From ba5a0c36584c0674bd36c1d26450a5abd006bcd2 Mon Sep 17 00:00:00 2001 From: Patryk Cyrek Date: Wed, 4 Dec 2024 14:41:28 +0100 Subject: [PATCH 01/27] Additional external browser tests --- .../parameters_aws_auth_tests.json.gpg | Bin 0 -> 363 bytes Jenkinsfile | 23 +- auth_with_external_browser_test.go | 254 ++++++++++++++++++ ci/container/test_authentication.sh | 9 + ci/test_authentication.sh | 14 + 5 files changed, 297 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/parameters_aws_auth_tests.json.gpg create mode 100644 auth_with_external_browser_test.go create mode 100755 ci/container/test_authentication.sh create mode 100755 ci/test_authentication.sh diff --git a/.github/workflows/parameters_aws_auth_tests.json.gpg b/.github/workflows/parameters_aws_auth_tests.json.gpg new file mode 100644 index 0000000000000000000000000000000000000000..5c6eac2540ab359113109cc9d1f23c74ee2dd835 GIT binary patch literal 363 zcmV-x0hIoX4Fm}T2*2IlWRITzPW{rrnE~o0&*{>hGtMp6KGJf2>2Q2jz27IwJr7ON z5JBc*e);uM`~9VEU!j523Lo@;!0!r?A$WE4yw9@S~nKcNMVjK&E+z-ONaA zL-j!KxA6W6#ev$Po>wXQlV!Gyle5x zd1m+rHO^L*!y?^A$XXD>m$6dd6r2A%`yjn&wmLH(e-#L0v83pxEu<)Z>|et Date: Wed, 4 Dec 2024 15:21:37 +0100 Subject: [PATCH 02/27] add err handling, docker container change --- auth_with_external_browser_test.go | 10 ++++++++-- ci/test_authentication.sh | 2 +- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/auth_with_external_browser_test.go b/auth_with_external_browser_test.go index 80074f0ad..f26181100 100644 --- a/auth_with_external_browser_test.go +++ b/auth_with_external_browser_test.go @@ -22,7 +22,10 @@ func TestExternalBrowserSuccessful(t *testing.T) { }() go func() { defer wg.Done() - connectToSnowflake(cfg, "SELECT 1", true) + _, err := connectToSnowflake(cfg, "SELECT 1", true) + if err != nil { + t.Errorf("Connection failed: err %v", err) + } }() wg.Wait() } @@ -115,7 +118,10 @@ func TestClientStoreCredentials(t *testing.T) { }() go func() { defer wg.Done() - connectToSnowflake(cfg, "SELECT 1", true) + _, err := connectToSnowflake(cfg, "SELECT 1", true) + if err != nil { + t.Errorf("Connection failed: err %v", err) + } }() wg.Wait() }) diff --git a/ci/test_authentication.sh b/ci/test_authentication.sh index d28016643..c9c01bacb 100755 --- a/ci/test_authentication.sh +++ b/ci/test_authentication.sh @@ -10,5 +10,5 @@ docker run \ -v $(cd $THIS_DIR/.. && pwd):/mnt/host \ -v $WORKSPACE:/mnt/workspace \ --rm \ - temp_newer_golang \ + nexus.int.snowflakecomputing.com:8086/docker/snowdrivers-test-external-browser-golang:2 \ "/mnt/host/ci/container/test_authentication.sh" From 7f310998f2fa25c87f31d9cc11287cee03b20fd5 Mon Sep 17 00:00:00 2001 From: Patryk Cyrek Date: Thu, 5 Dec 2024 08:54:06 +0100 Subject: [PATCH 03/27] skip github actions check --- auth_with_external_browser_test.