Enrich 401/403 errors with auth identity context by simonfaltum · Pull Request #4576 · databricks/cli

simonfaltum · 2026-02-23T13:45:31Z

Why

When CLI commands fail with 401 (unauthorized) or 403 (forbidden), the error message shows only the raw API error (e.g., PERMISSION_DENIED: ...) with no indication of which profile, host, or auth method was used. This makes debugging auth issues unnecessarily difficult — the first thing users and support ask is "which identity am I using?"

Changes

libs/auth/error.go — New EnrichAuthError function that detects apierr.APIError with status 401 or 403 and appends:
- Identity context: profile, host, auth type (each omitted if empty)
- Auth-type-aware remediation steps (OAuth → auth login, PAT → regenerate token, Azure CLI → az login, M2M → check credentials, etc.)
- auth describe command with correct flags for workspace/account/unified contexts (including --workspace-id)
- Profile nudge when using env-var-based auth
libs/auth/error.go — New BuildDescribeCommand that builds databricks auth describe flags directly from *config.Config (avoids information loss from OAuthArgument conversion, e.g., workspace-id)
cmd/root/root.go — Call EnrichAuthError in the centralized Execute error path, gated on cmdctx.HasConfigUsed. Covers both client creation errors (PersistentPreRunE) and command execution errors (RunE)
acceptance/workspace/jobs/create-error/output.txt — Regenerated golden file

Scope limitations

Commands that bypass MustWorkspaceClient/MustAccountClient and don't call SetConfigUsed (e.g., databricks api) won't get enrichment. This can be addressed in a follow-up.

Example output

better-auth-debugging-errors.mov

403 with profile:

Error: PERMISSION_DENIED: User does not have permission.

Profile:   my-profile
Host:      https://myworkspace.cloud.databricks.com
Auth type: pat

Next steps:
  - Verify you have the required permissions for this operation
  - Check your identity: databricks auth describe --profile my-profile

401 without profile (env var auth):

Error: UNAUTHENTICATED: Token expired.

Host:      https://myworkspace.cloud.databricks.com
Auth type: pat

Next steps:
  - Regenerate your access token
  - Check your identity: databricks auth describe --host https://myworkspace.cloud.databricks.com
  - Consider configuring a profile: databricks configure --profile <name>

Test plan

Automated

go test ./libs/auth/... — unit tests for EnrichAuthError, BuildDescribeCommand, error preservation, all auth types, unified host workspace-id
go test ./cmd/root/... — integration tests for Execute wiring (with ConfigUsed, without, ErrAlreadyPrinted)
go test ./acceptance -run TestAccept/workspace/jobs/create-error — acceptance test with updated golden file
make checks — whitespace, tidy, links

Manual testing

Force a 401 (expired/invalid token):

# Option A: Set a bogus token via env vars (no profile)
DATABRICKS_HOST=https://<your-workspace>.cloud.databricks.com \
DATABRICKS_TOKEN=invalid-token-abc123 \
/tmp/databricks-test clusters list

# Option B: Create a profile with a bad token
cat >> ~/.databrickscfg << 'EOF'

[bad-token-test]
host = https://<your-workspace>.cloud.databricks.com
token = dapi_invalid_token_for_testing
EOF

/tmp/databricks-test clusters list --profile bad-token-test

# Clean up after:
# Remove the [bad-token-test] section from ~/.databrickscfg

Verify non-auth errors are unaffected:

# A 404 should show no enrichment:
/tmp/databricks-test clusters get --cluster-id nonexistent-id --profile <your-profile>

When CLI commands fail with 401 (unauthorized) or 403 (forbidden), append profile, host, and auth type to the error message along with auth-type-aware remediation steps. This helps users quickly identify which identity is being used and how to fix the issue. The enrichment is applied in the centralized Execute error path so it covers both client creation and command execution errors. Commands that bypass MustWorkspaceClient/MustAccountClient (e.g., databricks api) are not enriched as they don't set ConfigUsed. Resolves DECO-26395.

- BuildDescribeCommand now takes *config.Config directly instead of OAuthArgument, so it can include --workspace-id for unified hosts. - For login re-auth hints on unified hosts, append --workspace-id after BuildLoginCommand when profile is not set. - Add cmd/root/root_test.go with integration tests for Execute wiring: with ConfigUsed + 403, without ConfigUsed, and ErrAlreadyPrinted.

