Bump databricks-sdk-go to v0.132.0#5237
Conversation
Regenerates CLI command stubs, schemas, validation, and Python bindings
against the new SDK and its companion OpenAPI spec
(a499dda0f7802e37868d3f3076f62639165475d8).
Breaking SDK changes addressed:
- vectorsearch.{CreateEndpoint,PatchEndpointRequest}.MinQps renamed to TargetQps.
- vectorsearch.EndpointScalingInfo.RequestedMinQps renamed to RequestedTargetQps.
Updated dresources and testserver; renamed bundle acceptance tests from
min_qps to target_qps to match the new field name.
- apps.App.thumbnail_url added (server-managed); marked output_only in
resources.yml so it stays out of the App Update mask.
- postgres adds ReplaceExisting (Create{Branch,Endpoint}Request),
Purge (DeleteProjectRequest), and DeleteTime/PurgeTime (Project).
- compute.ConfidentialComputeType added; refreshed annotations_openapi.yml.
- credentials/u2m removed the host-key fallback in PersistentAuth.loadToken
(per v0.130). Dropped the cmd/auth/token_test case that relied on it.
Co-authored-by: Isaac
simonfaltum
temporarily deployed
to
test-trigger-is
GitHub Actions
Inactive
simonfaltum
temporarily deployed
to
test-trigger-is
GitHub Actions
Inactive
| runs-on: | ||
| group: databricks-deco-testing-runner-group | ||
| labels: ubuntu-latest-deco | ||
| group: databricks-protected-runner-group |
There was a problem hiding this comment.
Reviewer note: this file is generated by genkit, but this SDK bump also pulls in release workflow behavior changes such as the protected runner, explicit ref: main, package-scoped dispatch input, and created-tags artifact. Please give this release-tooling change an explicit review rather than treating it as routine command/schema regeneration.
| @@ -29,6 +29,122 @@ | |||
| """ | |||
|
|
|||
|
|
|||
| @dataclass(frozen=True) | |||
There was a problem hiding this comment.
Reviewer note: this is generated by genkit, but the release script behavior changes materially here: local-HEAD anchoring, semver/prerelease handling, dependency freshness checks, and created-tags manifest output. Please review the release semantics closely as part of this SDK bump.
Remove generated trailing whitespace that breaks task checks and drop an empty changelog section.
simonfaltum
temporarily deployed
to
test-trigger-is
GitHub Actions
Inactive
simonfaltum
temporarily deployed
to
test-trigger-is
GitHub Actions
Inactive
There was a problem hiding this comment.
Self-review with a few callouts inline. Update on the TF schema bullet I mentioned earlier: PR #5238 (Terraform provider bump to v1.115.0) renames requested_min_qps -> requested_target_qps in bundle/internal/tf/schema/resource_vector_search_endpoint.go, so that's handled there, not a follow-up.
One thing without a diff line to attach to: python/uv.lock and python/codegen/uv.lock show no change in this PR because I restored them from origin/main after pydabs-codegen leaked the internal PyPI proxy URL into them. If Python deps fail to resolve in CI, that's the likely culprit.
| }, | ||
| validateToken: validateToken, | ||
| }, | ||
| { |
There was a problem hiding this comment.
Worth a second look: this PR drops the test case that used to sit right here (host with one matching profile and host-key-only token found via SDK fallback) because SDK v0.130 removed the host-key fallback in PersistentAuth.loadToken.
User-facing consequence: anyone whose ~/.databricks/token-cache.json only has host-keyed entries (no profile key) will get cache: databricks OAuth is not configured for this host on the next databricks auth token and need to databricks auth login --profile <name> to re-store the token under the profile key. If we want to soften that, we'd need to mirror the fallback in libs/auth/storage/cache.go (or at minimum call it out in NEXT_CHANGELOG.md).
There was a problem hiding this comment.
Since which version do we store the profile in the token cache?
If I understand correctly, users upgrading from a version before profiles were stored need to relogin?
There was a problem hiding this comment.
We are doing dual-write if the auth_storage is plaintext, meaning we both store it as profile and as host. When the user refreshes the auth, it automatically writes to profile-based storage, and the user doesn't notice any disruption. With the secure storage, we are only storing profile based as the user will have to re-login anyway
There was a problem hiding this comment.
Profile-keyed cache entries became the standard in CLI v0.290.0 (released 2026-02-26), via #4562 (Wire profile name through CLI ToOAuthArgument for profile-based cache keys) plus #4574/#4591. Before that, entries were keyed by host only.
So yes, a user who hasn't done databricks auth login since before 2026-02-26 (~2.5 months ago) will have a token-cache.json with only host-keyed entries, and once we ship this SDK bump they'll get cache: databricks OAuth is not configured for this host from databricks auth token until they re-run databricks auth login --profile <name>. Anyone who's logged in since v0.290.0 has profile-keyed entries already and is unaffected.
