def test_delete_specific_item():
"""The old behavior of delete cache is deleting the whole cache file. Now we change it to partially deletion."""
auth.write_temporary_credential_file(
HOST_0,
auth.build_temporary_credential_name(HOST_0, USER_0, CRED_TYPE_0),
CRED_0,
)
auth.write_temporary_credential_file(
HOST_0,
auth.build_temporary_credential_name(HOST_0, USER_0, CRED_TYPE_1),
CRED_1,
)
auth.read_temporary_credential_file()
assert auth.TEMPORARY_CREDENTIAL
assert (get_credential(
HOST_0,
auth.build_temporary_credential_name(HOST_0, USER_0,
CRED_TYPE_0)) == CRED_0)
assert (get_credential(
HOST_0,
auth.build_temporary_credential_name(HOST_0, USER_0,
CRED_TYPE_1)) == CRED_1)
auth.temporary_credential_file_delete_password(HOST_0, USER_0, CRED_TYPE_0)
auth.read_temporary_credential_file()
assert not get_credential(
HOST_0,
auth.build_temporary_credential_name(HOST_0, USER_0, CRED_TYPE_0))
assert (get_credential(
HOST_0,
auth.build_temporary_credential_name(HOST_0, USER_0,
CRED_TYPE_1)) == CRED_1)
auth.delete_temporary_credential_file()
def test_basic_store(tmpdir):
os.environ['SF_TEMPORARY_CREDENTIAL_CACHE_DIR'] = str(tmpdir)
auth.delete_temporary_credential_file()
auth.TEMPORARY_CREDENTIAL.clear()
auth.read_temporary_credential_file()
assert not auth.TEMPORARY_CREDENTIAL
auth.write_temporary_credential_file(HOST_0, USER_0, CRED_0)
auth.write_temporary_credential_file(HOST_1, USER_1, CRED_1)
auth.write_temporary_credential_file(HOST_0, USER_1, CRED_1)
auth.read_temporary_credential_file()
assert auth.TEMPORARY_CREDENTIAL
assert get_credential(HOST_0, USER_0) == CRED_0
assert get_credential(HOST_1, USER_1) == CRED_1
assert get_credential(HOST_0, USER_1) == CRED_1
auth.delete_temporary_credential_file()
def test_connect_externalbrowser(token_validity_test_values):
"""
SSO Id Token Cache tests. This is disabled by default.
In order to run this test, remove the above pytest.mark.skip annotation
and run it. It will popup a windows once but the rest connections
should not create popups.
"""
delete_temporary_credential_file(True) # delete secure storage
delete_temporary_credential_file(False) # delete file cache
CONNECTION_PARAMETERS_SSO['session_parameters'] = \
{
"CLIENT_USE_SECURE_STORAGE_FOR_TEMPORARY_CREDENTAIL": True,
}
# change database and schema to non-default one
print("[INFO] 1st connection gets id token and stores in the cache file. "
"This popup a browser to SSO login")
cnx = snowflake.connector.connect(**CONNECTION_PARAMETERS_SSO)
assert cnx.database == 'TESTDB'
assert cnx.schema == 'PUBLIC'
assert cnx.role == 'SYSADMIN'
assert cnx.warehouse == 'REGRESS'
ret = cnx.cursor().execute(
"select current_database(), current_schema(), "
"current_role(), current_warehouse()").fetchall()
assert ret[0][0] == 'TESTDB'
assert ret[0][1] == 'PUBLIC'
assert ret[0][2] == 'SYSADMIN'
assert ret[0][3] == 'REGRESS'
cnx.close()
print("[INFO] 2nd connection reads the cache file and uses the id token. "
"This should not popups a browser.")
CONNECTION_PARAMETERS_SSO['database'] = 'testdb'
CONNECTION_PARAMETERS_SSO['schema'] = 'testschema'
cnx = snowflake.connector.connect(**CONNECTION_PARAMETERS_SSO)
print("[INFO] Running a 10 seconds query. If the session expires in 10 "
"seconds, the query should renew the token in the middle, "
"and the current objects should be refreshed.")
