Merge branch 'master' into SNOW-1631790-Transport-Layer

snowflakedb · Dec 4, 2024 · adb13c4 · adb13c4
2 parents 8e8998b + f6d50ea
commit adb13c4
Show file tree

Hide file tree

Showing 16 changed files with 397 additions and 390 deletions.
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -5,5 +5,6 @@ Please explain the changes you made here.
 - [ ] Format code according to the existing code style (run `npm run lint:check -- CHANGED_FILES` and fix problems in changed code)
 - [ ] Create tests which fail without the change (if possible)
 - [ ] Make all tests (unit and integration) pass (`npm run test:unit` and `npm run test:integration`)
+- [ ] Extend the types in index.d.ts file (if necessary)
 - [ ] Extend the README / documentation and ensure is properly displayed (if necessary)
 - [ ] Provide JIRA issue id (if possible) or GitHub issue id in commit message
diff --git a/.github/workflows/parameters_aws_auth_tests.json.gpg b/.github/workflows/parameters_aws_auth_tests.json.gpg
diff --git a/.github/workflows/rsa_keys/rsa_encrypted_key.p8.gpg b/.github/workflows/rsa_keys/rsa_encrypted_key.p8.gpg
diff --git a/.github/workflows/rsa_keys/rsa_key.p8.gpg b/.github/workflows/rsa_keys/rsa_key.p8.gpg
diff --git a/.github/workflows/rsa_keys/rsa_key_invalid.p8.gpg b/.github/workflows/rsa_keys/rsa_key_invalid.p8.gpg
diff --git a/.gitignore b/.gitignore
@@ -14,3 +14,4 @@ wss-*-agent.config
 wss-unified-agent.jar
 whitesource/
 .nyc_output
+rsa_*.p8
diff --git a/ci/container/test_authentication.sh b/ci/container/test_authentication.sh
@@ -5,4 +5,8 @@ set -o pipefail
 AUTH_PARAMETER_FILE=./.github/workflows/parameters_aws_auth_tests.json
 eval $(jq -r '.authtestparams | to_entries | map("export \(.key)=\(.value|tostring)")|.[]' $AUTH_PARAMETER_FILE)
 
+export SNOWFLAKE_AUTH_TEST_PRIVATE_KEY_PATH=./.github/workflows/rsa_keys/rsa_key.p8
+export SNOWFLAKE_AUTH_TEST_ENCRYPTED_PRIVATE_KEY_PATH=./.github/workflows/rsa_keys/rsa_encrypted_key.p8
+export SNOWFLAKE_AUTH_TEST_INVALID_PRIVATE_KEY_PATH=./.github/workflows/rsa_keys/rsa_key_invalid.p8
+
 npm run test:authentication
diff --git a/ci/test_authentication.sh b/ci/test_authentication.sh
@@ -5,10 +5,13 @@ THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 export WORKSPACE=${WORKSPACE:-/tmp}
 
 gpg --quiet --batch --yes --decrypt --passphrase="$PARAMETERS_SECRET" --output $THIS_DIR/../.github/workflows/parameters_aws_auth_tests.json "$THIS_DIR/../.github/workflows/parameters_aws_auth_tests.json.gpg"
+gpg --quiet --batch --yes --decrypt --passphrase="$PARAMETERS_SECRET" --output $THIS_DIR/../.github/workflows/rsa_keys/rsa_encrypted_key.p8 "$THIS_DIR/../.github/workflows/rsa_keys/rsa_encrypted_key.p8.gpg"
+gpg --quiet --batch --yes --decrypt --passphrase="$PARAMETERS_SECRET" --output $THIS_DIR/../.github/workflows/rsa_keys/rsa_key.p8 "$THIS_DIR/../.github/workflows/rsa_keys/rsa_key.p8.gpg"
+gpg --quiet --batch --yes --decrypt --passphrase="$PARAMETERS_SECRET" --output $THIS_DIR/../.github/workflows/rsa_keys/rsa_key_invalid.p8 "$THIS_DIR/../.github/workflows/rsa_keys/rsa_key_invalid.p8.gpg"
 
