Extract SPOG org-id from cluster httpPath for non-Thrift requests#1472
Open
msrathore-db wants to merge 1 commit into
Open
Extract SPOG org-id from cluster httpPath for non-Thrift requests#1472msrathore-db wants to merge 1 commit into
msrathore-db wants to merge 1 commit into
Conversation
For all-purpose-compute Thrift connections on SPOG (custom-URL) hosts the httpPath is /sql/protocolv1/o/<workspace-id>/<cluster-id> and the workspace ID is encoded in the path itself. PoPP routes the Thrift request correctly off the /o/<wsid>/ segment, so the connection succeeds without an explicit ?o= query parameter. Other requests on the same connection (telemetry POSTs to /telemetry-ext, feature-flag fetches, etc.) hit different paths that don't carry the workspace ID. Previously parseCustomHeaders only looked at ?o= in the httpPath, so the x-databricks-org-id header was never set for cluster URLs without ?o=. On SPOG hosts PoPP then had no workspace context for these requests and redirected them to /login (HTTP 303), silently dropping telemetry. Extend parseCustomHeaders to also extract the workspace ID from the cluster path segment as a fallback when ?o= is absent. Priority order is preserved: explicit http.header.x-databricks-org-id > ?o= query param > /o/<wsid>/ path segment. Verified end-to-end against peco.azuredatabricks.net (Prod SPOG) cluster 1214-195625-gtrwbe64 via OSS JDBC PAT: telemetry POST /telemetry-ext now returns HTTP 200 instead of HTTP 303 redirect to /login. Signed-off-by: Madhavendra Rathore <madhavendra.rathore@databricks.com>
gopalldb
approved these changes
May 29, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
httpPathlikesql/protocolv1/o/<workspace-id>/<cluster-id>.parseCustomHeadersnow extracts the workspace ID from the/o/<wsid>/path segment as a fallback when?o=<wsid>is not present, and sets it as thex-databricks-org-idheader.http.header.x-databricks-org-id▶?o=inhttpPath▶/sql/protocolv1/o/<wsid>/path segment.Why
On a SPOG host the workspace identity has to be in either the URL or the
x-databricks-org-idheader so PoPP can route a request to the right workspace. For cluster Thrift this happens "for free" because the workspace ID is in the/o/<wsid>/segment of the path, so PoPP routes it correctly viarouting_reason=workspace-idand the Thrift session opens fine without the user supplying?o=. The connection-level telemetry, feature-flag, and other helper requests, however, target different paths (/telemetry-ext,/api/...) that don't carry the workspace ID, and the driver only set thex-databricks-org-idheader when?o=was present inhttpPath. Result: those requests had no workspace context on SPOG, PoPP fell back to default (account) routing, and the response was an HTTP 303 redirect to/login— silently dropping telemetry.Reproduced against
peco.azuredatabricks.net(Prod SPOG), workspace6436897454825492, cluster1214-195625-gtrwbe64:httpPath/telemetry-extsql/protocolv1/o/<wsid>/<cluster>(no?o=, no fix)The fix only adds extraction logic; it does not modify the outgoing request URL or the routing path.
What changes
src/main/java/com/databricks/jdbc/api/impl/DatabricksConnectionContext.javaCLUSTER_PATH_ORG_ID_PATTERNregex matching(?:^|/)sql/protocolv1/o/(\d+)/[^/?]+.parseCustomHeadersfalls back to that pattern when the?o=extraction does not yield a workspace ID. The existing precedence guard (explicithttp.header.x-databricks-org-idalready set by the caller wins) is unchanged. The fallback runs only whenhttpPathis non-empty.src/test/java/com/databricks/jdbc/api/impl/DatabricksConnectionContextTest.java?o=→ header extracted from/o/<wsid>//→ same?o=→?o=value wins (priority)http.header.x-databricks-org-id→ caller header wins?o=→ no header (regression guard: the new regex must not match warehouse paths)NEXT_CHANGELOG.md### Fixedentry describing the change.Test plan
mvn test -Dtest='DatabricksConnectionContextTest'— 136 tests pass (5 new).mvn package -DskipTests— uber jar builds;spotless:applyclean.peco.azuredatabricks.net(Prod SPOG) all-purpose cluster1214-195625-gtrwbe64with PAT:x-databricks-org-id: 6436897454825492on the telemetry POST.HTTP/1.1 303 See Other(withlocation: /login?next_url=%2Ftelemetry-ext) toHTTP/1.1 200 OK.Out of scope
dogfood-spog.staging.azuredatabricks.net) currently rejects PAT for cluster Thrift withAuthentication Error: Authorization header received from the client is empty.regardless of?o=or header presence — the 401 is generated by the upstream cluster HS2 handler, not by PoPP (response carriesapiproxy-response-code-details: via_upstream). This is a server-side workspace/cluster auth config issue and is not addressed here.adbc-drivers/databricks,HiveServer2-backedDatabricksConnection) has the same parsing limitation inPropertyHelper.ParseOrgIdFromProperties. That fix belongs in the ADBC repo.This pull request and its description were written with assistance from Claude Code.