cnx.cursor().execute("select seq8() from table(generator(timelimit=>10))")
assert cnx.database == 'TESTDB'
assert cnx.schema == 'TESTSCHEMA'
assert cnx.role == 'SYSADMIN'
assert cnx.warehouse == 'REGRESS'
print("[INFO] Running a 1 seconds query. ")
cnx.cursor().execute("select seq8() from table(generator(timelimit=>1))")
assert cnx.database == 'TESTDB'
assert cnx.schema == 'TESTSCHEMA'
assert cnx.role == 'SYSADMIN'
assert cnx.warehouse == 'REGRESS'
print("[INFO] Running a 90 seconds query. This pops up a browser in the "
"middle of the query.")
cnx.cursor().execute("select seq8() from table(generator(timelimit=>90))")
assert cnx.database == 'TESTDB'
assert cnx.schema == 'TESTSCHEMA'
assert cnx.role == 'SYSADMIN'
assert cnx.warehouse == 'REGRESS'
# change database and schema again to ensure they are overridden
CONNECTION_PARAMETERS_SSO['database'] = 'testdb'
CONNECTION_PARAMETERS_SSO['schema'] = 'testschema'
cnx = snowflake.connector.connect(**CONNECTION_PARAMETERS_SSO)
assert cnx.database == 'TESTDB'
assert cnx.schema == 'TESTSCHEMA'
assert cnx.role == 'SYSADMIN'
assert cnx.warehouse == 'REGRESS'
cnx.close()
def test_connect_externalbrowser(mockSnowflakeRestfulPostRequest,
mockAuthByBrowserAuthenticate):
"""
Connect with authentictor=externalbrowser mock.
"""
os.environ['SF_TEMPORARY_CREDENTIAL_CACHE_DIR'] = os.getenv(
"WORKSPACE", os.path.expanduser("~"))
def mock_post_request(url, headers, json_body, **kwargs):
global mock_cnt
ret = None
if mock_cnt == 0:
# return from /v1/login-request
ret = {
u'success': True,
u'message': None,
u'data': {
u'token': u'TOKEN',
u'masterToken': u'MASTER_TOKEN',
u'idToken': u'ID_TOKEN',
u'idTokenPassword': u'ID_TOKEN_PASSWORD',
}
}
elif mock_cnt == 1:
# return from /token-request
ret = {
u'success': True,
u'message': None,
u'data': {
u'sessionToken': u'NEW_TOKEN',
}
}
elif mock_cnt == 2:
# return from USE WAREHOUSE TESTWH_NEW
ret = {
u'success': True,
u'message': None,
u'data': {
u'finalDatabase': 'TESTDB',
u'finalWarehouse': 'TESTWH_NEW',
}
}
elif mock_cnt == 3:
# return from USE DATABASE TESTDB_NEW
ret = {
u'success': True,
u'message': None,
u'data': {
u'finalDatabase': 'TESTDB_NEW',
u'finalWarehouse': 'TESTWH_NEW',
}
}
elif mock_cnt == 4:
# return from SELECT 1
ret = {
u'success': True,
u'message': None,
u'data': {
u'finalDatabase': 'TESTDB_NEW',
u'finalWarehouse': 'TESTWH_NEW',
}
}
mock_cnt += 1
return ret
mock_cnt = 0
# pre-authentication doesn't matter
mockAuthByBrowserAuthenticate.return_value = None
# POST requests mock
mockSnowflakeRestfulPostRequest.side_effect = mock_post_request
delete_temporary_credential_file()
global mock_cnt
mock_cnt = 0
account = 'testaccount'
user = '******'
authenticator = 'externalbrowser'
# first connection
con = snowflake.connector.connect(
account=account,
user=user,
authenticator=authenticator,
database='TESTDB',
warehouse='TESTWH',
)
assert con._rest.token == u'TOKEN'
assert con._rest.master_token == u'MASTER_TOKEN'
assert con._rest.id_token == u'ID_TOKEN'
assert con._rest.id_token_password == u'ID_TOKEN_PASSWORD'
# second connection that uses the id token to get the session token
con = snowflake.connector.connect(
account=account,
user=user,
authenticator=authenticator,
database='TESTDB_NEW', # override the database
warehouse='TESTWH_NEW', # override the warehouse
)
assert con._rest.token == u'NEW_TOKEN'
assert con._rest.master_token is None
assert con._rest.id_token == 'ID_TOKEN'
assert con._rest.id_token_password is None # This is not used yet.
assert con.database == 'TESTDB_NEW'
assert con.warehouse == 'TESTWH_NEW'
