From 1b4d60b81439436d8c758ee304035bfacc3bc127 Mon Sep 17 00:00:00 2001 From: Renaud Hartert Date: Tue, 7 Jan 2025 12:09:21 +0000 Subject: [PATCH] Move credentials in config --- config/api_client.go | 4 +- config/auth_azure_cli.go | 4 +- config/auth_azure_client_secret.go | 4 +- config/auth_azure_github_oidc.go | 4 +- config/auth_azure_msi.go | 4 +- config/auth_basic.go | 4 +- config/auth_databricks_cli.go | 4 +- config/auth_default.go | 3 +- config/auth_gcp_google_credentials.go | 4 +- config/auth_gcp_google_id.go | 4 +- config/auth_m2m.go | 4 +- config/auth_metadata_service.go | 4 +- config/auth_pat.go | 4 +- config/config.go | 9 ++- config/credentials.go | 68 +++++++++++++++++++++++ credentials/credentials_provider.go | 26 --------- credentials/oauth_credentials_provider.go | 34 ------------ credentials/oauth_token.go | 14 ----- examples/custom-auth/main.go | 5 +- httpclient/oauth_token.go | 2 +- 20 files changed, 100 insertions(+), 109 deletions(-) create mode 100644 config/credentials.go delete mode 100644 credentials/credentials_provider.go delete mode 100644 credentials/oauth_credentials_provider.go delete mode 100644 credentials/oauth_token.go diff --git a/config/api_client.go b/config/api_client.go index 0913e35b3..3c9b07a70 100644 --- a/config/api_client.go +++ b/config/api_client.go @@ -9,7 +9,7 @@ import ( "time" "github.com/databricks/databricks-sdk-go/apierr" - "github.com/databricks/databricks-sdk-go/credentials" + "github.com/databricks/databricks-sdk-go/config/credentials" "github.com/databricks/databricks-sdk-go/httpclient" "github.com/databricks/databricks-sdk-go/useragent" ) @@ -104,7 +104,7 @@ func (noopLoader) Configure(cfg *Config) error { return nil } type noopAuth struct{} func (noopAuth) Name() string { return "noop" } -func (noopAuth) Configure(context.Context, *Config) (credentials.CredentialsProvider, error) { +func (noopAuth) Configure(context.Context, *Config) (CredentialsProvider, error) { visitor := func(r *http.Request) error { return nil } return credentials.NewCredentialsProvider(visitor), nil } diff --git a/config/auth_azure_cli.go b/config/auth_azure_cli.go index 802ace3fb..45e535b80 100644 --- a/config/auth_azure_cli.go +++ b/config/auth_azure_cli.go @@ -11,7 +11,7 @@ import ( "golang.org/x/oauth2" - "github.com/databricks/databricks-sdk-go/credentials" + "github.com/databricks/databricks-sdk-go/config/credentials" "github.com/databricks/databricks-sdk-go/logger" ) @@ -54,7 +54,7 @@ func (c AzureCliCredentials) getVisitor(ctx context.Context, cfg *Config, inner return azureVisitor(cfg, serviceToServiceVisitor(inner, management, xDatabricksAzureSpManagementToken)), nil } -func (c AzureCliCredentials) Configure(ctx context.Context, cfg *Config) (credentials.CredentialsProvider, error) { +func (c AzureCliCredentials) Configure(ctx context.Context, cfg *Config) (CredentialsProvider, error) { if !cfg.IsAzure() { return nil, nil } diff --git a/config/auth_azure_client_secret.go b/config/auth_azure_client_secret.go index 1ba33e37c..0ad12e6d8 100644 --- a/config/auth_azure_client_secret.go +++ b/config/auth_azure_client_secret.go @@ -8,7 +8,7 @@ import ( "golang.org/x/oauth2" "golang.org/x/oauth2/clientcredentials" - "github.com/databricks/databricks-sdk-go/credentials" + "github.com/databricks/databricks-sdk-go/config/credentials" "github.com/databricks/databricks-sdk-go/logger" ) @@ -35,7 +35,7 @@ func (c AzureClientSecretCredentials) tokenSourceFor( // as we cannot create AKV backed secret scopes when authenticated as SP. // If we are authenticated as SP and wish to create one we want to fail early. // Also see https://github.com/databricks/terraform-provider-databricks/issues/1490. -func (c AzureClientSecretCredentials) Configure(ctx context.Context, cfg *Config) (credentials.CredentialsProvider, error) { +func (c AzureClientSecretCredentials) Configure(ctx context.Context, cfg *Config) (CredentialsProvider, error) { if cfg.AzureClientID == "" || cfg.AzureClientSecret == "" || cfg.AzureTenantID == "" { return nil, nil } diff --git a/config/auth_azure_github_oidc.go b/config/auth_azure_github_oidc.go index fdb106a82..243abed51 100644 --- a/config/auth_azure_github_oidc.go +++ b/config/auth_azure_github_oidc.go @@ -6,7 +6,7 @@ import ( "fmt" "time" - "github.com/databricks/databricks-sdk-go/credentials" + "github.com/databricks/databricks-sdk-go/config/credentials" "github.com/databricks/databricks-sdk-go/httpclient" "github.com/databricks/databricks-sdk-go/logger" "golang.org/x/oauth2" @@ -22,7 +22,7 @@ func (c AzureGithubOIDCCredentials) Name() string { } // Configure implements [CredentialsStrategy.Configure]. -func (c AzureGithubOIDCCredentials) Configure(ctx context.Context, cfg *Config) (credentials.CredentialsProvider, error) { +func (c AzureGithubOIDCCredentials) Configure(ctx context.Context, cfg *Config) (CredentialsProvider, error) { // Sanity check that the config is configured for Azure Databricks. if !cfg.IsAzure() || cfg.AzureClientID == "" || cfg.Host == "" || cfg.AzureTenantID == "" { return nil, nil diff --git a/config/auth_azure_msi.go b/config/auth_azure_msi.go index 68ab50441..2672bb56b 100644 --- a/config/auth_azure_msi.go +++ b/config/auth_azure_msi.go @@ -8,7 +8,7 @@ import ( "net/http" "time" - "github.com/databricks/databricks-sdk-go/credentials" + "github.com/databricks/databricks-sdk-go/config/credentials" "github.com/databricks/databricks-sdk-go/httpclient" "github.com/databricks/databricks-sdk-go/logger" "golang.org/x/oauth2" @@ -31,7 +31,7 @@ func (c AzureMsiCredentials) Name() string { return "azure-msi" } -func (c AzureMsiCredentials) Configure(ctx context.Context, cfg *Config) (credentials.CredentialsProvider, error) { +func (c AzureMsiCredentials) Configure(ctx context.Context, cfg *Config) (CredentialsProvider, error) { if !cfg.IsAzure() || !cfg.AzureUseMSI || (cfg.AzureResourceID == "" && !cfg.IsAccountClient()) { return nil, nil } diff --git a/config/auth_basic.go b/config/auth_basic.go index 4374bf4e1..16dcb3e03 100644 --- a/config/auth_basic.go +++ b/config/auth_basic.go @@ -6,7 +6,7 @@ import ( "fmt" "net/http" - "github.com/databricks/databricks-sdk-go/credentials" + "github.com/databricks/databricks-sdk-go/config/credentials" ) type BasicCredentials struct { @@ -16,7 +16,7 @@ func (c BasicCredentials) Name() string { return "basic" } -func (c BasicCredentials) Configure(ctx context.Context, cfg *Config) (credentials.CredentialsProvider, error) { +func (c BasicCredentials) Configure(ctx context.Context, cfg *Config) (CredentialsProvider, error) { if cfg.Username == "" || cfg.Password == "" || cfg.Host == "" { return nil, nil } diff --git a/config/auth_databricks_cli.go b/config/auth_databricks_cli.go index 7f054d2e8..570c423d8 100644 --- a/config/auth_databricks_cli.go +++ b/config/auth_databricks_cli.go @@ -10,7 +10,7 @@ import ( "path/filepath" "strings" - "github.com/databricks/databricks-sdk-go/credentials" + "github.com/databricks/databricks-sdk-go/config/credentials" "github.com/databricks/databricks-sdk-go/logger" "golang.org/x/oauth2" ) @@ -22,7 +22,7 @@ func (c DatabricksCliCredentials) Name() string { return "databricks-cli" } -func (c DatabricksCliCredentials) Configure(ctx context.Context, cfg *Config) (credentials.CredentialsProvider, error) { +func (c DatabricksCliCredentials) Configure(ctx context.Context, cfg *Config) (CredentialsProvider, error) { if cfg.Host == "" { return nil, nil } diff --git a/config/auth_default.go b/config/auth_default.go index 9a6a3cf20..0b6c239da 100644 --- a/config/auth_default.go +++ b/config/auth_default.go @@ -5,7 +5,6 @@ import ( "errors" "fmt" - "github.com/databricks/databricks-sdk-go/credentials" "github.com/databricks/databricks-sdk-go/logger" ) @@ -44,7 +43,7 @@ var errorMessage = fmt.Sprintf("cannot configure default credentials, please che // ErrCannotConfigureAuth (experimental) is returned when no auth is configured var ErrCannotConfigureAuth = errors.New(errorMessage) -func (c *DefaultCredentials) Configure(ctx context.Context, cfg *Config) (credentials.CredentialsProvider, error) { +func (c *DefaultCredentials) Configure(ctx context.Context, cfg *Config) (CredentialsProvider, error) { for _, p := range authProviders { if cfg.AuthType != "" && p.Name() != cfg.AuthType { // ignore other auth types if one is explicitly enforced diff --git a/config/auth_gcp_google_credentials.go b/config/auth_gcp_google_credentials.go index 317eb6bed..156cb0ee6 100644 --- a/config/auth_gcp_google_credentials.go +++ b/config/auth_gcp_google_credentials.go @@ -6,7 +6,7 @@ import ( "io/ioutil" "os" - "github.com/databricks/databricks-sdk-go/credentials" + "github.com/databricks/databricks-sdk-go/config/credentials" "github.com/databricks/databricks-sdk-go/logger" "golang.org/x/oauth2/google" "google.golang.org/api/idtoken" @@ -20,7 +20,7 @@ func (c GoogleCredentials) Name() string { return "google-credentials" } -func (c GoogleCredentials) Configure(ctx context.Context, cfg *Config) (credentials.CredentialsProvider, error) { +func (c GoogleCredentials) Configure(ctx context.Context, cfg *Config) (CredentialsProvider, error) { if cfg.GoogleCredentials == "" || !cfg.IsGcp() { return nil, nil } diff --git a/config/auth_gcp_google_id.go b/config/auth_gcp_google_id.go index 4dd291c17..1bf9e15a6 100644 --- a/config/auth_gcp_google_id.go +++ b/config/auth_gcp_google_id.go @@ -4,7 +4,7 @@ import ( "context" "fmt" - "github.com/databricks/databricks-sdk-go/credentials" + "github.com/databricks/databricks-sdk-go/config/credentials" "github.com/databricks/databricks-sdk-go/logger" "golang.org/x/oauth2" "google.golang.org/api/impersonate" @@ -20,7 +20,7 @@ func (c GoogleDefaultCredentials) Name() string { return "google-id" } -func (c GoogleDefaultCredentials) Configure(ctx context.Context, cfg *Config) (credentials.CredentialsProvider, error) { +func (c GoogleDefaultCredentials) Configure(ctx context.Context, cfg *Config) (CredentialsProvider, error) { if cfg.GoogleServiceAccount == "" || !cfg.IsGcp() { return nil, nil } diff --git a/config/auth_m2m.go b/config/auth_m2m.go index 5399228fe..1e2ab1f6d 100644 --- a/config/auth_m2m.go +++ b/config/auth_m2m.go @@ -8,7 +8,7 @@ import ( "golang.org/x/oauth2" "golang.org/x/oauth2/clientcredentials" - "github.com/databricks/databricks-sdk-go/credentials" + "github.com/databricks/databricks-sdk-go/config/credentials" "github.com/databricks/databricks-sdk-go/httpclient" "github.com/databricks/databricks-sdk-go/logger" ) @@ -22,7 +22,7 @@ func (c M2mCredentials) Name() string { return "oauth-m2m" } -func (c M2mCredentials) Configure(ctx context.Context, cfg *Config) (credentials.CredentialsProvider, error) { +func (c M2mCredentials) Configure(ctx context.Context, cfg *Config) (CredentialsProvider, error) { if cfg.ClientID == "" || cfg.ClientSecret == "" { return nil, nil } diff --git a/config/auth_metadata_service.go b/config/auth_metadata_service.go index 3f349128d..8ea80e8ed 100644 --- a/config/auth_metadata_service.go +++ b/config/auth_metadata_service.go @@ -8,7 +8,7 @@ import ( "net/url" "time" - "github.com/databricks/databricks-sdk-go/credentials" + "github.com/databricks/databricks-sdk-go/config/credentials" "github.com/databricks/databricks-sdk-go/httpclient" "github.com/databricks/databricks-sdk-go/logger" "golang.org/x/oauth2" @@ -49,7 +49,7 @@ func (c MetadataServiceCredentials) Name() string { return "metadata-service" } -func (c MetadataServiceCredentials) Configure(ctx context.Context, cfg *Config) (credentials.CredentialsProvider, error) { +func (c MetadataServiceCredentials) Configure(ctx context.Context, cfg *Config) (CredentialsProvider, error) { if cfg.MetadataServiceURL == "" || cfg.Host == "" { return nil, nil } diff --git a/config/auth_pat.go b/config/auth_pat.go index 72ffadb39..6cf804eb1 100644 --- a/config/auth_pat.go +++ b/config/auth_pat.go @@ -5,7 +5,7 @@ import ( "fmt" "net/http" - "github.com/databricks/databricks-sdk-go/credentials" + "github.com/databricks/databricks-sdk-go/config/credentials" ) type PatCredentials struct { @@ -15,7 +15,7 @@ func (c PatCredentials) Name() string { return "pat" } -func (c PatCredentials) Configure(ctx context.Context, cfg *Config) (credentials.CredentialsProvider, error) { +func (c PatCredentials) Configure(ctx context.Context, cfg *Config) (CredentialsProvider, error) { if cfg.Token == "" || cfg.Host == "" { return nil, nil } diff --git a/config/config.go b/config/config.go index fcf69d2cb..bd0a9bfc4 100644 --- a/config/config.go +++ b/config/config.go @@ -13,7 +13,6 @@ import ( "github.com/databricks/databricks-sdk-go/common" "github.com/databricks/databricks-sdk-go/common/environment" - "github.com/databricks/databricks-sdk-go/credentials" "github.com/databricks/databricks-sdk-go/httpclient" "github.com/databricks/databricks-sdk-go/logger" "golang.org/x/oauth2" @@ -28,7 +27,7 @@ type CredentialsStrategy interface { // Configure creates CredentialsProvider or returns nil if a given credentials // strategy are not configured. It returns an error if credentials are misconfigured. // Takes a context and a pointer to a Config instance, that holds auth mutex. - Configure(context.Context, *Config) (credentials.CredentialsProvider, error) + Configure(context.Context, *Config) (CredentialsProvider, error) } type Loader interface { @@ -50,7 +49,7 @@ type Config struct { WarehouseID string `name:"warehouse_id" env:"DATABRICKS_WAREHOUSE_ID"` ServerlessComputeID string `name:"serverless_compute_id" env:"DATABRICKS_SERVERLESS_COMPUTE_ID"` - // URL of the metadata service that provides authentication credentials. + // URL of the metadata service that provides authentication MetadataServiceURL string `name:"metadata_service_url" env:"DATABRICKS_METADATA_SERVICE_URL" auth:"metadata-service,sensitive"` // Databricks Account ID for Accounts API. This field is used in dependencies. @@ -160,7 +159,7 @@ type Config struct { mu sync.Mutex // HTTP request interceptor, that assigns Authorization header - credentialsProvider credentials.CredentialsProvider + credentialsProvider CredentialsProvider // Keep track of the source of each attribute attrSource map[string]Source @@ -231,7 +230,7 @@ func (c *Config) GetToken() (*oauth2.Token, error) { if err != nil { return nil, err } - if h, ok := c.credentialsProvider.