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/auth_with_external_browser_test.go b/auth_with_external_browser_test.go index f26181100..1d0a99928 100644 --- a/auth_with_external_browser_test.go +++ b/auth_with_external_browser_test.go @@ -95,6 +95,9 @@ func TestExternalBrowserMismatchUser(t *testing.T) { } func setupTest(t *testing.T) *Config { + if runningOnGithubAction() { + t.Skip("Running only on Jenkins due to required connection to external browser") + } cleanupBrowserProcesses() cfg, err := getConfig() if err != nil { From 65e7cddfb7fdf6b40dc1ff6f22dddd95ff4599f6 Mon Sep 17 00:00:00 2001 From: Patryk Cyrek Date: Thu, 5 Dec 2024 10:52:53 +0100 Subject: [PATCH 04/27] docker repo setup2 --- ci/test_authentication.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ci/test_authentication.sh b/ci/test_authentication.sh index c9c01bacb..f35ec12fc 100755 --- a/ci/test_authentication.sh +++ b/ci/test_authentication.sh @@ -4,6 +4,12 @@ set -o pipefail export THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" export WORKSPACE=${WORKSPACE:-/tmp} +CI_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +if [[ -n "$JENKINS_HOME" ]]; then + source $CI_DIR/_init.sh + source $CI_DIR/scripts/login_internal_docker.sh +fi gpg --quiet --batch --yes --decrypt --passphrase="$PARAMETERS_SECRET" --output $THIS_DIR/../.github/workflows/parameters_aws_auth_tests.json "$THIS_DIR/../.github/workflows/parameters_aws_auth_tests.json.gpg" docker run \ From 719f72476eff8979628a51bb3af78e09e66fafc0 Mon Sep 17 00:00:00 2001 From: Patryk Cyrek Date: Thu, 5 Dec 2024 11:02:19 +0100 Subject: [PATCH 05/27] test default configuration --- ci/test_authentication.sh | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/ci/test_authentication.sh b/ci/test_authentication.sh index f35ec12fc..dd3f4dbf0 100755 --- a/ci/test_authentication.sh +++ b/ci/test_authentication.sh @@ -1,15 +1,37 @@ #!/bin/bash -e set -o pipefail -export THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -export WORKSPACE=${WORKSPACE:-/tmp} CI_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" if [[ -n "$JENKINS_HOME" ]]; then + ROOT_DIR="$(cd "${CI_DIR}/.." && pwd)" + export WORKSPACE=${WORKSPACE:-/tmp} + source $CI_DIR/_init.sh source $CI_DIR/scripts/login_internal_docker.sh + + echo "Use /sbin/ip" + IP_ADDR=$(/sbin/ip -4 addr show scope global dev eth0 | grep inet | awk '{print $2}' | cut -d / -f 1) + + declare -A TARGET_TEST_IMAGES + if [[ -n "$TARGET_DOCKER_TEST_IMAGE" ]]; then + echo "[INFO] TARGET_DOCKER_TEST_IMAGE: $TARGET_DOCKER_TEST_IMAGE" + IMAGE_NAME=${TEST_IMAGE_NAMES[$TARGET_DOCKER_TEST_IMAGE]} + if [[ -z "$IMAGE_NAME" ]]; then + echo "[ERROR] The target platform $TARGET_DOCKER_TEST_IMAGE doesn't exist. Check $CI_DIR/_init.sh" + exit 1 + fi + TARGET_TEST_IMAGES=([$TARGET_DOCKER_TEST_IMAGE]=$IMAGE_NAME) + else + echo "[ERROR] Set TARGET_DOCKER_TEST_IMAGE to the docker image name to run the test" + for name in "${!TEST_IMAGE_NAMES[@]}"; do + echo " " $name + done + exit 2 + fi fi + gpg --quiet --batch --yes --decrypt --passphrase="$PARAMETERS_SECRET" --output $THIS_DIR/../.github/workflows/parameters_aws_auth_tests.json "$THIS_DIR/../.github/workflows/parameters_aws_auth_tests.json.gpg" docker run \ From 298a08a12d9b5b097011bcd60c2db3d44ac0ef30 Mon Sep 17 00:00:00 2001 From: Patryk Cyrek Date: Thu, 5 Dec 2024 11:04:44 +0100 Subject: [PATCH 06/27] test default configuration, only IPADDR --- ci/test_authentication.sh | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/ci/test_authentication.sh b/ci/test_authentication.sh index dd3f4dbf0..3537ee79d 100755 --- a/ci/test_authentication.sh +++ b/ci/test_authentication.sh @@ -14,22 +14,6 @@ if [[ -n "$JENKINS_HOME" ]]; then echo "Use /sbin/ip" IP_ADDR=$(/sbin/ip -4 addr show scope global dev eth0 | grep inet | awk '{print $2}' | cut -d / -f 1) - declare -A TARGET_TEST_IMAGES - if [[ -n "$TARGET_DOCKER_TEST_IMAGE" ]]; then - echo "[INFO] TARGET_DOCKER_TEST_IMAGE: $TARGET_DOCKER_TEST_IMAGE" - IMAGE_NAME=${TEST_IMAGE_NAMES[$TARGET_DOCKER_TEST_IMAGE]} - if [[ -z "$IMAGE_NAME" ]]; then - echo "[ERROR] The target platform $TARGET_DOCKER_TEST_IMAGE doesn't exist. Check $CI_DIR/_init.sh" - exit 1 - fi - TARGET_TEST_IMAGES=([$TARGET_DOCKER_TEST_IMAGE]=$IMAGE_NAME) - else - echo "[ERROR] Set TARGET_DOCKER_TEST_IMAGE to the docker image name to run the test" - for name in "${!TEST_IMAGE_NAMES[@]}"; do - echo " " $name - done - exit 2 - fi fi gpg --quiet --batch --yes --decrypt --passphrase="$PARAMETERS_SECRET" --output $THIS_DIR/../.github/workflows/parameters_aws_auth_tests.json "$THIS_DIR/../.github/workflows/parameters_aws_auth_tests.json.gpg" From 9d63c1d2ae257604264f486e142872fc381e1617 Mon Sep 17 00:00:00 2001 From: Patryk Cyrek Date: Thu, 5 Dec 2024 11:11:49 +0100 Subject: [PATCH 07/27] test default configuration, only IPADDR2 --- ci/test_authentication.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/ci/test_authentication.sh b/ci/test_authentication.sh index 3537ee79d..76a2f35dd 100755 --- a/ci/test_authentication.sh +++ b/ci/test_authentication.sh @@ -2,8 +2,9 @@ set -o pipefail -CI_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +gpg --quiet --batch --yes --decrypt --passphrase="$PARAMETERS_SECRET" --output $THIS_DIR/../.github/workflows/parameters_aws_auth_tests.json "$THIS_DIR/../.github/workflows/parameters_aws_auth_tests.json.gpg" +CI_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" if [[ -n "$JENKINS_HOME" ]]; then ROOT_DIR="$(cd "${CI_DIR}/.." && pwd)" export WORKSPACE=${WORKSPACE:-/tmp} @@ -16,8 +17,6 @@ if [[ -n "$JENKINS_HOME" ]]; then fi -gpg --quiet --batch --yes --decrypt --passphrase="$PARAMETERS_SECRET" --output $THIS_DIR/../.github/workflows/parameters_aws_auth_tests.json "$THIS_DIR/../.github/workflows/parameters_aws_auth_tests.json.gpg" - docker run \ -v $(cd $THIS_DIR/.. && pwd):/mnt/host \ -v $WORKSPACE:/mnt/workspace \ From 29b8f2b86d491d4e396f6c2a00ca2d51cbecd166 Mon Sep 17 00:00:00 2001 From: Patryk Cyrek Date: Thu, 5 Dec 2024 11:16:54 +0100 Subject: [PATCH 08/27] test default configuration3 --- ci/test_authentication.