Skip to content

feat(kernel): close deferred feature rows — OAuth M2M/U2M, metric-view, initial namespace#396

Open
mani-mathur-arch wants to merge 2 commits into
mani/sea-kernel-build-recipefrom
mani/sea-kernel-dais-gaps
Open

feat(kernel): close deferred feature rows — OAuth M2M/U2M, metric-view, initial namespace#396
mani-mathur-arch wants to merge 2 commits into
mani/sea-kernel-build-recipefrom
mani/sea-kernel-dais-gaps

Conversation

@mani-mathur-arch

@mani-mathur-arch mani-mathur-arch commented Jul 12, 2026

Copy link
Copy Markdown
Collaborator

What

Closes the four deferred feature rows the SEA-via-kernel backend previously rejected at connect time. All are Go-side only — no new kernel dependency: the OAuth setters are on merged kernel #162, metric-view is an existing server session conf, and the initial namespace uses plain SQL.

  • Metric viewconfig.EffectiveSessionParams() derives the server conf (spark.sql.thriftserver.metadata.metricview.enabled) once, backend-neutrally, so both backends send the identical conf. The Thrift OpenSession special-case is removed (behaviour-preserving); the kernel forwards it via SessionConf. Reject dropped, reclassified forwarded.
  • Initial namespace — applied post-connect via USE CATALOG / USE SCHEMA (the OSS ODBC workaround) since the kernel C ABI has no catalog/schema setter. quoteIdent (untagged) backtick-quotes identifiers; a USE failure fails connect and closes the session (routed through call() so the close is logged). Reject dropped, reclassified forwarded.
  • OAuth M2M / U2M — the kernel drives its own OAuth flow from raw credentials (mirroring pyo3/napi and the Node/Python kernel bindings), read off cfg.Authenticator — the single source of truth (last-writer-wins, matching Thrift). The m2m/u2m authenticators expose credential-provider interfaces defined in internal/backend/kernel (kept off the public API so a secret-read capability is never exported); resolveKernelAuth type-switches them and returns kernel.Auth directly. KernelBackend.setAuth branches to set_auth_pat / set_auth_m2m / set_auth_u2m. U2M uses Go's cloud-inferred client id (scopes/redirect-port default to the kernel's; no Go option feeds them yet). No new config.UserConfig fields.

Stacked on #395 (mani/sea-kernel-build-recipe); additive only, so #393 and #395 are untouched.

Commits

  1. feat — the four features above.
  2. fix — code-review remediation: moved the OAuth credential-provider interfaces into internal/ (off the public API); collapsed the duplicate auth descriptor so validateKernelConfig/resolveKernelAuth return kernel.Auth directly; routed the initial-namespace failure-path close through call() so it logs; added a live M2M e2e + a last-writer-wins auth regression test; documented U2M interactivity, the dormant U2M scopes/port wiring, and the metric-view smoke test.

Known limitations (documented, not blocking)

  • OAuth U2M is interactive — on a token-cache miss, opening a connection launches the system browser and blocks up to the kernel's ~120s callback timeout; the connect context deadline is not honored during that window (the C ABI can't interrupt session open, and exposes no timeout override). Use PAT or M2M for headless/deadline-bound connects.
  • Custom M2M scopes aren't forwardable over the C ABI (set_auth_m2m takes no scopes arg) — a kernel gap shared with ODBC; no authorization impact (all-apis is always requested).

Testing

  • Default CGO_ENABLED=0 suite + golangci-lint v2.12.2 — clean repo-wide.
  • Tagged databricks_kernel unit tests — auth-mode → C-setter mapping (PAT/M2M/U2M), quoteIdent, config assembly/classification, error classifier.
  • Live staging e2e — PAT connect, per-type data types, CloudFetch, ctx cancellation, query tags / statement timeout / timezone, TLS skip-verify, initial namespace (current_catalog()/current_schema() match config), metric-view (connect+query smoke — the conf isn't SET-introspectable on either backend), Thrift parity.
  • M2M/U2M auth resolution covered by unit tests; live M2M skips without a staging service principal, U2M is interactive (not headless-runnable) — auth wiring is unit-verified.
  • Reviewed with the multi-reviewer code review + Isaac Review; all findings addressed or documented, final Isaac Review clean (0 findings).

This pull request and its description were written by Isaac.

@mani-mathur-arch mani-mathur-arch changed the title feat(kernel): close deferred DAIS rows — OAuth M2M/U2M, metric-view, initial namespace feat(kernel): close deferred feature rows — OAuth M2M/U2M, metric-view, initial namespace Jul 12, 2026
@mani-mathur-arch mani-mathur-arch force-pushed the mani/sea-kernel-build-recipe branch from 38c283f to 77e0231 Compare July 13, 2026 05:58
@mani-mathur-arch mani-mathur-arch force-pushed the mani/sea-kernel-dais-gaps branch from 2207471 to 1ebcaa7 Compare July 13, 2026 06:17
…initial namespace

Close the four DAIS-scope rows the SEA-via-kernel backend previously rejected at
connect time. All are Go-side only (no new kernel dependency): the OAuth setters
are on merged kernel #162, metric-view is an existing session conf, and the
namespace uses plain SQL.

- Metric view: config.EffectiveSessionParams() derives the server conf
  (spark.sql.thriftserver.metadata.metricview.enabled) once, backend-neutrally, so
  both backends send the identical conf. The Thrift OpenSession special-case is
  removed (behaviour-preserving); the kernel forwards it via SessionConf. Reject
  dropped; reclassified forwarded.
- Initial namespace: applied post-connect via USE CATALOG / USE SCHEMA (the OSS
  ODBC workaround) since the kernel C ABI has no catalog/schema setter. quoteIdent
  (untagged) backtick-quotes identifiers; a USE failure fails connect and closes
  the session. Reject dropped; reclassified forwarded.
- OAuth M2M/U2M: the kernel drives its own OAuth flow from raw credentials
  (mirroring pyo3/napi and the Node/Python kernel bindings), read off
  cfg.Authenticator — the single source of truth (last-writer-wins, matching
  Thrift). The m2m/u2m authenticators expose auth.M2MCredentialsProvider /
  auth.U2MCredentialsProvider; resolveKernelAuth type-switches them and returns a
  *kernelAuth descriptor. KernelBackend.setAuth branches to set_auth_pat /
  set_auth_m2m / set_auth_u2m; U2M uses Go's cloud-inferred client id (kernel
  defaults for scopes/port). No new config fields.

Verified: default CGO_ENABLED=0 suite + golangci-lint v2.12.2 clean; tagged
databricks_kernel unit tests (auth-mode -> setter mapping, quoteIdent); live
staging e2e for initial namespace (current_catalog/current_schema) and metric-view
(session opens + queries; the conf is not SET-introspectable on either backend).
M2M/U2M covered by unit tests (no staging service principal; U2M is interactive).

Co-authored-by: Isaac
… single-source auth, coverage + docs

Remediation of the code-review pass on the DAIS gap-closure work. Verified against
source; full default + tagged suites, golangci-lint v2.12.2, and live staging e2e
all green.

- Move the OAuth credential-provider interfaces (M2MCredentialsProvider /
  U2MCredentialsProvider) out of the public auth package into internal/backend/kernel,
  so the secret-reading capability is not part of the driver's public API. The
  unexported m2m/u2m authenticators satisfy them structurally.
- Collapse the duplicate auth descriptor: validateKernelConfig/resolveKernelAuth now
  return kernel.Auth directly (its type is in an untagged file, so the default build
  builds it cgo-free); dropped dbsql.kernelAuth, kernelAuthMode, and toKernelAuth
  (which also removed a stale build-tag comment).
- Route the initial-namespace failure-path session close through call() so a failed
  close is logged (via lastError's Warn), mirroring CloseSession.
- Add an env-guarded live M2M e2e (TestKernelE2EM2M, skips without
  DATABRICKS_CLIENT_ID/_SECRET) and a last-writer-wins auth regression test; the
  resolveKernelAuth -> kernel.Auth path is table-tested for M2M/U2M.
- Document: U2M is interactive (browser on cache-miss, blocks up to the kernel's
  ~120s callback timeout, connect ctx deadline not honored during that window, no
  C-ABI override — use PAT/M2M for headless); the U2M Scopes/RedirectPort fields are
  dormant-but-wired (no Go option feeds them yet); the metric-view e2e is a
  deliberate connect-smoke (routing asserted in TestEffectiveSessionParams).

Custom M2M scopes remain unforwardable over the C ABI (no scopes arg on
set_auth_m2m) — a kernel gap shared with ODBC, no authz impact (all-apis always
requested); tracked in the kernel-gaps notes rather than worked around.

Co-authored-by: Isaac
@mani-mathur-arch mani-mathur-arch force-pushed the mani/sea-kernel-dais-gaps branch from 89ce8fc to 024053d Compare July 13, 2026 09:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant