Skip to content

Add auth logout command with --profile and --force flags#4613

Closed
mihaimitrea-db wants to merge 20 commits intomainfrom
mihaimitrea-db/stack/auth_logout
Closed

Add auth logout command with --profile and --force flags#4613
mihaimitrea-db wants to merge 20 commits intomainfrom
mihaimitrea-db/stack/auth_logout

Conversation

@mihaimitrea-db
Copy link
Collaborator

@mihaimitrea-db mihaimitrea-db commented Feb 27, 2026
edited
Loading

🥞 Stacked PR

Use this link to review incremental changes.

Implement databricks auth logout which clears cached OAuth tokens for a profile and, optionally, removes the profile from ~/.databrickscfg.

By default the command only clears tokens, requiring re-authentication on next use. Pass --delete to also remove the profile entry from the config file. This iteration supports explicit profile selection via --profile and a --force flag to skip the confirmation prompt. Interactive profile selection will be added in a follow-up.

Token cache cleanup is best-effort: the profile-keyed token is always removed, and the host-keyed token is removed only when no other profile references the same host.

Changes

  • Add databricks auth logout command (cmd/auth/logout.go) registered under the auth command group.
  • --profile selects the profile to log out of; --force skips the confirmation prompt.
  • --delete opts in to removing the profile section from ~/.databrickscfg. Without it, only cached OAuth tokens are cleared.
  • clearTokenCache removes the profile-keyed token and, if no other profile shares the same host, the host-keyed token. Host URLs are normalized (trailing slash stripped) to match token cache keys.
  • DeleteProfile in libs/databrickscfg/ops.go removes a named section from ~/.databrickscfg, creating a .bak backup first.

Why

There is currently no way to log out of a Databricks profile from the CLI. Users must manually edit ~/.databrickscfg and locate/delete token cache entries. This command provides a safe, single-step logout that handles token cleanup and optional profile removal.

Open issue from users requesting this feature: #1639

Tests

  • Unit tests for runLogout covering: successful logout, logout with --delete, non-interactive mode without --force, non-existent profile, shared-host token preservation, and logout with an empty token cache.
  • Unit tests for DeleteProfile covering: deleting an existing profile, profile not found, and custom config path.
  • Acceptance tests covering: profile ordering and comments preserved after deletion, deleting the last non-default profile, deleting the DEFAULT profile, token-only logout for unique and shared hosts, and error paths for non-existent profiles and missing --profile in non-interactive mode.
  • Manual testing by authenticating into multiple profiles and logging out.

@mihaimitrea-db mihaimitrea-db marked this pull request as draft February 27, 2026 12:14
@eng-dev-ecosystem-bot
Copy link
Collaborator

eng-dev-ecosystem-bot commented Feb 27, 2026
edited
Loading

Commit: c9e8d79

Run: 22909838926

Env ❌​FAIL 🔄​flaky 💚​RECOVERED 🙈​SKIP ✅​pass 🙈​skip Time
💚​ aws linux 8 7 268 788 9:51
🔄​ aws windows 2 6 7 270 786 8:09
🔄​ aws-ucws linux 3 8 7 362 703 20:41
🔄​ aws-ucws windows 4 7 7 364 701 17:42
💚​ azure linux 2 9 271 786 8:48
💚​ azure windows 2 9 273 784 9:25
❌​ azure-ucws linux 1 2 1 9 366 699 20:13
❌​ azure-ucws windows 1 4 1 9 366 697 19:11
💚​ gcp linux 2 9 267 789 7:43
💚​ gcp windows 2 9 269 787 7:02
20 interesting tests: 7 SKIP, 6 flaky, 6 RECOVERED, 1 FAIL
Test Name aws linux aws windows aws-ucws linux aws-ucws windows azure linux azure windows azure-ucws linux azure-ucws windows gcp linux gcp windows
🔄​ TestAccept 💚​R 🔄​f 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R
🙈​ TestAccept/bundle/resources/permissions 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🔄​ TestAccept/bundle/resources/permissions/jobs/delete_one/cloud 🙈​s 🙈​s 🔄​f ✅​p 🙈​s 🙈​s ✅​p 🔄​f 🙈​s 🙈​s
🔄​ TestAccept/bundle/resources/permissions/jobs/delete_one/cloud/DATABRICKS_BUNDLE_ENGINE=direct 🔄​f 🔄​f ✅​p 🔄​f
🔄​ TestAccept/bundle/resources/permissions/jobs/delete_one/cloud/DATABRICKS_BUNDLE_ENGINE=terraform ✅​p 🔄​f ✅​p ✅​p
💚​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions 💚​R 💚​R 💚​R 💚​R 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
💚​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions/DATABRICKS_BUNDLE_ENGINE=direct 💚​R 💚​R 💚​R 💚​R
💚​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions/DATABRICKS_BUNDLE_ENGINE=terraform 💚​R 💚​R 💚​R 💚​R
💚​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions 💚​R 💚​R 💚​R 💚​R 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
💚​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions/DATABRICKS_BUNDLE_ENGINE=direct 💚​R 💚​R 💚​R 💚​R
💚​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions/DATABRICKS_BUNDLE_ENGINE=terraform 💚​R 💚​R 💚​R 💚​R
🙈​ TestAccept/bundle/resources/postgres_branches/basic 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/recreate 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/update_protected 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/without_branch_id 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_endpoints/recreate 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/synced_database_tables/basic 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🔄​ TestAccept/ssh/connect-serverless-gpu 🙈​s 🙈​s 🔄​f 🔄​f 🙈​s 🙈​s 🔄​f 🔄​f 🙈​s 🙈​s
🔄​ TestAccept/ssh/connection 💚​R 🔄​f 💚​R 🔄​f 💚​R 💚​R 🔄​f 🔄​f 💚​R 💚​R
❌​ TestFetchRepositoryInfoAPI_FromRepo ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ❌​F ❌​F ✅​p ✅​p
Top 40 slowest tests (at least 2 minutes):
duration env testname
4:54 gcp windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
4:50 aws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
4:47 aws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
4:46 azure-ucws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
4:34 aws-ucws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
4:29 azure windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
4:29 azure windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
4:24 aws-ucws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
4:16 aws-ucws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
4:04 aws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
4:01 aws-ucws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:51 azure-ucws windows TestAccept/bundle/resources/permissions/jobs/delete_one/cloud/DATABRICKS_BUNDLE_ENGINE=terraform
3:45 aws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:41 azure-ucws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:33 gcp windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:32 azure-ucws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:26 gcp linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:21 azure-ucws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:19 gcp linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:18 azure-ucws windows TestAccept/bundle/deploy/files/no-snapshot-sync/DATABRICKS_BUNDLE_ENGINE=terraform
3:06 aws-ucws windows TestAccept/bundle/deploy/files/no-snapshot-sync/DATABRICKS_BUNDLE_ENGINE=terraform
2:49 aws-ucws linux TestAccept/bundle/resources/volumes/recreate/DATABRICKS_BUNDLE_ENGINE=direct
2:49 azure linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:47 aws-ucws linux TestAccept/bundle/resources/volumes/recreate/DATABRICKS_BUNDLE_ENGINE=terraform
2:43 azure linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:39 aws-ucws linux TestAccept/bundle/deploy/files/no-snapshot-sync/DATABRICKS_BUNDLE_ENGINE=direct
2:36 aws-ucws linux TestAccept/bundle/resources/alerts/with_file/DATABRICKS_BUNDLE_ENGINE=terraform
2:35 aws-ucws windows TestAccept/bundle/deploy/files/no-snapshot-sync/DATABRICKS_BUNDLE_ENGINE=direct
2:32 azure-ucws linux TestAccept/bundle/resources/permissions/jobs/delete_one/cloud/DATABRICKS_BUNDLE_ENGINE=terraform
2:22 azure-ucws windows TestAccept/bundle/resources/dashboards/generate_inplace/DATABRICKS_BUNDLE_ENGINE=terraform
2:14 azure-ucws windows TestSparkJarTaskDeployAndRunOnWorkspace/Databricks_Runtime_14.3_LTS
2:11 aws-ucws linux TestAccept/bundle/resources/model_serving_endpoints/basic/DATABRICKS_BUNDLE_ENGINE=terraform
2:09 azure-ucws linux TestAccept/bundle/deploy/files/no-snapshot-sync/DATABRICKS_BUNDLE_ENGINE=terraform
2:08 aws-ucws linux TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions/DATABRICKS_BUNDLE_ENGINE=direct
2:08 aws windows TestAccept/bundle/resources/jobs/no-git-provider/DATABRICKS_BUNDLE_ENGINE=terraform
2:08 azure-ucws linux TestAccept/bundle/resources/permissions/jobs/delete_one/cloud/DATABRICKS_BUNDLE_ENGINE=direct
2:03 aws-ucws linux TestAccept/ssh/connect-serverless-gpu
2:01 azure-ucws linux TestAccept/bundle/resources/volumes/recreate/DATABRICKS_BUNDLE_ENGINE=direct
2:01 azure-ucws linux TestAccept/bundle/resources/model_serving_endpoints/basic/DATABRICKS_BUNDLE_ENGINE=terraform
2:00 aws-ucws linux TestAccept/bundle/deployment/bind/job/generate-and-bind/DATABRICKS_BUNDLE_ENGINE=terraform

