databricks-sdk 0.54.0__py3-none-any.whl → 0.55.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of databricks-sdk might be problematic. Click here for more details.
- databricks/sdk/__init__.py +275 -260
- databricks/sdk/config.py +15 -4
- databricks/sdk/credentials_provider.py +101 -55
- databricks/sdk/oauth.py +0 -5
- databricks/sdk/oidc.py +206 -0
- databricks/sdk/version.py +1 -1
- {databricks_sdk-0.54.0.dist-info → databricks_sdk-0.55.0.dist-info}/METADATA +1 -1
- {databricks_sdk-0.54.0.dist-info → databricks_sdk-0.55.0.dist-info}/RECORD +12 -11
- {databricks_sdk-0.54.0.dist-info → databricks_sdk-0.55.0.dist-info}/WHEEL +1 -1
- {databricks_sdk-0.54.0.dist-info → databricks_sdk-0.55.0.dist-info}/licenses/LICENSE +0 -0
- {databricks_sdk-0.54.0.dist-info → databricks_sdk-0.55.0.dist-info}/licenses/NOTICE +0 -0
- {databricks_sdk-0.54.0.dist-info → databricks_sdk-0.55.0.dist-info}/top_level.txt +0 -0
databricks/sdk/oidc.py
ADDED
|
@@ -0,0 +1,206 @@
|
|
|
1
|
+
"""
|
|
2
|
+
Package oidc provides utilities for working with OIDC ID tokens.
|
|
3
|
+
|
|
4
|
+
This package is experimental and subject to change.
|
|
5
|
+
"""
|
|
6
|
+
|
|
7
|
+
import logging
|
|
8
|
+
import os
|
|
9
|
+
from abc import ABC, abstractmethod
|
|
10
|
+
from dataclasses import dataclass
|
|
11
|
+
from typing import Optional
|
|
12
|
+
|
|
13
|
+
from . import oauth
|
|
14
|
+
|
|
15
|
+
logger = logging.getLogger(__name__)
|
|
16
|
+
|
|
17
|
+
|
|
18
|
+
@dataclass
|
|
19
|
+
class IdToken:
|
|
20
|
+
"""Represents an OIDC ID token that can be exchanged for a Databricks access token.
|
|
21
|
+
|
|
22
|
+
Parameters
|
|
23
|
+
----------
|
|
24
|
+
jwt : str
|
|
25
|
+
The signed JWT token string.
|
|
26
|
+
"""
|
|
27
|
+
|
|
28
|
+
jwt: str
|
|
29
|
+
|
|
30
|
+
|
|
31
|
+
class IdTokenSource(ABC):
|
|
32
|
+
"""Abstract base class representing anything that returns an IDToken.
|
|
33
|
+
|
|
34
|
+
This class defines the interface for token sources that can provide OIDC ID tokens.
|
|
35
|
+
"""
|
|
36
|
+
|
|
37
|
+
@abstractmethod
|
|
38
|
+
def id_token(self) -> IdToken:
|
|
39
|
+
"""Get an ID token.
|
|
40
|
+
|
|
41
|
+
Returns
|
|
42
|
+
-------
|
|
43
|
+
IdToken
|
|
44
|
+
An ID token.
|
|
45
|
+
|
|
46
|
+
Raises
|
|
47
|
+
------
|
|
48
|
+
Exception
|
|
49
|
+
Implementation specific exceptions.
|
|
50
|
+
"""
|
|
51
|
+
|
|
52
|
+
|
|
53
|
+
class EnvIdTokenSource(IdTokenSource):
|
|
54
|
+
"""IDTokenSource that reads the ID token from an environment variable.
|
|
55
|
+
|
|
56
|
+
Parameters
|
|
57
|
+
----------
|
|
58
|
+
env_var : str
|
|
59
|
+
The name of the environment variable containing the ID token.
|
|
60
|
+
"""
|
|
61
|
+
|
|
62
|
+
def __init__(self, env_var: str):
|
|
63
|
+
self.env_var = env_var
|
|
64
|
+
|
|
65
|
+
def id_token(self) -> IdToken:
|
|
66
|
+
"""Get an ID token from an environment variable.
|
|
67
|
+
|
|
68
|
+
Returns
|
|
69
|
+
-------
|
|
70
|
+
IdToken
|
|
71
|
+
An ID token.
|
|
72
|
+
|
|
73
|
+
Raises
|
|
74
|
+
------
|
|
75
|
+
ValueError
|
|
76
|
+
If the environment variable is not set.
