Skip to content

Add support for OIDC ID token authentication using an environment variables and files#445

Merged
parthban-db merged 16 commits intomainfrom
emmyzhou-db/envvar-id-tokensource
May 15, 2025
Merged

Add support for OIDC ID token authentication using an environment variables and files#445
parthban-db merged 16 commits intomainfrom
emmyzhou-db/envvar-id-tokensource

Conversation

@emmyzhou-db
Copy link
Copy Markdown
Contributor

@emmyzhou-db emmyzhou-db commented May 12, 2025
edited
Loading

What changes are proposed in this pull request?

Add Environment Variable and File-based ID Token Sources

Key Changes

  • Added EnvVarIDTokenSource to read ID tokens from environment variables
  • Added FileIDTokenSource to read ID tokens from files
  • Both implement the IDTokenSource interface for OIDC authentication
  • Added envvar-oidc and file-oidc to the list of auth types

How is this tested?

  • Unit tests for both classes

NO_CHANGELOG=true

@emmyzhou-db emmyzhou-db temporarily deployed to test-trigger-is May 12, 2025 13:21 — with GitHub Actions Inactive
@emmyzhou-db emmyzhou-db requested a review from parthban-db May 12, 2025 13:21
@emmyzhou-db emmyzhou-db temporarily deployed to test-trigger-is May 12, 2025 13:22 — with GitHub Actions Inactive
@emmyzhou-db emmyzhou-db temporarily deployed to test-trigger-is May 12, 2025 13:30 — with GitHub Actions Inactive
@emmyzhou-db emmyzhou-db temporarily deployed to test-trigger-is May 12, 2025 13:31 — with GitHub Actions Inactive
@emmyzhou-db emmyzhou-db temporarily deployed to test-trigger-is May 12, 2025 13:45 — with GitHub Actions Inactive
@emmyzhou-db emmyzhou-db temporarily deployed to test-trigger-is May 12, 2025 13:45 — with GitHub Actions Inactive
@emmyzhou-db emmyzhou-db temporarily deployed to test-trigger-is May 12, 2025 15:12 — with GitHub Actions Inactive
@emmyzhou-db emmyzhou-db temporarily deployed to test-trigger-is May 12, 2025 15:12 — with GitHub Actions Inactive
@emmyzhou-db emmyzhou-db requested a review from parthban-db May 12, 2025 15:30
@emmyzhou-db emmyzhou-db temporarily deployed to test-trigger-is May 12, 2025 16:41 — with GitHub Actions Inactive
@emmyzhou-db emmyzhou-db temporarily deployed to test-trigger-is May 12, 2025 16:42 — with GitHub Actions Inactive
@emmyzhou-db emmyzhou-db temporarily deployed to test-trigger-is May 13, 2025 10:48 — with GitHub Actions Inactive
@emmyzhou-db emmyzhou-db temporarily deployed to test-trigger-is May 13, 2025 10:48 — with GitHub Actions Inactive
@emmyzhou-db emmyzhou-db temporarily deployed to test-trigger-is May 13, 2025 11:14 — with GitHub Actions Inactive
@emmyzhou-db emmyzhou-db temporarily deployed to test-trigger-is May 13, 2025 11:14 — with GitHub Actions Inactive
@emmyzhou-db emmyzhou-db changed the title Add EnvVarIDTokenSource and FileIDTokenSource Add support for OIDC ID token authentication using an environment variables and files May 13, 2025
renaudhartert-db
renaudhartert-db requested changes May 13, 2025
View reviewed changes
@emmyzhou-db emmyzhou-db temporarily deployed to test-trigger-is May 14, 2025 12:12 — with GitHub Actions Inactive
@emmyzhou-db emmyzhou-db temporarily deployed to test-trigger-is May 14, 2025 12:12 — with GitHub Actions Inactive
@emmyzhou-db emmyzhou-db temporarily deployed to test-trigger-is May 14, 2025 12:30 — with GitHub Actions Inactive
@emmyzhou-db emmyzhou-db temporarily deployed to test-trigger-is May 14, 2025 12:31 — with GitHub Actions Inactive
parthban-db
parthban-db reviewed May 14, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@parthban-db parthban-db left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall looks good. Few small comments.

databricks-sdk-java/src/test/java/com/databricks/sdk/core/oauth/FileIDTokenSourceTest.java Outdated
Comment on lines +31 to +37
// Test case name, file path (null means create temp file), file content, expected token,
// expected exception
Arguments.of("Valid token file", null, TEST_TOKEN, TEST_TOKEN, null),
Arguments.of("Token with whitespace", null, " " + TEST_TOKEN + " ", TEST_TOKEN, null),
Arguments.of("Empty file", null, "", null, DatabricksException.class),
Arguments.of("File with only whitespace", null, " ", null, DatabricksException.class),
Arguments.of("Null file path", null, null, null, IllegalArgumentException.class),
Copy link
Copy Markdown
Contributor

@parthban-db parthban-db May 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure I understand this correctly. What are you trying to test in the Null file path because it will create the file anyway.

Copy link
Copy Markdown
Contributor Author

@emmyzhou-db emmyzhou-db May 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The file is only created if the file content is not null, so in cases where the content is null, no file will be created. But I agree that the previous logic was a bit convoluted, so I’ve refactored the tests to make them more straightforward and intuitive.

@parthban-db parthban-db temporarily deployed to test-trigger-is May 14, 2025 20:32 — with GitHub Actions Inactive
@parthban-db parthban-db temporarily deployed to test-trigger-is May 14, 2025 20:33 — with GitHub Actions Inactive
@emmyzhou-db emmyzhou-db temporarily deployed to test-trigger-is May 15, 2025 09:07 — with GitHub Actions Inactive
@emmyzhou-db emmyzhou-db temporarily deployed to test-trigger-is May 15, 2025 09:07 — with GitHub Actions Inactive
@emmyzhou-db emmyzhou-db temporarily deployed to test-trigger-is May 15, 2025 09:25 — with GitHub Actions Inactive
@emmyzhou-db emmyzhou-db temporarily deployed to test-trigger-is May 15, 2025 09:25 — with GitHub Actions Inactive
@emmyzhou-db emmyzhou-db requested a review from parthban-db May 15, 2025 09:33
@emmyzhou-db emmyzhou-db temporarily deployed to test-trigger-is May 15, 2025 12:03 — with GitHub Actions Inactive
@github-actions
Copy link
Copy Markdown

github-actions bot commented May 15, 2025

If integration tests don't run automatically, an authorized user can run them manually by following the instructions below:

Trigger:
go/deco-tests-run/sdk-java

Inputs:

  • PR number: 445
  • Commit SHA: eade1bac722c31030c206a5d79a7e3744e6c3f15

Checks will be approved automatically on success.

@emmyzhou-db emmyzhou-db temporarily deployed to test-trigger-is May 15, 2025 12:03 — with GitHub Actions Inactive
renaudhartert-db
renaudhartert-db approved these changes May 15, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@renaudhartert-db renaudhartert-db left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks Emmy

@parthban-db parthban-db added this pull request to the merge queue May 15, 2025
Merged via the queue into main with commit 78501a5 May 15, 2025
15 checks passed
@parthban-db parthban-db deleted the emmyzhou-db/envvar-id-tokensource branch May 15, 2025 17:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@parthban-db parthban-db parthban-db approved these changes

@renaudhartert-db renaudhartert-db renaudhartert-db approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@emmyzhou-db @parthban-db @renaudhartert-db