def test_delete_specific_item(): """The old behavior of delete cache is deleting the whole cache file. Now we change it to partially deletion.""" auth.write_temporary_credential_file( HOST_0, auth.build_temporary_credential_name(HOST_0, USER_0, CRED_TYPE_0), CRED_0, ) auth.write_temporary_credential_file( HOST_0, auth.build_temporary_credential_name(HOST_0, USER_0, CRED_TYPE_1), CRED_1, ) auth.read_temporary_credential_file() assert auth.TEMPORARY_CREDENTIAL assert (get_credential( HOST_0, auth.build_temporary_credential_name(HOST_0, USER_0, CRED_TYPE_0)) == CRED_0) assert (get_credential( HOST_0, auth.build_temporary_credential_name(HOST_0, USER_0, CRED_TYPE_1)) == CRED_1) auth.temporary_credential_file_delete_password(HOST_0, USER_0, CRED_TYPE_0) auth.read_temporary_credential_file() assert not get_credential( HOST_0, auth.build_temporary_credential_name(HOST_0, USER_0, CRED_TYPE_0)) assert (get_credential( HOST_0, auth.build_temporary_credential_name(HOST_0, USER_0, CRED_TYPE_1)) == CRED_1) auth.delete_temporary_credential_file()
def test_basic_store(tmpdir): os.environ['SF_TEMPORARY_CREDENTIAL_CACHE_DIR'] = str(tmpdir) auth.delete_temporary_credential_file() auth.TEMPORARY_CREDENTIAL.clear() auth.read_temporary_credential_file() assert not auth.TEMPORARY_CREDENTIAL auth.write_temporary_credential_file(HOST_0, USER_0, CRED_0) auth.write_temporary_credential_file(HOST_1, USER_1, CRED_1) auth.write_temporary_credential_file(HOST_0, USER_1, CRED_1) auth.read_temporary_credential_file() assert auth.TEMPORARY_CREDENTIAL assert get_credential(HOST_0, USER_0) == CRED_0 assert get_credential(HOST_1, USER_1) == CRED_1 assert get_credential(HOST_0, USER_1) == CRED_1 auth.delete_temporary_credential_file()
def test_connect_externalbrowser(token_validity_test_values): """ SSO Id Token Cache tests. This is disabled by default. In order to run this test, remove the above pytest.mark.skip annotation and run it. It will popup a windows once but the rest connections should not create popups. """ delete_temporary_credential_file(True) # delete secure storage delete_temporary_credential_file(False) # delete file cache CONNECTION_PARAMETERS_SSO['session_parameters'] = \ { "CLIENT_USE_SECURE_STORAGE_FOR_TEMPORARY_CREDENTAIL": True, } # change database and schema to non-default one print("[INFO] 1st connection gets id token and stores in the cache file. " "This popup a browser to SSO login") cnx = snowflake.connector.connect(**CONNECTION_PARAMETERS_SSO) assert cnx.database == 'TESTDB' assert cnx.schema == 'PUBLIC' assert cnx.role == 'SYSADMIN' assert cnx.warehouse == 'REGRESS' ret = cnx.cursor().execute( "select current_database(), current_schema(), " "current_role(), current_warehouse()").fetchall() assert ret[0][0] == 'TESTDB' assert ret[0][1] == 'PUBLIC' assert ret[0][2] == 'SYSADMIN' assert ret[0][3] == 'REGRESS' cnx.close() print("[INFO] 2nd connection reads the cache file and uses the id token. " "This should not popups a browser.") CONNECTION_PARAMETERS_SSO['database'] = 'testdb' CONNECTION_PARAMETERS_SSO['schema'] = 'testschema' cnx = snowflake.connector.connect(**CONNECTION_PARAMETERS_SSO) print("[INFO] Running a 10 seconds query. If the session expires in 10 " "seconds, the query should renew the token in the middle, " "and the current objects should be refreshed.") cnx.cursor().execute("select seq8() from table(generator(timelimit=>10))") assert cnx.database == 'TESTDB' assert