Stop logging HTTP response bodies in generated executeHttpCall

Summary: Regenerates utils.ts across all generated packages so the generated executeHttpCall helper no longer logs the HTTP response body at debug level, preventing plaintext secrets from leaking into debug logs.

Why: executeHttpCall logged the full decoded response body at debug level with no redaction or opt-in. Endpoints such as getSecret() return the plaintext secret in that body, so any consumer with debug logging enabled would write secrets to their logs. The streaming helper sendAndCheckError already logged only statusCode; this makes executeHttpCall consistent. The Logger interface in sdk-core exposes no level below debug and no body-logging opt-in, so the body is dropped from the default log.

This is regenerated output and pairs with the generator change in databricks-eng/universe (openapi/genkit/codegen/sdkjs/utils.go). It contains no hand-written source changes. Behavioral change: executeHttpCall now logs only {statusCode} instead of {statusCode, body}. Divergence from the Go SDK: the Go SDK can log response bodies behind an explicit DebugBytes opt-in (default off); the JS SDK has no equivalent opt-in, so the body is omitted unconditionally.

Tested: npm run build (86/86), @databricks/sdk-core tests (357 passing), npm run lint (94/94), npm run typecheck (94/94).

Co-authored-by: Isaac

Author: parthban-db

packages/accessmanagement/src/v1/utils.ts

@@ -86,10 +86,9 @@ export async function executeHttpCall(
 
   const body = await readAll(resp.body);
 
-  opts.logger.debug('HTTP response', {
-    statusCode: resp.statusCode,
-    body: new TextDecoder().decode(body),
-  });
+  // Log only statusCode. The body can contain plaintext secrets, e.g.
+  // getSecret(), so logging it would leak them into debug logs.
+  opts.logger.debug('HTTP response', {statusCode: resp.statusCode});
 
   const apiErr = ApiError.fromHttpError(resp.statusCode, resp.headers, body);
   if (apiErr !== undefined) {

packages/alerts/src/v1/utils.ts

@@ -86,10 +86,9 @@ export async function executeHttpCall(
 
   const body = await readAll(resp.body);
 
-  opts.logger.debug('HTTP response', {
-    statusCode: resp.statusCode,
-    body: new TextDecoder().decode(body),
-  });
+  // Log only statusCode. The body can contain plaintext secrets, e.g.
+  // getSecret(), so logging it would leak them into debug logs.
+  opts.logger.debug('HTTP response', {statusCode: resp.statusCode});
 
   const apiErr = ApiError.fromHttpError(resp.statusCode, resp.headers, body);
   if (apiErr !== undefined) {

packages/alerts/src/v2/utils.ts

@@ -86,10 +86,9 @@ export async function executeHttpCall(
 
   const body = await readAll(resp.body);
 
-  opts.logger.debug('HTTP response', {
-    statusCode: resp.statusCode,
-    body: new TextDecoder().decode(body),
-  });
+  // Log only statusCode. The body can contain plaintext secrets, e.g.
+  // getSecret(), so logging it would leak them into debug logs.
+  opts.logger.debug('HTTP response', {statusCode: resp.statusCode});
 
   const apiErr = ApiError.fromHttpError(resp.statusCode, resp.headers, body);
   if (apiErr !== undefined) {

packages/apps/src/v1/utils.ts

@@ -110,10 +110,9 @@ export async function executeHttpCall(
 
   const body = await readAll(resp.body);
 
-  opts.logger.debug('HTTP response', {
-    statusCode: resp.statusCode,
-    body: new TextDecoder().decode(body),
-  });
+  // Log only statusCode. The body can contain plaintext secrets, e.g.
+  // getSecret(), so logging it would leak them into debug logs.
+  opts.logger.debug('HTTP response', {statusCode: resp.statusCode});
 
   const apiErr = ApiError.fromHttpError(resp.statusCode, resp.headers, body);
   if (apiErr !== undefined) {

packages/authentication/src/v1/utils.ts

@@ -86,10 +86,9 @@ export async function executeHttpCall(
 
   const body = await readAll(resp.body);
 
