-
Notifications
You must be signed in to change notification settings - Fork 130
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Make notebook-native auth work with more configurations of the Databr…
…icks Runtime (#285) This PR adds additional logging and hardening to `auth_type='runtime'`, which performs credentials lookup in the following order: 1. `init_runtime_native_auth` for the newest DBR versions. 2. `init_runtime_repl_auth` via Databricks REPL context and `workspaceUrl`. 3. `init_runtime_legacy_auth` via IPython context for legacy runtimes and modes. Every detection step adds more logging on `DEBUG` level. Based on publicly-accessible code in https://github.com/mlflow/mlflow/blame/6bd97bde24d78bcfbf6d50c1dd0f4fac2ed6987b/mlflow/utils/databricks_utils.py
- Loading branch information
Showing
3 changed files
with
210 additions
and
19 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,147 @@ | ||
| import base64 | ||
| import io | ||
| import json | ||
| import re | ||
| import shutil | ||
| import subprocess | ||
| import sys | ||
| import urllib.parse | ||
| from functools import partial | ||
| from pathlib import Path | ||
|
|
||
| import pytest | ||
|
|
||
| from databricks.sdk.service.compute import (ClusterSpec, DataSecurityMode, | ||
| Library, ResultType) | ||
| from databricks.sdk.service.jobs import NotebookTask, Task, ViewType | ||
| from databricks.sdk.service.workspace import ImportFormat | ||
|
|
||
|
|
||
| @pytest.fixture | ||
| def fresh_wheel_file(tmp_path) -> Path: | ||
| this_file = Path(__file__) | ||
| project_root = this_file.parent.parent.parent.absolute() | ||
| build_root = tmp_path / 'databricks-sdk-py' | ||
| shutil.copytree(project_root, build_root) | ||
| try: | ||
| completed_process = subprocess.run([sys.executable, 'setup.py', 'bdist_wheel'], | ||
| capture_output=True, | ||
| cwd=build_root) | ||
| if completed_process.returncode != 0: | ||
| raise RuntimeError(completed_process.stderr) | ||
|
|
||
| from databricks.sdk.version import __version__ | ||
| filename = f'databricks_sdk-{__version__}-py3-none-any.whl' | ||
| wheel_file = build_root / 'dist' / filename | ||
|
|
||
| return wheel_file | ||
| except subprocess.CalledProcessError as e: | ||
| raise RuntimeError(e.stderr) | ||
|
|
||
|
|
||
| @pytest.mark.parametrize("mode", [DataSecurityMode.SINGLE_USER, DataSecurityMode.USER_ISOLATION]) | ||
| def test_runtime_auth_from_interactive_on_uc(ucws, fresh_wheel_file, env_or_skip, random, mode): | ||
| instance_pool_id = env_or_skip('TEST_INSTANCE_POOL_ID') | ||
| latest = ucws.clusters.select_spark_version(latest=True, beta=True) | ||
|
|
||
| my_user = ucws.current_user.me().user_name | ||
|
|
||
| workspace_location = f'/Users/{my_user}/wheels/{random(10)}' | ||
| ucws.workspace.mkdirs(workspace_location) | ||
|
|
||
| wsfs_wheel = f'{workspace_location}/{fresh_wheel_file.name}' | ||
| with fresh_wheel_file.open('rb') as f: | ||
| ucws.workspace.upload(wsfs_wheel, f, format=ImportFormat.AUTO) | ||
|
|
||
| from databricks.sdk.service.compute import Language | ||
| interactive_cluster = ucws.clusters.create(cluster_name=f'native-auth-on-{mode.name}', | ||
| spark_version=latest, | ||
| instance_pool_id=instance_pool_id, | ||
| autotermination_minutes=10, | ||
| num_workers=1, | ||
| data_security_mode=mode).result() | ||
| ctx = ucws.command_execution.create(cluster_id=interactive_cluster.cluster_id, | ||
| language=Language.PYTHON).result() | ||