(credentials.OAuthCredentialsProvider); ok { + if h, ok := c.credentialsProvider.(OAuthCredentialsProvider); ok { return h.Token() } else { return nil, fmt.Errorf("OAuth Token not supported for current auth type %s", c.AuthType) diff --git a/config/credentials.go b/config/credentials.go new file mode 100644 index 000000000..a8fd13bf6 --- /dev/null +++ b/config/credentials.go @@ -0,0 +1,68 @@ +package config + +import ( + "net/http" + + "golang.org/x/oauth2" +) + +// CredentialsProvider is an interface for providing credentials to the client. +// Implementations of this interface should set the necessary headers on the request. +type CredentialsProvider interface { + // SetHeaders sets the necessary headers on the request. + SetHeaders(r *http.Request) error +} + +type credentialsProvider struct { + setHeaders func(r *http.Request) error +} + +func (c *credentialsProvider) SetHeaders(r *http.Request) error { + return c.setHeaders(r) +} + +func NewCredentialsProvider(visitor func(r *http.Request) error) CredentialsProvider { + return &credentialsProvider{ + setHeaders: visitor, + } +} + +// OAuthCredentialsProvider is a specialized CredentialsProvider uses and provides an OAuth token. +type OAuthCredentialsProvider interface { + CredentialsProvider + // Token returns the OAuth token generated by the provider. + Token() (*oauth2.Token, error) +} + +type oauthCredentialsProvider struct { + setHeaders func(r *http.Request) error + token func() (*oauth2.Token, error) +} + +func (c *oauthCredentialsProvider) SetHeaders(r *http.Request) error { + return c.setHeaders(r) +} + +func (c *oauthCredentialsProvider) Token() (*oauth2.Token, error) { + return c.token() +} + +func NewOAuthCredentialsProvider(visitor func(r *http.Request) error, tokenProvider func() (*oauth2.Token, error)) OAuthCredentialsProvider { + return &oauthCredentialsProvider{ + setHeaders: visitor, + token: tokenProvider, + } +} + +// OAuthToken represents an OAuth token as defined by the OAuth 2.0 Authorization Framework. +// https://datatracker.ietf.org/doc/html/rfc6749 +type OAuthToken struct { + // The access token issued by the authorization server. This is the token that will be used to authenticate requests. + AccessToken string `json:"access_token" auth:",sensitive"` + // Time in seconds until the token expires. + ExpiresIn int `json:"expires_in"` + // The scope of the token. This is a space-separated list of strings that represent the permissions granted by the token. + Scope string `json:"scope"` + // The type of token that was issued. + TokenType string `json:"token_type"` +} diff --git a/credentials/credentials_provider.go b/credentials/credentials_provider.go deleted file mode 100644 index 4e82ab3b6..000000000 --- a/credentials/credentials_provider.go +++ /dev/null @@ -1,26 +0,0 @@ -package credentials - -import ( - "net/http" -) - -// CredentialsProvider is an interface for providing credentials to the client. -// Implementations of this interface should set the necessary headers on the request. -type CredentialsProvider interface { - // SetHeaders sets the necessary headers on the request. - SetHeaders(r *http.Request) error -} - -type credentialsProvider struct { - setHeaders func(r *http.Request) error -} - -func (c *credentialsProvider) SetHeaders(r *http.Request) error { - return c.setHeaders(r) -} - -func NewCredentialsProvider(visitor func(r *http.Request) error) CredentialsProvider { - return &credentialsProvider{ - setHeaders: visitor, - } -} diff --git a/credentials/oauth_credentials_provider.go b/credentials/oauth_credentials_provider.go deleted file mode 100644 index fe6d2dd06..000000000 --- a/credentials/oauth_credentials_provider.go +++ /dev/null @@ -1,34 +0,0 @@ -package credentials - -import ( - "net/http" - - "golang.org/x/oauth2" -) - -// OAuthCredentialsProvider is a specialized CredentialsProvider uses and provides an OAuth token. -type OAuthCredentialsProvider interface { - CredentialsProvider - // Token returns the OAuth token generated by the provider. - Token() (*oauth2.Token, error) -} - -type oauthCredentialsProvider struct { - setHeaders func(r *http.Request) error - token func() (*oauth2.Token, error) -} - -func (c *oauthCredentialsProvider) SetHeaders(r *http.Request) error { - return c.setHeaders(r) -} - -func (c *oauthCredentialsProvider) Token() (*oauth2.Token, error) { - return c.token() -} - -func NewOAuthCredentialsProvider(visitor func(r *http.Request) error, tokenProvider func() (*oauth2.Token, error)) OAuthCredentialsProvider { - return &oauthCredentialsProvider{ - setHeaders: visitor, - token: tokenProvider, - } -} diff --git a/credentials/oauth_token.go b/credentials/oauth_token.go deleted file mode 100644 index a1f6c131e..000000000 --- a/credentials/oauth_token.go +++ /dev/null @@ -1,14 +0,0 @@ -package credentials - -// OAuthToken represents an OAuth token as defined by the OAuth 2.0 Authorization Framework. -// https://datatracker.ietf.org/doc/html/rfc6749 -type OAuthToken struct { - // The access token issued by the authorization server. This is the token that will be used to authenticate requests. - AccessToken string `json:"access_token" auth:",sensitive"` - // Time in seconds until the token expires. - ExpiresIn int `json:"expires_in"` - // The scope of the token. This is a space-separated list of strings that represent the permissions granted by the token. - Scope string `json:"scope"` - // The type of token that was issued. - TokenType string `json:"token_type"` -} diff --git a/examples/custom-auth/main.go b/examples/custom-auth/main.go index c0eb779fd..4d1796dc1 100644 --- a/examples/custom-auth/main.go +++ b/examples/custom-auth/main.go @@ -10,7 +10,6 @@ import ( "github.com/databricks/databricks-sdk-go" "github.com/databricks/databricks-sdk-go/config" - "github.com/databricks/databricks-sdk-go/credentials" "github.com/databricks/databricks-sdk-go/service/compute" ) @@ -22,13 +21,13 @@ func (c *CustomCredentials) Name() string { func (c *CustomCredentials) Configure( ctx context.Context, cfg *config.Config, -) (credentials.CredentialsProvider, error) { +) (config.CredentialsProvider, error) { visitor := func(r *http.Request) error { token := askFor("Token:") r.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token)) return nil } - return credentials.NewCredentialsProvider(visitor), nil + return config.NewCredentialsProvider(visitor), nil } func main() { diff --git a/httpclient/oauth_token.go b/httpclient/oauth_token.go index 142afd48d..cb6ad5cc9 100644 --- a/httpclient/oauth_token.go +++ b/httpclient/oauth_token.go @@ -5,7 +5,7 @@ import ( "net/http" "time" - "github.com/databricks/databricks-sdk-go/credentials" + "github.com/databricks/databricks-sdk-go/config/credentials" "golang.org/x/oauth2" )