exclude entitlements from CurrentWorkspaceID Me probe

CurrentWorkspaceID issues `GET /api/2.0/preview/scim/v2/Me` to read the
X-Databricks-Org-Id response header. The Me endpoint computes
User.Entitlements by default - a scan whose cost scales with the total
number of entitlement grants in the workspace - and CurrentWorkspaceID
never reads the body at all. Ask the server to skip the attribute.

Author: rauchy

workspace_functions.go

@@ -15,10 +15,16 @@ import (
 // sent in the X-Databricks-Org-Id request header to route the call to the
 // correct workspace; on unified hosts with no WorkspaceID set, the request has
 // no routing information and will fail.
+//
+// The Me endpoint computes the User.Entitlements field by default, which scans
+// every entitlement grant in the workspace. That work is unused here - only the
+// X-Databricks-Org-Id response header is read - so the request asks the server
+// to skip the attribute.
 func (w *WorkspaceClient) CurrentWorkspaceID(ctx context.Context) (int64, error) {
 	var workspaceIdStr string
 	opts := []httpclient.DoOption{
 		httpclient.WithResponseHeader("X-Databricks-Org-Id", &workspaceIdStr),
+		httpclient.WithRequestData(map[string]string{"excludedAttributes": "entitlements"}),
 	}
 	if w.Config != nil && w.Config.WorkspaceID != "" {
 		opts = append(opts, httpclient.WithRequestHeader("X-Databricks-Org-Id", w.Config.WorkspaceID))

workspace_functions_test.go

@@ -42,6 +42,33 @@ func TestCurrentWorkspaceIDSendsOrgIdHeaderWhenConfigHasWorkspaceID(t *testing.T
 	assert.Equal(t, "7474644166319138", gotOrgIdHeader)
 }
 
+func TestCurrentWorkspaceIDExcludesEntitlements(t *testing.T) {
+	// The Me endpoint computes User.Entitlements by default, which is a
+	// workspace-wide scan; CurrentWorkspaceID only reads a response header, so
+	// it asks the server to skip that attribute.
+	var gotRawQuery string
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.URL.Path == "/api/2.0/preview/scim/v2/Me" {
+			gotRawQuery = r.URL.RawQuery
+			w.Header().Set("X-Databricks-Org-Id", "7474644166319138")
+			w.Write([]byte(`{}`))
+			return
+		}
+		http.NotFound(w, r)
+	}))
+	defer server.Close()
+
+	w, err := NewWorkspaceClient(&Config{
+		Host:  server.URL,
+		Token: "token",
+	})
+	require.NoError(t, err)
+
+	_, err = w.CurrentWorkspaceID(t.Context())
+	require.NoError(t, err)
+	assert.Equal(t, "excludedAttributes=entitlements", gotRawQuery)
+}
+
 func TestCurrentWorkspaceIDOmitsOrgIdHeaderWhenConfigMissingWorkspaceID(t *testing.T) {
 	// On legacy workspace hosts the host itself identifies the workspace, so
 	// no routing header is needed. When Config.WorkspaceID is empty we send