Skip to content

feat(kernel): close deferred feature rows — OAuth M2M/U2M, metric-view, initial namespace#396

Open
mani-mathur-arch wants to merge 1 commit into
mani/sea-kernel-build-recipefrom
mani/sea-kernel-dais-gaps
Open

feat(kernel): close deferred feature rows — OAuth M2M/U2M, metric-view, initial namespace#396
mani-mathur-arch wants to merge 1 commit into
mani/sea-kernel-build-recipefrom
mani/sea-kernel-dais-gaps

Conversation

@mani-mathur-arch

Copy link
Copy Markdown
Collaborator

What

Closes the four DAIS-scope rows the SEA-via-kernel backend previously rejected at connect time. All are Go-side only — no new kernel dependency: the OAuth setters are on merged kernel #162, metric-view is an existing server session conf, and the initial namespace uses plain SQL.

  • Metric viewconfig.EffectiveSessionParams() derives the server conf (spark.sql.thriftserver.metadata.metricview.enabled) once, backend-neutrally, so both backends send the identical conf. The Thrift OpenSession special-case is removed (behaviour-preserving); the kernel forwards it via SessionConf. Reject dropped, reclassified forwarded.
  • Initial namespace — applied post-connect via USE CATALOG / USE SCHEMA (the OSS ODBC workaround) since the kernel C ABI has no catalog/schema setter. quoteIdent (untagged) backtick-quotes identifiers; a USE failure fails connect and closes the session. Reject dropped, reclassified forwarded.
  • OAuth M2M / U2M — the kernel drives its own OAuth flow from raw credentials (mirroring pyo3/napi and the Node/Python kernel bindings), read off cfg.Authenticator — the single source of truth (last-writer-wins, matching Thrift). The m2m/u2m authenticators expose auth.M2MCredentialsProvider / auth.U2MCredentialsProvider; resolveKernelAuth type-switches them into a *kernelAuth descriptor, and KernelBackend.setAuth branches to set_auth_pat / set_auth_m2m / set_auth_u2m. U2M uses Go's cloud-inferred client id (kernel defaults for scopes/port). No new config.UserConfig fields.

Stacked on #395 (mani/sea-kernel-build-recipe); additive only, so #393 and #395 are untouched.

Testing

  • Default CGO_ENABLED=0 suite + golangci-lint v2.12.2 — clean repo-wide.
  • Tagged databricks_kernel unit tests — auth-mode → C-setter mapping (PAT/M2M/U2M), quoteIdent, config assembly.
  • Live staging e2e — initial namespace (current_catalog() / current_schema() match config) and metric-view (session opens + queries; the conf is not SET-introspectable on either backend, so the assertion is connect+query parity, not a read-back).
  • M2M/U2M auth resolution covered by unit tests (no staging service principal available; U2M is interactive). A regression test pins last-writer-wins: M2M then PAT → PAT.
  • Reviewed with Isaac Review (0 findings after the single-source-of-truth fix).

This pull request and its description were written by Isaac.

…initial namespace

Close the four DAIS-scope rows the SEA-via-kernel backend previously rejected at
connect time. All are Go-side only (no new kernel dependency): the OAuth setters
are on merged kernel #162, metric-view is an existing session conf, and the
namespace uses plain SQL.

- Metric view: config.EffectiveSessionParams() derives the server conf
  (spark.sql.thriftserver.metadata.metricview.enabled) once, backend-neutrally, so
  both backends send the identical conf. The Thrift OpenSession special-case is
  removed (behaviour-preserving); the kernel forwards it via SessionConf. Reject
  dropped; reclassified forwarded.
- Initial namespace: applied post-connect via USE CATALOG / USE SCHEMA (the OSS
  ODBC workaround) since the kernel C ABI has no catalog/schema setter. quoteIdent
  (untagged) backtick-quotes identifiers; a USE failure fails connect and closes
  the session. Reject dropped; reclassified forwarded.
- OAuth M2M/U2M: the kernel drives its own OAuth flow from raw credentials
  (mirroring pyo3/napi and the Node/Python kernel bindings), read off
  cfg.Authenticator — the single source of truth (last-writer-wins, matching
  Thrift). The m2m/u2m authenticators expose auth.M2MCredentialsProvider /
  auth.U2MCredentialsProvider; resolveKernelAuth type-switches them and returns a
  *kernelAuth descriptor. KernelBackend.setAuth branches to set_auth_pat /
  set_auth_m2m / set_auth_u2m; U2M uses Go's cloud-inferred client id (kernel
  defaults for scopes/port). No new config fields.

Verified: default CGO_ENABLED=0 suite + golangci-lint v2.12.2 clean; tagged
databricks_kernel unit tests (auth-mode -> setter mapping, quoteIdent); live
staging e2e for initial namespace (current_catalog/current_schema) and metric-view
(session opens + queries; the conf is not SET-introspectable on either backend).
M2M/U2M covered by unit tests (no staging service principal; U2M is interactive).

Co-authored-by: Isaac
@mani-mathur-arch mani-mathur-arch changed the title feat(kernel): close deferred DAIS rows — OAuth M2M/U2M, metric-view, initial namespace feat(kernel): close deferred feature rows — OAuth M2M/U2M, metric-view, initial namespace Jul 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant