Add support to authenticate with Account-wide token federation #1219
Conversation
renaudhartert-db
temporarily deployed
to
test-trigger-is
GitHub Actions
Inactive
|
If integration tests don't run automatically, an authorized user can run them manually by following the instructions below: Trigger: Inputs:
Checks will be approved automatically on success. |
renaudhartert-db
temporarily deployed
to
test-trigger-is
GitHub Actions
Inactive
| @@ -59,8 +62,17 @@ func (w *databricksOIDCTokenSource) Token(ctx context.Context) (*oauth2.Token, e | |||
| if err != nil { | |||
| return nil, err | |||
| } | |||
|
|
|||
| if w.cfg.ClientID == "" { | |||
There was a problem hiding this comment.
This is more of a question than a comment: Should account-wide token federation also be added to the Java SDK? Currently, ClientID is not an optional field in the Java SDK.
There was a problem hiding this comment.
Good question! Yes, we will have to add that in the Java SDK too.
renaudhartert-db
changed the title
| - Add support to authenticate with Account-wide token federation from the | ||
| following auth methods: `env-oidc`, `file-oidc`, and `github-oidc`. |
There was a problem hiding this comment.
Do we document what is env-oidc and file-oidc somewhere?
There was a problem hiding this comment.
Not outside of the code as far as I can tell. Though, there is an ongoing effort to document these centrally.
What changes are proposed in this pull request?
This PR adds support to authenticate with Account-wide token federation from the following auth methods:
env-oidc,file-oidc, andgithub-oidc.The PR also slightly re-organize the code by moving the OIDC token source and Github IDTokenSource in the
oidcpackage.How is this tested?
Unit test + local validation.