[TypeScript SDK] Simplify Databricks auth by delegating to Databricks SDK#19434
Conversation
|
@simonfaltum Thank you for the contribution! Could you fix the following issue(s)? ⚠ DCO checkThe DCO check failed. Please sign off your commit(s) by following the instructions here. See https://github.com/mlflow/mlflow/blob/master/CONTRIBUTING.md#sign-your-work for more details. ⚠ Invalid PR templateThis PR does not appear to have been filed using the MLflow PR template. Please copy the PR template from here and fill it out. |
0280d74 to
ef3a52a
Compare
… SDK - Add new auth module that delegates credential resolution to @databricks/sdk - Require DATABRICKS_HOST env var for Databricks connections (enables sync host resolution) - SDK handles PAT tokens, OAuth M2M, Azure/GCP credentials, and config profiles - Support OSS MLflow auth via basic auth or bearer token - Update artifacts clients to use AuthProvider pattern - Add authentication documentation to README 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Signed-off-by: simon <simon.faltum@databricks.com>
ef3a52a to
da8c3cb
Compare
MlflowClient and ArtifactsClient are internal APIs, so this removes backwards-compatibility options that are no longer needed: - Remove deprecated host, databricksToken, and tracking server credentials from MlflowClientOptions and ArtifactsClientOptions - Make authProvider a required parameter - Remove unused getRequestHeaders helper from utils.ts - Move base64 auth header encoding outside function scope for efficiency - Update provider.ts to use getAuthProvider() from config - Remove deprecated resolveAuthProvider alias This reduces code duplication by centralizing auth handling in the createAuthProvider function, which consumers should use to create an AuthProvider before passing it to these clients. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Signed-off-by: simon <simon.faltum@databricks.com>
| host: string; | ||
| databricksToken?: string; | ||
| }): ArtifactsClient { | ||
| export function getArtifactsClient(options: ArtifactsClientOptions): ArtifactsClient { |
There was a problem hiding this comment.
Let's keep using destructuring assignment. We can use destructuring assignment and interface together.
| private headersProvider: HeadersProvider; | ||
|
|
||
| constructor(options: { host: string }) { | ||
| constructor(options: MlflowArtifactsClientOptions) { |
| * | ||
| * @param options - Client configuration options | ||
| */ | ||
| constructor(options: MlflowClientOptions) { |
| const result: Record<string, string> = {}; | ||
| headers.forEach((value, key) => { | ||
| result[key] = value; | ||
| }); | ||
| return result; |
There was a problem hiding this comment.
Can we use Object.fromEntries(headers)?
| const headers = await this.headersProvider(); | ||
| const response = await makeRequest<CreateExperiment.Response>('POST', url, headers, payload); |
There was a problem hiding this comment.
nit: i wonder if it's worth defining some request helper on the class so we don't have to remember to call const headers = await this.headersProvider(); and pass it in to every request
There was a problem hiding this comment.
not a big deal for now as i guess we don't plan to add many more request types but just thinking for the future
There was a problem hiding this comment.
Great idea, I think we can replace headers with headersProvider in makeRequest to prevent such mistakes.
daniellok-db
left a comment
There was a problem hiding this comment.
lg overall, thanks for making this change!
What changes are proposed in this pull request?
This PR adds a new authentication module to the MLflow TypeScript SDK that provides flexible authentication for both self-hosted MLflow servers and managed MLflow services.
Key Changes:
New
authmodule (libs/typescript/core/src/auth/index.ts)AuthProviderinterface with syncgetHost()and asyncgetHeadersProvider()Updated artifacts clients
DatabricksArtifactsClientandMlflowArtifactsClientnow useAuthProviderpatterndatabricksTokenparameter kept for backwards compatibilityDocumentation
This change is fully backwards compatible.
How is this PR tested?
All 172 tests pass, including new tests for authentication configuration.
Does this PR require documentation update?
Updated
libs/typescript/README.mdwith authentication documentation for self-hosted MLflow servers.Release Notes
Is this a user-facing change?
The TypeScript SDK now has a dedicated authentication module supporting basic auth and bearer token authentication for MLflow tracking servers.
What component(s), interfaces, languages, and integrations does this PR affect?
Components
area/tracking: Tracking Service, tracking client APIs, autologgingarea/models: MLmodel format, model serialization/deserialization, flavorsarea/model-registry: Model Registry service, APIs, and the fluent client calls for Model Registryarea/scoring: MLflow Model server, model deployment tools, Spark UDFsarea/evaluation: MLflow model evaluation features, evaluation metrics, and evaluation workflowsarea/gateway: MLflow AI Gateway client APIs, server, and third-party integrationsarea/prompts: MLflow prompt engineering features, prompt templates, and prompt managementarea/tracing: MLflow Tracing features, tracing APIs, and LLM tracing functionalityarea/projects: MLproject format, project running backendsarea/uiux: Front-end, user experience, plotting, JavaScript, JavaScript dev serverarea/build: Build and test infrastructure for MLflowarea/docs: MLflow documentation pagesHow should the PR be classified in the release notes? Choose one:
rn/none- No description will be included. The PR will be mentioned only by the PR number in the "Small Bugfixes and Documentation Updates" sectionrn/breaking-change- The PR will be mentioned in the "Breaking Changes" sectionrn/feature- A new user-facing feature worth mentioning in the release notesrn/bug-fix- A user-facing bug fix worth mentioning in the release notesrn/documentation- A user-facing documentation change worth mentioning in the release notesShould this PR be included in the next patch release?