- Remove redundant status code iterations in NonAuthStatusCode test (400, 404, 500 all hit the same path — one suffices) - Remove "empty config fields are omitted" test case — covered by "401 without profile" and "401 with unknown auth type" tests - Simplify Execute integration test to verify wiring only (check for "Next steps:") rather than re-testing enrichment content - Gate --account-id emission in BuildDescribeCommand on account or unified host types to avoid emitting it for workspace hosts

When cfg.Profile is set, BuildLoginCommand only uses --profile and ignores the OAuthArgument. Skip the ToOAuthArgument() conversion to avoid unnecessarily degrading to a bare "databricks auth login" fallback if the host happens to be malformed. Also fix the EnrichAuthError doc comment to accurately describe its behavior — it always returns a wrapped error for 401/403.

eng-dev-ecosystem-bot · 2026-02-23T13:55:21Z

Commit: 3ebd312

Run: 22323047095

	Env	🟨KNOWN	💚RECOVERED	🙈SKIP	✅pass	🙈skip	Time
🟨	aws linux	7	1	7	268	763	6:47
🟨	aws windows	7	1	7	270	761	5:48
💚	aws-ucws linux		8	7	364	679	7:03
💚	aws-ucws windows		8	7	366	677	4:16
💚	azure linux		2	9	271	761	7:23
💚	azure windows		2	9	273	759	5:56
💚	azure-ucws linux		2	9	369	675	8:28
💚	azure-ucws windows		2	9	371	673	5:23
💚	gcp linux		2	9	267	764	5:51
💚	gcp windows		2	9	269	762	4:59

15 interesting tests: 7 KNOWN, 7 SKIP, 1 RECOVERED

	Test Name	aws linux	aws windows	aws-ucws linux	aws-ucws windows	azure linux	azure windows	azure-ucws linux	azure-ucws windows	gcp linux	gcp windows
🟨	TestAccept	🟨K	🟨K	💚R	💚R	💚R	💚R	💚R	💚R	💚R	💚R
🙈	TestAccept/bundle/resources/permissions	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S
🟨	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions	🟨K	🟨K	💚R	💚R	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S
🟨	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions/DATABRICKS_BUNDLE_ENGINE=direct	🟨K	🟨K	💚R	💚R
🟨	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions/DATABRICKS_BUNDLE_ENGINE=terraform	🟨K	🟨K	💚R	💚R
🟨	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions	🟨K	🟨K	💚R	💚R	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S
🟨	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions/DATABRICKS_BUNDLE_ENGINE=direct	🟨K	🟨K	💚R	💚R
🟨	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions/DATABRICKS_BUNDLE_ENGINE=terraform	🟨K	🟨K	💚R	💚R
🙈	TestAccept/bundle/resources/postgres_branches/basic	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S
🙈	TestAccept/bundle/resources/postgres_branches/recreate	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S
🙈	TestAccept/bundle/resources/postgres_branches/update_protected	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S
🙈	TestAccept/bundle/resources/postgres_branches/without_branch_id	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S
🙈	TestAccept/bundle/resources/postgres_endpoints/recreate	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S
🙈	TestAccept/bundle/resources/synced_database_tables/basic	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S
💚	TestAccept/ssh/connection	💚R	💚R	💚R	💚R	💚R	💚R	💚R	💚R	💚R	💚R

Top 20 slowest tests (at least 2 minutes):

duration	env	testname
5:13	azure linux	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
4:38	azure-ucws linux	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
4:31	azure-ucws linux	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
4:14	azure windows	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
4:10	azure windows	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:42	azure linux	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:42	gcp linux	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:39	gcp windows	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:38	gcp linux	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:15	gcp windows	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:56	aws linux	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:56	aws-ucws windows	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:56	aws linux	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:53	aws windows	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:52	aws-ucws windows	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:48	aws windows	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:48	azure-ucws windows	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:47	aws-ucws linux	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:45	aws-ucws linux	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:44	azure-ucws windows	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct

- Replace fmt.Errorf with errors.New for static strings (perfsprint) - Replace require.True(errors.As(...)) with require.ErrorAs (testifylint)

- Add AuthTypeDisplayName mapping so error messages show "Personal Access Token (pat)" instead of raw "pat", etc. - Simplify BuildDescribeCommand to always emit bare "databricks auth describe" when no profile is set, since it resolves DATABRICKS_HOST/TOKEN env vars automatically. This avoids nudging users toward --host flags.

