Skip to content

Config changes for custom scopes support #1166

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Tejas-Kochar wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Config changes for custom scopes support #1166

Tejas-Kochar wants to merge 5 commits into from
+101 −17

Conversation

@Tejas-Kochar
Copy link

@Tejas-Kochar Tejas-Kochar commented Dec 23, 2025
edited
Loading

Summary

  • change type of scopes from str to list.
  • add option for disabling refresh token to be used in U2M.
  • sort scopes when config is initialized.
  • add getters for scopes that add default scope "all-apis" if scopes is empty.

How is this tested?

  • Unit tests for loading scopes from a test .databrickscfg config file
  • Unit tests ensuring disable_oauth_refresh_token is set when environment variable DATABRICKS_DISABLE_OAUTH_REFRESH_TOKEN is set.

NO_CHANGELOG=true

@Tejas-Kochar Tejas-Kochar self-assigned this Dec 23, 2025
@Tejas-Kochar Tejas-Kochar force-pushed the custom-scopes branch 2 times, most recently from b50398b to 4fb6bd0 Compare December 25, 2025 14:26
@github-actions
Copy link

github-actions bot commented Jan 8, 2026

If integration tests don't run automatically, an authorized user can run them manually by following the instructions below:

Trigger:
go/deco-tests-run/sdk-py

Inputs:

  • PR number: 1166
  • Commit SHA: 73d24194f88dace2bc027ba2c8daf405725afe10

Checks will be approved automatically on success.

Tejas-Kochar
Tejas-Kochar commented Jan 8, 2026
View reviewed changes
tests/test_notebook_oauth.py
Comment on lines +81 to +84
("sql, offline_access", None),
("sql, offline_access", '{"type": "databricks_resource"}'),
("sql", None),
("sql offline_access all-apis", None),
("sql, offline_access, all-apis", None),
Copy link
Author

@Tejas-Kochar Tejas-Kochar Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is probably a breaking change, to avoid making it we will have to also allow for whitespace as a delimiter as runtime oauth already uses that format.

Copy link
Contributor

@hectorcast-db hectorcast-db Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should add that in this PR then. I see we keep the tests as they are and add new tests for comma.

Copy link
Contributor

@hectorcast-db hectorcast-db Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Side note: space delimited is the standard according to rfc6749. We may want to consider supporting them in other SDKs too.

Copy link
Author

@Tejas-Kochar Tejas-Kochar Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@Tejas-Kochar Tejas-Kochar requested review from hectorcast-db and removed request for parthban-db January 12, 2026 11:54
hectorcast-db
hectorcast-db reviewed Jan 12, 2026
View reviewed changes
databricks/sdk/__init__.py
product_version=product_version,
token_audience=token_audience,
scopes=" ".join(scopes) if scopes else None,
scopes=scopes,
Copy link
Contributor

@hectorcast-db hectorcast-db Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a generated file. Have you changed the template? Ping me the PR for the template update.

databricks/sdk/config.py

# disable_oauth_refresh_token controls whether a refresh token should be requested
# during the U2M authentication flow (default to false).
disable_oauth_refresh_token: bool = ConfigAttribute(env="DATABRICKS_DISABLE_OAUTH_REFRESH_TOKEN")
Copy link
Contributor

@hectorcast-db hectorcast-db Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are we using this?

tests/test_config.py
def test_disable_oauth_refresh_token_defaults_to_false(mocker):
mocker.patch("databricks.sdk.config.Config.init_auth")
config = Config(host="https://test.databricks.com")
assert config.disable_oauth_refresh_token is None # ConfigAttribute returns None when not set
Copy link
Contributor

@hectorcast-db hectorcast-db Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not checking

assert not config.disable_oauth_refresh_token

Is there a case which we want to differentiate between False and Not set?

tests/test_notebook_oauth.py
Comment on lines +81 to +84
("sql, offline_access", None),
("sql, offline_access", '{"type": "databricks_resource"}'),
("sql", None),
("sql offline_access all-apis", None),
("sql, offline_access, all-apis", None),
Copy link
Contributor

@hectorcast-db hectorcast-db Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should add that in this PR then. I see we keep the tests as they are and add new tests for comma.

tests/test_notebook_oauth.py
Comment on lines +81 to +84
("sql, offline_access", None),
("sql, offline_access", '{"type": "databricks_resource"}'),
("sql", None),
("sql offline_access all-apis", None),
("sql, offline_access, all-apis", None),
Copy link
Contributor

@hectorcast-db hectorcast-db Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Side note: space delimited is the standard according to rfc6749. We may want to consider supporting them in other SDKs too.

hectorcast-db
hectorcast-db reviewed Jan 12, 2026
View reviewed changes
Copy link
Contributor

@hectorcast-db hectorcast-db left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few more tests we could add:

  • List as input
  • Decuplication
  • Edge cases: Empty strings, whitespace-only strings, None values
  • Space separated input (backwards compatibility)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hectorcast-db hectorcast-db hectorcast-db left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@Tejas-Kochar Tejas-Kochar

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Tejas-Kochar @hectorcast-db