Open BenPhegan opened 1 year ago
@andrewnester - anything I can progress on this? Any thoughts as to the best approach?
hey @BenPhegan I also had trouble to use the new CLI in a docker container (bitbucket pipeline). I tried several authentication methods Databricks provided on their website but no of them was valid when I used the CLI in a bitbucket pipeline with a custom docker image or with Docker Desktop. Because of the failed auth process I wasn't able to use any of the API calls over the CLI.
Did you guys already found out a workaround for this (for e.g. which configuration I have to set for the container to get this CLI work)? Or any plans to get this work out-of-the-box for docker container in the future?
For the moment I replaced the CLI by requesting the API directly in the bitbucket pipeline but for a better readability and less code lines in my pipeline I would be happy when you guys could get this work in the future.
Thanks in advance.
Best regards, David
Hi @Uru9V , we got it working with a combination of a patched version of the CLI (using this: https://github.com/databricks/cli/pull/560/files#diff-c7f46e48b763b5ba29837574739bacc7a9eb04d1f5a67e29c7496171c8a0a7a2) and this PR: https://github.com/databricks/cli/pull/561
I would love to see fixes in so that we can use Docker interchangeably with the CLI binary natively. Waiting currently on discussions with maintainers as to which way they would like to see this fixed.
@BenPhegan Hi Ben! Sorry for the late response and thanks for the provided examples. If I see it correctly, binding to all :8020 instead of localhost:8020 seems to help the issue, correct? I was curious of 2 things:
I'd expect answer for 1 is yes, but 2 might be no?
Hi,
As discussed in https://github.com/databricks/cli/pull/560 I was looking to be able to run the
databricks auth login
process from a Docker container. During the attempt I came across an issue with the way the code is binding a listener for the callback.It appears that the callback is hard coded to
localhost:8200
, meaning that the browser needs to be able to communicate with thedatabricks
process onlocalhost:8200
when the authentication is complete. However, even when using-p 8200:8200
with a docker container thedatabricks
application was only binding a private network port that could not easily be made to tunnel through to the host. This is probably not the only failure state with multi-interface networking. The code in question is here: https://github.com/databricks/cli/blob/main/libs/auth/oauth.go#L155 and the API description is here: https://pkg.go.dev/net#ListenAs stated in the documentation:
@pietern stated a preference for non-public interfaces only. There are a few approaches that could be taken to fix this that I could think of:
--insecure-bind
or equivalent flag. Default to the existing behaviour, but allow this flag to bind to all network interfaces by changing fromlocalhost:8200
to only:8200
as per the fix described in #560 .There are probably other approaches as well. Happy to make the changes, but it would be good to have a discussion around the best approach first.
Regards,
Ben