Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ISSUE] azure-cli authentication works incorrectly after upgrade to Go SDK #2590

Closed
alexott opened this issue Aug 16, 2023 · 1 comment
Closed

[ISSUE] azure-cli authentication works incorrectly after upgrade to Go SDK #2590

alexott opened this issue Aug 16, 2023 · 1 comment
Labels
bug Something isn't working Go SDK Problem to be solved with Databricks Go SDK

Comments

@alexott
Copy link
Contributor

alexott commented Aug 16, 2023

azure-cli authentication method in Go SDK works differently compared to the original implementation. It works only when a user is already a part of the workspace, but fails when a user is a Contributor to the workspace, but not inside yet.

The reason for it is that Go SDK's azure-cli authentication method generates only Authorization header with AAD token for 2ff814a6-3304-4ab8-85cb-cd0e6f879c1d, but not adding additional headers like it was done in the version before Go SDK introduction.

Configuration

provider "databricks" {
  host = "https://adb-.....azuredatabricks.net"
  azure_workspace_resource_id = "/subscriptions/...."
}

data "databricks_current_user" "me" {}

output "me" {
  value = data.databricks_current_user.me
}

Expected Behavior

User having a Contributor role should be able to perform operations.

Actual Behavior

user gets:

│ Error: User not authorized
│
│   with data.databricks_current_user.me,
│   on main.tf line 15, in data "databricks_current_user" "me":
│   15: data "databricks_current_user" "me" {}

Steps to Reproduce

Terraform and provider versions

  • 1.23.0 doesn't work
  • 1.9.2 works (latest before Go SDK upgrade)

Debug Output

Important Factoids
@alexott alexott added bug Something isn't working Go SDK Problem to be solved with Databricks Go SDK labels Aug 16, 2023
@mgyucht mgyucht mentioned this issue Aug 17, 2023
Merged
5 tasks
github-merge-queue bot pushed a commit to databricks/databricks-sdk-go that referenced this issue Aug 17, 2023
@mgyucht
Set necessary headers when authenticating via Azure CLI (#584)
113aac1 
## Changes
The Go SDK request authentication logic is inconsistent between the
Azure login types: for service principal & MSI auth, the SDK correctly
adds the X-Databricks-Azure-Workspace-Resource-Id when configured, but
this is missed for Azure CLI auth. Additionally, when logging in via
Azure CLI using a service principal, the service management token must
also be fetched from the CLI. This caused a regression for the Terraform
provider:
databricks/terraform-provider-databricks#2590.

This PR fixes this by defining the logic to attach these header in a
common function that is used by all Azure-specific authentication types.

## Tests
- [x] Added a unit test to ensure the header is being set for Azure CLI
login
- [x] Made a test app that uses `azure-cli` to login and verified that
the correct header was set on the request:
```
...
> * X-Databricks-Azure-Workspace-Resource-Id: /subscriptions/<REDACTED>/resourceGroups/<REDACTED>/pr... (63 more bytes)
```

- [ ] `make test` passing
- [ ] `make fmt` applied
- [ ] relevant integration tests applied
@mgyucht
Copy link
Contributor

mgyucht commented Aug 22, 2023

This is merged in #2599 and will be released in the next release of the TF provider, scheduled for later this week.

@mgyucht mgyucht closed this as completed Aug 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working Go SDK Problem to be solved with Databricks Go SDK
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alexott @mgyucht