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/ci/test_authentication.sh b/ci/test_authentication.sh index 76a2f35dd..9b137c668 100755 --- a/ci/test_authentication.sh +++ b/ci/test_authentication.sh @@ -2,7 +2,9 @@ set -o pipefail -gpg --quiet --batch --yes --decrypt --passphrase="$PARAMETERS_SECRET" --output $THIS_DIR/../.github/workflows/parameters_aws_auth_tests.json "$THIS_DIR/../.github/workflows/parameters_aws_auth_tests.json.gpg" + +export THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +export WORKSPACE=${WORKSPACE:-/tmp} CI_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" if [[ -n "$JENKINS_HOME" ]]; then @@ -17,6 +19,9 @@ if [[ -n "$JENKINS_HOME" ]]; then fi +gpg --quiet --batch --yes --decrypt --passphrase="$PARAMETERS_SECRET" --output $THIS_DIR/../.github/workflows/parameters_aws_auth_tests.json "$THIS_DIR/../.github/workflows/parameters_aws_auth_tests.json.gpg" + + docker run \ -v $(cd $THIS_DIR/.. && pwd):/mnt/host \ -v $WORKSPACE:/mnt/workspace \ From 55402963041cd9efdda62f6cc59248d05160c57d Mon Sep 17 00:00:00 2001 From: Patryk Cyrek Date: Thu, 5 Dec 2024 14:21:22 +0100 Subject: [PATCH 09/27] adding okta tests, solution refactor --- .../parameters_aws_auth_tests.json.gpg | Bin 363 -> 391 bytes auth_generic_test_methods.go | 66 ++++++++++ auth_with_external_browser_test.go | 118 +++++------------- auth_with_okta_test.go | 84 +++++++++++++ 4 files changed, 180 insertions(+), 88 deletions(-) create mode 100644 auth_generic_test_methods.go create mode 100644 auth_with_okta_test.go diff --git a/.github/workflows/parameters_aws_auth_tests.json.gpg b/.github/workflows/parameters_aws_auth_tests.json.gpg index 5c6eac2540ab359113109cc9d1f23c74ee2dd835..e77aca56a5918c8cc274e430d2bdc4d21a703da2 100644 GIT binary patch literal 391 zcmV;20eJq54Fm}T2<8j^6U=10kNwiXwE;tTM6b%NB`vs62LU84W$!Y`qe8ev%gT}O z4*O^^ptVt5(+0q?jM=5(1nKPCsFb+d_TT;Ymsu53%CxL~F7%1|;5ACf@w}$T;O@H$ z+UlPk5Ni;qxj4fOTO+~Paz%sDf-*L@V2k2FAxthY$1KC+*Dt^Wsw3hq;)Y$t^5qfW z?hMI<+s;sBR5b_J_91c|eZjiDXvPhcRZC3fOGo45?KRVipktiUVEOgUBldA|H~d=E z`*Xgi#hg0h#%c(p%tvKhX|C&&MN08MLo9)S6?~m#Jt=H1N*Mc6!LG-S&*V~ z+88%ZdTzqe@*<-Gl@F4W3_ArErj0?bU`nsn%#p9x=AeR95uYo8$J4P6KmIdyM}SG; zS~n#X%yW`fhGtMp6KGJf2>2Q2jz27IwJr7ON z5JBc*e);uM`~9VEU!j523Lo@;!0!r?A$WE4yw9@S~nKcNMVjK&E+z-ONaA zL-j!KxA6W6#ev$Po>wXQlV!Gyle5x zd1m+rHO^L*!y?^A$XXD>m$6dd6r2A%`yjn&wmLH(e-#L0v83pxEu<)Z>|et Date: Fri, 6 Dec 2024 17:07:16 +0100 Subject: [PATCH 10/27] adding oauth tests, small refactor --- .../parameters_aws_auth_tests.json.gpg | Bin 391 -> 516 bytes auth_generic_test_methods.go | 1 + auth_with_external_browser_test.go | 2 +- auth_with_oauth_test.go | 115 ++++++++++++++++++ auth_with_okta_test.go | 9 +- ci/container/test_authentication.sh | 2 + 6 files changed, 126 insertions(+), 3 deletions(-) create mode 100644 auth_with_oauth_test.go diff --git a/.github/workflows/parameters_aws_auth_tests.json.gpg b/.github/workflows/parameters_aws_auth_tests.json.gpg index e77aca56a5918c8cc274e430d2bdc4d21a703da2..e661c84096078ceea88d0c4737f7d3eb050bbd3d 100644 GIT binary patch literal 516 zcmV+f0{i`p4Fm}T2)+^Bh0)oj82{42G65s01E_9O)?*vv$*?8%7b(xN0k>ev?v@a9 zj8k7`zOFL@WPy?faH&CW?=BB46&)G}DF1>*)kP1D%~^&M6cx&;qtrC-f!(N}iuixZ z($_R8B`GGLGZ6@<6!8VP^n(8CQC?HW+D&mIvv*W_jqk92%}Y|DAP(kSRdLn3*b2~r zuFSSzR&f{X>fEJFRxrWhVrxn1!fz~c504r1^{RG3-;?UjU%K&JC;_91^?;NwOpe&0 zMJ9!