Skip to content

Add text output mode for auth token and auth env#4725

Open
simonfaltum wants to merge 8 commits intomainfrom
simonfaltum/auth-text-output
Open

Add text output mode for auth token and auth env#4725
simonfaltum wants to merge 8 commits intomainfrom
simonfaltum/auth-text-output

Conversation

@simonfaltum
Copy link
Member

@simonfaltum simonfaltum commented Mar 12, 2026
edited
Loading

Why

databricks auth token and databricks auth env always output JSON, ignoring the --output flag. Users who want to pipe the token string or source env vars have to parse JSON first.

Changes

Before: Both commands always output JSON regardless of the --output flag.
Now: Both commands respect --output text when explicitly set:

  • auth token --output text: outputs just the access token string, suitable for piping
  • auth env --output text: outputs KEY=VALUE lines, compatible with .env loaders and eval

JSON remains the default (backward compatible). Text mode activates only when the user explicitly passes --output text.

Test plan

  • Unit tests for both commands in text and JSON modes
  • Unit test for backward compatibility (no explicit --output keeps JSON)
  • Unit test for value quoting in auth env text mode
  • make checks passes

@simonfaltum
Add text output mode for auth token and auth env commands
ce79a10 
Both commands now respect --output text when explicitly set:
- auth token --output text: outputs just the access token string
- auth env --output text: outputs KEY=VALUE lines

JSON remains the default for backward compatibility.

Co-authored-by: Isaac
@eng-dev-ecosystem-bot
Copy link
Collaborator

eng-dev-ecosystem-bot commented Mar 12, 2026
edited
Loading

Commit: 23d833e

Run: 23112586763

Env 🔄​flaky 💚​RECOVERED 🙈​SKIP ✅​pass 🙈​skip Time
🔄​ aws linux 2 6 7 268 787 7:28
💚​ aws windows 8 7 270 785 6:10
🔄​ aws-ucws linux 2 7 7 364 702 7:26
🔄​ aws-ucws windows 2 7 7 366 700 6:56
💚​ azure linux 2 9 271 785 6:16
💚​ azure windows 2 9 273 783 5:10
💚​ azure-ucws linux 2 9 370 698 7:26
🔄​ azure-ucws windows 2 1 9 371 696 6:39
💚​ gcp linux 2 9 267 788 5:29
💚​ gcp windows 2 9 269 786 5:23
16 interesting tests: 7 SKIP, 6 RECOVERED, 3 flaky
Test Name aws linux aws windows aws-ucws linux aws-ucws windows azure linux azure windows azure-ucws linux azure-ucws windows gcp linux gcp windows
🔄​ TestAccept 🔄​f 💚​R 💚​R 🔄​f 💚​R 💚​R 💚​R 🔄​f 💚​R 💚​R
🙈​ TestAccept/bundle/resources/permissions 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
💚​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions 💚​R 💚​R 💚​R 💚​R 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
💚​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions/DATABRICKS_BUNDLE_ENGINE=direct 💚​R 💚​R 💚​R 💚​R
💚​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions/DATABRICKS_BUNDLE_ENGINE=terraform 💚​R 💚​R 💚​R 💚​R
💚​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions 💚​R 💚​R 💚​R 💚​R 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
💚​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions/DATABRICKS_BUNDLE_ENGINE=direct 💚​R 💚​R 💚​R 💚​R
💚​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions/DATABRICKS_BUNDLE_ENGINE=terraform 💚​R 💚​R 💚​R 💚​R
🙈​ TestAccept/bundle/resources/postgres_branches/basic 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/recreate 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/update_protected 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/without_branch_id 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_endpoints/recreate 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/synced_database_tables/basic 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🔄​ TestAccept/ssh/connect-serverless-gpu 🙈​s 🙈​s 🔄​f 🔄​f 🙈​s 🙈​s ✅​p 🔄​f 🙈​s 🙈​s
🔄​ TestAccept/ssh/connection 🔄​f 💚​R 🔄​f 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R
Top 21 slowest tests (at least 2 minutes):
duration env testname
3:49 gcp windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:38 azure-ucws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:19 azure-ucws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:18 aws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:17 gcp linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:09 aws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:08 aws-ucws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:02 gcp linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:46 aws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:42 azure windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:41 aws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:40 azure windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:40 aws-ucws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:39 azure linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:36 gcp windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:33 aws-ucws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:19 azure-ucws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:15 azure linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:09 azure-ucws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:09 aws linux TestSecretsPutSecretStringValue
2:04 aws-ucws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform

@simonfaltum simonfaltum marked this pull request as ready for review March 13, 2026 10:59
shreyas-goenka
shreyas-goenka reviewed Mar 13, 2026
View reviewed changes
Copy link
Contributor

@shreyas-goenka shreyas-goenka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note: This review was posted by Claude (AI assistant). Shreyas will do a separate, more thorough review pass.

Priority: MEDIUM — Env var inconsistency needs a decision

HIGH: DATABRICKS_OUTPUT_FORMAT env var silently ignored

Both auth token and auth env commands use cmd.Flag("output").Changed to detect text mode, which means the DATABRICKS_OUTPUT_FORMAT=text env var is ignored. This is inconsistent with the rest of the CLI where the env var is a first-class way to set output format. The guard exists because these commands have an inverted default (JSON by default, unlike other commands), so without it the default behavior would break. A decision is needed on whether the env var should be honored here.

MEDIUM: Shell quoting not fully .env-file compatible

The quoteEnvValue function uses POSIX shell single-quote escaping ('\''), but the PR description claims ".env loader" compatibility. Most .env parsers (Docker, python-dotenv) use different quoting rules. Only eval usage is truly compatible.

LOW: Doc comment typo

quoteEnvValue doc references '\" but code does '\''.

What looks good

  • Backward compatibility preserved (JSON remains default)
  • collectEnvVars extraction reduces duplication
  • Clean text output formatting

@simonfaltum
Fix quoteEnvValue doc comment to match actual behavior
0c68a51 
The comment referenced the '\" escape sequence, but the code
actually uses the POSIX '\'' sequence (end-quote, backslash-escaped
literal single quote, re-open quote).
@simonfaltum
Fix quoteEnvValue to treat newline and carriage return as shell-speci…
a6000ec 
…al characters

Values containing \n or \r were emitted unquoted, producing raw multi-line
shell output instead of a single safe KEY=VALUE pair. Add both characters
to shellQuotedSpecialChars so they trigger single-quoting.
shreyas-goenka
shreyas-goenka reviewed Mar 19, 2026
View reviewed changes
cmd/auth/env.go

// collectEnvVars returns the environment variables for the given config
// as a map from env var name to value.
func collectEnvVars(cfg *config.Config) map[string]string {
Copy link
Contributor

@shreyas-goenka shreyas-goenka Mar 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have the auth.Env and auth.ProcessEnv functions. Worth looking into using those.

This command in general is pretty old and is also useless. It only returns the env corresponding to a profile. We should be able to make it more general i.e. return the env vars I need to set, to authenticate the same as the current CLI context.

I think a breaking change is pretty justified here (after double checking once with the usage numbers)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shreyas-goenka shreyas-goenka shreyas-goenka left review comments

@andrewnester andrewnester Awaiting requested review from andrewnester andrewnester is a code owner

@anton-107 anton-107 Awaiting requested review from anton-107 anton-107 is a code owner

@denik denik Awaiting requested review from denik denik is a code owner

@pietern pietern Awaiting requested review from pietern pietern is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@simonfaltum @eng-dev-ecosystem-bot @shreyas-goenka