Add more detailed error message on default credentials not found error #419
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
edwardfeng-db
force-pushed
the
default-credential-error-message
branch
3 times, most recently
from
75165de to
c9472a6
Compare
edwardfeng-db
commented
Nov 2, 2023
databricks/sdk/core.py
Outdated
| elif self._credentials_provider.auth_type() == "default": | ||
| # Empty debug string when auth type is default means we are likely missing some files or environment variables. Add a debug string to make it easier to understand. | ||
| default_auth_prompt = "Please check https://github.com/databricks/databricks-sdk-py/tree/main#default-authentication-flow to configure credentials for your preferred authentication method." | ||
| message = f'{message.rstrip(".")}. {default_auth_prompt}' |
There was a problem hiding this comment.
Added this prompt for cases that debug string is empty while using default auth.
There was a problem hiding this comment.
I think this is great, but can we add it inside of the ValueError raised by DefaultCredentials when this issue arises instead? This function is called whenever logging any error, including non-auth-related errors, but the cue to look at the reference docs for unified auth should only be presented when the default credential provider fails.
mgyucht
reviewed
Nov 2, 2023
databricks/sdk/core.py
Outdated
| elif self._credentials_provider.auth_type() == "default": | ||
| # Empty debug string when auth type is default means we are likely missing some files or environment variables. Add a debug string to make it easier to understand. | ||
| default_auth_prompt = "Please check https://github.com/databricks/databricks-sdk-py/tree/main#default-authentication-flow to configure credentials for your preferred authentication method." | ||
| message = f'{message.rstrip(".")}. {default_auth_prompt}' |
There was a problem hiding this comment.
I think this is great, but can we add it inside of the ValueError raised by DefaultCredentials when this issue arises instead? This function is called whenever logging any error, including non-auth-related errors, but the cue to look at the reference docs for unified auth should only be presented when the default credential provider fails.
mgyucht
changed the title
edwardfeng-db
force-pushed
the
default-credential-error-message
branch
from
c9472a6 to
b1cba9b
Compare
mgyucht
approved these changes
Nov 2, 2023
There was a problem hiding this comment.
Basically LGTM. My only question is whether you think it may be better to refer to our public docs (https://docs.databricks.com/en/dev-tools/auth.html#databricks-client-unified-authentication) or our repo's docs. To be honest, to eliminate having two different doc sources for the SDK, it might be better to link to public docs and later remove some of the documentation from the SDK README.md. What do you think?
Codecov ReportAll modified and coverable lines are covered by tests ✅
📢 Thoughts on this report? Let us know!. |
tanmay-db
reviewed
Nov 2, 2023
tests/test_auth.py
Outdated
| @@ -4,19 +4,20 @@ | |||
|
|
|||
| from .conftest import __tests__, raises | |||
|
|
|||
| default_auth_base_error_message = "default auth: cannot configure default credentials, please check https://github.com/databricks/databricks-sdk-py/tree/main#default-authentication-flow to configure credentials for your preferred authentication method" | |||
There was a problem hiding this comment.
Thanks for the PR. I think @hectorcast-db was working on better handling, not sure if there are intersections but mentioning for viz.
Also, if going ahead with this, we would have to do this change in all SDKs for consistency.
There was a problem hiding this comment.
I was trying to fix the error messages coming from the API to us (which we display to the users). There are probably cases were both messages are displayed, but in general is a different error message.
edwardfeng-db
force-pushed
the
default-credential-error-message
branch
2 times, most recently
from
758f29f to
d4fb086
Compare
edwardfeng-db
force-pushed
the
default-credential-error-message
branch
from
d4fb086 to
29fdf28
Compare
3 tasks
github-merge-queue bot
pushed a commit
to databricks/databricks-sdk-go
that referenced
this pull request
Nov 6, 2023
#679) ## Changes <!-- Summary of your changes that are easy to understand --> - Added more detailed error message for default credentials not found error - found the original error message was a bit difficult to follow / understand - To keep consistency with the python sdk as change introduced here databricks/databricks-sdk-py#419 ## Tests <!-- How is this tested? Please see the checklist below and also describe any other relevant tests --> - [ ] `make test` passing - [ ] `make fmt` applied - [ ] relevant integration tests applied
mgyucht
added a commit
that referenced
this pull request
Nov 14, 2023
* Introduce more specific exceptions, like `NotFound`, `AlreadyExists`, `BadRequest`, `PermissionDenied`, `InternalError`, and others ([#376](#376)). This makes it easier to handle errors thrown by the Databricks API. Instead of catching `DatabricksError` and checking the error_code field, you can catch one of these subtypes of `DatabricksError`, which is more ergonomic and removes the need to rethrow exceptions that you don't want to catch. For example: ```python try: return (self._ws .permissions .get(object_type, object_id)) except DatabricksError as e: if e.error_code in [ "RESOURCE_DOES_NOT_EXIST", "RESOURCE_NOT_FOUND", "PERMISSION_DENIED", "FEATURE_DISABLED", "BAD_REQUEST"]: logger.warning(...) return None raise RetryableError(...) from e ``` can be replaced with ```python try: return (self._ws .permissions .get(object_type, object_id)) except PermissionDenied, FeatureDisabled: logger.warning(...) return None except NotFound: raise RetryableError(...) ``` * Paginate all SCIM list requests in the SDK ([#440](#440)). This change ensures that SCIM list() APIs use a default limit of 100 resources, leveraging SCIM's offset + limit pagination to batch requests to the Databricks API. * Added taskValues support in remoteDbUtils ([#406](#406)). * Added more detailed error message on default credentials not found error ([#419](#419)). * Request management token via Azure CLI only for Service Principals and not human users ([#408](#408)). API Changes: * Fixed `create()` method for [w.functions](https://databricks-sdk-py.readthedocs.io/en/latest/workspace/functions.html) workspace-level service and corresponding `databricks.sdk.service.catalog.CreateFunction` and `databricks.sdk.service.catalog.FunctionInfo` dataclasses. * Changed `create()` method for [w.metastores](https://databricks-sdk-py.readthedocs.io/en/latest/workspace/metastores.html) workspace-level service with new required argument order. * Changed `storage_root` field for `databricks.sdk.service.catalog.CreateMetastore` to be optional. * Added `skip_validation` field for `databricks.sdk.service.catalog.UpdateExternalLocation`. * Added `libraries` field for `databricks.sdk.service.compute.CreatePolicy`, `databricks.sdk.service.compute.EditPolicy` and `databricks.sdk.service.compute.Policy`. * Added `init_scripts` field for `databricks.sdk.service.compute.EventDetails`. * Added `file` field for `databricks.sdk.service.compute.InitScriptInfo`. * Added `zone_id` field for `databricks.sdk.service.compute.InstancePoolGcpAttributes`. * Added several dataclasses related to init scripts. * Added `databricks.sdk.service.compute.LocalFileInfo` dataclass. * Replaced `ui_state` field with `edit_mode` for `databricks.sdk.service.jobs.CreateJob` and `databricks.sdk.service.jobs.JobSettings`. * Replaced `databricks.sdk.service.jobs.CreateJobUiState` dataclass with `databricks.sdk.service.jobs.CreateJobEditMode`. * Added `include_resolved_values` field for `databricks.sdk.service.jobs.GetRunRequest`. * Replaced `databricks.sdk.service.jobs.JobSettingsUiState` dataclass with `databricks.sdk.service.jobs.JobSettingsEditMode`. * Removed [a.o_auth_enrollment](https://databricks-sdk-py.readthedocs.io/en/latest/account/o_auth_enrollment.html) account-level service. This was only used to aid in OAuth enablement during the public preview of OAuth. OAuth is now enabled for all AWS E2 accounts, so usage of this API is no longer needed. * Added `network_connectivity_config_id` field for `databricks.sdk.service.provisioning.UpdateWorkspaceRequest`. * Added [a.network_connectivity](https://databricks-sdk-py.readthedocs.io/en/latest/account/network_connectivity.html) account-level service. * Added `string_shared_as` field for `databricks.sdk.service.sharing.SharedDataObject`. Internal changes: * Added regression question to issue template ([#414](#414)). * Made test_auth no longer fail if you have a default profile setup ([#426](#426)). OpenAPI SHA: d136ad0541f036372601bad9a4382db06c3c912d, Date: 2023-11-14
