Add tests

snowflakedb · Apr 18, 2024 · 4457077 · 4457077
1 parent 7de3ea6
commit 4457077
Show file tree

Hide file tree

Showing 3 changed files with 342 additions and 12 deletions.
diff --git a/Snowflake.Data.Tests/IntegrationTests/SFConnectionIT.cs b/Snowflake.Data.Tests/IntegrationTests/SFConnectionIT.cs
@@ -1020,6 +1020,66 @@ public void TestSSOConnectionTimeoutAfter10s()
             Assert.LessOrEqual(stopwatch.ElapsedMilliseconds, (waitSeconds + 5) * 1000);
         }
 
+        [Test]
+        [Ignore("This test requires manual interaction and therefore cannot be run in CI")]
+        public void TestSSOConnectionWithTokenCaching()
+        {
+            using (IDbConnection conn = new SnowflakeDbConnection())
+            {
+                conn.ConnectionString = String.Format("scheme={0};host={1};port={2};" +
+                "account={3};user={4};password={5};authenticator={6};allow_sso_token_caching={7}",
+                    testConfig.protocol,
+                    testConfig.host,
+                    testConfig.port,
+                    testConfig.account,
+                    testConfig.user,
+                    "",
+                    "externalbrowser",
+                    true);
+
+                // Authenticate to retrieve and store the token if doesn't exist or invalid
+                conn.Open();
+                Assert.AreEqual(ConnectionState.Open, conn.State);
+
+                conn.Close();
+                Assert.AreEqual(ConnectionState.Closed, conn.State);
+
+                // Authenticate using the token
+                conn.Open();
+                Assert.AreEqual(ConnectionState.Open, conn.State);
+            }
+        }
+
+        [Test]
+        [Ignore("This test requires manual interaction and therefore cannot be run in CI")]
+        public void TestSSOConnectionWithInvalidCachedToken()
+        {
+            using (IDbConnection conn = new SnowflakeDbConnection())
+            {
+                conn.ConnectionString = String.Format("scheme={0};host={1};port={2};" +
+                "account={3};user={4};password={5};authenticator={6};allow_sso_token_caching={7}",
+                    testConfig.protocol,
+                    testConfig.host,
+                    testConfig.port,
+                    testConfig.account,
+                    testConfig.user,
+                    "",
+                    "externalbrowser",
+                    true);
+
+                var key = SnowflakeCredentialManagerFactory.BuildCredentialKey(testConfig.host, testConfig.user, TokenType.IdToken.ToString());
+                var credentialManager = new SnowflakeCredentialManagerInMemoryImpl();
+                credentialManager.SaveCredentials(key, "wrongToken");
+
+                SnowflakeCredentialManagerFactory.SetCredentialManager(credentialManager);
+
+                conn.Open();
+                Assert.AreEqual(ConnectionState.Open, conn.State);
+
+                SnowflakeCredentialManagerFactory.UseDefaultCredentialManager();
+            }
+        }
+
         [Test]
         [Ignore("This test requires manual interaction and therefore cannot be run in CI")]
         public void TestSSOConnectionWithWrongUser()
@@ -2169,6 +2229,39 @@ public void TestNativeOktaSuccess()
                 Assert.AreEqual(ConnectionState.Open, conn.State);
             }
         }
+
+        [Test]
+        [Ignore("This test requires manual interaction and therefore cannot be run in CI")]
+        public void TestSSOConnectionWithTokenCachingAsync()
+        {
+            using (SnowflakeDbConnection conn = new SnowflakeDbConnection())
+            {
+                conn.ConnectionString = String.Format("scheme={0};host={1};port={2};" +
+                "account={3};user={4};password={5};authenticator={6};allow_sso_token_caching={7}",
+                    testConfig.protocol,
+                    testConfig.host,
+                    testConfig.port,
+                    testConfig.account,
+                    testConfig.user,
+                    "",
+                    "externalbrowser",
+                    true);
+
+                // Authenticate to retrieve and store the token if doesn't exist or invalid
+                Task connectTask = conn.OpenAsync(CancellationToken.None);
+                connectTask.Wait();
+                Assert.AreEqual(ConnectionState.Open, conn.State);
+
+                connectTask = conn.CloseAsync(CancellationToken.None);
+                connectTask.Wait();
+                Assert.AreEqual(ConnectionState.Closed, conn.State);
+
+                // Authenticate using the token
+                connectTask = conn.OpenAsync(CancellationToken.None);
+                connectTask.Wait();
+                Assert.AreEqual(ConnectionState.Open, conn.State);
+            }
+        }
     }
 }
 

