Set necessary headers when authenticating via Azure CLI

[mgyucht]

Changes

The Go SDK request authentication logic is inconsistent between the Azure login types: for service principal & MSI auth, the SDK correctly adds the X-Databricks-Azure-Workspace-Resource-Id when configured, but this is missed for Azure CLI auth. Additionally, when logging in via Azure CLI using a service principal, the service management token must also be fetched from the CLI. This caused a regression for the Terraform provider: databricks/terraform-provider-databricks#2590.

This PR fixes this by defining the logic to attach these header in a common function that is used by all Azure-specific authentication types.

Tests

• Added a unit test to ensure the header is being set for Azure CLI login
• Made a test app that uses azure-cli to login and verified that the correct header was set on the request:

...
> * X-Databricks-Azure-Workspace-Resource-Id: /subscriptions/<REDACTED>/resourceGroups/<REDACTED>/pr... (63 more bytes)

• make test passing
• make fmt applied
• relevant integration tests applied

[codecov-commenter]

Codecov Report

Patch coverage: 83.33% and project coverage change: +0.22% 🎉

Comparison is base (d682ad8) 18.24% compared to head (8ef1fd1) 18.47%.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #584      +/-   ##
==========================================
+ Coverage   18.24%   18.47%   +0.22%     
==========================================
  Files          85       85              
  Lines        9865     9870       +5     
==========================================
+ Hits         1800     1823      +23     
+ Misses       7910     7888      -22     
- Partials      155      159       +4     

Files Changed	Coverage Δ
config/auth_azure_client_secret.go	12.50% <0.00%> (+1.78%)	⬆️
config/auth_azure_msi.go	18.39% <0.00%> (+0.80%)	⬆️
config/auth_azure_cli.go	86.79% <81.81%> (-1.85%)	⬇️
config/oauth_visitors.go	80.64% <100.00%> (+32.49%)	⬆️

... and 1 file with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[alexott]

Besides this header, we may need to add service management header as well: https://github.com/databricks/terraform-provider-databricks/blob/v1.9.2/common/azure_auth.go#L147

[pietern]

Isn't that already added by the serviceToServiceVisitor?

The header in question: X-Databricks-Azure-SP-Management-Token.

[mgyucht]

After looking at this original change, we realized that there was a secondary problem: if a user logs in via the CLI using a service principal, the CLI auth type needs to also request the management token from the CLI in addition to the Databricks token. The point is: all Azure-native auth types need to call azureVisitor, and all auth types that need to include a second token in the request need to call serviceToServiceVisitor; this now includes the CLI.

[pietern]

Isn't that already added by the serviceToServiceVisitor?

The header in question: X-Databricks-Azure-SP-Management-Token.

[pietern]

In the current approach I believe the secondary one is never nil anymore.

[pietern]

The comment still mentions nil secondary.

[alexott]

lgtm

[pietern]

The comment still mentions nil secondary.