Exclude entitlements from CurrentWorkspaceID Me probe#1681
Merged
rauchy merged 3 commits intoMay 22, 2026
Conversation
CurrentWorkspaceID issues `GET /api/2.0/preview/scim/v2/Me` to read the X-Databricks-Org-Id response header. The Me endpoint computes User.Entitlements by default - a scan whose cost scales with the total number of entitlement grants in the workspace - and CurrentWorkspaceID never reads the body at all. Ask the server to skip the attribute.
rauchy
force-pushed
the
omer-lachish_data/deco-26714-current-workspace-id-attributes
branch
from
b048fe1 to
4bd5abc
Compare
Divyansh-db
approved these changes
May 21, 2026
|
If integration tests don't run automatically, an authorized user can run them manually by following the instructions below: Trigger: Inputs:
Checks will be approved automatically on success. |
rauchy
deleted the
omer-lachish_data/deco-26714-current-workspace-id-attributes
branch
deco-sdk-tagging Bot
added a commit
that referenced
this pull request
May 25, 2026
## Release v0.137.0 ### New Features and Improvements * Honor the Vercel `AI_AGENT=<name>` env var as a secondary fallback for AI agent detection in the User-Agent header (after the agents.md `AGENT=<name>` standard). Unrecognized fallback values now pass through the User-Agent sanitized and length-capped at 64 chars instead of being coerced to `agent/unknown`, so versioned variants such as `claude-code_2-1-141_agent` surface as-is. ### Internal Changes * Pass `excludedAttributes=entitlements` on the SCIM `/Me` request made by `WorkspaceClient.CurrentWorkspaceID` ([#1681](#1681)). `CurrentWorkspaceID` only reads the `X-Databricks-Org-Id` response header and discards the body, so it has no use for the `User.Entitlements` field. Skipping that attribute avoids an expensive `getEffectivePermissions` scan on the SCIM backend, which has caused incidents on workspaces with large grant counts. ### API Changes * Add `Revert` method for [w.Lakeview](https://pkg.go.dev/github.com/databricks/databricks-sdk-go/service/dashboards#LakeviewAPI) workspace-level service. * Add `ParentPath` field for [dashboards.GenieUpdateSpaceRequest](https://pkg.go.dev/github.com/databricks/databricks-sdk-go/service/dashboards#GenieUpdateSpaceRequest). * Add `ComputeMaxInstances` and `ComputeMinInstances` fields for [apps.App](https://pkg.go.dev/github.com/databricks/databricks-sdk-go/service/apps#App). * Add `ComputeMaxInstances` and `ComputeMinInstances` fields for [apps.AppUpdate](https://pkg.go.dev/github.com/databricks/databricks-sdk-go/service/apps#AppUpdate). * Add `CronScheduleTrigger`, `StreamingMode` and `TableTrigger` fields for [ml.MaterializedFeature](https://pkg.go.dev/github.com/databricks/databricks-sdk-go/service/ml#MaterializedFeature). * Add `SyncedTableId` field for [postgres.SyncedTableSyncedTableStatus](https://pkg.go.dev/github.com/databricks/databricks-sdk-go/service/postgres#SyncedTableSyncedTableStatus).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR makes
WorkspaceClient.CurrentWorkspaceIDask the SCIM server to skip theentitlementsattribute on the underlyingMecall.Why
CurrentWorkspaceIDissues aGET /api/2.0/preview/scim/v2/Merequest and reads theX-Databricks-Org-Idresponse header to identify the workspace. The body of the response is discarded.By default, however, the SCIM server computes the
User.Entitlementsfield for/Meresponses - and that computation scans every entitlement grant in the workspace, regardless of which user is calling. On workspaces with a lot of accumulated grants, that's a meaningful amount of server work for a value the SDK never looks at.This change passes
?excludedAttributes=entitlementson the request so the server can skip the scan entirely. The endpoint already honors that query parameter today.What changed
One option appended to the existing
Docall:And a doc-comment line on
CurrentWorkspaceIDexplaining the why.Tests
New
TestCurrentWorkspaceIDExcludesEntitlementsstands up anhttptestserver, capturesr.URL.RawQuery, and asserts it'sexcludedAttributes=entitlements. The two existingTestCurrentWorkspaceID*tests in this file already match onr.URL.Path, so they still pass.