diff --git a/Snowflake.Data.Tests/UnitTests/CredentialManager/SFCredentialManager.cs b/Snowflake.Data.Tests/UnitTests/CredentialManager/SFCredentialManager.cs
@@ -0,0 +1,192 @@
+/*
+ * Copyright (c) 2024 Snowflake Computing Inc. All rights reserved.
+ */
+
+namespace Snowflake.Data.Tests.UnitTests
+{
+    using Mono.Unix;
+    using Mono.Unix.Native;
+    using Moq;
+    using NUnit.Framework;
+    using Snowflake.Data.Client;
+    using Snowflake.Data.Core.Tools;
+    using System;
+    using System.IO;
+    using System.Runtime.InteropServices;
+
+    [TestFixture]
+    class SFCredentialManager
+    {
+        ISnowflakeCredentialManager _credentialManager;
+
+        [ThreadStatic]
+        private static Mock<FileOperations> t_fileOperations;
+
+        [ThreadStatic]
+        private static Mock<UnixOperations> t_unixOperations;
+
+        private static readonly string s_expectedJsonPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.UserProfile), "temporary_credential.json");
+
+        [SetUp] public void SetUp()
+        {
+            t_fileOperations = new Mock<FileOperations>();
+            t_unixOperations = new Mock<UnixOperations>();
+            SnowflakeCredentialManagerFactory.SetCredentialManager(new SnowflakeCredentialManagerInMemoryImpl());
+        }
+
+        [TearDown] public void TearDown()
+        {
+            SnowflakeCredentialManagerFactory.UseDefaultCredentialManager();
+        }
+
+        [Test]
+        public void TestUsingDefaultCredentialManager()
+        {
+            // arrange
+            SnowflakeCredentialManagerFactory.UseDefaultCredentialManager();
+
+            // act
+            _credentialManager = SnowflakeCredentialManagerFactory.GetCredentialManager();
+
+            // assert
+            if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+            {
+                Assert.IsInstanceOf<SnowflakeCredentialManagerAdysTechImpl>(_credentialManager);
+            }
+            else
+            {
+                Assert.IsInstanceOf<SnowflakeCredentialManagerInMemoryImpl>(_credentialManager);
+            }
+        }
+
+        [Test]
+        public void TestSettingCustomCredentialManager()
+        {
+            // arrange
+            SnowflakeCredentialManagerFactory.SetCredentialManager(new SnowflakeCredentialManagerIFileImpl());
+
+            // act
+            _credentialManager = SnowflakeCredentialManagerFactory.GetCredentialManager();
+
+            // assert
+            Assert.IsInstanceOf<SnowflakeCredentialManagerIFileImpl>(_credentialManager);
+        }
+
+        [Test]
+        public void TestDefaultCredentialManager()
+        {
+            // arrange
+            var key = SnowflakeCredentialManagerFactory.BuildCredentialKey("host", "user", "tokentype");
+            var expectedToken = "token";
+
+            _credentialManager = SnowflakeCredentialManagerFactory.GetCredentialManager();
+
+            // act
+            var actualToken = _credentialManager.GetCredentials(key);
+
+            // assert
+            Assert.IsTrue(string.IsNullOrEmpty(actualToken));
+
+            // act
+            _credentialManager.SaveCredentials(key, expectedToken);
+            actualToken = _credentialManager.GetCredentials(key);
+
+            // assert
+            Assert.AreEqual(expectedToken, actualToken);
+
+            // act
+            _credentialManager.RemoveCredentials(key);
+            actualToken = _credentialManager.GetCredentials(key);
+
+            // assert
+            Assert.IsTrue(string.IsNullOrEmpty(actualToken));
+        }
+
+        [Test]
+        public void TestJsonCredentialManager()