@mihaimitrea-db mihaimitrea-db self-assigned this Feb 27, 2026
@mihaimitrea-db mihaimitrea-db mentioned this pull request Feb 27, 2026
Closed
@mihaimitrea-db mihaimitrea-db force-pushed the mihaimitrea-db/stack/auth_logout branch from 0b2d46f to 5f039b9 Compare March 2, 2026 11:42
@mihaimitrea-db mihaimitrea-db linked an issue Mar 2, 2026 that may be closed by this pull request
[Feature] Add logout command #1639
Closed
@mihaimitrea-db mihaimitrea-db marked this pull request as ready for review March 2, 2026 14:06
simonfaltum
simonfaltum approved these changes Mar 2, 2026
View reviewed changes
Copy link
Member

@simonfaltum simonfaltum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! Maybe add an extra test but can also be done in a follow up at a later stage

pietern
pietern reviewed Mar 3, 2026
View reviewed changes
Copy link
Contributor

@pietern pietern left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I recommend adding a few acceptance tests to test this e2e.

That would also capture some of the error messages.

@pietern
Copy link
Contributor

pietern commented Mar 3, 2026

An acceptance test will also confirm the before/after state of the .databrickscfg file.

I would like to see if comments, ordering, etc, are retained upon profile deletion.

@mihaimitrea-db mihaimitrea-db force-pushed the mihaimitrea-db/stack/auth_logout branch from b8fed18 to 0ca6e59 Compare March 3, 2026 08:56
@mihaimitrea-db mihaimitrea-db force-pushed the mihaimitrea-db/stack/auth_logout branch from 9cf58d8 to 66871b3 Compare March 3, 2026 12:30
@mihaimitrea-db mihaimitrea-db requested review from a team and lennartkats-db as code owners March 3, 2026 12:30
@mihaimitrea-db mihaimitrea-db force-pushed the mihaimitrea-db/stack/auth_logout branch from 66871b3 to 1764259 Compare March 3, 2026 12:34
@mihaimitrea-db mihaimitrea-db marked this pull request as ready for review March 5, 2026 14:46
@mihaimitrea-db mihaimitrea-db requested a review from pietern March 5, 2026 15:09
@mihaimitrea-db
Add auth logout command with --profile and --force flags
7c5707a 
Implement the initial version of databricks auth logout which removes a profile from ~/.databrickscfg and clears associated OAuth tokens from the token cache.

This iteration supports explicit profile selection via --profile and a --force flag to skip the confirmation prompt. Interactive profile selection will be added in a follow-up.

Token cache cleanup is best-effort: the profile-keyed token is always removed, and the host-keyed token is removed only when no other profile references the same host.
@mihaimitrea-db
Improve auth logout confirmation with styled warning template
8b52f56 
Replace plain fmt.Sprintf confirmation prompt with a structured template using cmdio.RenderWithTemplate. The warning now uses color and bold formatting to clearly highlight the profile name, config path, and consequences before prompting for confirmation.
@mihaimitrea-db
Address auth logout review feedback
5e7b200 
Resolve config path from the profiler instead of hardcoding fallbacks. Delete the profile before clearing the token cache so a config write failure does not leave tokens removed. Fix token cleanup for account and unified profiles by computing the correct OIDC cache key (host/oidc/accounts/<account_id>). Drop the nil profiler guard, add a success message on logout, and extract backupConfigFile in ops.go to remove duplication. Consolidate token cleanup tests into a table-driven test covering shared hosts, unique hosts, account, and unified profiles.
@mihaimitrea-db
Consolidate logout tests
64e24f2 
Merge shared-host token deletion verification into one main parametrized test by addding the hostBasedKey and isSharedKey parameters to each case. This replaces the TestLogoutTokenCacheCleanup test with an assertion: host-based keys are preserved when another profile shares the same host, and deleted otherwise.
@mihaimitrea-db
Fix and improve failing DeleteProfile tests
e30ae14 
Rewrite the test to use inline config seeds and explicit expected state. Add cases for deleting the last non-default profile, deleting a unified host profile with multiple keys, and deleting the DEFAULT section.
@mihaimitrea-db
Fix test variable typo
90825f6
@mihaimitrea-db
Removed redundant test case from logout
bd7b4a2
@mihaimitrea-db
Address PR review feedback for auth logout
d9e33ce 
- Use profiler.GetPath() to resolve config path instead of hardcoding platform-specific defaults for the help text.
- Read DATABRICKS_CONFIG_FILE via env.Get(ctx, ...) instead of os.Getenv to respect context-level env overrides.
- Add abort message when user declines the confirmation prompt.
- Guard DeleteProfile against non-existent profiles to avoid creating unnecessary backup files.
- Add TestDeleteProfile_NotFound for the error path.
@mihaimitrea-db
Add acceptance tests for auth logout
9551261 
Cover four scenarios: profile ordering and comments are preserved after deletion, deleting the last non-default profile leaves an empty DEFAULT section, deleting the DEFAULT profile itself clears its keys and restores the default comment, and error paths for non-existent profiles and missing --profile in non-interactive mode.
@mihaimitrea-db
Make profile deletion opt-in with --delete flag
2941b37 
By default, Authentication related commands. For more information regarding how
authentication for the Databricks CLI and SDKs work please refer to the documentation
linked below.