|
|
77
|
+
"""
|
|
78
|
+
token = os.getenv(self.env_var)
|
|
79
|
+
if not token:
|
|
80
|
+
raise ValueError(f"Missing env var {self.env_var!r}")
|
|
81
|
+
return IdToken(jwt=token)
|
|
82
|
+
|
|
83
|
+
|
|
84
|
+
class FileIdTokenSource(IdTokenSource):
|
|
85
|
+
"""IDTokenSource that reads the ID token from a file.
|
|
86
|
+
|
|
87
|
+
Parameters
|
|
88
|
+
----------
|
|
89
|
+
path : str
|
|
90
|
+
The path to the file containing the ID token.
|
|
91
|
+
"""
|
|
92
|
+
|
|
93
|
+
def __init__(self, path: str):
|
|
94
|
+
self.path = path
|
|
95
|
+
|
|
96
|
+
def id_token(self) -> IdToken:
|
|
97
|
+
"""Get an ID token from a file.
|
|
98
|
+
|
|
99
|
+
Returns
|
|
100
|
+
-------
|
|
101
|
+
IdToken
|
|
102
|
+
An ID token.
|
|
103
|
+
|
|
104
|
+
Raises
|
|
105
|
+
------
|
|
106
|
+
ValueError
|
|
107
|
+
If the file is empty, does not exist, or cannot be read.
|
|
108
|
+
"""
|
|
109
|
+
if not self.path:
|
|
110
|
+
raise ValueError("Missing path")
|
|
111
|
+
|
|
112
|
+
token = None
|
|
113
|
+
try:
|
|
114
|
+
with open(self.path, "r") as f:
|
|
115
|
+
token = f.read().strip()
|
|
116
|
+
except FileNotFoundError:
|
|
117
|
+
raise ValueError(f"File {self.path!r} does not exist")
|
|
118
|
+
except Exception as e:
|
|
119
|
+
raise ValueError(f"Error reading token file: {str(e)}")
|
|
120
|
+
|
|
121
|
+
if not token:
|
|
122
|
+
raise ValueError(f"File {self.path!r} is empty")
|
|
123
|
+
return IdToken(jwt=token)
|
|
124
|
+
|
|
125
|
+
|
|
126
|
+
class DatabricksOidcTokenSource(oauth.TokenSource):
|
|
127
|
+
"""A TokenSource which exchanges a token using Workload Identity Federation.
|
|
128
|
+
|
|
129
|
+
Parameters
|
|
130
|
+
----------
|
|
131
|
+
host : str
|
|
132
|
+
The host of the Databricks account or workspace.
|
|
133
|
+
id_token_source : IdTokenSource
|
|
134
|
+
IDTokenSource that returns the IDToken to be used for the token exchange.
|
|
135
|
+
token_endpoint_provider : Callable[[], dict]
|
|
136
|
+
Returns the token endpoint for the Databricks OIDC application.
|
|
137
|
+
client_id : Optional[str], optional
|
|
138
|
+
ClientID of the Databricks OIDC application. It corresponds to the
|
|
139
|
+
Application ID of the Databricks Service Principal. Only required for
|
|
140
|
+
Workload Identity Federation and should be empty for Account-wide token
|
|
141
|
+
federation.
|
|
142
|
+
account_id : Optional[str], optional
|
|
143
|
+
The account ID of the Databricks Account. Only required for
|
|
144
|
+
Account-wide token federation.
|
|
145
|
+
audience : Optional[str], optional
|
|
146
|
+
The audience of the Databricks OIDC application. Only used for
|
|
147
|
+
Workspace level tokens.
|
|
148
|
+
"""
|
|
149
|
+
|
|
150
|
+
def __init__(
|
|
151
|
+
self,
|
|
152
|
+
host: str,
|
|
153
|
+
token_endpoint: str,
|
|
154
|
+
id_token_source: IdTokenSource,
|
|
155
|
+
client_id: Optional[str] = None,
|
|
156
|
+
account_id: Optional[str] = None,
|
|
157
|
+
audience: Optional[str] = None,
|
|
158
|
+
disable_async: bool = False,
|
|
159
|
+
):
|
|
160
|
+
self._host = host
|
|
161
|
+
self._id_token_source = id_token_source
|
|
162
|
+
self._token_endpoint = token_endpoint
|
|
163
|
+
self._client_id = client_id
|
|
164
|
+
self._account_id = account_id
|
|
165
|
+
self._audience = audience
|
|
166
|
+
self._disable_async = disable_async
|
|
167
|
+
|
|
168
|
+
def token(self) -> oauth.Token:
|
|
169
|
+
"""Get a token by exchanging the ID token.
