Don't attempt auth in auth profiles --skip-validate
#1282
Conversation
This makes the command almost instant, no matter how many profiles cfg file has. One downside is that we don't set AuthType for profiles that don't have it defined. We can technically infer AuthType based on ConfigAttributes tags, but their names are different from the names of actual auth providers (and some tags cover multiple providers at the same time)
|
Do you need just the names of the profiles? In case of Azure, they might specify only the resource ID of the workspace, and performing the |
|
Hmm, there are couple of places we rely on profile hosts. The most problematic place might be when we attempt to login automatically based on the host from the dabs config - if no profile will match the host we won't login automatically. But We will also need to update profile selection in our login wizard, as currently we only list profiles that match the host. After this PR lands we will add "hostless" profiles to the selection (otherwise users won't be able to select them). I think the benefits of the instant profile loading outweigh the downsides (when some profiles might not be relevant for the host, but we will still show them just in case). |
There was a problem hiding this comment.
I'm OK to optimize for latency now.
But I would prefer a mode where we can pull all the details without having to make API calls or shell out to other commands. That will need work on the SDK side to facilitate. For example to decouple auth selection from actually getting a token.
| return | ||
| } | ||
| c.Host = cfg.Host | ||
| c.Host = cfg.CanonicalHostName() | ||
| c.AuthType = cfg.AuthType |
There was a problem hiding this comment.
The AuthType will only be set if explicitly set (environment of in .databrickscfg profile).
It is guaranteed to be set only if we run Authenticate to pull a token.
|
@mgyucht Thoughts on this? |
|
This seems fine to me, but I don't think we can reliably determine auth type purely based on config. There are a number of checks that happen at runtime as well (e.g. CLI is present on path) that require some requests to ensure that the profile is actually valid. One other idea: could we use goroutines to parallelize this? Seems silly to make these requests one-by-one, they should be trivially parallelizable. |
|
@mgyucht This is already parallelized. The latency that this fixes is the latency for a single profile to call |
|
Blocked by the #1244 Currently the PR will break the automatic login flow of the Databricks VSCode extension (but only for the edge case when there are profiles without hosts). We first need to wait for |
CLI: * Don't attempt auth in `auth profiles --skip-validate` ([#1282](#1282)). * Fixed typo in error template for auth describe ([#1341](#1341)). Bundles: * Correctly transform libraries in for_each_task block ([#1340](#1340)). * Do not emit warning on YAML anchor blocks ([#1354](#1354)). * Fixed pre-init script order ([#1348](#1348)). * Execute preinit after entry point to make sure scripts are loaded ([#1351](#1351)). Dependency updates: * Bump internal terraform provider version to `1.39` ([#1339](#1339)). * Bump golang.org/x/term from 0.18.0 to 0.19.0 ([#1343](#1343)). * Bump github.com/hashicorp/hc-install from 0.6.3 to 0.6.4 ([#1344](#1344)). * Bump golang.org/x/mod from 0.16.0 to 0.17.0 ([#1345](#1345)). * Bump golang.org/x/oauth2 from 0.18.0 to 0.19.0 ([#1347](#1347)). * Bump golang.org/x/sync from 0.6.0 to 0.7.0 ([#1346](#1346)).
CLI: * Don't attempt auth in `auth profiles --skip-validate` ([#1282](#1282)). * Fixed typo in error template for auth describe ([#1341](#1341)). Bundles: * Correctly transform libraries in for_each_task block ([#1340](#1340)). * Do not emit warning on YAML anchor blocks ([#1354](#1354)). * Fixed pre-init script order ([#1348](#1348)). * Execute preinit after entry point to make sure scripts are loaded ([#1351](#1351)). Dependency updates: * Bump internal terraform provider version to `1.39` ([#1339](#1339)). * Bump golang.org/x/term from 0.18.0 to 0.19.0 ([#1343](#1343)). * Bump github.com/hashicorp/hc-install from 0.6.3 to 0.6.4 ([#1344](#1344)). * Bump golang.org/x/mod from 0.16.0 to 0.17.0 ([#1345](#1345)). * Bump golang.org/x/oauth2 from 0.18.0 to 0.19.0 ([#1347](#1347)). * Bump golang.org/x/sync from 0.6.0 to 0.7.0 ([#1346](#1346)).
CLI: * Don't attempt auth in `auth profiles --skip-validate` ([#1282](#1282)). * Fixed typo in error template for auth describe ([#1341](#1341)). Bundles: * Correctly transform libraries in for_each_task block ([#1340](#1340)). * Do not emit warning on YAML anchor blocks ([#1354](#1354)). * Fixed pre-init script order ([#1348](#1348)). * Execute preinit after entry point to make sure scripts are loaded ([#1351](#1351)). Dependency updates: * Bump internal terraform provider version to `1.39` ([#1339](#1339)). * Bump golang.org/x/term from 0.18.0 to 0.19.0 ([#1343](#1343)). * Bump github.com/hashicorp/hc-install from 0.6.3 to 0.6.4 ([#1344](#1344)). * Bump golang.org/x/mod from 0.16.0 to 0.17.0 ([#1345](#1345)). * Bump golang.org/x/oauth2 from 0.18.0 to 0.19.0 ([#1347](#1347)). * Bump golang.org/x/sync from 0.6.0 to 0.7.0 ([#1346](#1346)). ## Changes <!-- Summary of your changes that are easy to understand --> ## Tests <!-- How is this tested? -->
This makes the command almost instant, no matter how many profiles cfg file has. One downside is that we don't set AuthType for profiles that don't have it defined.
We can technically infer AuthType based on ConfigAttributes tags, but their names are different from the names of actual auth providers (and some tags cover multiple providers at the same time).