AWS: https://docs.databricks.com/dev-tools/auth/index.html
Azure: https://learn.microsoft.com/azure/databricks/dev-tools/auth
GCP: https://docs.gcp.databricks.com/dev-tools/auth/index.html

Usage:
  databricks auth [command]

Available Commands:
  describe    Describes the credentials and the source of those credentials, being used by the CLI to authenticate
  env         Get env
  login       Log into a Databricks workspace or account
  profiles    Lists profiles from ~/.databrickscfg
  token       Get authentication token

Flags:
      --account-id string              Databricks Account ID
      --experimental-is-unified-host   Flag to indicate if the host is a unified host
  -h, --help                           help for auth
      --host string                    Databricks Host
      --workspace-id string            Databricks Workspace ID

Global Flags:
      --debug            enable debug logging
  -o, --output type      output type: text or json (default text)
  -p, --profile string   ~/.databrickscfg profile
  -t, --target string    bundle target to use (if applicable)

Use "databricks auth [command] --help" for more information about a command. now only clears cached OAuth
tokens without removing the profile from ~/.databrickscfg. Pass
--delete to also remove the profile entry from the config file.
@mihaimitrea-db
Fix failing acc test for --delete flag in auth logout
2a5aa91 
Existing acceptance tests that verify profile deletion now use --delete
since profile removal is opt-in. Two new acceptance tests verify token-only
logout: one for a unique host (both cache entries cleared) and one for a
shared host (host-keyed token preserved).
@mihaimitrea-db
Use SDK CanonicalHostName to normalize host in token cache cleanup
9e6277d 
Replace manual strings.TrimRight(host, /) with the SDK's
config.Config.CanonicalHostName(), which handles scheme
normalization, trailing slashes, and empty hosts consistently
with how the SDK itself computes token cache keys.
@mihaimitrea-db
Improve profile list when specified profile does not exist
f39ed70
@mihaimitrea-db
Fix failing acceptance test
3e7497e
@mihaimitrea-db
Address PR review feedback
9cf3613 
- Make Long description static to avoid calling logger and GetPath at
  command construction time before the logger is initialized.
- Remove empty test.toml files from acceptance tests.
- Add \n to error-case titles so errors appear on a separate line.
- Use .tokens | keys in jq queries for token cache to reduce verbosity.
- Switch test profiles from PAT to auth_type=databricks-cli (U2M) so
  token cache tests exercise a realistic OAuth logout flow.
- Add AuthType field to profile.Profile to detect non-U2M profiles;
  skip token cache cleanup and adjust success message accordingly.
- Add delete-m2m-profiles acceptance test covering PAT profile logout
  with and without --delete.
- Fix DeleteProfile to clear DEFAULT section keys instead of
  deleting and recreating it, preserving its position in the file.
@mihaimitrea-db
Fix failing tests due to wrong context
65ecd51
@mihaimitrea-db
Refine auth logout messages and fix acc test
a78f921 
- Rename isU2MProfile to isCreatedByLogin to accurately reflect
  that the check is specific to profiles created by .
- Tighten success and error messages: drop "Successfully", add
  actionable suggestions (e.g. "Use --delete to also remove it"),
  and include retry guidance on partial failures.
- Return errors instead of logging on DeleteProfile failure so
  callers see a non-zero exit code.
- Fix token-only acceptance test: use OIDC-style cache key
  (host/oidc/accounts/<id>) for account profiles so both token
  cache entries are correctly cleaned up.
@mihaimitrea-db
Fix failing test
312abb4
@mihaimitrea-db
Update acceptance tests to match new terminal outputs
22d250f
@mihaimitrea-db mihaimitrea-db force-pushed the mihaimitrea-db/stack/auth_logout branch from 25dca58 to 22d250f Compare March 9, 2026 12:41
github-merge-queue bot pushed a commit that referenced this pull request Mar 12, 2026
@mihaimitrea-db @simonfaltum
Extract shared SelectProfile helper to eliminate duplicate profile pi…
cb3c326 
…ckers (#4647)

