Skip to content

Make auth profiles --skip-validate fully offline#5530

Merged
simonfaltum merged 3 commits into
mainfrom
simonfaltum/auth-profiles-skip-validate-offline
Jun 10, 2026
Merged

Make auth profiles --skip-validate fully offline#5530
simonfaltum merged 3 commits into
mainfrom
simonfaltum/auth-profiles-skip-validate-offline

Conversation

@simonfaltum

@simonfaltum simonfaltum commented Jun 10, 2026

Copy link
Copy Markdown
Member

Why

databricks auth profiles --skip-validate is the "fast, offline" way to list profiles, but it still makes one network call per profile: config resolution unconditionally fetches <host>/.well-known/databricks-config to enrich the config. On a cold cache (or with DATABRICKS_CACHE_ENABLED=false) that means a fan-out of HTTP fetches from a command that promises not to touch the network, and offline machines get Warn: [hostmetadata] failed to fetch host metadata ... for a plain listing. Tools that shell out to the CLI at startup (editor integrations, agent hooks) need a listing that is guaranteed not to hang or warn.

Changes

Before: --skip-validate skipped the per-profile auth probes (Workspaces.List / CurrentUser.Me) but still resolved host metadata over HTTP. Now it makes no network calls at all.

profileMetadata.Load stubs HostMetadataResolver on the per-profile config when validation is skipped, so EnsureResolved resolves from the config file alone. Cloud detection falls back to host-pattern inference, which is the same fallback that already applied whenever the metadata fetch failed. Output shape is unchanged.

The acceptance/auth/host-metadata-cache test used auth profiles --skip-validate as its fetch vehicle; it now runs full validation so it keeps exercising the disk cache (still exactly one recorded /.well-known/databricks-config request across two invocations). The cmd/auth/profiles golden loses the spurious offline warning; the JSON is unchanged.

Test plan

  • New unit test TestProfileLoadSkipValidateMakesNoRequests: an httptest server backing the profile host receives zero requests when loading with skipValidate
  • go test ./cmd/auth
  • Acceptance: auth/host-metadata-cache, cmd/auth/profiles, cmd/auth/switch (regenerated host-metadata-cache and profiles goldens)
  • ./task checks and golangci-lint run ./cmd/auth

This pull request and its description were written by Isaac.

@simonfaltum
Make auth profiles --skip-validate fully offline
159da4b 
EnsureResolved unconditionally fetches <host>/.well-known/databricks-config, so --skip-validate still made one network call per profile and warned when offline. Stub the host metadata resolver in the skip path so the listing resolves from the config file alone.

Co-authored-by: Isaac
@simonfaltum
Add NEXT_CHANGELOG entry for #5530
5c57663 
Co-authored-by: Isaac
@eng-dev-ecosystem-bot