| run = partial(ucws.command_execution.execute, | ||
| cluster_id=interactive_cluster.cluster_id, | ||
| context_id=ctx.id, | ||
| language=Language.PYTHON) | ||
| try: | ||
| res = run(command=f"%pip install /Workspace{wsfs_wheel}\ndbutils.library.restartPython()").result() | ||
| results = res.results | ||
| if results.result_type != ResultType.TEXT: | ||
| msg = f'({mode}) unexpected result type: {results.result_type}: {results.summary}\n{results.cause}' | ||
| raise RuntimeError(msg) | ||
|
|
||
| res = run(command="\n".join([ | ||
| 'from databricks.sdk import WorkspaceClient', 'w = WorkspaceClient()', 'me = w.current_user.me()', | ||
| 'print(me.user_name)' | ||
| ])).result() | ||
| assert res.results.result_type == ResultType.TEXT, f'unexpected result type: {res.results.result_type}' | ||
|
|
||
| assert my_user == res.results.data, f'unexpected user: {res.results.data}' | ||
| finally: | ||
| ucws.clusters.permanent_delete(interactive_cluster.cluster_id) | ||
|
|
||
|
|
||
| def test_runtime_auth_from_jobs(w, fresh_wheel_file, env_or_skip, random): | ||
| instance_pool_id = env_or_skip('TEST_INSTANCE_POOL_ID') | ||
|
|
||
| v = w.clusters.spark_versions() | ||
| lts_runtimes = [ | ||
| x for x in v.versions if 'LTS' in x.name and '-ml' not in x.key and '-photon' not in x.key | ||
| ] | ||
|
|
||
| dbfs_wheel = f'/tmp/wheels/{random(10)}/{fresh_wheel_file.name}' | ||
| with fresh_wheel_file.open('rb') as f: | ||
| w.dbfs.upload(dbfs_wheel, f) | ||
|
|
||
| my_name = w.current_user.me().user_name | ||
| notebook_path = f'/Users/{my_name}/notebook-native-auth' | ||
| notebook_content = io.BytesIO(b''' | ||
| from databricks.sdk import WorkspaceClient | ||
| w = WorkspaceClient() | ||
| me = w.current_user.me() | ||
| print(me.user_name)''') | ||
|
|
||
| from databricks.sdk.service.workspace import Language | ||
| w.workspace.upload(notebook_path, notebook_content, language=Language.PYTHON, overwrite=True) | ||
|
|
||
| tasks = [] | ||
| for v in lts_runtimes: | ||
| t = Task(task_key=f'test_{v.key.replace(".", "_")}', | ||
| notebook_task=NotebookTask(notebook_path=notebook_path), | ||
| new_cluster=ClusterSpec(spark_version=v.key, | ||
| num_workers=1, | ||
| instance_pool_id=instance_pool_id), | ||
| libraries=[Library(whl=f'dbfs:{dbfs_wheel}')]) | ||
| tasks.append(t) | ||
|
|
||
| run = w.jobs.submit(run_name=f'Runtime Native Auth {random(10)}', tasks=tasks).result() | ||
| for task_key, output in _task_outputs(w, run).items(): | ||
| assert my_name in output, f'{task_key} does not work with notebook native auth' | ||
|
|
||
|
|
||
| def _task_outputs(w, run): | ||
| notebook_model_re = re.compile(r"var __DATABRICKS_NOTEBOOK_MODEL = '(.*)';", re.MULTILINE) | ||
|
|
||
| task_outputs = {} | ||
| for task_run in run.tasks: | ||
| output = '' | ||
| run_output = w.jobs.export_run(task_run.run_id) | ||
| for view in run_output.views: | ||
| if view.type != ViewType.NOTEBOOK: | ||
| continue | ||
| for b64 in notebook_model_re.findall(view.content): | ||
| url_encoded: bytes = base64.b64decode(b64) | ||
| json_encoded = urllib.parse.unquote(url_encoded.decode('utf-8')) | ||
| notebook_model = json.loads(json_encoded) | ||
| for command in notebook_model['commands']: | ||
| results_data = command['results']['data'] | ||
| if isinstance(results_data, str): | ||
| output += results_data | ||
| else: | ||
| for data in results_data: | ||
| output += data['data'] | ||
| task_outputs[task_run.task_key] = output | ||
| return task_outputs |