libs/auth/error.go

acceptance/workspace/jobs/create-error/output.txt

libs/auth/error_test.go

- Add constants for all auth types, not just the 5 used in switch - Use fmt.Fprint consistently instead of mixing with b.WriteString - Switch tests to exact output comparison (wantMsg + assert.Equal) instead of substring contains/notContain checks

eng-dev-ecosystem-bot · 2026-02-24T13:02:55Z

Commit: 61a1131

Run: 22348556743

	Env	❌FAIL	🟨KNOWN	🔄flaky	💚RECOVERED	🙈SKIP	✅pass	🙈skip	Time
❌	aws linux	3	7		1	7	490	718	57:25
🟨	aws windows		7		1	7	462	727	53:34
🟨	aws-ucws linux		10	2	14	1	755	568	98:43
🟨	aws-ucws windows		10	2	14	1	718	579	95:38
❌	azure linux	3	1		1	9	493	716	60:07
💚	azure windows				2	9	465	725	42:46
💚	azure-ucws linux				5	8	735	573	80:31
💚	azure-ucws windows				5	8	698	584	68:12
❌	gcp linux	3	1		1	9	473	725	59:37
💚	gcp windows				2	9	445	734	45:39

32 interesting tests: 16 KNOWN, 8 RECOVERED, 4 flaky, 3 FAIL, 1 SKIP

	Test Name	aws linux	aws windows	aws-ucws linux	aws-ucws windows	azure linux	azure windows	azure-ucws linux	azure-ucws windows	gcp linux	gcp windows
🟨	TestAccept	🟨K	🟨K	🟨K	🟨K	🟨K	💚R	💚R	💚R	🟨K	💚R
❌	TestAccept/bundle/config-remote-sync/multiple_resources	❌F	🙈s	✅p	🙈s	❌F	🙈s	✅p	🙈s	❌F	🙈s
❌	TestAccept/bundle/config-remote-sync/multiple_resources/DATABRICKS_BUNDLE_ENGINE=direct	❌F		✅p		❌F		✅p		❌F
❌	TestAccept/bundle/config-remote-sync/multiple_resources/DATABRICKS_BUNDLE_ENGINE=terraform	❌F		✅p		❌F		✅p		❌F
🙈	TestAccept/bundle/resources/permissions	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S
🟨	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions	🟨K	🟨K	💚R	💚R	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S
🟨	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions/DATABRICKS_BUNDLE_ENGINE=direct	🟨K	🟨K	💚R	💚R
🟨	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions/DATABRICKS_BUNDLE_ENGINE=terraform	🟨K	🟨K	💚R	💚R
🟨	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions	🟨K	🟨K	💚R	💚R	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S
🟨	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions/DATABRICKS_BUNDLE_ENGINE=direct	🟨K	🟨K	💚R	💚R
🟨	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions/DATABRICKS_BUNDLE_ENGINE=terraform	🟨K	🟨K	💚R	💚R
🟨	TestAccept/bundle/resources/postgres_branches/basic	🙈S	🙈S	🟨K	🟨K	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S
🟨	TestAccept/bundle/resources/postgres_branches/basic/DATABRICKS_BUNDLE_ENGINE=direct			🟨K	🟨K
🟨	TestAccept/bundle/resources/postgres_branches/basic/DATABRICKS_BUNDLE_ENGINE=terraform			🟨K	🟨K
🟨	TestAccept/bundle/resources/postgres_branches/recreate	🙈S	🙈S	🟨K	🟨K	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S
🟨	TestAccept/bundle/resources/postgres_branches/recreate/DATABRICKS_BUNDLE_ENGINE=direct			🟨K	🟨K
🟨	TestAccept/bundle/resources/postgres_branches/recreate/DATABRICKS_BUNDLE_ENGINE=terraform			🟨K	🟨K
🟨	TestAccept/bundle/resources/postgres_branches/update_protected	🙈S	🙈S	🟨K	🟨K	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S
🟨	TestAccept/bundle/resources/postgres_branches/update_protected/DATABRICKS_BUNDLE_ENGINE=direct			🟨K	🟨K
🟨	TestAccept/bundle/resources/postgres_branches/update_protected/DATABRICKS_BUNDLE_ENGINE=terraform			🟨K	🟨K
💚	TestAccept/bundle/resources/postgres_branches/without_branch_id	🙈S	🙈S	💚R	💚R	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S
💚	TestAccept/bundle/resources/postgres_branches/without_branch_id/DATABRICKS_BUNDLE_ENGINE=direct			💚R	💚R
💚	TestAccept/bundle/resources/postgres_branches/without_branch_id/DATABRICKS_BUNDLE_ENGINE=terraform			💚R	💚R
🔄	TestAccept/bundle/resources/postgres_endpoints/basic	🙈s	🙈s	✅p	🔄f	🙈s	🙈s	🙈s	🙈s	🙈s	🙈s
🔄	TestAccept/bundle/resources/postgres_endpoints/basic/DATABRICKS_BUNDLE_ENGINE=terraform			✅p	🔄f
💚	TestAccept/bundle/resources/postgres_endpoints/recreate	🙈S	🙈S	💚R	💚R	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S
🔄	TestAccept/bundle/resources/postgres_projects/recreate	🙈s	🙈s	🔄f	✅p	🙈s	🙈s	🙈s	🙈s	🙈s	🙈s
🔄	TestAccept/bundle/resources/postgres_projects/recreate/DATABRICKS_BUNDLE_ENGINE=direct			🔄f	✅p
💚	TestAccept/bundle/resources/synced_database_tables/basic	🙈S	🙈S	💚R	💚R	🙈S	🙈S	💚R	💚R	🙈S	🙈S
💚	TestAccept/bundle/resources/synced_database_tables/basic/DATABRICKS_BUNDLE_ENGINE=direct			💚R	💚R			💚R	💚R
💚	TestAccept/bundle/resources/synced_database_tables/basic/DATABRICKS_BUNDLE_ENGINE=terraform			💚R	💚R			💚R	💚R
💚	TestAccept/ssh/connection	💚R	💚R	💚R	💚R	💚R	💚R	💚R	💚R	💚R	💚R