eng-dev-ecosystem-bot commented Jun 10, 2026

Copy link
Copy Markdown
Collaborator

Commit: 5c57663

Run: 27266484683

Env 🟨​KNOWN 💚​RECOVERED 🙈​SKIP ✅​pass 🙈​skip Time
🟨​ aws linux 7 15 261 928 8:13
🟨​ aws windows 7 15 263 926 15:27
💚​ aws-ucws linux 7 15 357 842 7:26
💚​ aws-ucws windows 7 15 359 840 11:18
💚​ azure linux 1 17 264 926 6:39
💚​ azure windows 1 17 266 924 11:42
💚​ azure-ucws linux 1 17 362 838 8:04
💚​ azure-ucws windows 1 17 364 836 11:52
💚​ gcp linux 1 17 260 929 8:08
💚​ gcp windows 1 17 262 927 11:34
22 interesting tests: 15 SKIP, 7 KNOWN
Test Name aws linux aws windows aws-ucws linux aws-ucws windows azure linux azure windows azure-ucws linux azure-ucws windows gcp linux gcp windows
🟨​ TestAccept 🟨​K 🟨​K 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R
🙈​ TestAccept/bundle/invariant/no_drift 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/permissions 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🟨​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions 🟨​K 🟨​K 💚​R 💚​R 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🟨​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions/DATABRICKS_BUNDLE_ENGINE=direct 🟨​K 🟨​K 💚​R 💚​R
🟨​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions/DATABRICKS_BUNDLE_ENGINE=terraform 🟨​K 🟨​K 💚​R 💚​R
🟨​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions 🟨​K 🟨​K 💚​R 💚​R 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🟨​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions/DATABRICKS_BUNDLE_ENGINE=direct 🟨​K 🟨​K 💚​R 💚​R
🟨​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions/DATABRICKS_BUNDLE_ENGINE=terraform 🟨​K 🟨​K 💚​R 💚​R
🙈​ TestAccept/bundle/resources/postgres_branches/basic 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/recreate 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/replace_existing 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/update_protected 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/without_branch_id 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_endpoints/basic 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_endpoints/recreate 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_projects/update_display_name 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/synced_database_tables/basic 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/vector_search_endpoints/drift/recreated_same_name 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/vector_search_indexes/basic 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/vector_search_indexes/grants/select 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/ssh/connection 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
Top 28 slowest tests (at least 2 minutes):
duration env testname
6:49 azure windows TestAccept
6:28 azure-ucws windows TestAccept
6:09 gcp windows TestAccept
5:56 aws-ucws windows TestAccept
4:46 gcp linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
4:37 gcp windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
4:36 gcp linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
4:25 gcp windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:19 aws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:15 azure-ucws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:12 azure windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:09 aws-ucws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:56 azure-ucws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:56 azure linux TestAccept
2:55 gcp linux TestAccept
2:55 azure-ucws linux TestAccept
2:50 azure linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:47 azure-ucws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:47 aws-ucws linux TestAccept
2:45 aws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:42 aws-ucws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:40 aws-ucws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:38 azure windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:36 azure linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:32 azure-ucws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:30 aws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:29 aws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:23 aws-ucws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct

@simonfaltum simonfaltum enabled auto-merge June 10, 2026 10:49
@simonfaltum simonfaltum disabled auto-merge June 10, 2026 12:30
@simonfaltum simonfaltum merged commit 41b4a19 into main Jun 10, 2026
24 checks passed
@simonfaltum simonfaltum deleted the simonfaltum/auth-profiles-skip-validate-offline branch June 10, 2026 12:30
deco-sdk-tagging Bot added a commit that referenced this pull request Jun 10, 2026
@deco-sdk-tagging
[Release] Release v1.3.0
856ee8c 
## Release v1.3.0

### Notable Changes
* The `direct` deployment engine is now Generally Available and the default for new deployments. To opt out, set `engine: terraform` under `bundle` in your `databricks.yml` or set `DATABRICKS_BUNDLE_ENGINE=terraform`. Existing deployments keep their current engine; see https://docs.databricks.com/aws/en/dev-tools/bundles/direct to migrate.

### CLI
* Added the `databricks quickstart` command, a short introduction to the CLI that prints a human-friendly guide interactively and an agent-oriented version when run non-interactively ([#5464](#5464)).
* Add `databricks version --check` to report whether a newer CLI version is available and print the upgrade command for the detected install method ([#5469](#5469)).
* `databricks auth describe` now verifies credentials against both the workspace and account endpoints before reporting a failure, fixing false "Unable to authenticate" errors for account console profiles ([#5479](#5479)).
* `databricks auth login` no longer prompts for workspace selection when logging in to an account console host (`https://accounts.*`). Pass `--workspace-id` explicitly to store a workspace ID on such a profile ([#5504](#5504)).
* `databricks auth profiles --skip-validate` no longer makes any network calls; the host metadata fetch is skipped along with validation ([#5530](#5530)).

### Bundles
* Set the default `data_security_mode` to `DATA_SECURITY_MODE_AUTO` in bundle templates ([#5452](#5452)).
* Mark vector search index index_subtype as backend_default to prevent drift after deployment ([#5454](#5454)).
* `bundle deployment migrate`: handle resources added to or removed from `databricks.yml` since the last Terraform deploy ([#5463](#5463)).
* Add the `genie_spaces` bundle resource for managing Databricks Genie spaces as code, plus `bundle generate genie-space` to import an existing space. Direct deployment engine only ([#5282](#5282)).
* Fix spurious recreate of schemas and volumes whose names use mixed case ([#5531](#5531)).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@janniklasrose janniklasrose janniklasrose approved these changes

Assignees

@janniklasrose janniklasrose

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@simonfaltum @eng-dev-ecosystem-bot @janniklasrose