Skip to content

Update Lakebase authentication method#975

Merged
mwojtyczka merged 12 commits into
mainfrom
feature/update_lakebase_auth
Dec 28, 2025
Merged

Update Lakebase authentication method#975
mwojtyczka merged 12 commits into
mainfrom
feature/update_lakebase_auth

Conversation

@tlgnr

@tlgnr tlgnr commented Dec 22, 2025

Copy link
Copy Markdown
Contributor

Changes

This feature branch updates the authentication mode to Lakebase to make it more straightforward to use dqx in the context of a Databricks App.

Linked issues

#974

Resolves #..

Tests

  • manually tested
  • added unit tests
  • added integration tests
  • added end-to-end tests
  • added performance tests

@github-actions

github-actions Bot commented Dec 22, 2025

Copy link
Copy Markdown
Contributor

✅ 508/508 passed, 1 flaky, 41 skipped, 3h38m35s total

Flaky tests:

  • 🤪 test_e2e_workflow_serverless (9m42.501s)

Running from acceptance #3507

@codecov

codecov Bot commented Dec 22, 2025

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 91.30435% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 90.53%. Comparing base (fff89a7) to head (668dd07).
⚠️ Report is 2 commits behind head on main.

Files with missing lines Patch % Lines
src/databricks/labs/dqx/checks_storage.py 90.00% 2 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main     #975      +/-   ##
==========================================
- Coverage   90.53%   90.53%   -0.01%     
==========================================
  Files          64       64              
  Lines        6500     6509       +9     
==========================================
+ Hits         5885     5893       +8     
- Misses        615      616       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@mwojtyczka mwojtyczka requested a review from Copilot December 23, 2025 08:36

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the Lakebase authentication method to use service principal client IDs instead of username-based authentication, making it more suitable for Databricks App contexts. The key changes simplify authentication by leveraging OAuth2 token generation through the Databricks SDK.

Key changes:

  • Replaced user parameter with client_id in LakebaseChecksStorageConfig
  • Modified connection handling to use event-based token injection instead of embedding tokens in connection URLs
  • Updated all tests and documentation to reflect the new authentication approach

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
src/databricks/labs/dqx/config.py Changed lakebase_user to lakebase_client_id in RunConfig and LakebaseChecksStorageConfig, updated docstrings
src/databricks/labs/dqx/checks_storage.py Refactored connection handling to use SQLAlchemy event listeners for token injection, removed user validation
tests/unit/test_lakebase_config.py Updated all test cases to use client_id parameter instead of user
tests/unit/test_config.py Updated test assertions to check for lakebase_client_id instead of lakebase_user
tests/integration/test_save_and_load_checks_from_lakebase_table.py Renamed lakebase_user fixture to lakebase_client_id and updated all test function signatures
tests/conftest.py Renamed fixture from lakebase_user to lakebase_client_id
docs/dqx/docs/installation.mdx Updated documentation to describe lakebase_client_id as optional with fallback to caller identity

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread tests/conftest.py Outdated
Comment thread src/databricks/labs/dqx/checks_storage.py Outdated
Comment thread src/databricks/labs/dqx/checks_storage.py Outdated
@@ -8,24 +8,31 @@
from tests.integration.test_save_and_load_checks_from_table import EXPECTED_CHECKS as TEST_CHECKS

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it would be good to have one test without client id

