Merge branch 'main' into databricks-wif

Author: hectorcast-db

.codegen/_openapi_sha

@@ -1 +1 @@
-31b3fea21dbe5a3a652937691602eb66d6dba30b
+05692f4dcf168be190bb7bcda725ee8b368b7ae3

.gitattributes

@@ -1,3 +1,3 @@
 {
-    "timestamp": "2025-03-26 13:43:47+0000"
+    "timestamp": "2025-04-14 14:27:28+0000"
 }

.release_metadata.json

@@ -1,5 +1,42 @@
 # Version changelog
 
+## Release v0.45.0
+
+### API Changes
+* Added `workspaceClient.enableExportNotebook()` service, `workspaceClient.enableNotebookTableClipboard()` service and `workspaceClient.enableResultsDownloading()` service.
+* Added `getCredentialsForTraceDataDownload()` and `getCredentialsForTraceDataUpload()` methods for `workspaceClient.experiments()` service.
+* Added `getDownloadFullQueryResult()` method for `workspaceClient.genie()` service.
+* Added `getPublishedDashboardTokenInfo()` method for `workspaceClient.lakeviewEmbedded()` service.
+* Added `bindingWorkspaceIds` field for `com.databricks.sdk.service.billing.BudgetPolicy`.
+* Added `downloadId` field for `com.databricks.sdk.service.dashboards.GenieGenerateDownloadFullQueryResultResponse`.
+* Added `dashboardOutput` field for `com.databricks.sdk.service.jobs.RunOutput`.
+* Added `dashboardTask` and `powerBiTask` fields for `com.databricks.sdk.service.jobs.RunTask`.
+* Added `dashboardTask` and `powerBiTask` fields for `com.databricks.sdk.service.jobs.SubmitTask`.
+* Added `dashboardTask` and `powerBiTask` fields for `com.databricks.sdk.service.jobs.Task`.
+* Added `includeFeatures` field for `com.databricks.sdk.service.ml.CreateForecastingExperimentRequest`.
+* Added `models` field for `com.databricks.sdk.service.ml.LogInputs`.
+* Added `datasetDigest`, `datasetName` and `modelId` fields for `com.databricks.sdk.service.ml.LogMetric`.
+* Added `datasetDigest`, `datasetName`, `modelId` and `runId` fields for `com.databricks.sdk.service.ml.Metric`.
+* Added `modelInputs` field for `com.databricks.sdk.service.ml.RunInputs`.
+* Added `clientApplication` field for `com.databricks.sdk.service.sql.QueryInfo`.
+* Added `GEOGRAPHY` and `GEOMETRY` enum values for `com.databricks.sdk.service.catalog.ColumnTypeName`.
+* Added `ALLOCATION_TIMEOUT_NO_HEALTHY_AND_WARMED_UP_CLUSTERS`, `DOCKER_CONTAINER_CREATION_EXCEPTION`, `DOCKER_IMAGE_TOO_LARGE_FOR_INSTANCE_EXCEPTION` and `DOCKER_INVALID_OS_EXCEPTION` enum values for `com.databricks.sdk.service.compute.TerminationReasonCode`.
+* Added `STANDARD` enum value for `com.databricks.sdk.service.jobs.PerformanceTarget`.
+* Added `CAN_VIEW` enum value for `com.databricks.sdk.service.sql.WarehousePermissionLevel`.
+* [Breaking] Changed `generateDownloadFullQueryResult()` method for `workspaceClient.genie()` service . Method path has changed.
+* [Breaking] Changed waiter for `workspaceClient.commandExecution().create()` method.
+* [Breaking] Changed waiter for `workspaceClient.commandExecution().execute()` method.
+* [Breaking] Removed `error`, `status` and `transientStatementId` fields for `com.databricks.sdk.service.dashboards.GenieGenerateDownloadFullQueryResultResponse`.
+* [Breaking] Removed `BALANCED` and `COST_OPTIMIZED` enum values for `com.databricks.sdk.service.jobs.PerformanceTarget`.
+* [Breaking] Removed `workspaceClient.pipelines().waitGetPipelineRunning()` method.
+
+
+## Release v0.44.0
+
+### Bug Fixes
+* Fix issue deserializing HTTP responses with an empty body ([#426](https://github.com/databricks/databricks-sdk-java/pull/426)).
+
+
 ## Release v0.43.0
 
 ### API Changes

CHANGELOG.md

@@ -1,15 +1,16 @@
 # NEXT CHANGELOG
 
-## Release v0.44.0
+## Release v0.46.0
 
 ### New Features and Improvements
+ * Added `TokenCache` to `ExternalBrowserCredentialsProvider` to reduce number of authentications needed for U2M OAuth.
+ 
 * Introduce support for Databricks Workload Identity Federation in GitHub workflows ([423](https://github.com/databricks/databricks-sdk-java/pull/423)).
   See README.md for instructions.
 * [Breaking] Users running their workflows in GitHub Actions, which use Cloud native authentication and also have a `DATABRICKS_CLIENT_ID` and `DATABRICKS_HOST`
   environment variables set may see their authentication start failing due to the order in which the SDK tries different authentication methods.
 
 ### Bug Fixes
-* Fix issue deserializing HTTP responses with an empty body ([#426](https://github.com/databricks/databricks-sdk-java/pull/426)).
 
 ### Documentation
 

NEXT_CHANGELOG.md

@@ -5,7 +5,7 @@
   <parent>
     <groupId>com.databricks</groupId>
     <artifactId>databricks-sdk-parent</artifactId>
-    <version>0.43.0</version>
+    <version>0.45.0</version>
   </parent>
   <artifactId>databricks-sdk-java</artifactId>
   <properties>
@@ -97,5 +97,11 @@
       <artifactId>google-auth-library-oauth2-http</artifactId>
       <version>1.20.0</version>
     </dependency>
+    <!-- Jackson JSR310 module needed to serialize/deserialize java.time classes in TokenCache -->
+    <dependency>
+      <groupId>com.fasterxml.jackson.datatype</groupId>
+      <artifactId>jackson-datatype-jsr310</artifactId>
+      <version>${jackson.version}</version>
+    </dependency>
   </dependencies>
 </project>

databricks-sdk-java/pom.xml

@@ -685,4 +685,14 @@ public DatabricksConfig newWithWorkspaceHost(String host) {
                 "headerFactory"));
     return clone(fieldsToSkip).setHost(host);
   }
+
+  /**
+   * Gets the default OAuth redirect URL. If one is not provided explicitly, uses
+   * http://localhost:8080/callback
+   *
+   * @return The OAuth redirect URL to use
+   */
+  public String getEffectiveOAuthRedirectUrl() {
+    return redirectUrl != null ? redirectUrl : "http://localhost:8080/callback";
+  }
 }

databricks-sdk-java/src/main/java/com/databricks/sdk/core/DatabricksConfig.java

@@ -36,7 +36,7 @@ public String getValue() {
   // TODO: check if reading from
   // /META-INF/maven/com.databricks/databrics-sdk-java/pom.properties
   // or getClass().getPackage().getImplementationVersion() is enough.
-  private static final String version = "0.43.0";
+  private static final String version = "0.45.0";
 
   public static void withProduct(String product, String productVersion) {
     UserAgent.product = product;

databricks-sdk-java/src/main/java/com/databricks/sdk/core/UserAgent.java

@@ -5,12 +5,38 @@
 import com.databricks.sdk.core.DatabricksException;
 import com.databricks.sdk.core.HeaderFactory;
 import java.io.IOException;
+import java.nio.file.Path;
+import java.util.Objects;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 /**
  * A {@code CredentialsProvider} which implements the Authorization Code + PKCE flow by opening a
- * browser for the user to authorize the application.
+ * browser for the user to authorize the application. Uses a specified TokenCache or creates a
+ * default one if none is provided.
  */
 public class ExternalBrowserCredentialsProvider implements CredentialsProvider {
+  private static final Logger LOGGER =
+      LoggerFactory.getLogger(ExternalBrowserCredentialsProvider.class);
+
+  private TokenCache tokenCache;
+
+  /**
+   * Creates a new ExternalBrowserCredentialsProvider with the specified TokenCache.
+   *
+   * @param tokenCache the TokenCache to use for caching tokens
+   */
+  public ExternalBrowserCredentialsProvider(TokenCache tokenCache) {
+    this.tokenCache = tokenCache;
+  }
+
+  /**
+   * Creates a new ExternalBrowserCredentialsProvider with a default TokenCache. A FileTokenCache
+   * will be created when credentials are configured.
+   */
+  public ExternalBrowserCredentialsProvider() {
+    this(null);
+  }
 
   @Override
   public String authType() {
@@ -19,16 +45,87 @@ public String authType() {
 
   @Override
   public HeaderFactory configure(DatabricksConfig config) {
-    if (config.getHost() == null || config.getAuthType() != "external-browser") {
+    if (config.getHost() == null || !Objects.equals(config.getAuthType(), "external-browser")) {
       return null;
     }
+
+    // Use the utility class to resolve client ID and client secret
+    String clientId = OAuthClientUtils.resolveClientId(config);
+    String clientSecret = OAuthClientUtils.resolveClientSecret(config);
+
     try {
-      OAuthClient client = new OAuthClient(config);
-      Consent consent = client.initiateConsent();
-      SessionCredentials creds = consent.launchExternalBrowser();
-      return creds.configure(config);
+      if (tokenCache == null) {
+        // Create a default FileTokenCache based on config
+        Path cachePath =
+            TokenCacheUtils.getCacheFilePath(config.getHost(), clientId, config.getScopes());
+        tokenCache = new FileTokenCache(cachePath);
+      }
+
+      // First try to use the cached token if available (will return null if disabled)
+      Token cachedToken = tokenCache.load();
+      if (cachedToken != null && cachedToken.getRefreshToken() != null) {
+        LOGGER.debug("Found cached token for {}:{}", config.getHost(), clientId);
+
+        try {
+          // Create SessionCredentials with the cached token and try to refresh if needed
+          SessionCredentials cachedCreds =
+              new SessionCredentials.Builder()
+                  .withToken(cachedToken)
+                  .withHttpClient(config.getHttpClient())
+                  .withClientId(clientId)
+                  .withClientSecret(clientSecret)
+                  .withTokenUrl(config.getOidcEndpoints().getTokenEndpoint())
+                  .withRedirectUrl(config.getEffectiveOAuthRedirectUrl())
+                  .withTokenCache(tokenCache)
+                  .build();
+
+          LOGGER.debug("Using cached token, will immediately refresh");
+          cachedCreds.token = cachedCreds.refresh();
+          return cachedCreds.configure(config);
+        } catch (Exception e) {
+          // If token refresh fails, log and continue to browser auth
+          LOGGER.info("Token refresh failed: {}, falling back to browser auth", e.getMessage());
+        }
+      }
+
+      // If no cached token or refresh failed, perform browser auth
+      SessionCredentials credentials =
+          performBrowserAuth(config, clientId, clientSecret, tokenCache);
+      tokenCache.save(credentials.getToken());
+      return credentials.configure(config);
     } catch (IOException | DatabricksException e) {
+      LOGGER.error("Failed to authenticate: {}", e.getMessage());
       return null;
     }
   }
+
+  SessionCredentials performBrowserAuth(
+      DatabricksConfig config, String clientId, String clientSecret, TokenCache tokenCache)
+      throws IOException {
+    LOGGER.debug("Performing browser authentication");
+    OAuthClient client =
+        new OAuthClient.Builder()
+            .withHttpClient(config.getHttpClient())
+            .withClientId(clientId)
+            .withClientSecret(clientSecret)
+            .withHost(config.getHost())
+            .withRedirectUrl(config.getEffectiveOAuthRedirectUrl())
+            .withScopes(config.getScopes())
+            .build();
+    Consent consent = client.initiateConsent();
+
+    // Use the existing browser flow to get credentials
+    SessionCredentials credentials = consent.launchExternalBrowser();
+
+    // Create a new SessionCredentials with the same token but with our token cache
+    return new SessionCredentials.Builder()
+        .withToken(credentials.getToken())
+        .withHttpClient(config.getHttpClient())
+        .withClientId(config.getClientId())
+        .withClientSecret(config.getClientSecret())
+        .withTokenUrl(config.getOidcEndpoints().getTokenEndpoint())
+        .withRedirectUrl(config.getEffectiveOAuthRedirectUrl())
+        .withTokenCache(tokenCache)
+        .build();
+  }
 }

databricks-sdk-java/src/main/java/com/databricks/sdk/core/oauth/ExternalBrowserCredentialsProvider.java

@@ -0,0 +1,77 @@
+package com.databricks.sdk.core.oauth;
+
+import com.databricks.sdk.core.utils.SerDeUtils;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import java.io.File;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.Objects;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/** A TokenCache implementation that stores tokens as plain files. */
+public class FileTokenCache implements TokenCache {
+  private static final Logger LOGGER = LoggerFactory.getLogger(FileTokenCache.class);
+
+  private final Path cacheFile;
+  private final ObjectMapper mapper;
+
+  /**
+   * Constructs a new SimpleFileTokenCache instance.
+   *
+   * @param cacheFilePath The path where the token cache will be stored
+   */
+  public FileTokenCache(Path cacheFilePath) {
+    Objects.requireNonNull(cacheFilePath, "cacheFilePath must be defined");
+
+    this.cacheFile = cacheFilePath;
+    this.mapper = SerDeUtils.createMapper();
+  }
+
+  @Override
+  public void save(Token token) {
+    try {
+      Files.createDirectories(cacheFile.getParent());
+
+      // Serialize token to JSON
+      String json = mapper.writeValueAsString(token);
+      byte[] dataToWrite = json.getBytes(StandardCharsets.UTF_8);
+
+      Files.write(cacheFile, dataToWrite);
+      // Set file permissions to be readable only by the owner (equivalent to 0600)
+      File file = cacheFile.toFile();
+      file.setReadable(false, false);
+      file.setReadable(true, true);
+      file.setWritable(false, false);
+      file.setWritable(true, true);
+
+      LOGGER.debug("Successfully saved token to cache: {}", cacheFile);
+    } catch (Exception e) {
+      LOGGER.warn("Failed to save token to cache: {}", cacheFile, e);
+    }
+  }
+
+  @Override
+  public Token load() {
+    try {
+      if (!Files.exists(cacheFile)) {
+        LOGGER.debug("No token cache file found at: {}", cacheFile);
+        return null;
+      }
+
+      byte[] fileContent = Files.readAllBytes(cacheFile);
+
+      // Deserialize token from JSON
+      String json = new String(fileContent, StandardCharsets.UTF_8);
+      Token token = mapper.readValue(json, Token.class);
+      LOGGER.debug("Successfully loaded token from cache: {}", cacheFile);
+      return token;
+    } catch (Exception e) {
+      // If there's any issue loading the token, return null
+      // to allow a fresh token to be obtained
+      LOGGER.warn("Failed to load token from cache: {}", e.getMessage());
+      return null;
+    }
+  }
+}