Top 50 slowest tests (at least 2 minutes):

duration	env	testname
19:33	azure-ucws linux	TestAccept/bundle/invariant/no_drift/DATABRICKS_BUNDLE_ENGINE=direct/INPUT_CONFIG=synced_database_table.yml.tmpl
16:35	aws-ucws linux	TestAccept/bundle/resources/model_serving_endpoints/running-endpoint/DATABRICKS_BUNDLE_ENGINE=terraform
16:32	aws-ucws windows	TestAccept/bundle/integration_whl/base/DATABRICKS_BUNDLE_ENGINE=direct
16:21	aws-ucws linux	TestAccept/bundle/resources/model_serving_endpoints/running-endpoint/DATABRICKS_BUNDLE_ENGINE=direct
14:12	gcp windows	TestAccept/bundle/integration_whl/interactive_cluster_dynamic_version/DATABRICKS_BUNDLE_ENGINE=terraform/DATA_SECURITY_MODE=SINGLE_USER
13:41	gcp linux	TestAccept/bundle/integration_whl/interactive_single_user/DATABRICKS_BUNDLE_ENGINE=terraform
13:30	aws-ucws windows	TestAccept/bundle/resources/model_serving_endpoints/running-endpoint/DATABRICKS_BUNDLE_ENGINE=terraform
13:22	aws-ucws windows	TestAccept/bundle/resources/model_serving_endpoints/running-endpoint/DATABRICKS_BUNDLE_ENGINE=direct
12:53	gcp linux	TestAccept/bundle/integration_whl/base/DATABRICKS_BUNDLE_ENGINE=terraform
12:26	azure-ucws windows	TestAccept/bundle/invariant/no_drift/DATABRICKS_BUNDLE_ENGINE=direct/INPUT_CONFIG=database_catalog.yml.tmpl
12:23	gcp windows	TestAccept/bundle/integration_whl/base/DATABRICKS_BUNDLE_ENGINE=direct
10:10	gcp linux	TestAccept/bundle/integration_whl/interactive_cluster_dynamic_version/DATABRICKS_BUNDLE_ENGINE=terraform/DATA_SECURITY_MODE=SINGLE_USER
9:57	gcp windows	TestAccept/bundle/integration_whl/interactive_single_user/DATABRICKS_BUNDLE_ENGINE=terraform
9:56	aws windows	TestAccept/bundle/integration_whl/base/DATABRICKS_BUNDLE_ENGINE=direct
8:56	gcp linux	TestAccept/bundle/integration_whl/base/DATABRICKS_BUNDLE_ENGINE=direct
8:43	aws-ucws windows	TestAccept/bundle/integration_whl/base/DATABRICKS_BUNDLE_ENGINE=terraform
8:12	aws linux	TestAccept/bundle/integration_whl/base/DATABRICKS_BUNDLE_ENGINE=terraform
7:54	aws linux	TestAccept/bundle/integration_whl/base/DATABRICKS_BUNDLE_ENGINE=direct
7:52	azure-ucws linux	TestAccept/bundle/invariant/migrate/DATABRICKS_BUNDLE_ENGINE=direct/INPUT_CONFIG=database_instance.yml.tmpl
7:51	aws windows	TestSparkJarTaskDeployAndRunOnWorkspace/Databricks_Runtime_15.4_LTS
7:47	gcp linux	TestAccept/bundle/integration_whl/interactive_cluster/DATABRICKS_BUNDLE_ENGINE=terraform
7:43	gcp linux	TestAccept/bundle/integration_whl/interactive_cluster_dynamic_version/DATABRICKS_BUNDLE_ENGINE=terraform/DATA_SECURITY_MODE=USER_ISOLATION
7:42	aws windows	TestAccept/bundle/integration_whl/custom_params/DATABRICKS_BUNDLE_ENGINE=terraform
7:39	aws-ucws linux	TestAccept/bundle/integration_whl/base/DATABRICKS_BUNDLE_ENGINE=direct
7:38	gcp linux	TestAccept/bundle/integration_whl/interactive_single_user/DATABRICKS_BUNDLE_ENGINE=direct