+        {
+            // arrange
+            var key = SnowflakeCredentialManagerFactory.BuildCredentialKey("host", "user", "tokentype");
+            var expectedToken = "token";
+            SnowflakeCredentialManagerFactory.SetCredentialManager(new SnowflakeCredentialManagerIFileImpl());
+            _credentialManager = SnowflakeCredentialManagerFactory.GetCredentialManager();
+
+            // act
+            var actualToken = _credentialManager.GetCredentials(key);
+
+            // assert
+            Assert.IsTrue(string.IsNullOrEmpty(actualToken));
+
+            // act
+            _credentialManager.SaveCredentials(key, expectedToken);
+            actualToken = _credentialManager.GetCredentials(key);
+
+            // assert
+            Assert.AreEqual(expectedToken, actualToken);
+
+            // act
+            _credentialManager.RemoveCredentials(key);
+            actualToken = _credentialManager.GetCredentials(key);
+
+            // assert
+            Assert.IsTrue(string.IsNullOrEmpty(actualToken));
+        }
+
+        [Test]
+        public void TestThatThrowsErrorWhenCacheFileIsNotCreated()
+        {
+            if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+            {
+                Assert.Ignore("skip test on Windows");
+            }
+
+            // arrange
+            var key = SnowflakeCredentialManagerFactory.BuildCredentialKey("host", "user", "tokentype");
+            var token = "token";
+
+            t_unixOperations
+                .Setup(e => e.CreateFileWithPermissions(s_expectedJsonPath,
+                    FilePermissions.S_IRUSR | FilePermissions.S_IWUSR | FilePermissions.S_IXUSR))
+                .Returns(-1);
+
+            SnowflakeCredentialManagerFactory.SetCredentialManager(new SnowflakeCredentialManagerIFileImpl(t_fileOperations.Object, t_unixOperations.Object));
+            _credentialManager = SnowflakeCredentialManagerFactory.GetCredentialManager();
+
+            // act
+            var thrown = Assert.Throws<Exception>(() => _credentialManager.SaveCredentials(key, token));
+
+            // assert
+            Assert.That(thrown.Message, Does.Contain("Failed to create the JSON token cache file"));
+        }
+
+        [Test]
+        public void TestThatThrowsErrorWhenCacheFileCanBeAccessedByOthers()
+        {
+            if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+            {
+                Assert.Ignore("skip test on Windows");
+            }
+
+            // arrange
+            var key = SnowflakeCredentialManagerFactory.BuildCredentialKey("host", "user", "tokentype");
+            var token = "token";
+
+            t_unixOperations
+                .Setup(e => e.CreateFileWithPermissions(s_expectedJsonPath,
+                    FilePermissions.S_IRUSR | FilePermissions.S_IWUSR | FilePermissions.S_IXUSR))
+                .Returns(0);
+            t_unixOperations
+                .Setup(e => e.GetFilePermissions(s_expectedJsonPath))
+                .Returns(FileAccessPermissions.AllPermissions);
+
+            SnowflakeCredentialManagerFactory.SetCredentialManager(new SnowflakeCredentialManagerIFileImpl(t_fileOperations.Object, t_unixOperations.Object));
+            _credentialManager = SnowflakeCredentialManagerFactory.GetCredentialManager();
+
+            // act
+            var thrown = Assert.Throws<Exception>(() => _credentialManager.SaveCredentials(key, token));
+
+            // assert
+            Assert.That(thrown.Message, Does.Contain("Permission for the JSON token cache file should contain only the owner access"));
+        }
+    }
+}