Skip to content

fix(databricks): classify insufficient-permissions errors as 4xx#41945

Open
eschutho wants to merge 2 commits into
masterfrom
fix-databricks-insufficient-permissions-4xx
Open

fix(databricks): classify insufficient-permissions errors as 4xx#41945
eschutho wants to merge 2 commits into
masterfrom
fix-databricks-insufficient-permissions-4xx

Conversation

@eschutho

Copy link
Copy Markdown
Member

SUMMARY

Databricks catalog/schema permission errors (e.g. [INSUFFICIENT_PERMISSIONS] Insufficient privileges: User does not have USE CATALOG on Catalog 'foo'. SQLSTATE: 42501.) were classified as SupersetErrorType.GENERIC_DB_ENGINE_ERROR and always returned to the client as HTTP 500, even though this is a customer-side permission misconfiguration, not a server error.

Two changes were needed to fix this end-to-end:

  • DatabricksDynamicBaseEngineSpec.extract_errors (superset/db_engine_specs/databricks.py) now detects the SQLSTATE: 42501 / [INSUFFICIENT_PERMISSIONS] pattern and classifies it as SupersetErrorType.CONNECTION_DATABASE_PERMISSIONS_ERROR at ErrorLevel.WARNING, instead of falling through to the generic catch-all at ErrorLevel.ERROR.
  • SynchronousSqlJsonExecutor.execute (superset/sqllab/sql_json_executer.py) previously raised SupersetErrorsException with no status, which always inherits the default 500 regardless of the contained errors' level. It now derives the status from the aggregate error level (all WARNING -> 400, any ERROR -> 500), mirroring the existing pattern in commands/report/execute.py. This is a shared code path used by every DB engine's rich-error responses; today every engine's extract_errors only emits ERROR level here, so this is a no-op for all engines except the new Databricks WARNING case above.

TESTING INSTRUCTIONS

  • pytest tests/unit_tests/db_engine_specs/test_databricks.py — includes a new regression test asserting the SQLSTATE 42501 message yields CONNECTION_DATABASE_PERMISSIONS_ERROR at ErrorLevel.WARNING.
  • pytest tests/unit_tests/sqllab/test_sql_json_executer.py — new test file covering an all-WARNING errors list resulting in HTTP 400, and an ERROR/mixed-level list still resulting in HTTP 500.

ADDITIONAL INFORMATION

  • Has associated issue:
  • Required feature flags:
  • Changes UI
  • Includes DB Migration (follow approval process in SIP-59)
    • Migration is atomic, supports rollback & is backwards-compatible
    • Confirm DB migration upgrade and downgrade tested
    • Runtime estimates and downtime expectations provided
  • Introduces new feature or API
  • Removes existing feature or API

Databricks catalog/schema permission errors (SQLSTATE 42501 /
[INSUFFICIENT_PERMISSIONS]) were falling through to
GENERIC_DB_ENGINE_ERROR and always returning HTTP 500, even though
they're a customer-side permission misconfiguration rather than a
server error.

extract_errors now classifies these as
CONNECTION_DATABASE_PERMISSIONS_ERROR at ErrorLevel.WARNING, and
SynchronousSqlJsonExecutor derives the response status from the
aggregate error level (all-WARNING -> 400) instead of always raising
SupersetErrorsException with the default 500, mirroring the existing
pattern in commands/report/execute.py.

Co-Authored-By: Claude <noreply@anthropic.com>
@dosubot dosubot Bot added change:backend Requires changing the backend data:connect:databricks Databricks DB Experience sqllab Namespace | Anything related to the SQL Lab labels Jul 10, 2026
@bito-code-review

bito-code-review Bot commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

Code Review Agent Run #c2d725

Actionable Suggestions - 0
Review Details
  • Files reviewed - 4 · Commit Range: 3760205..3760205
    • superset/db_engine_specs/databricks.py
    • superset/sqllab/sql_json_executer.py
    • tests/unit_tests/db_engine_specs/test_databricks.py
    • tests/unit_tests/sqllab/test_sql_json_executer.py
  • Files skipped - 0
  • Tools
    • MyPy (Static Code Analysis) - ✔︎ Successful
    • Astral Ruff (Static Code Analysis) - ✔︎ Successful
    • Whispers (Secret Scanner) - ✔︎ Successful
    • Detect-secrets (Secret Scanner) - ✔︎ Successful

Bito Usage Guide

Commands

Type the following command in the pull request comment and save the comment.