@mwojtyczka mwojtyczka left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mwojtyczka mwojtyczka merged commit 0b146a6 into main Dec 28, 2025
16 checks passed
@mwojtyczka mwojtyczka deleted the feature/update_lakebase_auth branch December 28, 2025 17:31
mwojtyczka added a commit that referenced this pull request Feb 9, 2026
* New DQX Data Quality Dashboard ([#1019](#1019)). The data quality dashboard has been significantly enhanced to provide a centralized view of data quality metrics across all tables, allowing users to monitor and track data quality issues with greater ease. The dashboard now consists of three tabs - Data Quality Summary, Data Quality by Table (Time Series), and Data Quality by Table (Full Snapshot) - each catering to different monitoring scenarios, and offers customizable parameters for reporting column names and filtering tables with data quality issues. Additionally, the installation process for the dashboard has been simplified, with options to import it directly to a Workspace or deploy it automatically using the Databricks CLI.
* DQX App Skeleton ([#982](#982)). The DQX application (frontend and backend) has been built with a core set of features, including configuration management and AI-assisted rule generation based on natural-language input from users. A comprehensive README documents the application architecture as well as development and deployment workflows. Future versions of DQX will introduce additional functionality (loading/saving rules, rules authoring in graphical form) and provide a streamlined, user-friendly way to deploy the application directly into a Databricks workspace.
* Added Decimal support to check functions and to min_max generator ([#1013](#1013)) ([#1017](#1017)). The data quality checks have been enhanced to support Python's Decimal type, in addition to int and float, for min/max validation checks, enabling proper data quality checks for decimal-precise financial and scientific data where floating-point precision issues would cause false positives.
* Added DQX produciton best practices and fix datetime limit handling ([#997](#997)). Practical guidance and best practices for using DQX in production have been added, covering aspects such as storing checks in Delta tables, enforcing access controls, and optimizing rules for performance and scalability. Fixes have also been implemented to address issues related to handling date and datetime limits, particularly when provided as strings.
* Added new row-level check functions: is_null, is_empty, and is_null_or_empty ([#1015](#1015)). DQX now includes three new check functions, `is_null`, `is_empty`, and `is_null_or_empty`, which enable verification of column values as null, empty strings, or both, complementing existing checks like `is_not_null`, `is_not_empty`, and `is_not_null_and_not_empty`. The functions also support optional arguments, like `trim_strings` to trim spaces from strings.
* Added tolerance to equality and non-equality check functions ([#1011](#1011)). The library's quality check functionality has been enhanced to support absolute and relative tolerance parameters for numeric value comparisons in `is_equal_to`,  `is_not_equal_to`, `is_aggr_equal` and `is_aggr_not_equal` checks, allowing for more flexible and precise control over data validation. The introduction of tolerance logic, which checks for absolute and relative differences within specified thresholds via `abs_tolerance` and `rel_tolerance` parameters, provides more nuanced comparisons for numeric data.
* Allow new lines in sql expression checks ([#1009](#1009)). SQL expression check function (`sql_expression`) has been updated to support new lines in its expression argument, allowing for more complex and formatted SQL expressions.
* Allow summary metrics with SparkConnect sessions ([#1000](#1000)). The library now supports writing summary metrics directly to a table with SparkConnect sessions, eliminating the need for a classic compute cluster in Dedicated access mode. This change lifts the previous restriction and enables generatic summary metrics  using Serverless and all standard clusters with Databricks Runtime 17.3LTS or higeher.
* Fixed loading checks from a delta table with special characters ([#992](#992)). The loading checks functionality from a delta table has been fixed to handle special characters in the fully qualified table.
* Fixed resolution of pii detection check function ([#1003](#1003)). The PII detection check function resolution has been enhanced to support the application of checks defined as metadata (YAML).
* Fixed serialization/deserialization of row filter parameter for dataset-level rules ([#1021](#1021)). The `filter` field in checks definition now correctly pushes down the `filter` condition defined at the check-level as `row_filter` to the check function, allowing checks to operate on the relevant subset of rows before aggregation. The documentation has been updated to advice users to use  op-level `filter` condition for consistency instead of `row_filter` parameter. Overall, these changes aim to enhance the overall user experience.
* Improved Lakeflow Declarative Pipeline tests ([#1010](#1010)). The Lakeflow Declarative Pipeline (LDP) tests have been enhanced to utilize full Unity Catalog mode, enabling support for writing to arbitrary catalogs and schemas, and performing additional checks to prevent certain operations.
* Updated Lakebase authentication method ([#975](#975)). The Lakebase authentication method has been updated to utilize a client ID instead of a username, simplifying its use in the context of a Databricks App. The `lakebase_user` parameter has been replaced with `lakebase_client_id`, an optional service principal client ID used to connect to Lakebase, defaulting to the caller's identity if not provided. This change enhances the security and reliability of the authentication process, making it easier to work with Lakebase as a checks storage.
* Updated handling of metadata columns during schema validation ([#1002](#1002)). The `has_valid_schema` check has been enhanced to provide more flexibility in schema validation by introducing an optional `exclude_columns` parameter, allowing users to specify columns to ignore during validation. This parameter can be used to exclude metadata columns or other columns not relevant to schema validation, and it takes precedence over the `columns` list.
* Updated product info when missing in config while verifying workspace client ([#987](#987)). The workspace client configuration has been enhanced to default product information to `dqx` with the current version when it is missing, ensuring that product information is always set for telemetry purposes.
* Updated profiler and generator documentation ([#1026](#1026)). The data profiling and quality checks generation feature has been enhanced with updated documentation, providing reference information for data quality profile types and associated rules.
* Added filter attribute in rules generated from ODCS ([#978](#978)). The rules generation process has been enhanced with the introduction of a filter attribute in rules generated from Open Data Contract Standard (ODCS), allowing for more flexible and targeted rules creation.
@mwojtyczka mwojtyczka mentioned this pull request Feb 9, 2026
mwojtyczka added a commit that referenced this pull request Feb 9, 2026
Change Log for New Release:
* New DQX Data Quality Dashboard
([#1019](#1019)). The data
quality dashboard has been significantly enhanced to provide a
centralized view of data quality metrics across all tables, allowing
users to monitor and track data quality issues with greater ease. The
dashboard now consists of three tabs - Data Quality Summary, Data
Quality by Table (Time Series), and Data Quality by Table (Full
Snapshot) - each catering to different monitoring scenarios, and offers
customizable parameters for reporting column names and filtering tables
with data quality issues. Additionally, the installation process for the
dashboard has been simplified, with options to import it directly to a
Workspace or deploy it automatically using the Databricks CLI.
* DQX App Skeleton
([#982](#982)). The DQX
application (frontend and backend) has been built with a core set of
features, including configuration management and AI-assisted rule
generation based on natural-language input from users. A comprehensive
README documents the application architecture as well as development and
deployment workflows. Future versions of DQX will introduce additional
functionality (loading/saving rules, rules authoring in graphical form)
and provide a streamlined, user-friendly way to deploy the application
directly into a Databricks workspace.
* Added Decimal support to check functions and to min_max generator
([#1013](#1013))
([#1017](#1017)). The data
quality checks have been enhanced to support Python's Decimal type, in
addition to int and float, for min/max validation checks, enabling
proper data quality checks for decimal-precise financial and scientific
data where floating-point precision issues would cause false positives.
* Added DQX produciton best practices and fix datetime limit handling
([#997](#997)). Practical
guidance and best practices for using DQX in production have been added,
covering aspects such as storing checks in Delta tables, enforcing
access controls, and optimizing rules for performance and scalability.
Fixes have also been implemented to address issues related to handling
date and datetime limits, particularly when provided as strings.
* Added new row-level check functions: is_null, is_empty, and
is_null_or_empty
([#1015](#1015)). DQX now
includes three new check functions, `is_null`, `is_empty`, and
`is_null_or_empty`, which enable verification of column values as null,
empty strings, or both, complementing existing checks like
`is_not_null`, `is_not_empty`, and `is_not_null_and_not_empty`. The
functions also support optional arguments, like `trim_strings` to trim
spaces from strings.
* Added tolerance to equality and non-equality check functions
([#1011](#1011)). The
library's quality check functionality has been enhanced to support
absolute and relative tolerance parameters for numeric value comparisons
in `is_equal_to`, `is_not_equal_to`, `is_aggr_equal` and
`is_aggr_not_equal` checks, allowing for more flexible and precise
control over data validation. The introduction of tolerance logic, which
checks for absolute and relative differences within specified thresholds
via `abs_tolerance` and `rel_tolerance` parameters, provides more
nuanced comparisons for numeric data.
* Allow new lines in sql expression checks
([#1009](#1009)). SQL
expression check function (`sql_expression`) has been updated to support
new lines in its expression argument, allowing for more complex and
formatted SQL expressions.
* Allow summary metrics with SparkConnect sessions
([#1000](#1000)). The
library now supports writing summary metrics directly to a table with
SparkConnect sessions, eliminating the need for a classic compute
cluster in Dedicated access mode. This change lifts the previous
restriction and enables generatic summary metrics using Serverless and
all standard clusters with Databricks Runtime 17.3LTS or higeher.
* Fixed loading checks from a delta table with special characters
([#992](#992)). The loading
checks functionality from a delta table has been fixed to handle special
characters in the fully qualified table.
* Fixed resolution of pii detection check function
([#1003](#1003)). The PII
detection check function resolution has been enhanced to support the
application of checks defined as metadata (YAML).
* Fixed serialization/deserialization of row filter parameter for
dataset-level rules
([#1021](#1021)). The
`filter` field in checks definition now correctly pushes down the
`filter` condition defined at the check-level as `row_filter` to the
check function, allowing checks to operate on the relevant subset of
rows before aggregation. The documentation has been updated to advice
users to use op-level `filter` condition for consistency instead of
`row_filter` parameter. Overall, these changes aim to enhance the
overall user experience.
* Improved Lakeflow Declarative Pipeline tests
([#1010](#1010)). The
Lakeflow Declarative Pipeline (LDP) tests have been enhanced to utilize
full Unity Catalog mode, enabling support for writing to arbitrary
catalogs and schemas, and performing additional checks to prevent
certain operations.
* Updated Lakebase authentication method
([#975](#975)). The Lakebase
authentication method has been updated to utilize a client ID instead of
a username, simplifying its use in the context of a Databricks App. The
`lakebase_user` parameter has been replaced with `lakebase_client_id`,
an optional service principal client ID used to connect to Lakebase,
defaulting to the caller's identity if not provided. This change
enhances the security and reliability of the authentication process,
making it easier to work with Lakebase as a checks storage.
* Updated handling of metadata columns during schema validation
([#1002](#1002)). The
`has_valid_schema` check has been enhanced to provide more flexibility
in schema validation by introducing an optional `exclude_columns`
parameter, allowing users to specify columns to ignore during
validation. This parameter can be used to exclude metadata columns or
other columns not relevant to schema validation, and it takes precedence
over the `columns` list.
* Updated product info when missing in config while verifying workspace
client ([#987](#987)). The
workspace client configuration has been enhanced to default product
information to `dqx` with the current version when it is missing,
ensuring that product information is always set for telemetry purposes.
* Updated profiler and generator documentation
([#1026](#1026)). The data
profiling and quality checks generation feature has been enhanced with
updated documentation, providing reference information for data quality
profile types and associated rules.
* Added filter attribute in rules generated from ODCS
([#978](#978)). The rules
generation process has been enhanced with the introduction of a filter
attribute in rules generated from Open Data Contract Standard (ODCS),
allowing for more flexible and targeted rules creation.

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants