Add logout sub command

[RicNord]

Changes

• Implements [Feature] Add logout command #1639

This PR includes a new sub cmd: auth logout [PROFILE]. That will "logout" a specified profile, similar to az logout.

Logout process looks like this:

1. Determine profile
2. Load config file (Default: ~/.databrickscfg) and tokenCache (Default: ~/.databricks/token-cache.json)
3. Remove OAuth token it if exist
   4. Overwrite profile section in config file, but without any sensitive values, PAT token etc.

Tests

• Unit test has been written for added functionality.
• Local execution of built bin successful

[RicNord]

Hi,

Please dont hesitate to give feedback or any ideas of how to improve the PR, in case you have that! I would be happy to implement suggested changes, or elaborate further on the PR :)

[pietern]

@RicNord Thank you for this contribution!

We require a CLA to accept contributions. If you're open to signing one, could you send an email to [email protected], and I'll kickstart the process (this is a manual process still).

The new command looks great. As for the scope, I think we shouldn't rewrite the databrickscfg file. I'd rather keep parity between login/logout and focus exclusively on OAuth. If login supported non-OAuth profiles then it would make sense.

[pietern]

Could you add an unexported function to write the configuration to disk?

It can be shared between Store and Delete.

[RicNord]

Implemented in commit d037ec3

[mgyucht]

Thanks for the ping @pietern. I took a look at Azure CLI's implementation as a reference (https://github.com/Azure/azure-cli/blob/dev/src/azure-cli-core/azure/cli/core/_profile.py#L308), where they do actually remove the metadata about those subscriptions that the user is logging out of. It's also convenient in that it means that users don't have to manually modify the .databrickscfg file directly, which isn't very user-friendly. Even if login only supports the U2M OAuth flow, it might be nice that logout cleans up everything about the profile. I think the only real difference is that a user could login via a profile name, rather than needing to type the host (and account ID, if necessary).

[RicNord]

@RicNord Thank you for this contribution!

We require a CLA to accept contributions. If you're open to signing one, could you send an email to [email protected], and I'll kickstart the process (this is a manual process still).

The new command looks great. As for the scope, I think we shouldn't rewrite the databrickscfg file. I'd rather keep parity between login/logout and focus exclusively on OAuth. If login supported non-OAuth profiles then it would make sense.

Signed the CLA :)

Please let me know how to proceed with the scope of the PR!

[RicNord]

Hi @pietern and @mgyucht ,

I have signed the CLA :) Does it look good on your side?

Please let me know how you want to proceed with the scope of the PR, so I can make potential adjustments!

[RicNord]

Hi @pietern and @mgyucht, commit 865964e reduces the scope of the logout command to only remove the OAuth token from token-cache. Please let me know if it looks good to you, and if there is something else I need to do!

[github-actions]

If integration tests don't run automatically, an authorized user can run them manually by following the instructions below:

Trigger:
go/deco-tests-run/cli

Inputs:

• PR number: 1737
• Commit SHA: ca08796f77e577ef26801bef0d1e651f9728fae3

Checks will be approved automatically on success.

[RicNord]

Hi @pietern @mgyucht do you have any updates or feedback regarding this PR?