-  opts.logger.debug('HTTP response', {
-    statusCode: resp.statusCode,
-    body: new TextDecoder().decode(body),
-  });
+  // Log only statusCode. The body can contain plaintext secrets, e.g.
+  // getSecret(), so logging it would leak them into debug logs.
+  opts.logger.debug('HTTP response', {statusCode: resp.statusCode});
 
   const apiErr = ApiError.fromHttpError(resp.statusCode, resp.headers, body);
   if (apiErr !== undefined) {

packages/budgetpolicy/src/v1/utils.ts

@@ -86,10 +86,9 @@ export async function executeHttpCall(
 
   const body = await readAll(resp.body);
 
-  opts.logger.debug('HTTP response', {
-    statusCode: resp.statusCode,
-    body: new TextDecoder().decode(body),
-  });
+  // Log only statusCode. The body can contain plaintext secrets, e.g.
+  // getSecret(), so logging it would leak them into debug logs.
+  opts.logger.debug('HTTP response', {statusCode: resp.statusCode});
 
   const apiErr = ApiError.fromHttpError(resp.statusCode, resp.headers, body);
   if (apiErr !== undefined) {

packages/budgets/src/v1/utils.ts

@@ -86,10 +86,9 @@ export async function executeHttpCall(
 
   const body = await readAll(resp.body);
 
-  opts.logger.debug('HTTP response', {
-    statusCode: resp.statusCode,
-    body: new TextDecoder().decode(body),
-  });
+  // Log only statusCode. The body can contain plaintext secrets, e.g.
+  // getSecret(), so logging it would leak them into debug logs.
+  opts.logger.debug('HTTP response', {statusCode: resp.statusCode});
 
   const apiErr = ApiError.fromHttpError(resp.statusCode, resp.headers, body);
   if (apiErr !== undefined) {

packages/cleanrooms/src/v1/utils.ts

@@ -110,10 +110,9 @@ export async function executeHttpCall(
 
   const body = await readAll(resp.body);
 
-  opts.logger.debug('HTTP response', {
-    statusCode: resp.statusCode,
-    body: new TextDecoder().decode(body),
-  });
+  // Log only statusCode. The body can contain plaintext secrets, e.g.
+  // getSecret(), so logging it would leak them into debug logs.
+  opts.logger.debug('HTTP response', {statusCode: resp.statusCode});
 
   const apiErr = ApiError.fromHttpError(resp.statusCode, resp.headers, body);
   if (apiErr !== undefined) {

packages/clusterlibraries/src/v2/utils.ts

@@ -86,10 +86,9 @@ export async function executeHttpCall(
 
   const body = await readAll(resp.body);
 
-  opts.logger.debug('HTTP response', {
-    statusCode: resp.statusCode,
-    body: new TextDecoder().decode(body),
-  });
+  // Log only statusCode. The body can contain plaintext secrets, e.g.
+  // getSecret(), so logging it would leak them into debug logs.
+  opts.logger.debug('HTTP response', {statusCode: resp.statusCode});
 
   const apiErr = ApiError.fromHttpError(resp.statusCode, resp.headers, body);
   if (apiErr !== undefined) {

packages/clusterpolicies/src/v2/utils.ts

@@ -86,10 +86,9 @@ export async function executeHttpCall(
 
   const body = await readAll(resp.body);
 
-  opts.logger.debug('HTTP response', {
-    statusCode: resp.statusCode,
-    body: new TextDecoder().decode(body),
-  });
+  // Log only statusCode. The body can contain plaintext secrets, e.g.
+  // getSecret(), so logging it would leak them into debug logs.
+  opts.logger.debug('HTTP response', {statusCode: resp.statusCode});
 
   const apiErr = ApiError.fromHttpError(resp.statusCode, resp.headers, body);
   if (apiErr !== undefined) {