## 🥞 Stacked PR
Use this
[link](https://github.com/databricks/cli/pull/4647/files/e5a1d8842ee9a458d4ffb3cea672a0f88077356f..51f14b5c7ea409cffdc78a3025a70de5c674fa9a)
to review incremental changes.
- [stack/auth_logout](#4613)
[[Files changed](https://github.com/databricks/cli/pull/4613/files)]
-
[stack/auth_logout_profile_picker](#4616)
[[Files
changed](https://github.com/databricks/cli/pull/4616/files/c9e8d79e276d6c33faa1e859ca20cc5136f9efb7..e5a1d8842ee9a458d4ffb3cea672a0f88077356f)]
-
[**stack/auth_logout_deduplication**](#4647)
[[Files
changed](https://github.com/databricks/cli/pull/4647/files/e5a1d8842ee9a458d4ffb3cea672a0f88077356f..51f14b5c7ea409cffdc78a3025a70de5c674fa9a)]

---------
Four places built nearly identical `promptui.Select` prompts for
interactive profile selection (`auth logout`, `auth token`,
`cmd/root/auth.go`, `cmd/root/bundle.go`). This PR extracts a reusable
`profile.SelectProfile` function that accepts a declarative
`SelectConfig` with label, profiles, and template strings, replacing all
four implementations.

## Changes

- Add `profile.SelectProfile` in `libs/databrickscfg/profile/select.go`
— a shared interactive profile picker that accepts a `SelectConfig`
(label, profiles, template strings) and returns the selected profile
name.
- Replace the four inline `promptui.Select` implementations in
`cmd/auth/logout.go`, `cmd/auth/token.go`, `cmd/root/auth.go`, and
`cmd/root/bundle.go` with calls to `SelectProfile`.
- Add `AccountID` to `Profiles.SearchCaseInsensitive` so all pickers
support searching by account ID, not just name and host.
- Extract `writeConfigFile` helper in `libs/databrickscfg/ops.go` to
consolidate the repeated default-comment / backup / save sequence shared
by `SaveToProfile` and `DeleteProfile`.

## Why

The four profile pickers each duplicated the same prompt setup, searcher
wiring, and result extraction. This made it easy for behavior to diverge
(e.g., only the logout picker searched by account ID). A single shared
helper keeps the UX consistent and reduces the surface area for future
changes.

## Tests

- Existing unit and acceptance tests for `auth logout`, `auth token`,
workspace/account profile selection, and bundle profile resolution
continue to pass — the refactor is behavior-preserving.
- The `SelectProfile` helper is exercised indirectly through all
existing callers.

---------

Co-authored-by: simon <simon.faltum@databricks.com>
mihaimitrea-db added a commit that referenced this pull request Mar 12, 2026
@mihaimitrea-db
Add auth logout changelog, traceability comments, and unhide command
84db051 
The auth logout feature (PRs #4613, #4616, #4647) was squashed into a
single commit cb3c326 titled after #4647 only, losing traceability for
the new command itself. This followup:

- Adds a comment block to logout.go linking each original PR with its
  commit range and purpose.
- Adds a NEXT_CHANGELOG entry for auth logout under CLI.
- Removes Hidden: true so the command appears in help and completion.
- Aligns the Long description with the public documentation.
@mihaimitrea-db mihaimitrea-db mentioned this pull request Mar 12, 2026
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@simonfaltum simonfaltum simonfaltum approved these changes

@andrewnester andrewnester Awaiting requested review from andrewnester andrewnester is a code owner

@anton-107 anton-107 Awaiting requested review from anton-107 anton-107 is a code owner

@denik denik Awaiting requested review from denik denik is a code owner

@shreyas-goenka shreyas-goenka Awaiting requested review from shreyas-goenka shreyas-goenka is a code owner

@pietern pietern Awaiting requested review from pietern pietern is a code owner

Assignees

@mihaimitrea-db mihaimitrea-db

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Feature] Add logout command

4 participants

@mihaimitrea-db @eng-dev-ecosystem-bot @pietern @simonfaltum