  • /review - Manually triggers a full AI review.

  • /pause - Pauses automatic reviews on this pull request.

  • /resume - Resumes automatic reviews.

  • /resolve - Marks all Bito-posted review comments as resolved.

  • /abort - Cancels all in-progress reviews.

Refer to the documentation for additional commands.

Configuration

This repository uses Superset You can customize the agent settings here or contact your Bito workspace admin at evan@preset.io.

Documentation & Help

AI Code Review powered by Bito Logo

@codecov

codecov Bot commented Jul 10, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 61.53846% with 5 lines in your changes missing coverage. Please review.
✅ Project coverage is 64.80%. Comparing base (bc80d13) to head (b3c9751).
⚠️ Report is 2 commits behind head on master.

Files with missing lines Patch % Lines
superset/db_engine_specs/databricks.py 50.00% 5 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##           master   #41945      +/-   ##
==========================================
+ Coverage   64.79%   64.80%   +0.01%     
==========================================
  Files        2740     2740              
  Lines      153135   153133       -2     
  Branches    35127    35125       -2     
==========================================
+ Hits        99221    99243      +22     
+ Misses      52017    51989      -28     
- Partials     1897     1901       +4     
Flag Coverage Δ
hive 39.09% <61.53%> (+0.01%) ⬆️
mysql 58.04% <61.53%> (+0.04%) ⬆️
postgres 58.10% <61.53%> (+0.03%) ⬆️
presto 41.05% <61.53%> (+0.01%) ⬆️
python 59.48% <61.53%> (+0.03%) ⬆️
sqlite 57.70% <61.53%> (+0.04%) ⬆️
unit 100.00% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

…ions fix

- Move the insufficient-permissions classification from
  DatabricksDynamicBaseEngineSpec up to the shared DatabricksBaseEngineSpec
  so DatabricksODBCEngineSpec (SQL Endpoint connections) benefits too, not
  just the native/Python-connector engines. This also removes a duplicated
  reimplementation of BaseEngineSpec's custom_errors loop.
- Derive the SQL Lab error status from "any ERROR -> 500" instead of
  "all WARNING -> 400", so an all-INFO or INFO+WARNING error list isn't
  incorrectly treated as a server error.
- Tighten the regex to tolerate irregular SQLSTATE spacing and add word
  boundaries.
- Parameterize the Databricks regression test across the tag-only,
  SQLSTATE-only, and combined message forms, add ODBC coverage, and fix
  a missing generic type parameter (dict -> dict[str, Any]) that failed
  mypy's disallow_any_generics.
- Add INFO-only and single-ERROR test cases for the executor status logic.

Co-Authored-By: Claude <noreply@anthropic.com>
@bito-code-review

bito-code-review Bot commented Jul 11, 2026

Copy link
Copy Markdown
Contributor

Code Review Agent Run #329a9c

Actionable Suggestions - 0
Review Details
  • Files reviewed - 4 · Commit Range: 3760205..b3c9751
    • superset/db_engine_specs/databricks.py
    • superset/sqllab/sql_json_executer.py
    • tests/unit_tests/db_engine_specs/test_databricks.py
    • tests/unit_tests/sqllab/test_sql_json_executer.py
  • Files skipped - 0
  • Tools
    • MyPy (Static Code Analysis) - ✔︎ Successful
    • Astral Ruff (Static Code Analysis) - ✔︎ Successful
    • Whispers (Secret Scanner) - ✔︎ Successful
    • Detect-secrets (Secret Scanner) - ✔︎ Successful

Bito Usage Guide

Commands

Type the following command in the pull request comment and save the comment.

  • /review - Manually triggers a full AI review.

  • /pause - Pauses automatic reviews on this pull request.

  • /resume - Resumes automatic reviews.

  • /resolve - Marks all Bito-posted review comments as resolved.

  • /abort - Cancels all in-progress reviews.

Refer to the documentation for additional commands.

Configuration

This repository uses Superset You can customize the agent settings here or contact your Bito workspace admin at evan@preset.io.

Documentation & Help

AI Code Review powered by Bito Logo

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

change:backend Requires changing the backend data:connect:databricks Databricks DB Experience size/L sqllab Namespace | Anything related to the SQL Lab

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant