-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[DECO-2483] Handle Azure authentication when WorkspaceResourceID is provided #145
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I miscommunicated about the service principal question: you only need to make this change in the CLI credential provider pathway. Otherwise, this looks largely good, just some small nits on refactoring.
tokenSource.getToken(); // We need this for checking if Azure CLI is installed. | ||
Optional<String> subscription = getSubscription(config); | ||
|
||
if (subscription.isPresent()) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: can we refactor all of this into the tokenSourceFor
method? I think that would prevent this configure() method from sprawling, and it seems to belong there in the first place.
RefreshableTokenSource inner = tokenSourceFor(config, config.getEffectiveAzureLoginAppId()); | ||
RefreshableTokenSource cloud = | ||
tokenSourceFor(config, config.getAzureEnvironment().getServiceManagementEndpoint()); | ||
RefreshableTokenSource innerToken; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I was confused when we were talking about this earlier. We don't need to change this provider at all: the tenant ID must be explicitly specified, see line 27. What I meant was that: if a user is logged into the Azure CLI with a service principal, in AzureCliCredentialsProvider, we still will take the same pathway.
@@ -27,6 +28,24 @@ public CliTokenSource tokenSourceFor(DatabricksConfig config, String resource) { | |||
return new CliTokenSource(cmd, "tokenType", "accessToken", "expiresOn", config::getAllEnv); | |||
} | |||
|
|||
@Override | |||
public CliTokenSource tokenSourceFor( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It would be great to somehow unify this with the other tokenSourceFor method. Not only do they share their implementation, but they probably must share their implementation (i.e. changes made to one will likely need to be made to the other in the future).
try { | ||
mgmtTokenSource.getToken(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We now get the token inside the "tokenSourceFor" function.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
Let's merge this after the 0.8.1 release. |
Changes
Handle Azure authentication when WorkspaceResourceID is provided
Get token for the correct subscription
Tests
https://github.com/databricks/eng-dev-ecosystem/actions/runs/6038942050