Merged
github-merge-queue bot
pushed a commit
that referenced
this pull request
Nov 14, 2023
* Introduce more specific exceptions, like `NotFound`, `AlreadyExists`, `BadRequest`, `PermissionDenied`, `InternalError`, and others ([#376](#376)). This makes it easier to handle errors thrown by the Databricks API. Instead of catching `DatabricksError` and checking the error_code field, you can catch one of these subtypes of `DatabricksError`, which is more ergonomic and removes the need to rethrow exceptions that you don't want to catch. For example: ```python try: return (self._ws .permissions .get(object_type, object_id)) except DatabricksError as e: if e.error_code in [ "RESOURCE_DOES_NOT_EXIST", "RESOURCE_NOT_FOUND", "PERMISSION_DENIED", "FEATURE_DISABLED", "BAD_REQUEST"]: logger.warning(...) return None raise RetryableError(...) from e ``` can be replaced with ```python try: return (self._ws .permissions .get(object_type, object_id)) except PermissionDenied, FeatureDisabled: logger.warning(...) return None except NotFound: raise RetryableError(...) ``` * Paginate all SCIM list requests in the SDK ([#440](#440)). This change ensures that SCIM list() APIs use a default limit of 100 resources, leveraging SCIM's offset + limit pagination to batch requests to the Databricks API. * Added taskValues support in remoteDbUtils ([#406](#406)). * Added more detailed error message on default credentials not found error ([#419](#419)). * Request management token via Azure CLI only for Service Principals and not human users ([#408](#408)). API Changes: * Fixed `create()` method for [w.functions](https://databricks-sdk-py.readthedocs.io/en/latest/workspace/functions.html) workspace-level service and corresponding `databricks.sdk.service.catalog.CreateFunction` and `databricks.sdk.service.catalog.FunctionInfo` dataclasses. * Changed `create()` method for [w.metastores](https://databricks-sdk-py.readthedocs.io/en/latest/workspace/metastores.html) workspace-level service with new required argument order. * Changed `storage_root` field for `databricks.sdk.service.catalog.CreateMetastore` to be optional. * Added `skip_validation` field for `databricks.sdk.service.catalog.UpdateExternalLocation`. * Added `libraries` field for `databricks.sdk.service.compute.CreatePolicy`, `databricks.sdk.service.compute.EditPolicy` and `databricks.sdk.service.compute.Policy`. * Added `init_scripts` field for `databricks.sdk.service.compute.EventDetails`. * Added `file` field for `databricks.sdk.service.compute.InitScriptInfo`. * Added `zone_id` field for `databricks.sdk.service.compute.InstancePoolGcpAttributes`. * Added several dataclasses related to init scripts. * Added `databricks.sdk.service.compute.LocalFileInfo` dataclass. * Replaced `ui_state` field with `edit_mode` for `databricks.sdk.service.jobs.CreateJob` and `databricks.sdk.service.jobs.JobSettings`. * Replaced `databricks.sdk.service.jobs.CreateJobUiState` dataclass with `databricks.sdk.service.jobs.CreateJobEditMode`. * Added `include_resolved_values` field for `databricks.sdk.service.jobs.GetRunRequest`. * Replaced `databricks.sdk.service.jobs.JobSettingsUiState` dataclass with `databricks.sdk.service.jobs.JobSettingsEditMode`. * Removed [a.o_auth_enrollment](https://databricks-sdk-py.readthedocs.io/en/latest/account/o_auth_enrollment.html) account-level service. This was only used to aid in OAuth enablement during the public preview of OAuth. OAuth is now enabled for all AWS E2 accounts, so usage of this API is no longer needed. * Added `network_connectivity_config_id` field for `databricks.sdk.service.provisioning.UpdateWorkspaceRequest`. * Added [a.network_connectivity](https://databricks-sdk-py.readthedocs.io/en/latest/account/network_connectivity.html) account-level service. * Added `string_shared_as` field for `databricks.sdk.service.sharing.SharedDataObject`. Internal changes: * Added regression question to issue template ([#414](#414)). * Made test_auth no longer fail if you have a default profile setup ([#426](#426)). OpenAPI SHA: d136ad0541f036372601bad9a4382db06c3c912d, Date: 2023-11-14
github-merge-queue bot
pushed a commit
to databricks/databricks-sdk-java
that referenced
this pull request
Nov 15, 2023
#180) ## Changes <!-- Summary of your changes that are easy to understand --> - Added more detailed error message for default credentials not found error - found the original error message was a bit difficult to follow / understand - To keep consistency with the python sdk as change introduced here databricks/databricks-sdk-py#419 ## Tests <!-- How is this tested? -->
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes
Tests
Not quite sure if I need to do anything special if CI checks passed.
Manually tried using default auth locally without
.databrickscfgfile, verified that the prompt is printed outmake testrun locallymake fmtapplied