Skip to content

Add parametrized unit tests for auth types across host profiles#771

Open
hectorcast-db wants to merge 1 commit intomainfrom
hector/auth-profiles-tests
Open

Add parametrized unit tests for auth types across host profiles#771
hectorcast-db wants to merge 1 commit intomainfrom
hector/auth-profiles-tests

Conversation

@hectorcast-db
Copy link
Copy Markdown
Contributor

Summary

  • Adds AuthProfilesTest.java with 138 parametrized subtests covering 8 auth types across 6 host profiles (LW, NW, LA, NA, SPOGW, SPOGA) on AWS, Azure, and GCP.
  • Mirrors databricks/databricks-sdk-go#1627 and databricks/databricks-sdk-py#1357.
  • Java has no HostMetadataResolver seam, so each test mocks GET /.well-known/databricks-config and calls resolve() so that DatabricksConfig.resolveHostMetadata() actually runs and populates discoveryUrl (and accountId/workspaceId for bare-host profiles) from the mocked metadata — the production path Go's resolver injection shortcuts.
  • Adds a dedicated hostMetadataResolutionPopulatesDiscoveryUrl subtest that asserts the derivation explicitly, so a regression where metadata resolution silently no-ops cannot be masked.

Profiles tested

Profile Description Derivation
LW Legacy Workspace Baseline
NW New Workspace LW + account_id + workspace_id
LA Legacy Account Baseline
NA New Account Structurally same as LA
SPOGW SPOG workspace Unified host + account_id + workspace_id
SPOGA SPOG account Unified host + account_id

Auth types covered

pat, basic, oauth-m2m, github-oidc, env-oidc, file-oidc, azure-client-secret, github-oidc-azure

Not covered (with rationale)

  • databricks-cli, azure-cli: invoke external processes via ProcessBuilder; mocking requires MockedConstruction + spy per-profile. Covered at the unit level by DatabricksCliCredentialsProviderTest / AzureCliCredentialsProviderTest / CliTokenSourceTest.
  • azure-devops-oidc: AzureDevOpsIDTokenSource reads SYSTEM_* variables via System.getenv() at construction time (not via config.getEnv()); overriding those in-process requires JUnit Pioneer or reflection, neither of which is in the project's dep set.
  • metadata-service: no equivalent auth type in the Java SDK. AzureMsiCredentialsProvider hits the Azure IMDS endpoint, not a Databricks-hosted metadata service.
  • google-credentials, google-id: delegate to Google SDK functions that parse real crypto keys with no seam for HTTP injection (matches Go SDK's exclusion).

Test plan

  • All 138 new subtests pass locally (mvn test -Dtest=AuthProfilesTest)
  • Existing com.databricks.sdk.core.* tests unaffected (908 pass)

This pull request was AI-assisted by Isaac.

Tests each auth type resolves correctly on every applicable host profile
(LW, NW, LA, NA, SPOGW, SPOGA) across AWS, Azure, and GCP clouds. Covers
pat, basic, oauth-m2m, github-oidc, env-oidc, file-oidc,
azure-client-secret, and github-oidc-azure (138 subtests total).

Java has no HostMetadataResolver seam, so each test mocks
GET /.well-known/databricks-config and calls resolve() so that
DatabricksConfig.resolveHostMetadata() actually runs and populates
discoveryUrl (and accountId/workspaceId for bare-host profiles) from the
mocked metadata response — the production path Go's resolver injection
shortcuts. A dedicated hostMetadataResolutionPopulatesDiscoveryUrl test
asserts that derivation explicitly.

Mirrors databricks/databricks-sdk-go#1627.

NO_CHANGELOG=false

Co-authored-by: Isaac
@github-actions
Copy link
Copy Markdown
Contributor

If integration tests don't run automatically, an authorized user can run them manually by following the instructions below:

Trigger:
go/deco-tests-run/sdk-java

Inputs:

  • PR number: 771
  • Commit SHA: 3a0555e8f2a833c6ac12538680907d247d759b4e

Checks will be approved automatically on success.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant