From 120f49226317209af1883fd4f2b74d5276175ea9 Mon Sep 17 00:00:00 2001 From: Przemyslaw Motacki Date: Thu, 7 Nov 2024 13:03:07 +0100 Subject: [PATCH 1/8] SNOW-1689931 Adding flag to skip token file permission verification --- .../config/SFConnectionConfigParser.java | 83 ++++++++++--------- .../client/core/SFSessionProperty.java | 5 +- .../snowflake/client/jdbc/SnowflakeUtil.java | 16 ++++ .../config/SFConnectionConfigParserTest.java | 17 ++++ 4 files changed, 82 insertions(+), 39 deletions(-) diff --git a/src/main/java/net/snowflake/client/config/SFConnectionConfigParser.java b/src/main/java/net/snowflake/client/config/SFConnectionConfigParser.java index 35698c557..6577a921a 100644 --- a/src/main/java/net/snowflake/client/config/SFConnectionConfigParser.java +++ b/src/main/java/net/snowflake/client/config/SFConnectionConfigParser.java @@ -1,5 +1,6 @@ package net.snowflake.client.config; +import static net.snowflake.client.jdbc.SnowflakeUtil.convertSystemGetEnvToBooleanValue; import static net.snowflake.client.jdbc.SnowflakeUtil.systemGetEnv; import com.fasterxml.jackson.dataformat.toml.TomlMapper; @@ -34,6 +35,50 @@ public class SFConnectionConfigParser { "SNOWFLAKE_DEFAULT_CONNECTION_NAME"; public static final String DEFAULT = "default"; public static final String SNOWFLAKE_TOKEN_FILE_PATH = "/snowflake/session/token"; + public static final String SKIP_TOKEN_FILE_PERMISSIONS_VERIFICATION = + "SKIP_TOKEN_FILE_PERMISSIONS_VERIFICATION"; + + public static ConnectionParameters buildConnectionParameters() throws SnowflakeSQLException { + String defaultConnectionName = + Optional.ofNullable(systemGetEnv(SNOWFLAKE_DEFAULT_CONNECTION_NAME_KEY)).orElse(DEFAULT); + Map fileConnectionConfiguration = + loadDefaultConnectionConfiguration(defaultConnectionName); + + if (fileConnectionConfiguration != null && !fileConnectionConfiguration.isEmpty()) { + Properties conectionProperties = new Properties(); + conectionProperties.putAll(fileConnectionConfiguration); + + String url = createUrl(fileConnectionConfiguration); + logger.debug("Url created using parameters from connection configuration file: {}", url); + + if ("oauth".equals(fileConnectionConfiguration.get("authenticator")) + && fileConnectionConfiguration.get("token") == null) { + Path path = + Paths.get( + Optional.ofNullable(fileConnectionConfiguration.get("token_file_path")) + .orElse(SNOWFLAKE_TOKEN_FILE_PATH)); + logger.debug("Token used in connect is read from file: {}", path); + try { + boolean shouldSkipTokenFilePermissionsVerification = + convertSystemGetEnvToBooleanValue(SKIP_TOKEN_FILE_PERMISSIONS_VERIFICATION, false); + if (!shouldSkipTokenFilePermissionsVerification) { + verifyFilePermissionSecure(path); + } + String token = new String(Files.readAllBytes(path), Charset.defaultCharset()); + if (!token.isEmpty()) { + putPropertyIfNotNull(conectionProperties, "token", token.trim()); + } else { + logger.warn("The token has empty value"); + } + } catch (Exception ex) { + throw new SnowflakeSQLException(ex, "There is a problem during reading token from file"); + } + } + return new ConnectionParameters(url, conectionProperties); + } else { + return null; + } + } private static Map loadDefaultConnectionConfiguration( String defaultConnectionName) throws SnowflakeSQLException { @@ -88,44 +133,6 @@ private static void verifyFilePermissionSecure(Path configFilePath) } } - public static ConnectionParameters buildConnectionParameters() throws SnowflakeSQLException { - String defaultConnectionName = - Optional.ofNullable(systemGetEnv(SNOWFLAKE_DEFAULT_CONNECTION_NAME_KEY)).orElse(DEFAULT); - Map fileConnectionConfiguration = - loadDefaultConnectionConfiguration(defaultConnectionName); - - if (fileConnectionConfiguration != null && !fileConnectionConfiguration.isEmpty()) { - Properties conectionProperties = new Properties(); - conectionProperties.putAll(fileConnectionConfiguration); - - String url = createUrl(fileConnectionConfiguration); - logger.debug("Url created using parameters from connection configuration file: {}", url); - - if ("oauth".equals(fileConnectionConfiguration.get("authenticator")) - && fileConnectionConfiguration.get("token") == null) { - Path path = - Paths.get( - Optional.ofNullable(fileConnectionConfiguration.get("token_file_path")) - .orElse(SNOWFLAKE_TOKEN_FILE_PATH)); - logger.debug("Token used in connect is read from file: {}", path); - try { - verifyFilePermissionSecure(path); - String token = new String(Files.readAllBytes(path), Charset.defaultCharset()); - if (!token.isEmpty()) { - putPropertyIfNotNull(conectionProperties, "token", token.trim()); - } else { - logger.warn("The token has empty value"); - } - } catch (Exception ex) { - throw new SnowflakeSQLException(ex, "There is a problem during reading token from file"); - } - } - return new ConnectionParameters(url, conectionProperties); - } else { - return null; - } - } - private static String createUrl(Map fileConnectionConfiguration) throws SnowflakeSQLException { Optional maybeAccount = Optional.ofNullable(fileConnectionConfiguration.get("account")); diff --git a/src/main/java/net/snowflake/client/core/SFSessionProperty.java b/src/main/java/net/snowflake/client/core/SFSessionProperty.java index 97c0adbc2..917ce5629 100644 --- a/src/main/java/net/snowflake/client/core/SFSessionProperty.java +++ b/src/main/java/net/snowflake/client/core/SFSessionProperty.java @@ -112,7 +112,10 @@ public enum SFSessionProperty { HTTP_CLIENT_CONNECTION_TIMEOUT("HTTP_CLIENT_CONNECTION_TIMEOUT", false, Integer.class), - HTTP_CLIENT_SOCKET_TIMEOUT("HTTP_CLIENT_SOCKET_TIMEOUT", false, Integer.class); + HTTP_CLIENT_SOCKET_TIMEOUT("HTTP_CLIENT_SOCKET_TIMEOUT", false, Integer.class), + + SKIP_TOKEN_FILE_PERMISSIONS_VERIFICATION( + "SKIP_TOKEN_FILE_PERMISSIONS_VERIFICATION", false, Boolean.class); // property key in string private String propertyKey; diff --git a/src/main/java/net/snowflake/client/jdbc/SnowflakeUtil.java b/src/main/java/net/snowflake/client/jdbc/SnowflakeUtil.java index 635384972..8e9a683a0 100644 --- a/src/main/java/net/snowflake/client/jdbc/SnowflakeUtil.java +++ b/src/main/java/net/snowflake/client/jdbc/SnowflakeUtil.java @@ -837,6 +837,22 @@ public static boolean convertSystemPropertyToBooleanValue( } return defaultValue; } + /** + * Helper function to convert environment variable to boolean + * + * @param envVariableKey property name of the environment variable + * @param defaultValue default value used + * @return the value of the environment variable as boolean, else the default value + */ + @SnowflakeJdbcInternalApi + public static boolean convertSystemGetEnvToBooleanValue( + String envVariableKey, boolean defaultValue) { + String environmentVariableValue = systemGetEnv(envVariableKey); + if (environmentVariableValue != null) { + return Boolean.parseBoolean(environmentVariableValue); + } + return defaultValue; + } @SnowflakeJdbcInternalApi public static T mapSFExceptionToSQLException(ThrowingCallable action) diff --git a/src/test/java/net/snowflake/client/config/SFConnectionConfigParserTest.java b/src/test/java/net/snowflake/client/config/SFConnectionConfigParserTest.java index 01da714e5..07658b9e8 100644 --- a/src/test/java/net/snowflake/client/config/SFConnectionConfigParserTest.java +++ b/src/test/java/net/snowflake/client/config/SFConnectionConfigParserTest.java @@ -1,5 +1,6 @@ package net.snowflake.client.config; +import static net.snowflake.client.config.SFConnectionConfigParser.SKIP_TOKEN_FILE_PERMISSIONS_VERIFICATION; import static net.snowflake.client.config.SFConnectionConfigParser.SNOWFLAKE_DEFAULT_CONNECTION_NAME_KEY; import static net.snowflake.client.config.SFConnectionConfigParser.SNOWFLAKE_HOME_KEY; import static org.junit.Assert.assertEquals; @@ -44,6 +45,7 @@ public void setUp() throws IOException { public void close() throws IOException { SnowflakeUtil.systemUnsetEnv(SNOWFLAKE_HOME_KEY); SnowflakeUtil.systemUnsetEnv(SNOWFLAKE_DEFAULT_CONNECTION_NAME_KEY); + SnowflakeUtil.systemUnsetEnv(SKIP_TOKEN_FILE_PERMISSIONS_VERIFICATION); Files.walk(tempPath).map(Path::toFile).forEach(File::delete); Files.delete(tempPath); } @@ -103,6 +105,21 @@ public void testThrowErrorWhenWrongPermissionsForTokenFile() throws IOException SnowflakeSQLException.class, () -> SFConnectionConfigParser.buildConnectionParameters()); } + @Test + public void testNoThrowErrorWhenWrongPermissionsForTokenFileButSkippingFlagIsEnabled() + throws SnowflakeSQLException, IOException { + SnowflakeUtil.systemSetEnv(SNOWFLAKE_HOME_KEY, tempPath.toString()); + SnowflakeUtil.systemSetEnv(SNOWFLAKE_DEFAULT_CONNECTION_NAME_KEY, "default"); + SnowflakeUtil.systemSetEnv(SKIP_TOKEN_FILE_PERMISSIONS_VERIFICATION, "true"); + File tokenFile = new File(Paths.get(tempPath.toString(), "token").toUri()); + prepareConnectionConfigurationTomlFile( + Collections.singletonMap("token_file_path", tokenFile.toString()), true, false); + + ConnectionParameters data = SFConnectionConfigParser.buildConnectionParameters(); + assertNotNull(data); + assertEquals(tokenFile.toString(), data.getParams().get("token_file_path")); + } + @Test public void testLoadSFConnectionConfigWithHostConfigured() throws SnowflakeSQLException, IOException { From 147d02e099655ff4f56d6e2956ca98f0b9bf629b Mon Sep 17 00:00:00 2001 From: Przemyslaw Motacki Date: Tue, 12 Nov 2024 10:38:16 +0100 Subject: [PATCH 2/8] SNOW-1689931 Adding flag to skip token file permission verification --- .../snowflake/client/config/SFConnectionConfigParser.java | 2 ++ .../java/net/snowflake/client/core/SFSessionProperty.java | 5 +---- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/src/main/java/net/snowflake/client/config/SFConnectionConfigParser.java b/src/main/java/net/snowflake/client/config/SFConnectionConfigParser.java index 6577a921a..00c4a2a21 100644 --- a/src/main/java/net/snowflake/client/config/SFConnectionConfigParser.java +++ b/src/main/java/net/snowflake/client/config/SFConnectionConfigParser.java @@ -63,6 +63,8 @@ public static ConnectionParameters buildConnectionParameters() throws SnowflakeS convertSystemGetEnvToBooleanValue(SKIP_TOKEN_FILE_PERMISSIONS_VERIFICATION, false); if (!shouldSkipTokenFilePermissionsVerification) { verifyFilePermissionSecure(path); + } else { + logger.debug("Skip token file permissions verification"); } String token = new String(Files.readAllBytes(path), Charset.defaultCharset()); if (!token.isEmpty()) { diff --git a/src/main/java/net/snowflake/client/core/SFSessionProperty.java b/src/main/java/net/snowflake/client/core/SFSessionProperty.java index 917ce5629..97c0adbc2 100644 --- a/src/main/java/net/snowflake/client/core/SFSessionProperty.java +++ b/src/main/java/net/snowflake/client/core/SFSessionProperty.java @@ -112,10 +112,7 @@ public enum SFSessionProperty { HTTP_CLIENT_CONNECTION_TIMEOUT("HTTP_CLIENT_CONNECTION_TIMEOUT", false, Integer.class), - HTTP_CLIENT_SOCKET_TIMEOUT("HTTP_CLIENT_SOCKET_TIMEOUT", false, Integer.class), - - SKIP_TOKEN_FILE_PERMISSIONS_VERIFICATION( - "SKIP_TOKEN_FILE_PERMISSIONS_VERIFICATION", false, Boolean.class); + HTTP_CLIENT_SOCKET_TIMEOUT("HTTP_CLIENT_SOCKET_TIMEOUT", false, Integer.class); // property key in string private String propertyKey; From 29f19fc7b748d0e968eac32691847a8e1a93ea16 Mon Sep 17 00:00:00 2001 From: Przemyslaw Motacki Date: Mon, 25 Nov 2024 11:55:22 +0100 Subject: [PATCH 3/8] SNOW-1689931 Adding flag to skip token file permission verification --- .../snowflake/client/config/SFConnectionConfigParser.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/main/java/net/snowflake/client/config/SFConnectionConfigParser.java b/src/main/java/net/snowflake/client/config/SFConnectionConfigParser.java index 00c4a2a21..1b5949706 100644 --- a/src/main/java/net/snowflake/client/config/SFConnectionConfigParser.java +++ b/src/main/java/net/snowflake/client/config/SFConnectionConfigParser.java @@ -45,8 +45,8 @@ public static ConnectionParameters buildConnectionParameters() throws SnowflakeS loadDefaultConnectionConfiguration(defaultConnectionName); if (fileConnectionConfiguration != null && !fileConnectionConfiguration.isEmpty()) { - Properties conectionProperties = new Properties(); - conectionProperties.putAll(fileConnectionConfiguration); + Properties connectionProperties = new Properties(); + connectionProperties.putAll(fileConnectionConfiguration); String url = createUrl(fileConnectionConfiguration); logger.debug("Url created using parameters from connection configuration file: {}", url); @@ -68,7 +68,7 @@ public static ConnectionParameters buildConnectionParameters() throws SnowflakeS } String token = new String(Files.readAllBytes(path), Charset.defaultCharset()); if (!token.isEmpty()) { - putPropertyIfNotNull(conectionProperties, "token", token.trim()); + putPropertyIfNotNull(connectionProperties, "token", token.trim()); } else { logger.warn("The token has empty value"); } @@ -76,7 +76,7 @@ public static ConnectionParameters buildConnectionParameters() throws SnowflakeS throw new SnowflakeSQLException(ex, "There is a problem during reading token from file"); } } - return new ConnectionParameters(url, conectionProperties); + return new ConnectionParameters(url, connectionProperties); } else { return null; } From 9e46ba9f9182c4e7ab1ba4045fc835ad112b9ee4 Mon Sep 17 00:00:00 2001 From: Przemyslaw Motacki Date: Mon, 25 Nov 2024 12:55:13 +0100 Subject: [PATCH 4/8] SNOW-1689931 Adding flag to skip token file permission verification --- .../client/config/SFConnectionConfigParserTest.java | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/test/java/net/snowflake/client/config/SFConnectionConfigParserTest.java b/src/test/java/net/snowflake/client/config/SFConnectionConfigParserTest.java index 07658b9e8..46339e95c 100644 --- a/src/test/java/net/snowflake/client/config/SFConnectionConfigParserTest.java +++ b/src/test/java/net/snowflake/client/config/SFConnectionConfigParserTest.java @@ -18,10 +18,14 @@ import java.nio.file.attribute.FileAttribute; import java.nio.file.attribute.PosixFilePermission; import java.nio.file.attribute.PosixFilePermissions; +import java.util.ArrayList; +import java.util.Arrays; import java.util.Collections; import java.util.HashMap; +import java.util.List; import java.util.Map; import java.util.Set; + import