7:37	aws-ucws windows	TestAccept/bundle/resources/database_instances/single-instance/DATABRICKS_BUNDLE_ENGINE=direct
7:37	aws windows	TestAccept/bundle/integration_whl/interactive_single_user/DATABRICKS_BUNDLE_ENGINE=direct
7:37	azure linux	TestSparkJarTaskDeployAndRunOnWorkspace/Databricks_Runtime_15.4_LTS
7:32	aws linux	TestSparkJarTaskDeployAndRunOnWorkspace/Databricks_Runtime_15.4_LTS
7:32	aws windows	TestAccept/bundle/integration_whl/interactive_single_user/DATABRICKS_BUNDLE_ENGINE=terraform
7:29	aws-ucws linux	TestAccept/bundle/integration_whl/interactive_single_user/DATABRICKS_BUNDLE_ENGINE=terraform
7:28	aws-ucws windows	TestAccept/bundle/integration_whl/interactive_cluster_dynamic_version/DATABRICKS_BUNDLE_ENGINE=terraform/DATA_SECURITY_MODE=SINGLE_USER
7:28	gcp windows	TestAccept/bundle/integration_whl/interactive_cluster/DATABRICKS_BUNDLE_ENGINE=direct
7:28	gcp windows	TestAccept/bundle/integration_whl/interactive_cluster_dynamic_version/DATABRICKS_BUNDLE_ENGINE=direct/DATA_SECURITY_MODE=SINGLE_USER
7:27	gcp windows	TestAccept/bundle/integration_whl/interactive_cluster/DATABRICKS_BUNDLE_ENGINE=terraform
7:25	aws windows	TestAccept/bundle/integration_whl/interactive_cluster_dynamic_version/DATABRICKS_BUNDLE_ENGINE=terraform/DATA_SECURITY_MODE=SINGLE_USER
7:25	gcp linux	TestAccept/bundle/integration_whl/interactive_cluster_dynamic_version/DATABRICKS_BUNDLE_ENGINE=direct/DATA_SECURITY_MODE=USER_ISOLATION
7:22	azure-ucws windows	TestAccept/bundle/integration_whl/base/DATABRICKS_BUNDLE_ENGINE=terraform
7:18	gcp windows	TestAccept/bundle/integration_whl/base/DATABRICKS_BUNDLE_ENGINE=terraform
7:17	azure windows	TestAccept/bundle/integration_whl/base/DATABRICKS_BUNDLE_ENGINE=terraform
7:15	aws windows	TestAccept/bundle/integration_whl/interactive_cluster/DATABRICKS_BUNDLE_ENGINE=direct
7:14	aws-ucws windows	TestAccept/bundle/integration_whl/interactive_single_user/DATABRICKS_BUNDLE_ENGINE=terraform
7:14	azure-ucws linux	TestAccept/bundle/integration_whl/interactive_cluster_dynamic_version/DATABRICKS_BUNDLE_ENGINE=terraform/DATA_SECURITY_MODE=USER_ISOLATION
7:11	gcp linux	TestAccept/bundle/run/app-with-job/DATABRICKS_BUNDLE_ENGINE=terraform
7:11	aws windows	TestAccept/bundle/integration_whl/custom_params/DATABRICKS_BUNDLE_ENGINE=direct
7:08	aws-ucws linux	TestAccept/bundle/integration_whl/interactive_cluster_dynamic_version/DATABRICKS_BUNDLE_ENGINE=terraform/DATA_SECURITY_MODE=SINGLE_USER
7:02	gcp windows	TestAccept/bundle/run/app-with-job/DATABRICKS_BUNDLE_ENGINE=direct
6:56	aws-ucws linux	TestAccept/bundle/invariant/migrate/DATABRICKS_BUNDLE_ENGINE=direct/INPUT_CONFIG=synced_database_table.yml.tmpl
6:54	gcp windows	TestAccept/bundle/run/app-with-job/DATABRICKS_BUNDLE_ENGINE=terraform
6:54	aws linux	TestAccept/bundle/integration_whl/interactive_single_user/DATABRICKS_BUNDLE_ENGINE=direct

simonfaltum added 4 commits February 23, 2026 14:20

simonfaltum temporarily deployed to test-trigger-is February 23, 2026 13:46 — with GitHub Actions Inactive

Fix lint: use errors.New and require.ErrorAs

bac359d

- Replace fmt.Errorf with errors.New for static strings (perfsprint) - Replace require.True(errors.As(...)) with require.ErrorAs (testifylint)

simonfaltum temporarily deployed to test-trigger-is February 23, 2026 14:00 — with GitHub Actions Inactive

simonfaltum marked this pull request as ready for review February 23, 2026 14:08

simonfaltum requested review from andrewnester, anton-107, denik, pietern and shreyas-goenka as code owners February 23, 2026 14:08

simonfaltum temporarily deployed to test-trigger-is February 23, 2026 14:19 — with GitHub Actions Inactive

Simplify Basic auth display name

805a11c

simonfaltum temporarily deployed to test-trigger-is February 23, 2026 14:21 — with GitHub Actions Inactive

Merge branch 'main' into simonfaltum/enrich-auth-errors

cca95a7

simonfaltum temporarily deployed to test-trigger-is February 23, 2026 14:44 — with GitHub Actions Inactive

renaudhartert-db reviewed Feb 23, 2026

View reviewed changes

libs/auth/error.go Show resolved Hide resolved

libs/auth/error.go Outdated Show resolved Hide resolved

acceptance/workspace/jobs/create-error/output.txt Show resolved Hide resolved

libs/auth/error_test.go Outdated Show resolved Hide resolved

Address PR review comments

efa5312

- Add constants for all auth types, not just the 5 used in switch - Use fmt.Fprint consistently instead of mixing with b.WriteString - Switch tests to exact output comparison (wantMsg + assert.Equal) instead of substring contains/notContain checks

simonfaltum temporarily deployed to test-trigger-is February 23, 2026 15:50 — with GitHub Actions Inactive

simonfaltum requested a review from renaudhartert-db February 23, 2026 15:51

Merge branch 'main' into simonfaltum/enrich-auth-errors

3ebd312

simonfaltum temporarily deployed to test-trigger-is February 23, 2026 20:12 — with GitHub Actions Inactive

andrewnester approved these changes Feb 24, 2026

View reviewed changes

simonfaltum added this pull request to the merge queue Feb 24, 2026

Merged via the queue into main with commit 61a1131 Feb 24, 2026
18 checks passed

simonfaltum deleted the simonfaltum/enrich-auth-errors branch February 24, 2026 11:18

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comments

Enrich 401/403 errors with auth identity context#4576

Enrich 401/403 errors with auth identity context#4576
simonfaltum merged 10 commits intomainfrom
simonfaltum/enrich-auth-errors

simonfaltum commented Feb 23, 2026 •

edited

Loading

Uh oh!

eng-dev-ecosystem-bot commented Feb 23, 2026 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

eng-dev-ecosystem-bot commented Feb 24, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Comments

Conversation

simonfaltum commented Feb 23, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Why

Changes

Scope limitations

Example output

Test plan

Automated

Manual testing

Uh oh!

eng-dev-ecosystem-bot commented Feb 23, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

eng-dev-ecosystem-bot commented Feb 24, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

simonfaltum commented Feb 23, 2026 •

edited

Loading

eng-dev-ecosystem-bot commented Feb 23, 2026 •

edited

Loading