Update Lakebase authentication method#975
Conversation
|
✅ 508/508 passed, 1 flaky, 41 skipped, 3h38m35s total Flaky tests:
Running from acceptance #3507 |
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #975 +/- ##
==========================================
- Coverage 90.53% 90.53% -0.01%
==========================================
Files 64 64
Lines 6500 6509 +9
==========================================
+ Hits 5885 5893 +8
- Misses 615 616 +1 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Pull request overview
This PR updates the Lakebase authentication method to use service principal client IDs instead of username-based authentication, making it more suitable for Databricks App contexts. The key changes simplify authentication by leveraging OAuth2 token generation through the Databricks SDK.
Key changes:
- Replaced
userparameter withclient_idinLakebaseChecksStorageConfig - Modified connection handling to use event-based token injection instead of embedding tokens in connection URLs
- Updated all tests and documentation to reflect the new authentication approach
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| src/databricks/labs/dqx/config.py | Changed lakebase_user to lakebase_client_id in RunConfig and LakebaseChecksStorageConfig, updated docstrings |
| src/databricks/labs/dqx/checks_storage.py | Refactored connection handling to use SQLAlchemy event listeners for token injection, removed user validation |
| tests/unit/test_lakebase_config.py | Updated all test cases to use client_id parameter instead of user |
| tests/unit/test_config.py | Updated test assertions to check for lakebase_client_id instead of lakebase_user |
| tests/integration/test_save_and_load_checks_from_lakebase_table.py | Renamed lakebase_user fixture to lakebase_client_id and updated all test function signatures |
| tests/conftest.py | Renamed fixture from lakebase_user to lakebase_client_id |
| docs/dqx/docs/installation.mdx | Updated documentation to describe lakebase_client_id as optional with fallback to caller identity |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| @@ -8,24 +8,31 @@ | |||
| from tests.integration.test_save_and_load_checks_from_table import EXPECTED_CHECKS as TEST_CHECKS | |||
|
|
|||
There was a problem hiding this comment.
it would be good to have one test without client id
* New DQX Data Quality Dashboard ([#1019](#1019)). The data quality dashboard has been significantly enhanced to provide a centralized view of data quality metrics across all tables, allowing users to monitor and track data quality issues with greater ease. The dashboard now consists of three tabs - Data Quality Summary, Data Quality by Table (Time Series), and Data Quality by Table (Full Snapshot) - each catering to different monitoring scenarios, and offers customizable parameters for reporting column names and filtering tables with data quality issues. Additionally, the installation process for the dashboard has been simplified, with options to import it directly to a Workspace or deploy it automatically using the Databricks CLI. * DQX App Skeleton ([#982](#982)). The DQX application (frontend and backend) has been built with a core set of features, including configuration management and AI-assisted rule generation based on natural-language input from users. A comprehensive README documents the application architecture as well as development and deployment workflows. Future versions of DQX will introduce additional functionality (loading/saving rules, rules authoring in graphical form) and provide a streamlined, user-friendly way to deploy the application directly into a Databricks workspace. * Added Decimal support to check functions and to min_max generator ([#1013](#1013)) ([#1017](#1017)). The data quality checks have been enhanced to support Python's Decimal type, in addition to int and float, for min/max validation checks, enabling proper data quality checks for decimal-precise financial and scientific data where floating-point precision issues would cause false positives. * Added DQX produciton best practices and fix datetime limit handling ([#997](#997)). Practical guidance and best practices for using DQX in production have been added, covering aspects such as storing checks in Delta tables, enforcing access controls, and optimizing rules for performance and scalability. Fixes have also been implemented to address issues related to handling date and datetime limits, particularly when provided as strings. * Added new row-level check functions: is_null, is_empty, and is_null_or_empty ([#1015](#1015)). DQX now includes three new check functions, `is_null`, `is_empty`, and `is_null_or_empty`, which enable verification of column values as null, empty strings, or both, complementing existing checks like `is_not_null`, `is_not_empty`, and `is_not_null_and_not_empty`. The functions also support optional arguments, like `trim_strings` to trim spaces from strings. * Added tolerance to equality and non-equality check functions ([#1011](#1011)). The library's quality check functionality has been enhanced to support absolute and relative tolerance parameters for numeric value comparisons in `is_equal_to`, `is_not_equal_to`, `is_aggr_equal` and `is_aggr_not_equal` checks, allowing for more flexible and precise control over data validation. The introduction of tolerance logic, which checks for absolute and relative differences within specified thresholds via `abs_tolerance` and `rel_tolerance` parameters, provides more nuanced comparisons for numeric data. * Allow new lines in sql expression checks ([#1009](#1009)). SQL expression check function (`sql_expression`) has been updated to support new lines in its expression argument, allowing for more complex and formatted SQL expressions. * Allow summary metrics with SparkConnect sessions ([#1000](#1000)). The library now supports writing summary metrics directly to a table with SparkConnect sessions, eliminating the need for a classic compute cluster in Dedicated access mode. This change lifts the previous restriction and enables generatic summary metrics using Serverless and all standard clusters with Databricks Runtime 17.3LTS or higeher. * Fixed loading checks from a delta table with special characters ([#992](#992)). The loading checks functionality from a delta table has been fixed to handle special characters in the fully qualified table. * Fixed resolution of pii detection check function ([#1003](#1003)). The PII detection check function resolution has been enhanced to support the application of checks defined as metadata (YAML). * Fixed serialization/deserialization of row filter parameter for dataset-level rules ([#1021](#1021)). The `filter` field in checks definition now correctly pushes down the `filter` condition defined at the check-level as `row_filter` to the check function, allowing checks to operate on the relevant subset of rows before aggregation. The documentation has been updated to advice users to use op-level `filter` condition for consistency instead of `row_filter` parameter. Overall, these changes aim to enhance the overall user experience. * Improved Lakeflow Declarative Pipeline tests ([#1010](#1010)). The Lakeflow Declarative Pipeline (LDP) tests have been enhanced to utilize full Unity Catalog mode, enabling support for writing to arbitrary catalogs and schemas, and performing additional checks to prevent certain operations. * Updated Lakebase authentication method ([#975](#975)). The Lakebase authentication method has been updated to utilize a client ID instead of a username, simplifying its use in the context of a Databricks App. The `lakebase_user` parameter has been replaced with `lakebase_client_id`, an optional service principal client ID used to connect to Lakebase, defaulting to the caller's identity if not provided. This change enhances the security and reliability of the authentication process, making it easier to work with Lakebase as a checks storage. * Updated handling of metadata columns during schema validation ([#1002](#1002)). The `has_valid_schema` check has been enhanced to provide more flexibility in schema validation by introducing an optional `exclude_columns` parameter, allowing users to specify columns to ignore during validation. This parameter can be used to exclude metadata columns or other columns not relevant to schema validation, and it takes precedence over the `columns` list. * Updated product info when missing in config while verifying workspace client ([#987](#987)). The workspace client configuration has been enhanced to default product information to `dqx` with the current version when it is missing, ensuring that product information is always set for telemetry purposes. * Updated profiler and generator documentation ([#1026](#1026)). The data profiling and quality checks generation feature has been enhanced with updated documentation, providing reference information for data quality profile types and associated rules. * Added filter attribute in rules generated from ODCS ([#978](#978)). The rules generation process has been enhanced with the introduction of a filter attribute in rules generated from Open Data Contract Standard (ODCS), allowing for more flexible and targeted rules creation.
Change Log for New Release: * New DQX Data Quality Dashboard ([#1019](#1019)). The data quality dashboard has been significantly enhanced to provide a centralized view of data quality metrics across all tables, allowing users to monitor and track data quality issues with greater ease. The dashboard now consists of three tabs - Data Quality Summary, Data Quality by Table (Time Series), and Data Quality by Table (Full Snapshot) - each catering to different monitoring scenarios, and offers customizable parameters for reporting column names and filtering tables with data quality issues. Additionally, the installation process for the dashboard has been simplified, with options to import it directly to a Workspace or deploy it automatically using the Databricks CLI. * DQX App Skeleton ([#982](#982)). The DQX application (frontend and backend) has been built with a core set of features, including configuration management and AI-assisted rule generation based on natural-language input from users. A comprehensive README documents the application architecture as well as development and deployment workflows. Future versions of DQX will introduce additional functionality (loading/saving rules, rules authoring in graphical form) and provide a streamlined, user-friendly way to deploy the application directly into a Databricks workspace. * Added Decimal support to check functions and to min_max generator ([#1013](#1013)) ([#1017](#1017)). The data quality checks have been enhanced to support Python's Decimal type, in addition to int and float, for min/max validation checks, enabling proper data quality checks for decimal-precise financial and scientific data where floating-point precision issues would cause false positives. * Added DQX produciton best practices and fix datetime limit handling ([#997](#997)). Practical guidance and best practices for using DQX in production have been added, covering aspects such as storing checks in Delta tables, enforcing access controls, and optimizing rules for performance and scalability. Fixes have also been implemented to address issues related to handling date and datetime limits, particularly when provided as strings. * Added new row-level check functions: is_null, is_empty, and is_null_or_empty ([#1015](#1015)). DQX now includes three new check functions, `is_null`, `is_empty`, and `is_null_or_empty`, which enable verification of column values as null, empty strings, or both, complementing existing checks like `is_not_null`, `is_not_empty`, and `is_not_null_and_not_empty`. The functions also support optional arguments, like `trim_strings` to trim spaces from strings. * Added tolerance to equality and non-equality check functions ([#1011](#1011)). The library's quality check functionality has been enhanced to support absolute and relative tolerance parameters for numeric value comparisons in `is_equal_to`, `is_not_equal_to`, `is_aggr_equal` and `is_aggr_not_equal` checks, allowing for more flexible and precise control over data validation. The introduction of tolerance logic, which checks for absolute and relative differences within specified thresholds via `abs_tolerance` and `rel_tolerance` parameters, provides more nuanced comparisons for numeric data. * Allow new lines in sql expression checks ([#1009](#1009)). SQL expression check function (`sql_expression`) has been updated to support new lines in its expression argument, allowing for more complex and formatted SQL expressions. * Allow summary metrics with SparkConnect sessions ([#1000](#1000)). The library now supports writing summary metrics directly to a table with SparkConnect sessions, eliminating the need for a classic compute cluster in Dedicated access mode. This change lifts the previous restriction and enables generatic summary metrics using Serverless and all standard clusters with Databricks Runtime 17.3LTS or higeher. * Fixed loading checks from a delta table with special characters ([#992](#992)). The loading checks functionality from a delta table has been fixed to handle special characters in the fully qualified table. * Fixed resolution of pii detection check function ([#1003](#1003)). The PII detection check function resolution has been enhanced to support the application of checks defined as metadata (YAML). * Fixed serialization/deserialization of row filter parameter for dataset-level rules ([#1021](#1021)). The `filter` field in checks definition now correctly pushes down the `filter` condition defined at the check-level as `row_filter` to the check function, allowing checks to operate on the relevant subset of rows before aggregation. The documentation has been updated to advice users to use op-level `filter` condition for consistency instead of `row_filter` parameter. Overall, these changes aim to enhance the overall user experience. * Improved Lakeflow Declarative Pipeline tests ([#1010](#1010)). The Lakeflow Declarative Pipeline (LDP) tests have been enhanced to utilize full Unity Catalog mode, enabling support for writing to arbitrary catalogs and schemas, and performing additional checks to prevent certain operations. * Updated Lakebase authentication method ([#975](#975)). The Lakebase authentication method has been updated to utilize a client ID instead of a username, simplifying its use in the context of a Databricks App. The `lakebase_user` parameter has been replaced with `lakebase_client_id`, an optional service principal client ID used to connect to Lakebase, defaulting to the caller's identity if not provided. This change enhances the security and reliability of the authentication process, making it easier to work with Lakebase as a checks storage. * Updated handling of metadata columns during schema validation ([#1002](#1002)). The `has_valid_schema` check has been enhanced to provide more flexibility in schema validation by introducing an optional `exclude_columns` parameter, allowing users to specify columns to ignore during validation. This parameter can be used to exclude metadata columns or other columns not relevant to schema validation, and it takes precedence over the `columns` list. * Updated product info when missing in config while verifying workspace client ([#987](#987)). The workspace client configuration has been enhanced to default product information to `dqx` with the current version when it is missing, ensuring that product information is always set for telemetry purposes. * Updated profiler and generator documentation ([#1026](#1026)). The data profiling and quality checks generation feature has been enhanced with updated documentation, providing reference information for data quality profile types and associated rules. * Added filter attribute in rules generated from ODCS ([#978](#978)). The rules generation process has been enhanced with the introduction of a filter attribute in rules generated from Open Data Contract Standard (ODCS), allowing for more flexible and targeted rules creation. --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Changes
This feature branch updates the authentication mode to Lakebase to make it more straightforward to use dqx in the context of a Databricks App.
Linked issues
#974
Resolves #..
Tests