Skip to content

acc: run jobs destroy_without_mgmtperms/with_permissions locally#5769

Merged
radakam merged 2 commits into
mainfrom
acc-local-destroy-without-mgmtperms-with-permissions
Jul 3, 2026
Merged

acc: run jobs destroy_without_mgmtperms/with_permissions locally#5769
radakam merged 2 commits into
mainfrom
acc-local-destroy-without-mgmtperms-with-permissions

Conversation

@radakam

@radakam radakam commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Changes

  • Flip destroy_without_mgmtperms/with_permissions to also run locally against testserver.
  • testserver: share one FakeWorkspace across a test's user/SP/guest-SP tokens by stripping the dbapi0/dbapi1/dbapi2 identity prefix, and resolve identity per request token (the guest SP reports deco-test-spn on /Me).
  • testserver: enforce job read/manage/delete permissions for the guest SP with backend-matching PERMISSION_DENIED errors.
  • harness: inject TEST_SP_TOKEN for local runs; script falls back DATABRICKS_CLIENT_ID to the current identity.

Why

The test drives a guest service principal (as-test-sp) that lacks manage permissions on a job and tries to read/destroy it. Running it locally requires the fake workspace to model multiple identities sharing one workspace and to enforce job permissions the way cloud does. Golden files are unchanged, so local output now matches cloud for both engines.

Tests

  • destroy_without_mgmtperms/with_permissions now runs locally in addition to cloud; golden files are unchanged, so local output matches cloud for both engines.

@radakam radakam temporarily deployed to test-trigger-is June 30, 2026 08:50 — with GitHub Actions Inactive
@radakam radakam temporarily deployed to test-trigger-is June 30, 2026 08:50 — with GitHub Actions Inactive
@radakam radakam temporarily deployed to test-trigger-is June 30, 2026 09:01 — with GitHub Actions Inactive
@radakam radakam temporarily deployed to test-trigger-is June 30, 2026 09:01 — with GitHub Actions Inactive
@eng-dev-ecosystem-bot

eng-dev-ecosystem-bot commented Jun 30, 2026

Copy link
Copy Markdown
Collaborator

Integration test report

Commit: 638f947

Run: 28652617968

Env 🟨​KNOWN 💚​RECOVERED 🙈​SKIP ✅​pass 🙈​skip Time
🟨​ aws linux 4 3 14 230 1045 4:47
🟨​ aws windows 4 3 14 232 1043 4:56
💚​ aws-ucws linux 7 14 314 963 4:52
💚​ aws-ucws windows 7 14 316 961 3:51
💚​ azure linux 4 15 230 1044 4:03
💚​ azure windows 4 15 232 1042 3:58
💚​ azure-ucws linux 4 15 316 960 4:56
💚​ azure-ucws windows 4 15 318 958 3:46
💚​ gcp linux 4 15 229 1046 3:51
💚​ gcp windows 4 15 231 1044 3:36
21 interesting tests: 14 SKIP, 4 KNOWN, 3 RECOVERED
Test Name aws linux aws windows aws-ucws linux aws-ucws windows azure linux azure windows azure-ucws linux azure-ucws windows gcp linux gcp windows
🟨​ TestAccept 🟨​K 🟨​K 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R
🙈​ TestAccept/bundle/invariant/no_drift 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/permissions 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🟨​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions 🟨​K 🟨​K 💚​R 💚​R 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🟨​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions/DATABRICKS_BUNDLE_ENGINE=direct 🟨​K 🟨​K 💚​R 💚​R
🟨​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions/DATABRICKS_BUNDLE_ENGINE=terraform 🟨​K 🟨​K 💚​R 💚​R
🙈​ TestAccept/bundle/resources/postgres_branches/basic 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/recreate 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/replace_existing 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/update_protected 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/without_branch_id 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_endpoints/basic 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_projects/update_display_name 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/synced_database_tables/basic 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/vector_search_endpoints/drift/recreated_same_name 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/vector_search_indexes/recreate/embedding_dimension 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/ssh/connection 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
💚​ TestFetchRepositoryInfoAPI_FromRepo 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R
💚​ TestFetchRepositoryInfoAPI_FromRepo/root 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R
💚​ TestFetchRepositoryInfoAPI_FromRepo/subdir 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R
Top 4 slowest tests (at least 2 minutes):
duration env testname
3:03 azure windows TestAccept
2:54 aws-ucws windows TestAccept
2:46 gcp windows TestAccept
2:39 azure-ucws windows TestAccept

@radakam radakam marked this pull request as ready for review June 30, 2026 09:40
@radakam radakam enabled auto-merge July 3, 2026 09:44
radakam added 2 commits July 3, 2026 09:45
Convert the destroy_without_mgmtperms/with_permissions acceptance test to
run against the local testserver in addition to cloud. The test exercises a
guest service principal (the as-test-sp helper) that lacks manage permissions
on a job, so the testserver needs a multi-identity, permission-aware model.

- testserver: share one FakeWorkspace across a test's user, primary SP, and
  guest SP tokens by stripping the dbapi0/dbapi1/dbapi2 identity prefix, so
  multiple identities see the same state like a real workspace.
- testserver: resolve identity per request token; the guest SP (dbapi2)
  reports the deco-test-spn display name on /Me, matching the named SP on
  cloud, while single-identity SP tests are unaffected.
- testserver: enforce job read/manage/delete permissions for the guest SP
  with the same PERMISSION_DENIED error strings the backend returns.
- harness: inject TEST_SP_TOKEN for local runs (guest prefix + the primary
  token's uuid suffix) so as-test-sp shares the workspace.
- script: fall back DATABRICKS_CLIENT_ID to the current identity locally so
  the owner principal matches cloud.
Trim the comments added in the previous commit to be short and meaningful.
@radakam radakam force-pushed the acc-local-destroy-without-mgmtperms-with-permissions branch from 9fb82ac to 638f947 Compare July 3, 2026 09:46
@radakam radakam temporarily deployed to test-trigger-is July 3, 2026 09:47 — with GitHub Actions Inactive
@radakam radakam temporarily deployed to test-trigger-is July 3, 2026 09:47 — with GitHub Actions Inactive
@radakam radakam added this pull request to the merge queue Jul 3, 2026
Merged via the queue into main with commit 6fb5c5c Jul 3, 2026
23 checks passed
@radakam radakam deleted the acc-local-destroy-without-mgmtperms-with-permissions branch July 3, 2026 10:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants