Add host disambiguation and positional profile support to auth token#4574
Merged
simonfaltum merged 3 commits intomainfrom Feb 23, 2026
Merged
Add host disambiguation and positional profile support to auth token#4574simonfaltum merged 3 commits intomainfrom
simonfaltum merged 3 commits intomainfrom
Conversation
Collaborator
|
Commit: 287e1b2
15 interesting tests: 7 KNOWN, 7 SKIP, 1 flaky
Top 20 slowest tests (at least 2 minutes):
|
d64fd28 to
7dd4e48
Compare
7dd4e48 to
391666c
Compare
Contributor
andrewnester
left a comment
There was a problem hiding this comment.
It might worth to add an acceptance test here as well, see for example
https://github.com/databricks/cli/tree/main/acceptance/cmd/auth/token
When using `auth token --host H` with multiple profiles sharing the same host, the command now detects the ambiguity and either prompts interactively or errors with a helpful message suggesting --profile. Additionally, `databricks auth token myprofile` now detects non-URL positional args as profile names instead of failing. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
391666c to
12bd47f
Compare
tanmay-db
reviewed
Feb 23, 2026
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
tanmay-db
approved these changes
Feb 23, 2026
shreyas-goenka
approved these changes
Feb 23, 2026
deco-sdk-tagging bot
added a commit
that referenced
this pull request
Feb 26, 2026
## Release v0.290.0 ### CLI * Add `completion install`, `uninstall`, and `status` subcommands ([#4581](#4581)) * Wire profile name through CLI ToOAuthArgument for profile-based cache keys ([#4562](#4562)) * Add host disambiguation and positional profile support to auth token ([#4574](#4574)) * Update error messages to suggest 'databricks auth login' ([#4587](#4587)) * Resolve --host to matching profile for token cache lookup ([#4591](#4591)) * Improve auth token UX: profile selection and better empty-state handling ([#4584(#4584) ### Bundles * Added support for git_source and git_repository for Apps ([#4538](#4538)) ### Dependency updates * Upgrade TF provider to 1.109.0 ([#4561](#4561)) * Upgrade Go SDK to v0.110.0 ([#4552](#4552)) ### API Changes * Bump databricks-sdk-go from v0.111.0 to v0.112.0.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
Profile-based cache keys landed on main (PR #4562). Now
auth token --profile Xuses the profile name as the token cache key. However, when using--host Hor a positional host arg, there's no profile resolution — the command goes straight to host-based cache lookup. If two profiles share the same host, whoever logged in last wins. There's also no way to pass a profile name as a positional arg (databricks auth token myprofilegets treated as a host and fails).Changes
databricks auth token myprofileresolves positional args as profile names first, falling through to host treatment only if no profile matches. This works for dotted profile names likedefault.devtoo.databricks auth token --host Hwith multiple matching profiles errors with a suggestion (or prompts interactively)WithHost()andWithHostAndAccountID()in the profile package, using the SDK's canonical host normalizationHostType()classification so scheme-less hosts (e.g.accounts.cloud.databricks.com) are correctly identified as account hostsNew test cases
args: []string{"workspace-a"}, noprofileName. Expects success — token returned via profile-based cache key.args: []string{"workspace-a.cloud.databricks.com"}. No profile matches, falls through to host path.args: []string{"default.dev"}. Profile lookup matches first, no host heuristic needed.args: []string{"nonexistent"}, noprofileName. Falls through to host treatment, gets cache miss error (backward compat).Host: "accounts.cloud.databricks.com"(no scheme),AccountID: "same-account". Verifies canonicalization beforeHostType()classification.cmdio.MockDiscard(ctx).Host: "https://shared.cloud.databricks.com". Expected error contains"dup1 and dup2 match"and"Use --profile"and config file path.Host: "https://accounts.cloud.databricks.com",AccountID: "active". Bothexpiredandactiveshare the host but have different account IDs → only one matches → no ambiguity. Validates the over-triggering fix.cmdio.MockDiscard(ctx).Host: "https://accounts.cloud.databricks.com",AccountID: "same-account". Bothacct-dup1andacct-dup2match → ambiguity error.profileName: "active",args: []string{"workspace-a"}. Expected error:"providing both a profile and host is not supported".Verification
go test ./cmd/auth/ -run TestToken_loadToken -v— all 16 test cases passgo test ./libs/databrickscfg/profile/ -v— WithHost predicate tests passgo test ./acceptance -run TestAccept/cmd/auth/token -v— acceptance test still passes (existing error message preserved)make checks— whitespace and formatting pass🤖 Generated with Claude Code