We could call this out in the NEXT_CHANGELOG, or mirror the host-key fallback in libs/auth/storage/cache.go if we want to absorb the impact rather than make users re-login. Lean toward the changelog note since the audience is narrow.
|
|
||
| title "Update min_qps" | ||
| trace update_file.py databricks.yml "min_qps: 1" "min_qps: 2" | ||
| title "Update target_qps" |
There was a problem hiding this comment.
Heads-up on the rename: I moved the min_qps test dirs to target_qps and rewrote databricks.yml.tmpl and script to match the new SDK field name. Before the rename, running with -update against the new SDK silently regenerated output.txt with Warning: unknown field: min_qps and Plan: 0 to change — the test still passed because nothing asserted on those lines. Worth double-checking the new goldens cover the same intent (drift detection for target_qps updates).
| "description": |- | ||
| PLACEHOLDER | ||
| github.com/databricks/databricks-sdk-go/service/pipelines.SourceConfig: | ||
| "google_ads_config": |
There was a problem hiding this comment.
Auto-added by schema regen with PLACEHOLDER. Not blocking, but a future PR should give pipelines.SourceConfig.google_ads_config a real description.
| var ( | ||
| pathBudgetPolicyId = structpath.MustParsePath("budget_policy_id") | ||
| pathMinQps = structpath.MustParsePath("min_qps") | ||
| pathTargetQps = structpath.MustParsePath("target_qps") |
There was a problem hiding this comment.
For reference: the Terraform provider schema in bundle/internal/tf/schema/resource_vector_search_endpoint.go still uses requested_min_qps. That's intentional here — TF schema is generated from the Terraform Provider, not the SDK — and the matching rename lands in #5238 (TF provider v1.115.0 bump).
There was a problem hiding this comment.
Good to know. We don't have and don't plan terraform support for this resource, so it should be okay.
| ### Dependency updates | ||
|
|
||
| * Bump Go toolchain to 1.25.10 ([#5213](https://github.com/databricks/cli/pull/5213)). | ||
| * Bump `github.com/databricks/databricks-sdk-go` from v0.128.0 to v0.132.0. |
There was a problem hiding this comment.
Should contain a note about breaking changes in Notable changes section (min_qps -> target_qps in DABs and commands).
There was a problem hiding this comment.
Added a Notable Changes entry in ce28031 calling out the min_qps -> target_qps rename for both DABs config and the vector-search-endpoints commands.
| resources.vector_search_endpoints.*.scaling_info.requested_min_qps int64 REMOTE | ||
| resources.vector_search_endpoints.*.scaling_info.requested_target_qps int64 REMOTE | ||
| resources.vector_search_endpoints.*.scaling_info.state vectorsearch.ScalingChangeState REMOTE | ||
| resources.vector_search_endpoints.*.target_qps int64 INPUT STATE |
There was a problem hiding this comment.
(For later) we should move target_qps into ALL category, since we can populate remote value from requested_min_qps. Also, is there no effective_target_qps? cc @janniklasrose
- Drop duplicate thumbnail_url ignore_remote_changes from resources.yml (already covered by resources.generated.yml). - Add Notable Changes entry calling out the min_qps -> target_qps breaking rename in vector_search_endpoints.
simonfaltum
temporarily deployed
to
test-trigger-is
GitHub Actions
Inactive
simonfaltum
temporarily deployed
to
test-trigger-is
GitHub Actions
Inactive
| # at workflow_dispatch time — which means re-running a stale | ||
| # dispatch checks out an older main even when newer commits | ||
| # exist. | ||
| ref: main |
There was a problem hiding this comment.
Do you have more background on this?
There was a problem hiding this comment.
tagging.yml is generated by internal/genkit/tagging.py (genkit), and this PR pulls in an upstream tooling refactor of both files. The same release-tooling overhaul ships into the other SDK repos at the same time. Net behavior changes:
ref: main(this hunk): pinning togithub.shafroze re-runs of a workflow_dispatch to the SHA from the original dispatch, so a re-run after newer commits had landed kept checking out a stale main. Addingref: mainmakes checkout re-resolve at step time.- protected runner group (
databricks-protected-runner-group) - package-scoped
workflow_dispatchinput - new
created_tags.jsonartifact, local-HEAD anchoring, semver/prerelease handling, dependency freshness checks intagging.py
I flagged this earlier (self-review note on lines 39 and 32) so it gets a real review rather than getting treated as routine codegen drift. Happy to split it into its own follow-up PR if you'd rather keep the SDK bump narrow.
| ] | ||
| }, | ||
| "method": "GET", | ||
| "path": "/api/2.0/preview/scim/v2/Me" |
There was a problem hiding this comment.
Do you know where the extra call comes from?
There was a problem hiding this comment.