 docker run \
   -v $(cd $THIS_DIR/.. && pwd):/mnt/host \
   -v $WORKSPACE:/mnt/workspace \
   --rm \
-  nexus.int.snowflakecomputing.com:8086/docker/snowdrivers-test-external-browser:2 \
+  nexus.int.snowflakecomputing.com:8086/docker/snowdrivers-test-external-browser:3 \
   "/mnt/host/ci/container/test_authentication.sh"
diff --git a/test/authentication/authTestsBaseClass.js b/test/authentication/authTestsBaseClass.js
@@ -0,0 +1,69 @@
+const assert = require('assert');
+const testUtil = require('../integration/testUtil');
+const snowflake = require('../../lib/snowflake');
+
+class AuthTest {
+  constructor() {
+    this.connection = null;
+    this.error = null;
+    this.callbackCompleted = false;
+  }
+
+  connectAsyncCallback() {
+    return (err) => {
+      this.error = err;
+      this.callbackCompleted = true;
+    };
+  }
+
+  async waitForCallbackCompletion() {
+    const timeout = Date.now() + 5000;
+    while (Date.now() < timeout) {
+      await new Promise(resolve => setTimeout(resolve, 100));
+      if (this.callbackCompleted) {
+        return;
+      }
+    }
+    throw new Error('Connection callback did not complete');
+  }
+
+  async createConnection(connectionOption) {
+    this.connection = snowflake.createConnection(connectionOption);
+  }
+
+  async connectAsync() {
+    await this.connection.connectAsync(this.connectAsyncCallback());
+    await this.waitForCallbackCompletion();
+  }
+
+  async verifyConnectionIsUp() {
+    assert.ok(await this.connection.isValidAsync(), 'Connection is not valid');
+    await testUtil.executeCmdAsync(this.connection, 'Select 1');
+  }
+
+  async verifyConnectionIsNotUp(message = 'Unable to perform operation because a connection was never established.') {
+    assert.ok(!(this.connection.isUp()), 'Connection should not be up');
+    try {
+      await testUtil.executeCmdAsync(this.connection, 'Select 1');
+      assert.fail('Expected error was not thrown');
+    } catch (error) {
+      assert.strictEqual(error.message, message);
+    }
+  }
+
+  async destroyConnection() {
+    if (this.connection !== undefined && this.connection !== null && this.connection.isUp()) {
+      await testUtil.destroyConnectionAsync(this.connection);
+    }
+  }
+
+  verifyNoErrorWasThrown() {
+    assert.equal(this.error, null);
+  }
+
+  verifyErrorWasThrown(message) {
+    assert.strictEqual(this.error?.message, message);
+  }
+}
+
+module.exports = AuthTest;
diff --git a/test/authentication/connectionParameters.js b/test/authentication/connectionParameters.js
@@ -3,28 +3,93 @@ const snowflakeAuthTestHost = process.env.SNOWFLAKE_AUTH_TEST_HOST;
 const snowflakeAuthTestPort = process.env.SNOWFLAKE_AUTH_TEST_PORT;
 const snowflakeAuthTestAccount = process.env.SNOWFLAKE_AUTH_TEST_ACCOUNT;
 const snowflakeAuthTestRole = process.env.SNOWFLAKE_AUTH_TEST_ROLE;
-const snowflakeTestBrowserUser = process.env.SNOWFLAKE_AUTH_TEST_BROWSER_USER;
+const snowflakeAuthTestBrowserUser = process.env.SNOWFLAKE_AUTH_TEST_BROWSER_USER;
+const snowflakeAuthTestOktaAuth = process.env.SNOWFLAKE_AUTH_TEST_OKTA_AUTH;
+const snowflakeAuthTestOktaUser = process.env.SNOWFLAKE_AUTH_TEST_OKTA_USER;
 const snowflakeAuthTestOktaPass = process.env.SNOWFLAKE_AUTH_TEST_OKTA_PASS;
+const snowflakeAuthTestOauthUrl = process.env.SNOWFLAKE_AUTH_TEST_OAUTH_URL;
+const snowflakeAuthTestOauthClientId = process.env.SNOWFLAKE_AUTH_TEST_OAUTH_CLIENT_ID;
+const snowflakeAuthTestOauthClientSecret = process.env.SNOWFLAKE_AUTH_TEST_OAUTH_CLIENT_SECRET;
 const snowflakeAuthTestDatabase = process.env.SNOWFLAKE_AUTH_TEST_DATABASE;
 const snowflakeAuthTestWarehouse = process.env.SNOWFLAKE_AUTH_TEST_WAREHOUSE;
 const snowflakeAuthTestSchema = process.env.SNOWFLAKE_AUTH_TEST_SCHEMA;
+const snowflakeAuthTestPrivateKeyPath = process.env.SNOWFLAKE_AUTH_TEST_PRIVATE_KEY_PATH;
+const snowflakeAuthTestInvalidPrivateKeyPath = process.env.SNOWFLAKE_AUTH_TEST_INVALID_PRIVATE_KEY_PATH;
+const snowflakeAuthTestPrivateKeyPassword = process.env.SNOWFLAKE_AUTH_TEST_PRIVATE_KEY_PASSWORD;
+const snowflakeAuthTestEncryptedPrivateKeyPath = process.env.SNOWFLAKE_AUTH_TEST_ENCRYPTED_PRIVATE_KEY_PATH;
 
