Implement basic credential provider (#18)

- inspired by the AWS SDK v3 credential providers https://www.npmjs.com/package/@aws-sdk/credential-providers
- decouple API client from credentials
- add credential providers for environment variables and config files
- add default provider chain

Author: fjakobs

packages/databricks-sdk-js/package.json

@@ -26,15 +26,19 @@
         "test:integ": "ts-mocha --type-check 'src/**/*.integ.ts'"
     },
     "dependencies": {
+        "ini": "^3.0.0",
         "node-fetch": "^2.6.7"
     },
     "devDependencies": {
+        "@types/ini": "^1.3.31",
         "@types/node-fetch": "^2.6.2",
+        "@types/tmp": "^0.2.3",
         "@types/uuid": "^8.3.4",
         "eslint": "^8.18.0",
         "eslint-config-prettier": "^8.5.0",
         "mocha": "^10.0.0",
         "prettier": "^2.7.1",
+        "tmp-promise": "^3.0.3",
         "ts-loader": "^9.3.0",
         "ts-mocha": "^10.0.0",
         "typescript": "^4.7.4",

packages/databricks-sdk-js/src/api-client.test.ts

@@ -1,8 +1,8 @@
 import {equal} from "assert";
 import {ApiClient} from "./api-client";
 
-describe("API Client", () => {
+describe(__filename, () => {
     it("create an instance of the client", () => {
-        let client = new ApiClient("https://databricks.com", "PAT");
+        let client = new ApiClient();
     });
 });

packages/databricks-sdk-js/src/api-client.ts

@@ -1,34 +1,25 @@
 /* eslint-disable @typescript-eslint/naming-convention */
 import fetch from "node-fetch";
-//import {Event, EventEmitter} from "vscode";
+import {fromDefaultChain} from "./auth/fromChain";
 
 type HttpMethod = "POST" | "GET";
 
 export class ApiClient {
-    private host!: string;
-    private token!: string;
-
-    constructor(host: string, token: string) {
-        this.updateConfiguration(host, token);
-    }
-
-    updateConfiguration(host: string, token: string) {
-        this.host = host;
-        this.token = token;
-    }
+    constructor(private credentialProvider = fromDefaultChain) {}
 
     async request(
         path: string,
         method: HttpMethod,
         payload?: any
     ): Promise<Object> {
+        const credentials = await this.credentialProvider();
         const headers = {
-            "Authorization": `Bearer ${this.token}`,
+            "Authorization": `Bearer ${credentials.token}`,
             "User-Agent": `vscode-notebook`,
             "Content-Type": "text/json",
         };
 
-        let url = new URL(this.host);
+        let url = credentials.host;
         url.pathname = path;
 
         let options: any = {

packages/databricks-sdk-js/src/auth/CredentialProvider.ts

@@ -0,0 +1,19 @@
+/**
+ * An object representing temporary or permanent AWS credentials.
+ */
+export interface Credentials {
+    readonly token: string;
+    readonly host: URL;
+}
+
+/**
+ * A function that, when invoked, returns a promise that will be fulfilled with
+ * a value of type T.
+ */
+export interface Provider<T> {
+    (): Promise<T>;
+}
+
+export type CredentialProvider = Provider<Credentials>;
+
+export class CredentialsProviderError extends Error {}

packages/databricks-sdk-js/src/auth/fromChain.ts

@@ -0,0 +1,32 @@
+import {
+    CredentialProvider,
+    CredentialsProviderError,
+} from "./CredentialProvider";
+import {fromEnv} from "./fromEnv";
+import {fromConfigFile} from "./fromConfigFile";
+
+export const fromChain = (
+    chain: Array<CredentialProvider>
+): CredentialProvider => {
+    let cachedProvider: CredentialProvider;
+
+    return async () => {
+        if (cachedProvider) {
+            return await cachedProvider();
+        }
+
+        for (const provider of chain) {
+            try {
+                let credentials = await provider();
+                cachedProvider = provider;
+                return credentials;
+            } catch (e) {}
+        }
+
+        throw new CredentialsProviderError(
+            "No valid credential provider found"
+        );
+    };
+};
+
+export const fromDefaultChain = fromChain([fromEnv(), fromConfigFile()]);

packages/databricks-sdk-js/src/auth/fromConfigFile.test.ts

@@ -0,0 +1,50 @@
+import assert = require("node:assert");
+import {writeFile} from "node:fs/promises";
+import {withFile} from "tmp-promise";
+import {DEFAULT_PROFILE, fromConfigFile} from "./fromConfigFile";
+
+describe(__dirname, () => {
+    it("should load from config file", async () => {
+        await withFile(async ({path}) => {
+            await writeFile(
+                path,
+                `[DEFAULT]
+host = https://cloud.databricks.com/
+token = dapitest1234 `
+            );
+
+            const provider = fromConfigFile(DEFAULT_PROFILE, path);
+            const credentials = await provider();
+            assert.equal(
+                credentials.host.href,
+                "https://cloud.databricks.com/"
+            );
+            assert.equal(credentials.token, "dapitest1234");
+        });
+    });
+
+    it("should load non DEFAULT profile from config file", async () => {
+        await withFile(async ({path}) => {
+            await writeFile(
+                path,
+                `[DEFAULT]
+host = https://cloud.databricks.com/
+token = dapitest1234
+
+[STAGING]
+host = https://staging.cloud.databricks.com/
+token = dapitest54321`
+            );
+
+            const provider = fromConfigFile("STAGING", path);
+            const credentials = await provider();
+            assert.equal(
+                credentials.host.href,
+                "https://staging.cloud.databricks.com/"
+            );
+            assert.equal(credentials.token, "dapitest54321");
+        });
+    });
+});
+
+//let stub = sinon.stub(process.env, 'FOO').value('bar');