cnx.schema == 'TESTSCHEMA' assert cnx.role == 'SYSADMIN' assert cnx.warehouse == 'REGRESS' print("[INFO] Running a 1 seconds query. ") cnx.cursor().execute("select seq8() from table(generator(timelimit=>1))") assert cnx.database == 'TESTDB' assert cnx.schema == 'TESTSCHEMA' assert cnx.role == 'SYSADMIN' assert cnx.warehouse == 'REGRESS' print("[INFO] Running a 90 seconds query. This pops up a browser in the " "middle of the query.") cnx.cursor().execute("select seq8() from table(generator(timelimit=>90))") assert cnx.database == 'TESTDB' assert cnx.schema == 'TESTSCHEMA' assert cnx.role == 'SYSADMIN' assert cnx.warehouse == 'REGRESS' # change database and schema again to ensure they are overridden CONNECTION_PARAMETERS_SSO['database'] = 'testdb' CONNECTION_PARAMETERS_SSO['schema'] = 'testschema' cnx = snowflake.connector.connect(**CONNECTION_PARAMETERS_SSO) assert cnx.database == 'TESTDB' assert cnx.schema == 'TESTSCHEMA' assert cnx.role == 'SYSADMIN' assert cnx.warehouse == 'REGRESS' cnx.close()
def test_connect_externalbrowser(mockSnowflakeRestfulPostRequest, mockAuthByBrowserAuthenticate): """ Connect with authentictor=externalbrowser mock. """ os.environ['SF_TEMPORARY_CREDENTIAL_CACHE_DIR'] = os.getenv( "WORKSPACE", os.path.expanduser("~")) def mock_post_request(url, headers, json_body, **kwargs): global mock_cnt ret = None if mock_cnt == 0: # return from /v1/login-request ret = { u'success': True, u'message': None, u'data': { u'token': u'TOKEN', u'masterToken': u'MASTER_TOKEN', u'idToken': u'ID_TOKEN', u'idTokenPassword': u'ID_TOKEN_PASSWORD', } } elif mock_cnt == 1: # return from /token-request ret = { u'success': True, u'message': None, u'data': { u'sessionToken': u'NEW_TOKEN', } } elif mock_cnt == 2: # return from USE WAREHOUSE TESTWH_NEW ret = { u'success': True, u'message': None, u'data': { u'finalDatabase': 'TESTDB', u'finalWarehouse': 'TESTWH_NEW', } } elif mock_cnt == 3: # return from USE DATABASE TESTDB_NEW ret = { u'success': True, u'message': None, u'data': { u'finalDatabase': 'TESTDB_NEW', u'finalWarehouse': 'TESTWH_NEW', } } elif mock_cnt == 4: # return from SELECT 1 ret = { u'success': True, u'message': None, u'data': { u'finalDatabase': 'TESTDB_NEW', u'finalWarehouse': 'TESTWH_NEW', } } mock_cnt += 1 return ret mock_cnt = 0 # pre-authentication doesn't matter mockAuthByBrowserAuthenticate.return_value = None # POST requests mock mockSnowflakeRestfulPostRequest.side_effect = mock_post_request delete_temporary_credential_file() global mock_cnt mock_cnt = 0 account = 'testaccount' user = '******' authenticator = 'externalbrowser' # first connection con = snowflake.connector.connect( account=account, user=user, authenticator=authenticator, database='TESTDB', warehouse='TESTWH', ) assert con._rest.token == u'TOKEN' assert con._rest.master_token == u'MASTER_TOKEN' assert con._rest.id_token == u'ID_TOKEN' assert con._rest.id_token_password == u'ID_TOKEN_PASSWORD' # second connection that uses the id token to get the session token con = snowflake.connector.connect( account=account, user=user, authenticator=authenticator, database='TESTDB_NEW', # override the database warehouse='TESTWH_NEW', # override the warehouse ) assert con._rest.token == u'NEW_TOKEN' assert con._rest.master_token is None assert con._rest.id_token == 'ID_TOKEN' assert con._rest.id_token_password is None # This is not used yet. assert con.database == 'TESTDB_NEW' assert con.warehouse == 'TESTWH_NEW'