Yes, this is an intentional SDK behavior change in v0.131 (databricks/databricks-sdk-go#1650). WorkspaceClient.CurrentWorkspaceID used to short-circuit and return Config.WorkspaceID directly when set. It now always hits /api/2.0/preview/scim/v2/Me, passing the configured WorkspaceID as the X-Databricks-Org-Id request header so unified (SPOG) hosts can route the call. The CLI-side caller hasn't moved: bundle/config/mutator/initialize_urls.go calls CurrentWorkspaceID(ctx) for every bundle invocation, so the change surfaces in every bundle command.
The first /Me in the golden is the existing populate_current_user mutator; the new second /Me (with engine/direct or engine/terraform) is initialize_urls now that it's no longer short-circuited. If we want to drop it back to one call we'd need to cache the workspace ID across mutators in the CLI, but that's a separate change.
There was a problem hiding this comment.
For reference, the previous SDK bump removed them (the short circuit), so it makes sense they come back now that the short circuit is gone again: https://github.com/databricks/cli/pull/5031/changes
| }, | ||
| validateToken: validateToken, | ||
| }, | ||
| { |
There was a problem hiding this comment.
Since which version do we store the profile in the token cache?
If I understand correctly, users upgrading from a version before profiles were stored need to relogin?
Picks up #5240, which unsets AI-agent env vars in acceptance tests so the SDK v0.132 user-agent detector stops stamping 'agent/multiple' on recorded requests.
#5240 unsets the AI-agent env vars in acceptance instead of setting them empty. The SDK v0.132 detector treats empty values as a match, so recorded requests were stamped with agent/multiple after the SDK bump. With #5240 merged in, the detector no longer fires; strip the suffix from all affected goldens. Verified by re-running the affected tests.
simonfaltum
temporarily deployed
to
test-trigger-is
GitHub Actions
Inactive
simonfaltum
temporarily deployed
to
test-trigger-is
GitHub Actions
Inactive
pietern
changed the title
|
Integration tests look good (the failures are unrelated to this bump). |
3 participants
Why
Pulls in four releases of the Go SDK (v0.129 through v0.132). It picks up new APIs (disaster recovery, secrets UC, supervisor agents, ingestion connectors), removes the file-backed OAuth token cache from the SDK (now owned by the CLI), and renames a handful of vector search fields. The Terraform provider already moved to this SDK in v1.115, so this also keeps the CLI close to the version Terraform users are running.
Changes
Before: CLI pinned
databricks-sdk-goatv0.128.0and OpenAPI spec at SHA11ae6f9d.Now: Pinned at
v0.132.0/ OpenAPI SHAa499dda0.Most of the diff is regenerated output from
./task generate(CLI command stubs, JSON schema, bundle docs, Python bindings, direct-engine YAML, acceptance goldens). The refreshed OpenAPI spec carries more launch-stage metadata, so generated commands now include Beta / Private Preview / GA warning text in help output, and the acceptance goldens update accordingly.Hand-written changes:
MinQps->TargetQpsandRequestedMinQps->RequestedTargetQpsinbundle/direct/dresources/vector_search_endpoint.go,libs/testserver/vector_search_endpoints.go, and thevector_search_endpoints/{update,drift}/min_qpsacceptance tests (renamed totarget_qps). Added a Notable Changes entry toNEXT_CHANGELOG.mdcalling this out for DABs config and thevector-search-endpointscommands.Create{Branch,Endpoint}RequestgainedReplaceExisting,DeleteProjectRequestgainedPurge, andProjectgainedDeleteTime/PurgeTime. Added explicit zero values where exhaustruct demands them.PersistentAuth.loadToken. Deleted thecmd/auth/token_testcase that exercised it. Open question on the thread: users who haven't logged in since CLI v0.290.0 (2026-02-26) have host-keyed-only cache entries and will need to re-login.serving.AutoCaptureConfig{Input,Output}: narrow//nolint:staticcheckannotations until the migration to AI Gateway inference tables.annotations_openapi.ymlso the newcompute.ConfidentialComputeTypeenum has descriptions; dropped the stalemin_qpsplaceholder fromannotations.yml..github/workflows/tagging.ymlandinternal/genkit/tagging.py. This is generated output, but it changes release workflow behavior (protected runner group,ref: mainto force re-resolution on workflow_dispatch re-runs, package-scoped dispatch input, created-tags artifact). Inline reviewer notes on both files.Merged
origin/mainto pick up #5240, which unsets the AI-agent env vars in acceptance instead of leaving them empty. Without that, the SDK v0.132 user-agent detector stampsagent/multipleonto every recorded request; with it merged in, the stamping stops and the goldens go back to their pre-bump state.Test plan
./task lintclean./task checksclean (tidy, whitespace, links, deadcode)go test ./internal/build ./bundle/internal/schema ./bundle/direct/dresources ./bundle/config/resources./task test-updateandgo test ./acceptanceclean after regeneration./task pydabs-codegensucceedsuser_agent,auth/credentials,cmd/api,bundle/migrate,bundle/state,bundle/templates/telemetry,telemetry,workspace/jobs) to confirm goldens matchThis pull request and its description were written by Isaac.