hwang-cadent opened a new pull request, #58157: URL: https://github.com/apache/airflow/pull/58157
## Description This PR adds support for Google-signed OpenID Connect (ID) token authentication for Databricks connections. This enables users to authenticate with Databricks using Google Cloud service accounts and ID tokens, which is particularly useful for environments where OAuth tokens or personal access tokens are not preferred. ## Changes * Added `use_google_id_token`, `google_id_token_target_principal`, and `google_id_token_target_audience` connection parameters to `BaseDatabricksHook` * Implemented `_get_google_id_token()` method for synchronous ID token generation using Google IAM Credentials API * Implemented `_a_get_google_id_token()` method for asynchronous ID token generation * Added support for service account impersonation via `google_id_token_target_principal` parameter * Updated `_get_token()` and `_a_get_token()` methods to check for Google ID token authentication and route to appropriate token generation methods * Added connection form widgets (`get_connection_form_widgets()`) for UI configuration of Google ID token parameters * Updated Databricks connection documentation with Google ID token authentication method * Added comprehensive unit tests for both sync and async Google ID token generation * Added unit tests for connection form widgets * Replaced `AirflowException` with standard Python exceptions (`ValueError`, `ConnectionError`, `OSError`) per PR guidelines ## Testing * All existing tests continue to pass * Added new test cases for Google ID token authentication in both sync and async scenarios * Added tests for service account impersonation * Added tests for connection form widgets * Verified error handling for missing Google authentication libraries * Tested fallback behavior when Google ID token is not enabled * Ensured backward compatibility with existing authentication methods ## Type of Change * New feature (non-breaking change which adds functionality) ## Dependencies This feature requires the `apache-airflow-providers-google` package to be installed for Google authentication libraries. The code gracefully handles the case when these libraries are not installed by raising `AirflowOptionalProviderFeatureException` with a helpful error message. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