net.snowflake.client.RunningNotOnLinuxMac; import net.snowflake.client.core.Constants; import net.snowflake.client.jdbc.SnowflakeSQLException; @@ -33,12 +37,18 @@ public class SFConnectionConfigParserTest { + private static final List ENV_VARIABLES_KEYS = + new ArrayList<>(Arrays.asList(SNOWFLAKE_HOME_KEY, SNOWFLAKE_DEFAULT_CONNECTION_NAME_KEY, SKIP_TOKEN_FILE_PERMISSIONS_VERIFICATION)); private Path tempPath = null; private TomlMapper tomlMapper = new TomlMapper(); + private Map envVariables = new HashMap(); @Before public void setUp() throws IOException { tempPath = Files.createTempDirectory(".snowflake"); + ENV_VARIABLES_KEYS + .stream() + .forEach(key -> envVariables.put(key, SnowflakeUtil.systemGetEnv(key))); } @After @@ -48,6 +58,9 @@ public void close() throws IOException { SnowflakeUtil.systemUnsetEnv(SKIP_TOKEN_FILE_PERMISSIONS_VERIFICATION); Files.walk(tempPath).map(Path::toFile).forEach(File::delete); Files.delete(tempPath); + ENV_VARIABLES_KEYS + .stream() + .forEach(key -> SnowflakeUtil.systemSetEnv(key, envVariables.get(key))); } @Test From 47e67b7425602a18672dee324b38ffff70ceea13 Mon Sep 17 00:00:00 2001 From: Przemyslaw Motacki Date: Mon, 25 Nov 2024 13:06:18 +0100 Subject: [PATCH 5/8] SNOW-1689931 Adding flag to skip token file permission verification --- .../net/snowflake/client/config/SFConnectionConfigParser.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/net/snowflake/client/config/SFConnectionConfigParser.java b/src/main/java/net/snowflake/client/config/SFConnectionConfigParser.java index 1b5949706..4bf50e1d2 100644 --- a/src/main/java/net/snowflake/client/config/SFConnectionConfigParser.java +++ b/src/main/java/net/snowflake/client/config/SFConnectionConfigParser.java @@ -70,7 +70,7 @@ public static ConnectionParameters buildConnectionParameters() throws SnowflakeS if (!token.isEmpty()) { putPropertyIfNotNull(connectionProperties, "token", token.trim()); } else { - logger.warn("The token has empty value"); + throw new SnowflakeSQLException("Token must be set when the authenticator type is OAUTH"); } } catch (Exception ex) { throw new SnowflakeSQLException(ex, "There is a problem during reading token from file"); From a3834f3a13a27d11e18391c5108fc5ecd6dc2177 Mon Sep 17 00:00:00 2001 From: Przemyslaw Motacki Date: Mon, 25 Nov 2024 13:33:13 +0100 Subject: [PATCH 6/8] SNOW-1689931 Adding flag to skip token file permission verification --- .../config/SFConnectionConfigParser.java | 2 +- .../config/SFConnectionConfigParserTest.java | 39 ++++++++++++++++--- 2 files changed, 34 insertions(+), 7 deletions(-) diff --git a/src/main/java/net/snowflake/client/config/SFConnectionConfigParser.java b/src/main/java/net/snowflake/client/config/SFConnectionConfigParser.java index 4bf50e1d2..a060e87d4 100644 --- a/src/main/java/net/snowflake/client/config/SFConnectionConfigParser.java +++ b/src/main/java/net/snowflake/client/config/SFConnectionConfigParser.java @@ -70,7 +70,7 @@ public static ConnectionParameters buildConnectionParameters() throws SnowflakeS if (!token.isEmpty()) { putPropertyIfNotNull(connectionProperties, "token", token.trim()); } else { - throw new SnowflakeSQLException("Token must be set when the authenticator type is OAUTH"); + throw new SnowflakeSQLException("Non-empty token must be set when the authenticator type is OAUTH"); } } catch (Exception ex) { throw new SnowflakeSQLException(ex, "There is a problem during reading token from file"); diff --git a/src/test/java/net/snowflake/client/config/SFConnectionConfigParserTest.java b/src/test/java/net/snowflake/client/config/SFConnectionConfigParserTest.java index 46339e95c..3ac877f45 100644 --- a/src/test/java/net/snowflake/client/config/SFConnectionConfigParserTest.java +++ b/src/test/java/net/snowflake/client/config/SFConnectionConfigParserTest.java @@ -48,7 +48,11 @@ public void setUp() throws IOException { tempPath = Files.createTempDirectory(".snowflake"); ENV_VARIABLES_KEYS .stream() - .forEach(key -> envVariables.put(key, SnowflakeUtil.systemGetEnv(key))); + .forEach(key -> { + if (SnowflakeUtil.systemGetEnv(key) != null) { + envVariables.put(key, SnowflakeUtil.systemGetEnv(key)); + } + }); } @After @@ -58,9 +62,8 @@ public void close() throws IOException { SnowflakeUtil.systemUnsetEnv(SKIP_TOKEN_FILE_PERMISSIONS_VERIFICATION); Files.walk(tempPath).map(Path::toFile).forEach(File::delete); Files.delete(tempPath); - ENV_VARIABLES_KEYS - .stream() - .forEach(key -> SnowflakeUtil.systemSetEnv(key, envVariables.get(key))); + envVariables + .forEach((key, value) -> SnowflakeUtil.systemSetEnv(key, value)); } @Test @@ -162,6 +165,19 @@ public void shouldThrowExceptionIfNoneOfHostAndAccountIsSet() throws IOException Assert.assertThrows( SnowflakeSQLException.class, () -> SFConnectionConfigParser.buildConnectionParameters()); } + @Test + public void shouldThrowExceptionIfTokenIsNotSetForOauth() throws IOException { + SnowflakeUtil.systemSetEnv(SNOWFLAKE_HOME_KEY, tempPath.toString()); + SnowflakeUtil.systemSetEnv(SNOWFLAKE_DEFAULT_CONNECTION_NAME_KEY, "default"); + SnowflakeUtil.systemSetEnv(SKIP_TOKEN_FILE_PERMISSIONS_VERIFICATION, "true"); + File tokenFile = new File(Paths.get(tempPath.toString(), "token").toUri()); +// File emptyTokenFile = new File(Paths.get(tempPath.toString(), "emptyToken").toUri()); + prepareConnectionConfigurationTomlFile( + Collections.singletonMap("token_file_path", tokenFile.toString()), true, false, ""); + + Assert.assertThrows( + SnowflakeSQLException.class, () -> SFConnectionConfigParser.buildConnectionParameters()); + } private void prepareConnectionConfigurationTomlFile() throws IOException { prepareConnectionConfigurationTomlFile(null, true, true); @@ -172,7 +188,13 @@ private void prepareConnectionConfigurationTomlFile(Map moreParameters) throws I } private void prepareConnectionConfigurationTomlFile( - Map moreParameters, boolean onlyUserPermissionConnection, boolean onlyUserPermissionToken) + Map moreParameters, boolean onlyUserPermissionConnection, boolean onlyUserPermissionToken) + throws IOException { + prepareConnectionConfigurationTomlFile(moreParameters, onlyUserPermissionConnection, onlyUserPermissionToken, "token_from_file"); + } + + private void prepareConnectionConfigurationTomlFile( + Map moreParameters, boolean onlyUserPermissionConnection, boolean onlyUserPermissionToken, String token) throws IOException { Path path = Paths.get(tempPath.toString(), "connections.toml"); Path filePath = createFilePathWithPermission(path, onlyUserPermissionConnection); @@ -196,7 +218,12 @@ private void prepareConnectionConfigurationTomlFile( createFilePathWithPermission( Paths.get(configurationParams.get("token_file_path").toString()), onlyUserPermissionToken); - Files.write(tokenFilePath, "token_from_file".getBytes()); + Files.write(tokenFilePath, token.getBytes()); + Path emptyTokenFilePath = + createFilePathWithPermission( + Paths.get(configurationParams.get("token_file_path").toString().replaceAll("token", "emptytoken")), + onlyUserPermissionToken); + Files.write(emptyTokenFilePath, "".getBytes()); } } From 720a819aa91a8cbd8deff57c5fa14027beb5aad1 Mon Sep 17 00:00:00 2001 From: Przemyslaw Motacki Date: Mon, 25 Nov 2024 13:42:23 +0100 Subject: [PATCH 7/8] SNOW-1689931 Adding flag to skip token file permission verification --- .../config/SFConnectionConfigParser.java | 5 ++- .../config/SFConnectionConfigParserTest.java | 39 ++++++++++++------- 2 files changed, 28 insertions(+), 16 deletions(-) diff --git a/src/main/java/net/snowflake/client/config/SFConnectionConfigParser.java b/src/main/java/net/snowflake/client/config/SFConnectionConfigParser.java index a060e87d4..1da9f766a 100644 --- a/src/main/java/net/snowflake/client/config/SFConnectionConfigParser.java +++ b/src/main/java/net/snowflake/client/config/SFConnectionConfigParser.java @@ -68,9 +68,10 @@ public static ConnectionParameters buildConnectionParameters() throws SnowflakeS } String token = new String(Files.readAllBytes(path), Charset.defaultCharset()); if (!token.isEmpty()) { - putPropertyIfNotNull(connectionProperties, "token", token.trim()); + putPropertyIfNotNull(connectionProperties, "token", token.trim()); } else { - throw new SnowflakeSQLException("Non-empty token must be set when the authenticator type is OAUTH"); + throw new SnowflakeSQLException( + "Non-empty token must be set when the authenticator type is OAUTH"); } } catch (Exception ex) { throw new SnowflakeSQLException(ex, "There is a problem during reading token from file"); diff --git a/src/test/java/net/snowflake/client/config/SFConnectionConfigParserTest.java b/src/test/java/net/snowflake/client/config/SFConnectionConfigParserTest.java index 3ac877f45..9952f50b6 100644 --- a/src/test/java/net/snowflake/client/config/SFConnectionConfigParserTest.java +++ b/src/test/java/net/snowflake/client/config/SFConnectionConfigParserTest.java @@ -25,7 +25,6 @@ import java.util.List; import java.util.Map; import java.util.Set; - import net.snowflake.client.RunningNotOnLinuxMac; import net.snowflake.client.core.Constants; import net.snowflake.client.jdbc.SnowflakeSQLException; @@ -38,7 +37,11 @@ public class SFConnectionConfigParserTest { private static final List ENV_VARIABLES_KEYS = - new ArrayList<>(Arrays.asList(SNOWFLAKE_HOME_KEY, SNOWFLAKE_DEFAULT_CONNECTION_NAME_KEY, SKIP_TOKEN_FILE_PERMISSIONS_VERIFICATION)); + new ArrayList<>( + Arrays.asList( + SNOWFLAKE_HOME_KEY, + SNOWFLAKE_DEFAULT_CONNECTION_NAME_KEY, + SKIP_TOKEN_FILE_PERMISSIONS_VERIFICATION)); private Path tempPath = null; private TomlMapper tomlMapper = new TomlMapper(); private Map envVariables = new HashMap(); @@ -46,9 +49,9 @@ public class SFConnectionConfigParserTest { @Before public void setUp() throws IOException { tempPath = Files.createTempDirectory(".snowflake"); - ENV_VARIABLES_KEYS - .stream() - .forEach(key -> { + ENV_VARIABLES_KEYS.stream() + .forEach( + key -> { if (SnowflakeUtil.systemGetEnv(key) != null) { envVariables.put(key, SnowflakeUtil.systemGetEnv(key)); } @@ -62,8 +65,7 @@ public void close() throws IOException { SnowflakeUtil.systemUnsetEnv(SKIP_TOKEN_FILE_PERMISSIONS_VERIFICATION); Files.walk(tempPath).map(Path::toFile).forEach(File::delete); Files.delete(tempPath); - envVariables - .forEach((key, value) -> SnowflakeUtil.systemSetEnv(key, value)); + envVariables.forEach((key, value) -> SnowflakeUtil.systemSetEnv(key, value)); } @Test @@ -165,15 +167,16 @@ public void shouldThrowExceptionIfNoneOfHostAndAccountIsSet() throws IOException Assert.assertThrows( SnowflakeSQLException.class, () -> SFConnectionConfigParser.buildConnectionParameters()); } + @Test public void shouldThrowExceptionIfTokenIsNotSetForOauth() throws IOException { SnowflakeUtil.systemSetEnv(SNOWFLAKE_HOME_KEY, tempPath.toString()); SnowflakeUtil.systemSetEnv(SNOWFLAKE_DEFAULT_CONNECTION_NAME_KEY, "default"); SnowflakeUtil.systemSetEnv(SKIP_TOKEN_FILE_PERMISSIONS_VERIFICATION, "true"); File tokenFile = new File(Paths.get(tempPath.toString(), "token").toUri()); -// File emptyTokenFile = new File(Paths.get(tempPath.toString(), "emptyToken").toUri()); + // File emptyTokenFile = new File(Paths.get(tempPath.toString(), "emptyToken").toUri()); prepareConnectionConfigurationTomlFile( - Collections.singletonMap("token_file_path", tokenFile.toString()), true, false, ""); + Collections.singletonMap("token_file_path", tokenFile.toString()), true, false, ""); Assert.assertThrows( SnowflakeSQLException.class, () -> SFConnectionConfigParser.buildConnectionParameters()); @@ -188,13 +191,17 @@ private void prepareConnectionConfigurationTomlFile(Map moreParameters) throws I } private void prepareConnectionConfigurationTomlFile( - Map moreParameters, boolean onlyUserPermissionConnection, boolean onlyUserPermissionToken) - throws IOException { - prepareConnectionConfigurationTomlFile(moreParameters, onlyUserPermissionConnection, onlyUserPermissionToken, "token_from_file"); + Map moreParameters, boolean onlyUserPermissionConnection, boolean onlyUserPermissionToken) + throws IOException { + prepareConnectionConfigurationTomlFile( + moreParameters, onlyUserPermissionConnection, onlyUserPermissionToken, "token_from_file"); } private void prepareConnectionConfigurationTomlFile( - Map moreParameters, boolean onlyUserPermissionConnection, boolean onlyUserPermissionToken, String token) + Map moreParameters, + boolean onlyUserPermissionConnection, + boolean onlyUserPermissionToken, + String token) throws IOException { Path path = Paths.get(tempPath.toString(), "connections.toml"); Path filePath = createFilePathWithPermission(path, onlyUserPermissionConnection); @@ -221,7 +228,11 @@ private void prepareConnectionConfigurationTomlFile( Files.write(tokenFilePath, token.getBytes()); Path emptyTokenFilePath = createFilePathWithPermission( - Paths.get(configurationParams.get("token_file_path").toString().replaceAll("token", "emptytoken")), + Paths.get( + configurationParams + .get("token_file_path") + .toString() + .replaceAll("token", "emptytoken")), onlyUserPermissionToken); Files.write(emptyTokenFilePath, "".getBytes()); } From 552186374670ad0d39d2aecbb4f000590d3cea06 Mon Sep 17 00:00:00 2001 From: Przemyslaw Motacki Date: Mon, 25 Nov 2024 20:59:10 +0100 Subject: [PATCH 8/8] SNOW-1689931 Adding flag to skip token file permission verification --- .../snowflake/client/config/SFConnectionConfigParserTest.java | 1 - 1 file changed, 1 deletion(-) diff --git a/src/test/java/net/snowflake/client/config/SFConnectionConfigParserTest.java b/src/test/java/net/snowflake/client/config/SFConnectionConfigParserTest.java index 9952f50b6..bfb30f645 100644 --- a/src/test/java/net/snowflake/client/config/SFConnectionConfigParserTest.java +++ b/src/test/java/net/snowflake/client/config/SFConnectionConfigParserTest.java @@ -174,7 +174,6 @@ public void shouldThrowExceptionIfTokenIsNotSetForOauth() throws IOException { SnowflakeUtil.systemSetEnv(SNOWFLAKE_DEFAULT_CONNECTION_NAME_KEY, "default"); SnowflakeUtil.systemSetEnv(SKIP_TOKEN_FILE_PERMISSIONS_VERIFICATION, "true"); File tokenFile = new File(Paths.get(tempPath.toString(), "token").toUri()); - // File emptyTokenFile = new File(Paths.get(tempPath.toString(), "emptyToken").toUri()); prepareConnectionConfigurationTomlFile( Collections.singletonMap("token_file_path", tokenFile.toString()), true, false, "");