|
|
170
|
+
|
|
171
|
+
Returns
|
|
172
|
+
-------
|
|
173
|
+
dict
|
|
174
|
+
The exchanged token.
|
|
175
|
+
|
|
176
|
+
Raises
|
|
177
|
+
------
|
|
178
|
+
ValueError
|
|
179
|
+
If the host is missing or other configuration errors occur.
|
|
180
|
+
"""
|
|
181
|
+
if not self._host:
|
|
182
|
+
logger.debug("Missing Host")
|
|
183
|
+
raise ValueError("missing Host")
|
|
184
|
+
|
|
185
|
+
if not self._client_id:
|
|
186
|
+
logger.debug("No ClientID provided, authenticating with Account-wide token federation")
|
|
187
|
+
else:
|
|
188
|
+
logger.debug("Client ID provided, authenticating with Workload Identity Federation")
|
|
189
|
+
|
|
190
|
+
id_token = self._id_token_source.id_token()
|
|
191
|
+
|
|
192
|
+
client = oauth.ClientCredentials(
|
|
193
|
+
client_id=self._client_id,
|
|
194
|
+
client_secret="", # we have no (rotatable) secrets in OIDC flow
|
|
195
|
+
token_url=self._token_endpoint,
|
|
196
|
+
endpoint_params={
|
|
197
|
+
"subject_token_type": "urn:ietf:params:oauth:token-type:jwt",
|
|
198
|
+
"subject_token": id_token,
|
|
199
|
+
"grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
|
|
200
|
+
},
|
|
201
|
+
scopes=["all-apis"],
|
|
202
|
+
use_params=True,
|
|
203
|
+
disable_async=self._disable_async,
|
|
204
|
+
)
|
|
205
|
+
|
|
206
|
+
return client.token()
|
databricks/sdk/version.py
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
__version__ = "0.
|
|
1
|
+
__version__ = "0.55.0"
|
|
@@ -1,22 +1,23 @@
|
|
|
1
1
|
databricks/__init__.py,sha256=CF2MJcZFwbpn9TwQER8qnCDhkPooBGQNVkX4v7g6p3g,537
|
|
2
|
-
databricks/sdk/__init__.py,sha256=
|
|
2
|
+
databricks/sdk/__init__.py,sha256=lliePy2zXmwEuf6KYDV6LjEl3ehc-SwCCZNvipK0xtg,57869
|
|
3
3
|
databricks/sdk/_base_client.py,sha256=IMHtzC5BhWt-lBVjifewR1Ah5fegGDMv0__-O1hCxWI,15850
|
|
4
4
|
databricks/sdk/_property.py,sha256=ccbxhkXZmZOxbx2sqKMTzhVZDuvWXG0WPHFRgac6JAM,1701
|
|
5
5
|
databricks/sdk/azure.py,sha256=sN_ARpmP9h1JovtiHIsDLtrVQP_K11eNDDtHS6PD19k,1015
|
|
6
6
|
databricks/sdk/casing.py,sha256=gZy-FlI7og5WNVX88Vb_7S1WeInwJLGws80CGj_9s48,1137
|
|
7
7
|
databricks/sdk/clock.py,sha256=Ivlow0r_TkXcTJ8UXkxSA0czKrY0GvwHAeOvjPkJnAQ,1360
|
|
8
|
-
databricks/sdk/config.py,sha256=
|
|
8
|
+
databricks/sdk/config.py,sha256=rebzZAw0aMSxSwBeXKsF2VE9X_Y33Kjvcd1PO-5wgc4,23401
|
|
9
9
|
databricks/sdk/core.py,sha256=6lsRl6BL3pLgqMMVFrOnQsx-RxxaJJL_Gt2jJfWUovs,3724
|
|
10
|
-
databricks/sdk/credentials_provider.py,sha256=
|
|
10
|
+
databricks/sdk/credentials_provider.py,sha256=9_P3N52S87xPwI_yUSajnT49--kJWLhKCoHpn5Dwzps,41305
|
|
11
11
|
