databricks-sdk-go icon indicating copy to clipboard operation
databricks-sdk-go copied to clipboard

Published 20 hours ago verified publisher icon databricks

Support Databricks Workload Identity Federation for GitHub tokens

Open hectorcast-db opened this issue 8 months ago • 1 comments
trafficstars

What changes are proposed in this pull request?

This PR adds support for Databricks Workload Identity Federation using GitHub tokens. This allows users to use WIF from their GitHub Workflows and authenticate their workloads without long lived secrets.

This new credentials strategy is added to the DefaultCredentialsStrategy after the other Databricks Credentials Strategy and before cloud specific authentication methods. WIF credentials uses a subset of configuration values of other Databricks authentication methods. By being added after them it ensures that WIF is not used when other Databricks authentication methods are configured. WIF uses the Databricks client id, which is not used by cloud specific authentication methods. Therefore, it will not be used when cloud specific authentication methods are configured.

How is this tested?

Added tests.

hectorcast-db avatar Mar 18 '25 11:03 hectorcast-db