Refactor auth env to use CLI's resolved auth context#4904
Open
simonfaltum wants to merge 1 commit intomainfrom
Open
Refactor auth env to use CLI's resolved auth context#4904simonfaltum wants to merge 1 commit intomainfrom
simonfaltum wants to merge 1 commit intomainfrom
Conversation
Use root.MustAnyClient and auth.Env instead of custom profile/host
resolution logic. auth env now returns the environment variables for the
exact identity the CLI is authenticated as, including bundle context and
all standard auth resolution paths.
Also adds --output text support for KEY=VALUE lines with proper shell
quoting.
Breaking changes:
- Removed command-specific --host and --profile flags (use inherited flags)
- JSON output is a flat map instead of wrapped in {"env": ...}
- Only the primary env var per attribute is emitted (via auth.Env)
Co-authored-by: Isaac
simonfaltum
requested review from
andrewnester,
anton-107,
denik,
pietern and
shreyas-goenka
as code owners
Eligible reviewersCould not determine reviewers from git history. Based on CODEOWNERS, these people or teams could review: @andrewnester, @anton-107, @denik, @pietern, @shreyas-goenka Suggestions based on git history of 2 changed files (0 scored). See CODEOWNERS for path-specific ownership rules. |
4 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
auth envhad its own custom auth resolution logic (local--host/--profileflags, manual profile-to-host matching via ini file scanning). It didn't go through the standard CLI auth chain, so it couldn't resolve auth from bundle context, default profiles, or environment variables. It was effectively a standalone tool that only worked with explicit profile or host arguments.The command should return the environment variables needed to authenticate as the exact same identity the CLI is currently authenticated as.
Changes
Refactored to use the CLI's standard auth resolution (
root.MustAnyClient+cmdctx.ConfigUsed), same pattern asauth describe. Usesauth.Env(cfg)fromlibs/auth/env.goto generate env vars. This means it now works with bundle context, env var auth, default profiles, and all other standard auth paths.Before:
databricks auth env --host https://my-workspace.cloud.databricks.comwith custom profile matching.Now:
databricks auth envreturns the env vars for whatever identity the CLI resolved through its normal auth chain.Also adds
--output textsupport for KEY=VALUE lines with proper shell quoting.Breaking changes:
--hostand--profileflags (the inherited flags from the parentauthand root commands cover this){"env": {...}}auth.Env, consistent withbundle run)Removed ~120 lines of dead code:
canonicalHost,resolveSection,loadFromDatabricksCfg,collectEnvVars,ErrNoMatchingProfiles.Test plan
--outputkeeps JSON)cmd/authtests pass