databricks/sdk/data_plane.py,sha256=br5IPnOdE611IBubxP8xkUR9_qzbSRSYyVWSua6znWs,3109
|
|
12
12
|
databricks/sdk/dbutils.py,sha256=PoDIwNAYGZhVZC7krox7tsudUDNVSk0gsFjFWlKJXVk,15753
|
|
13
13
|
databricks/sdk/environments.py,sha256=9eVeb68cksqY2Lqwth2PJNmK0JEGdIjh-ebrrmUbqCc,3963
|
|
14
|
-
databricks/sdk/oauth.py,sha256=
|
|
14
|
+
databricks/sdk/oauth.py,sha256=wOcZVfi-Jd83XQDW1rbDIJbxFqJOjaeTSlUgQYD8VWQ,28406
|
|
15
|
+
databricks/sdk/oidc.py,sha256=A9umMkfnL-Nwfw2GljGxqTtkz7PjMTzltGaeckfrvT4,5749
|
|
15
16
|
databricks/sdk/oidc_token_supplier.py,sha256=QrO6J0QY4yFfcdQDL5h2OfxMxvBZJPtPmPeqLbPJ5Xw,1065
|
|
16
17
|
databricks/sdk/py.typed,sha256=pSvaHpbY1UPNEXyVFUjlgBhjPFZMmVC_UNrPC7eMOHI,74
|
|
17
18
|
databricks/sdk/retries.py,sha256=7k2kEexGqGKXHNAWHbPFSZSugU8UIU0qtyly_hix22Q,2581
|
|
18
19
|
databricks/sdk/useragent.py,sha256=boEgzTv-Zmo6boipZKjSopNy0CXg4GShC1_lTKpJgqs,7361
|
|
19
|
-
databricks/sdk/version.py,sha256=
|
|
20
|
+
databricks/sdk/version.py,sha256=UQLHFqXC6UhDcoKB4MFAazCsPAeQEfBN68BEvb4D2Tk,23
|
|
20
21
|
databricks/sdk/_widgets/__init__.py,sha256=VhI-VvLlr3rKUT1nbROslHJIbmZX_tPJ9rRhrdFsYUA,2811
|
|
21
22
|
databricks/sdk/_widgets/default_widgets_utils.py,sha256=_hwCbptLbRzWEmknco0H1wQNAYcuy2pjFO9NiRbvFeo,1127
|
|
22
23
|
databricks/sdk/_widgets/ipywidgets_utils.py,sha256=mg3rEPG9z76e0yVjGgcLybUvd_zSuN5ziGeKiZ-c8Ew,2927
|
|
@@ -63,9 +64,9 @@ databricks/sdk/service/sharing.py,sha256=i7d5ggmOnHJ2gVp4PfPmf14M-AUDRIU-XZb4Sqk
|
|
|
63
64
|
databricks/sdk/service/sql.py,sha256=v6uspo4o0VoUW0T2eHhPDlJYeYah1vhR_WMxVwEhu2Y,442747
|
|
64
65
|
databricks/sdk/service/vectorsearch.py,sha256=Y1yUJwoY7rg6HWKh7_90aJzIWNiWEG2WUw0i1n3KH7I,86701
|
|
65
66
|
databricks/sdk/service/workspace.py,sha256=T0ZbnG1qcPjKysGO_tBzl5x1PyalydeYJRBZbooYNm0,130893
|
|
66
|
-
databricks_sdk-0.
|
|
67
|
-
databricks_sdk-0.
|
|
68
|
-
databricks_sdk-0.
|
|
69
|
-
databricks_sdk-0.
|
|
70
|
-
databricks_sdk-0.
|
|
71
|
-
databricks_sdk-0.
|
|
67
|
+
databricks_sdk-0.55.0.dist-info/licenses/LICENSE,sha256=afBgTZo-JsYqj4VOjnejBetMuHKcFR30YobDdpVFkqY,11411
|
|
68
|
+
databricks_sdk-0.55.0.dist-info/licenses/NOTICE,sha256=tkRcQYA1k68wDLcnOWbg2xJDsUOJw8G8DGBhb8dnI3w,1588
|
|
69
|
+
databricks_sdk-0.55.0.dist-info/METADATA,sha256=ufiMw6V7EtmZD-5ZuCoanbezk94CfykKLbtNASbNFDI,39397
|
|
70
|
+
databricks_sdk-0.55.0.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
|
|
71
|
+
databricks_sdk-0.55.0.dist-info/top_level.txt,sha256=7kRdatoSgU0EUurRQJ_3F1Nv4EOSHWAr6ng25tJOJKU,11
|
|
72
|
+
databricks_sdk-0.55.0.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
|
File without changes
|