Add parametrized unit tests for auth types across host profiles#771
Add parametrized unit tests for auth types across host profiles#771hectorcast-db merged 2 commits intomainfrom
Conversation
hectorcast-db
temporarily deployed
to
test-trigger-is
GitHub Actions
Inactive
hectorcast-db
temporarily deployed
to
test-trigger-is
GitHub Actions
Inactive
| sb.append("{"); | ||
| sb.append("\"oidc_endpoint\":\"").append(metadataOidcEndpoint()).append("\""); | ||
| sb.append(",\"account_id\":\"").append(TEST_ACCOUNT_ID).append("\""); | ||
| if (kind != ProfileKind.ACCOUNT && kind != ProfileKind.UNIFIED) { |
There was a problem hiding this comment.
Same as kind == ProfileKind.WORKSPACE right?
There was a problem hiding this comment.
The else if branch also does exactly the same thing, should we combine the two?
There was a problem hiding this comment.
So the condition for including workspace id in metadata response is - it is either a workspace profile, or a unified profile with workspace ID set.
There was a problem hiding this comment.
Yes — with only three ProfileKind values, kind != ACCOUNT && kind != UNIFIED is just kind == WORKSPACE. Rewritten in f54db1e.
There was a problem hiding this comment.
Combined in f54db1e. The two branches produced identical JSON; new single condition is kind == WORKSPACE || (kind == UNIFIED && configWorkspaceId != null).
There was a problem hiding this comment.
Exactly. Codified that as the single combined condition in f54db1e, with a short comment explaining the rule.
hectorcast-db
temporarily deployed
to
test-trigger-is
GitHub Actions
Inactive
hectorcast-db
temporarily deployed
to
test-trigger-is
GitHub Actions
Inactive
Tests each auth type resolves correctly on every applicable host profile (LW, NW, LA, NA, SPOGW, SPOGA) across AWS, Azure, and GCP clouds. Covers pat, basic, oauth-m2m, github-oidc, env-oidc, file-oidc, azure-client-secret, and github-oidc-azure (138 subtests total). Java has no HostMetadataResolver seam, so each test mocks GET /.well-known/databricks-config and calls resolve() so that DatabricksConfig.resolveHostMetadata() actually runs and populates discoveryUrl (and accountId/workspaceId for bare-host profiles) from the mocked metadata response — the production path Go's resolver injection shortcuts. A dedicated hostMetadataResolutionPopulatesDiscoveryUrl test asserts that derivation explicitly. Mirrors databricks/databricks-sdk-go#1627. NO_CHANGELOG=false Co-authored-by: Isaac
- Drop PR cross-reference numbers from class Javadoc; keep the explanation of why the test mocks the well-known endpoint.
- Collapse the two branches of the workspace_id inclusion check into a single condition (kind == WORKSPACE || (kind == UNIFIED && configWorkspaceId != null)).
- Replace hardcoded "Linux" system name in the test Environment helpers with System.getProperty("os.name"), matching existing tests under src/test/java/com/databricks/sdk/core/.
Co-authored-by: Isaac
hectorcast-db
force-pushed
the
hector/auth-profiles-tests
branch
from
f54db1e to
5eb959a
Compare
hectorcast-db
temporarily deployed
to
test-trigger-is
GitHub Actions
Inactive
hectorcast-db
temporarily deployed
to
test-trigger-is
GitHub Actions
Inactive
|
If integration tests don't run automatically, an authorized user can run them manually by following the instructions below: Trigger: Inputs:
Checks will be approved automatically on success. |
2 participants
Summary
AuthProfilesTest.javawith 138 parametrized subtests covering 8 auth types across 6 host profiles (LW, NW, LA, NA, SPOGW, SPOGA) on AWS, Azure, and GCP.HostMetadataResolverseam, so each test mocksGET /.well-known/databricks-configand callsresolve()so thatDatabricksConfig.resolveHostMetadata()actually runs and populatesdiscoveryUrl(andaccountId/workspaceIdfor bare-host profiles) from the mocked metadata — the production path Go's resolver injection shortcuts.hostMetadataResolutionPopulatesDiscoveryUrlsubtest that asserts the derivation explicitly, so a regression where metadata resolution silently no-ops cannot be masked.Profiles tested
account_id+workspace_idaccount_id+workspace_idaccount_idAuth types covered
pat, basic, oauth-m2m, github-oidc, env-oidc, file-oidc, azure-client-secret, github-oidc-azure
Not covered (with rationale)
databricks-cli,azure-cli: invoke external processes viaProcessBuilder; mocking requiresMockedConstruction+ spy per-profile. Covered at the unit level byDatabricksCliCredentialsProviderTest/AzureCliCredentialsProviderTest/CliTokenSourceTest.azure-devops-oidc:AzureDevOpsIDTokenSourcereadsSYSTEM_*variables viaSystem.getenv()at construction time (not viaconfig.getEnv()); overriding those in-process requires JUnit Pioneer or reflection, neither of which is in the project's dep set.metadata-service: no equivalent auth type in the Java SDK.AzureMsiCredentialsProviderhits the Azure IMDS endpoint, not a Databricks-hosted metadata service.google-credentials,google-id: delegate to Google SDK functions that parse real crypto keys with no seam for HTTP injection (matches Go SDK's exclusion).Test plan
mvn test -Dtest=AuthProfilesTest)com.databricks.sdk.core.*tests unaffected (908 pass)This pull request was AI-assisted by Isaac.