-authored-by: Isaac
@simonfaltum simonfaltum requested review from mihaimitrea-db and removed request for andrewnester, anton-107, denik, pietern and shreyas-goenka April 7, 2026 10:41
mihaimitrea-db
mihaimitrea-db approved these changes Apr 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@mihaimitrea-db mihaimitrea-db left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM after description is updated

@simonfaltum
Update login command description to reflect --host conflict error
c1d02be 
Item 3 in the long description still described the old behavior where
conflicting --profile and --host would silently update the profile.
Updated to describe the new error behavior.

Co-authored-by: Isaac
@simonfaltum
Merge origin/main, resolve conflict in cmd/auth/token.go
4eb5807 
Keep both the new --force-refresh flag from main and the
profileHostConflictCheck PreRunE from this branch.

Co-authored-by: Isaac
@simonfaltum simonfaltum enabled auto-merge April 7, 2026 12:27
@simonfaltum simonfaltum added this pull request to the merge queue Apr 7, 2026
Merged via the queue into main with commit 49cc72b Apr 7, 2026
18 checks passed
@simonfaltum simonfaltum deleted the simonfaltum/auth-profile-host-conflict branch April 7, 2026 12:53
deco-sdk-tagging bot added a commit that referenced this pull request Apr 8, 2026
@deco-sdk-tagging
[Release] Release v0.296.0
267cbd3 
## Release v0.296.0

### Notable Changes
* Direct deployment engine for DABs is now in Public Preview. Documentation at [docs/direct.md](docs/direct.md).

### CLI
* Auth commands now error when --profile and --host conflict ([#4841](#4841))
* Add `--force-refresh` flag to `databricks auth token` to force a token refresh even when the cached token is still valid ([#4767](#4767))

### Bundles
* Deduplicate grant entries with duplicate principals or privileges during initialization ([#4801](#4801))
* Fix `bundle deployment bind` to always pull remote state before modifying ([#4892](#4892))
* engine/direct: Fix drift in grants resource due to privilege reordering ([#4794](#4794))
* engine/direct: Fix 400 error when deploying grants with ALL_PRIVILEGES ([#4801](#4801))
* engine/direct: Fix unwanted recreation of secret scopes when scope_backend_type is not set ([#4834](#4834))
* engine/direct: Fix bind and unbind for non-Terraform resources ([#4850](#4850))
* engine/direct: Fix deploying removed principals ([#4824](#4824))
* engine/direct: Fix secret scope permissions migration from Terraform to Direct engine ([#4866](#4866))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mihaimitrea-db mihaimitrea-db mihaimitrea-db approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@simonfaltum @eng-dev-ecosystem-bot @mihaimitrea-db