can you return null if azure tenant id fails? to be consistent with line 26?
Also, can we keep the azureSPCredentials specific helpers for extracting tenant id here in credentialsProvider itself?

Have updated the code to return null if loading tenant id fails.

I think we should keep loadAzureTenantId() in DatabricksConfig for reusability. Looking at the Python SDK's implementation, load_azure_tenant_id() is called from multiple Azure credential providers (azure_service_principal and azure_cli), which demonstrates it's designed as a shared utility in the main Config class. This approach ensures consistency across our SDKs and allows for future reuse by other Azure authentication methods.

why is this needed?

The logger field is excluded from cloning because it's a static final field. The clone(Set<String> fieldsToSkip) method uses reflection to copy field values with f.set(newConfig, f.get(this)).

Attempting to clone a static field causes an IllegalAccessException with the message: "Can not set static final org.slf4j.Logger field com.databricks.sdk.core.DatabricksConfig.logger to org.slf4j.reload4j.Reload4jLoggerAdapter"

Do we have to clone this method for all our config classes?

Could you elaborate on this comment? Are you asking whether we need to implement similar clone() methods in other configuration classes, or are you suggesting a different architectural approach for handling object cloning?

Should not the isAzure check be the first check in this method & return false even if azureTenantId is having some value?

The purpose of this method is to load the tenant ID, so if it's already set (explicitly by the user), we should respect that and return true. The isAzure() check is only needed when we need to discover the tenant ID from the workspace host. If the tenant ID is set and the host is not Azure, it should get caught at appropriate layers - this method should not be responsible for returning false and blocking the flow.

I understand that there's a lot of exceptions in the current code but I would recommend treating the config as an immutable object. That is, do not change the tenantId in the config and rather have a mutable copy in the AzureServicePrincipalCredentialsProvider.

Thanks for the suggestion, I have updated the code to not make any changes to the state of DatabricksConfig

As mentioned in another comment, I would recommend implementing the loadAzureTenantId as an immutable function that would return the tenantId or fail. The tenantId can be stored in this class.

Something like this:

try {
  this.tenantId = inferTenantId(config)
} catch (Exception e) {
  logger.debug("Failed to extract tenant ID: {}", e.getMessage())
}

Updated the code as per your suggestions:

• Not changing the state of DatabricksConfig
• Maintaining local variable for tenantId in AzureServicePrincipalCredentialsProvider
• Moved the tenant id inferring logic to AzureUtils for reusability

Let's throw an exception instead, the caller should be the one deciding whether these should be logged or not. Same in other places.

Updated the code in AzureUtils to throw exception, caller will handle it now and logs the message

Also remove private static final Logger logger = LoggerFactory.getLogger(AzureUtils.class);