Commit Graph

9 Commits

Author SHA1 Message Date
Evan
910e79dd8c fix(databricks): correct OAuth2 trigger and derive endpoints from workspace host
Addresses review feedback on the Databricks OAuth2 flow:

- `oauth2_exception` was set to `OAuth2RedirectError` (Superset's own redirect
  signal, also the base default), so `needs_oauth2()` never matched a real
  Databricks token failure and the dance never auto-started. The driver has no
  dedicated auth exception, so detect auth failures from the error message
  instead (mirrors `GSheetsEngineSpec.needs_oauth2`).

- The per-cloud endpoint templates pointed Azure at Entra ID directly
  (`login.microsoftonline.com`) and required `account_id`/`tenant_id`
  substitution. Databricks fronts the U2M flow on every workspace at
  `https://<host>/oidc/v1/{authorize,token}` across AWS/Azure/GCP, so the
  authorization endpoint now derives from the workspace host with no account
  identifier. The token endpoint still requires explicit config (no DB context
  at exchange time); the error and docs now point at the workspace-host URL.

Shared OAuth logic is consolidated onto `DatabricksDynamicBaseEngineSpec`,
removing the duplicated overrides in both engine specs.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-27 21:33:16 -07:00
Evan
cb7d5c8847 docs(databricks): clarify token endpoint is not auto-detected
The authorization endpoint auto-resolves from the hostname, but the token
exchange has no database context, so token_request_uri must be supplied for
the auto-detected flow. Docs implied both endpoints auto-detect.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-27 21:33:16 -07:00
Evan Rusackas
ea1ba587f2 fix(databricks): resolve account_id in OAuth2 endpoints, preserve configured URIs
The per-cloud OAuth2 endpoint templates carry a `{}` placeholder for the
Databricks account id (or Azure tenant id) that was never substituted, so
auto-detected authorize/token URLs were emitted as `.../accounts/{}/v1/...`.
The authorization-URI methods also unconditionally overwrote a fully-resolved
`authorization_request_uri` supplied via DATABASE_OAUTH2_CLIENTS.

- Add `_resolve_oauth2_endpoint`: substitutes `account_id`/`tenant_id` from the
  database extra into the template, or raises OAuth2Error when absent instead of
  issuing a request to an unresolved endpoint.
- Preserve a configured `authorization_request_uri`; only auto-detect/resolve
  when none is set.
- `get_oauth2_token` has no database context to auto-detect, so fail fast on a
  missing `token_request_uri` rather than POST to `.../{}/v1/token`.
- Cover auto-detect/resolve, preserve-configured, and fail-fast paths for both
  the native and Python-connector specs; document `account_id`/`tenant_id`.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-27 21:33:16 -07:00
fabian_zse
1de21ec5c6 support all cloud providers 2026-06-27 21:33:15 -07:00
Fabian Halkivaha
2ed41ae8a6 fix docs slightly 2026-06-27 21:33:15 -07:00
fabian_zse
a0fdb2aa31 add databricks oauth support 2026-06-27 21:33:15 -07:00
Evan Rusackas
1b71c105b7 docs(meta-db): warn that SUPERSET_META_DB_LIMIT truncates tables before joins (#41302)
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-23 14:29:44 -04:00
Evan Rusackas
6fa0b48752 docs: cut 6.1.0 versions for user_docs, admin_docs, developer_docs, components (#40126)
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-05-18 12:59:39 -07:00
Evan Rusackas
8a86ab7319 chore(docs): rename default docs plugin to user_docs for consistent versioned dir naming (#40171)
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-05-15 22:26:43 -07:00