packages/databricks-sdk-js/src/auth/fromConfigFile.ts

@@ -0,0 +1,32 @@
+import {
+    CredentialProvider,
+    Credentials,
+    CredentialsProviderError,
+} from "./CredentialProvider";
+import {loadConfigFile} from "../configFile";
+
+export const DEFAULT_PROFILE = "DEFAULT";
+
+export const fromConfigFile = (
+    profile: string = DEFAULT_PROFILE,
+    configFile?: string
+): CredentialProvider => {
+    let cachedValue: Credentials;
+
+    return async () => {
+        if (cachedValue) {
+            return cachedValue;
+        }
+
+        const config = await loadConfigFile(configFile);
+
+        if (config[profile].host && config[profile].token) {
+            cachedValue = config[profile];
+            return cachedValue;
+        }
+
+        throw new CredentialsProviderError(
+            "Can't load credentials from config file"
+        );
+    };
+};

packages/databricks-sdk-js/src/auth/fromEnv.test.ts

@@ -0,0 +1,34 @@
+import assert = require("node:assert");
+import {CredentialsProviderError} from "./CredentialProvider";
+import {fromEnv} from "./fromEnv";
+
+describe(__filename, () => {
+    let origEnv: any;
+    beforeEach(() => {
+        origEnv = process.env;
+        process.env = {};
+    });
+
+    afterEach(() => {
+        process.env = origEnv;
+    });
+
+    it("should load config from environment variables", async () => {
+        process.env["DATABRICKS_HOST"] = "https://cloud.databricks.com/";
+        process.env["DATABRICKS_TOKEN"] = "dapitest1234";
+
+        const provider = fromEnv();
+        const credentials = await provider();
+
+        assert.equal(credentials.host.href, "https://cloud.databricks.com/");
+        assert.equal(credentials.token, "dapitest1234");
+    });
+
+    it("should throw if environment variables are not set", async () => {
+        const provider = fromEnv();
+
+        assert.rejects(async () => {
+            await provider();
+        }, CredentialsProviderError);
+    });
+});

packages/databricks-sdk-js/src/auth/fromEnv.ts

@@ -0,0 +1,22 @@
+import {
+    CredentialProvider,
+    CredentialsProviderError,
+} from "./CredentialProvider";
+
+export const fromEnv = (): CredentialProvider => {
+    return async () => {
+        const host = process.env["DATABRICKS_HOST"];
+        const token = process.env["DATABRICKS_TOKEN"];
+
+        if (host && token) {
+            return {
+                token: token,
+                host: new URL(host),
+            };
+        }
+
+        throw new CredentialsProviderError(
+            "Can't find databricks environment variables"
+        );
+    };
+};

packages/databricks-sdk-js/src/configFile.test.ts

@@ -0,0 +1,62 @@
+/* eslint-disable @typescript-eslint/naming-convention */
+
+import assert = require("node:assert");
+import {loadConfigFile, resolveConfigFilePath} from "./configFile";
+import {writeFile} from "node:fs/promises";
+import {withFile} from "tmp-promise";
+import {homedir} from "node:os";
+import path = require("node:path");
+
+describe(__filename, () => {
+    beforeEach(() => {
+        delete process.env.DATABRICKS_CONFIG_FILE;
+    });
+
+    it("should load file from default location", () => {
+        assert.equal(
+            resolveConfigFilePath(),
+            path.join(homedir(), ".databrickscfg")
+        );
+    });
+
+    it("should load file location defined in environment variable", () => {
+        process.env.DATABRICKS_CONFIG_FILE = "/tmp/databrickscfg.yml";
+        assert.equal(resolveConfigFilePath(), "/tmp/databrickscfg.yml");
+    });
+
+    it("should load file from passed in location", () => {
+        assert.equal(
+            resolveConfigFilePath("/tmp/.databrickscfg"),
+            "/tmp/.databrickscfg"
+        );
+    });
+
+    it("should parse a config file", async () => {
+        await withFile(async ({path}) => {
+            await writeFile(
+                path,
+                `[DEFAULT]
+host = https://cloud.databricks.com/
+token = dapitest1234
+
+[STAGING]
+host = https://staging.cloud.databricks.com/
+token = dapitest54321`
+            );
+
+            const profiles = await loadConfigFile(path);
+
+            assert.equal(Object.keys(profiles).length, 2);
+            assert.equal(
+                profiles.DEFAULT.host.href,
+                "https://cloud.databricks.com/"
+            );
+            assert.equal(profiles.DEFAULT.token, "dapitest1234");
+            assert.equal(
+                profiles.STAGING.host.href,
+                "https://staging.cloud.databricks.com/"
+            );
+            assert.equal(profiles.STAGING.token, "dapitest54321");
+        });
+    });
+});