 const accessUrlAuthTests = snowflakeAuthTestProtocol + '://' + snowflakeAuthTestHost + ':' +
-  snowflakeAuthTestPort;
+    snowflakeAuthTestPort;
+
+const baseParameters = 
+    {
+      accessUrl: accessUrlAuthTests,
+      account: snowflakeAuthTestAccount,
+      role: snowflakeAuthTestRole,
+      host: snowflakeAuthTestHost,
+      warehouse: snowflakeAuthTestWarehouse,
+      database: snowflakeAuthTestDatabase,
+      schema: snowflakeAuthTestSchema,
+    };
 
 const externalBrowser =
-  {
-    accessUrl: accessUrlAuthTests,
-    username: snowflakeTestBrowserUser,
-    account: snowflakeAuthTestAccount,
-    role: snowflakeAuthTestRole,
-    host: snowflakeAuthTestHost,
-    warehouse: snowflakeAuthTestWarehouse,
-    database: snowflakeAuthTestDatabase,
-    schema: snowflakeAuthTestSchema,
-    authenticator: 'EXTERNALBROWSER'
-  };
+    {
+      ...baseParameters,
+      username: snowflakeAuthTestBrowserUser,
+      authenticator: 'EXTERNALBROWSER'
+    };
+
+const okta =
+    {
+      ...baseParameters,
+      username: snowflakeAuthTestOktaUser,
+      password: snowflakeAuthTestOktaPass,
+      authenticator: snowflakeAuthTestOktaAuth
+    };
+
+const oauth =
+    {
+      ...baseParameters,
+      username: snowflakeAuthTestOktaUser,
+      authenticator: 'OAUTH'
+    };
+
+const keypairPrivateKey =
+    {
+      ...baseParameters,
+      username: snowflakeAuthTestOktaUser,
+      authenticator: 'SNOWFLAKE_JWT'
+    };
+
+const keypairPrivateKeyPath =
+    {
+      ...baseParameters,
+      username: snowflakeAuthTestOktaUser,
+      privateKeyPath: snowflakeAuthTestPrivateKeyPath,
+      authenticator: 'SNOWFLAKE_JWT'
+    };
+
+const keypairEncryptedPrivateKeyPath =
+    {
+      ...baseParameters,
+      username: snowflakeAuthTestOktaUser,
+      privateKeyPass: snowflakeAuthTestPrivateKeyPassword,
+      privateKeyPath: snowflakeAuthTestEncryptedPrivateKeyPath,
+      authenticator: 'SNOWFLAKE_JWT'
+    };
 
 exports.externalBrowser = externalBrowser;
-exports.snowflakeTestBrowserUser = snowflakeTestBrowserUser;
+exports.okta = okta;
+exports.oauth = oauth;
+exports.keypairPrivateKey = keypairPrivateKey;
+exports.keypairPrivateKeyPath = keypairPrivateKeyPath;
+exports.keypairEncryptedPrivateKeyPath = keypairEncryptedPrivateKeyPath;
+exports.snowflakeTestBrowserUser = snowflakeAuthTestBrowserUser;
+exports.snowflakeAuthTestOktaUser = snowflakeAuthTestOktaUser;
 exports.snowflakeAuthTestOktaPass = snowflakeAuthTestOktaPass;
+exports.snowflakeAuthTestRole = snowflakeAuthTestRole;
+exports.snowflakeAuthTestOauthClientId = snowflakeAuthTestOauthClientId;
+exports.snowflakeAuthTestOauthClientSecret = snowflakeAuthTestOauthClientSecret;
+exports.snowflakeAuthTestOauthUrl = snowflakeAuthTestOauthUrl;
+exports.snowflakeAuthTestPrivateKeyPath = snowflakeAuthTestPrivateKeyPath;
+exports.snowflakeAuthTestInvalidPrivateKeyPath = snowflakeAuthTestInvalidPrivateKeyPath;