#H0B{D+dlkniT+o2M5QSQY-87fg1k4G;IcB-iiF6~NB&!TCPa@}5l_u`;MTo& zfmG%XN_h8aj2reNFt;&!NM|hAcH?0CjzGbLJ>6bOoU?`w z(OoUm&#NCN{KvzBzW@c55LNDrf)I7R=#V70K=N4b_fjR(Qxo8tRQNQ*>&E(d=Sp1U zE2#e&`ba!3Imf)~cf4?5aib!srHzqcDWq?6zL8G_7pTNwvl!@w|0+)W7HJey+_WX{ zTy2AMUQbC1)k&3KQL6+3p>7@x{Yj9Ht*IMz@wVZUn`G!%uTywfP literal 391 zcmV;20eJq54Fm}T2<8j^6U=10kNwiXwE;tTM6b%NB`vs62LU84W$!Y`qe8ev%gT}O z4*O^^ptVt5(+0q?jM=5(1nKPCsFb+d_TT;Ymsu53%CxL~F7%1|;5ACf@w}$T;O@H$ z+UlPk5Ni;qxj4fOTO+~Paz%sDf-*L@V2k2FAxthY$1KC+*Dt^Wsw3hq;)Y$t^5qfW z?hMI<+s;sBR5b_J_91c|eZjiDXvPhcRZC3fOGo45?KRVipktiUVEOgUBldA|H~d=E z`*Xgi#hg0h#%c(p%tvKhX|C&&MN08MLo9)S6?~m#Jt=H1N*Mc6!LG-S&*V~ z+88%ZdTzqe@*<-Gl@F4W3_ArErj0?bU`nsn%#p9x=AeR95uYo8$J4P6KmIdyM}SG; zS~n#X%yW`f Date: Fri, 6 Dec 2024 17:10:28 +0100 Subject: [PATCH 11/27] linter fix --- auth_with_oauth_test.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/auth_with_oauth_test.go b/auth_with_oauth_test.go index af60d1887..25187ff33 100644 --- a/auth_with_oauth_test.go +++ b/auth_with_oauth_test.go @@ -11,7 +11,7 @@ import ( func TestOauthSuccessful(t *testing.T) { cfg := setupOauthTest(t) - token, err := getToken(cfg) + token, _ := getToken(cfg) cfg.Token = token conn, err := connectToSnowflake(cfg, "SELECT 1", true) if err != nil { @@ -33,13 +33,13 @@ func TestOauthInvalidToken(t *testing.T) { func TestOauthMismatchedUser(t *testing.T) { cfg := setupOauthTest(t) - token, err := getToken(cfg) + token, _ := getToken(cfg) cfg.Token = token cfg.User = "fakeaccount" expErr := "390309 (08004): The user you were trying to authenticate " + "as differs from the user tied to the access token." - _, err = connectToSnowflake(cfg, "SELECT 1", false) + _, err := connectToSnowflake(cfg, "SELECT 1", false) if err.Error() != expErr { t.Fatalf("Expected %v, but got %v", expErr, err) } @@ -66,7 +66,7 @@ func getToken(cfg *Config) (string, error) { inputData := formData(cfg) - req, err := http.NewRequest("POST", authURL, strings.NewReader(inputData.Encode())) + req, _ := http.NewRequest("POST", authURL, strings.NewReader(inputData.Encode())) req.Header.Set("Content-Type", "application/x-www-form-urlencoded;charset=UTF-8") req.SetBasicAuth(oauthClientID, oauthClientSecret) resp, err := client.Do(req) From 3053d2d274cd2a62e388887af82e2071fde7bc38 Mon Sep 17 00:00:00 2001 From: Patryk Cyrek Date: Tue, 10 Dec 2024 10:25:44 +0100 Subject: [PATCH 12/27] linter fix2 --- auth_with_okta_test.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/auth_with_okta_test.go b/auth_with_okta_test.go index 047d14788..838adc462 100644 --- a/auth_with_okta_test.go +++ b/auth_with_okta_test.go @@ -30,12 +30,12 @@ func TestOktaWrongCredentials(t *testing.T) { func TestOktaWrongAuthenticator(t *testing.T) { cfg := setupOktaTest(t) - invalid_address, err := url.Parse("https://fake-account-0000.okta.com") + invalidAddress, err := url.Parse("https://fake-account-0000.okta.com") if err != nil { t.Fatalf("failed to parse: %v", err) } - cfg.OktaURL = invalid_address + cfg.OktaURL = invalidAddress errMsg := "390139 (08004): The specified authenticator is not accepted by your Snowflake account configuration. " + "Please contact your local system administrator to get the correct URL to use." @@ -48,12 +48,12 @@ func TestOktaWrongAuthenticator(t *testing.T) { func TestOktaWrongURL(t *testing.T) { cfg := setupOktaTest(t) - invalid_address, err := url.Parse("https://fake-account-0000.okta.com") + invalidAddress, err := url.Parse("https://fake-account-0000.okta.com") if err != nil { t.Fatalf("failed to parse: %v", err) } - cfg.OktaURL = invalid_address + cfg.OktaURL = invalidAddress errMsg := "390139 (08004): The specified authenticator is not accepted by your Snowflake account configuration. " + "Please contact your local system administrator to get the correct URL to use." @@ -70,7 +70,7 @@ func setupOktaTest(t *testing.T) *Config { } skipOnJenkins(t, "Running only on Docker container") - url_env, err := GetFromEnv("SNOWFLAKE_AUTH_TEST_OKTA_AUTH", true) + urlEnv, err := GetFromEnv("SNOWFLAKE_AUTH_TEST_OKTA_AUTH", true) if err != nil { return nil } @@ -80,7 +80,7 @@ func setupOktaTest(t *testing.T) *Config { t.Fatalf("failed to get config: %v", err) } - cfg.OktaURL, err = url.Parse(url_env) + cfg.OktaURL, err = url.Parse(urlEnv) if err != nil { t.Fatalf("failed to parse: %v", err) } From 0c6d4b9ea427364466ff1279abecaa4b69c50263 Mon Sep 17 00:00:00 2001 From: Patryk Cyrek Date: Fri, 13 Dec 2024 09:55:32 +0100 Subject: [PATCH 13/27] review 1 --- ...ds.go => auth_generic_test_methods_test.go | 2 +- auth_with_external_browser_test.go | 33 ++++++++++--------- auth_with_oauth_test.go | 4 +-- auth_with_okta_test.go | 2 +- 4 files changed, 22 insertions(+), 19 deletions(-) rename auth_generic_test_methods.go => auth_generic_test_methods_test.go (96%) diff --git a/auth_generic_test_methods.go b/auth_generic_test_methods_test.go similarity index 96% rename from auth_generic_test_methods.go rename to auth_generic_test_methods_test.go index 43c36194f..15b7f4c02 100644 --- a/auth_generic_test_methods.go +++ b/auth_generic_test_methods_test.go @@ -19,7 +19,7 @@ func getConfigFromEnv() (*Config, error) { }) } -func getConfig(authMethod AuthType) (*Config, error) { +func getAuthTestsConfig(authMethod AuthType) (*Config, error) { cfg, err := getConfigFromEnv() if err != nil { return nil, err diff --git a/auth_with_external_browser_test.go b/auth_with_external_browser_test.go index 1d1b15d2b..c8ad2ac9f 100644 --- a/auth_with_external_browser_test.go +++ b/auth_with_external_browser_test.go @@ -31,7 +31,7 @@ func TestExternalBrowserSuccessful(t *testing.T) { func TestExternalBrowserFailed(t *testing.T) { cfg := setupExternalBrowserTest(t) - cfg.ExternalBrowserTimeout = time.Duration(10000) * time.Millisecond + cfg.ExternalBrowserTimeout = time.Duration(10) * time.Second var wg sync.WaitGroup wg.Add(2) go func() { @@ -51,7 +51,7 @@ func TestExternalBrowserFailed(t *testing.T) { func TestExternalBrowserTimeout(t *testing.T) { cfg := setupExternalBrowserTest(t) - cfg.ExternalBrowserTimeout = time.Duration(1000) * time.Millisecond + cfg.ExternalBrowserTimeout = time.Duration(1) * time.Second var wg sync.WaitGroup wg.Add(2) go func() { @@ -71,14 +71,13 @@ func TestExternalBrowserTimeout(t *testing.T) { func TestExternalBrowserMismatchUser(t *testing.T) { cfg := setupExternalBrowserTest(t) - correctUsername := cfg.User - cfg.User = "fakeAccount" + wrongUsername := "fakeAccount" var wg sync.WaitGroup wg.Add(2) go func() { defer wg.Done() - provideCredentials(externalBrowserType.Success, correctUsername, cfg.Password) + provideCredentials(externalBrowserType.Success, wrongUsername, cfg.Password) }() go func() { defer wg.Done() @@ -96,7 +95,7 @@ func TestExternalBrowserMismatchUser(t *testing.T) { func TestClientStoreCredentials(t *testing.T) { cfg := setupExternalBrowserTest(t) cfg.ClientStoreTemporaryCredential = 1 - cfg.ExternalBrowserTimeout = time.Duration(10000) * time.Millisecond + cfg.ExternalBrowserTimeout = time.Duration(10) * time.Second t.Run("Obtains the ID token from the server and saves it on the local storage", func(t *testing.T) { cleanupBrowserProcesses() @@ -138,13 +137,13 @@ func TestClientStoreCredentials(t *testing.T) { }) } -type Mode struct { +type ExternalBrowserProcess struct { Success string Fail string Timeout string } -var externalBrowserType = Mode{ +var externalBrowserType = ExternalBrowserProcess{ Success: "success", Fail: "fail", Timeout: "timeout", @@ -158,33 +157,37 @@ func cleanupBrowserProcesses() { } } -func provideCredentials(mode string, user string, password string) { +func provideCredentials(ExternalBrowserProcess string, user string, password string) { const provideBrowserCredentialsPath = "/externalbrowser/provideBrowserCredentials.js" - _, err := exec.Command("node", provideBrowserCredentialsPath, mode, user, password).Output() + _, err := exec.Command("node", provideBrowserCredentialsPath, ExternalBrowserProcess, user, password).Output() if err != nil { log.Fatalf("failed to execute command: %v", err) } } -func connectToSnowflake(cfg *Config, query string, exceptionHandler bool) (rows *sql.Rows, err error) { +func connectToSnowflake(cfg *Config, query string, isCatchException bool) (rows *sql.Rows, err error) { parseFlags() dsn, err := DSN(cfg) if err != nil { log.Fatalf("failed to create DSN from Config: %v, err: %v", cfg, err) } rows, err = executeQuery(query, dsn) - if exceptionHandler && err != nil { + if isCatchException && err != nil { log.Fatalf("failed to run a query. %v, err: %v", rows, err) } else if err != nil { return rows, err } defer rows.Close() var v int + if !rows.Next() { + fmt.Printf("There were no results for query: %v \n", query) + return rows, err + } for rows.Next() { err := rows.Scan(&v) - if exceptionHandler && err != nil { + if isCatchException && err != nil { log.Fatalf("failed to get result. err: %v", err) - } else if exceptionHandler { + } else if isCatchException { fmt.Printf("Congrats! You have successfully run '%v' with Snowflake DB! \n", query) } } @@ -197,7 +200,7 @@ func setupExternalBrowserTest(t *testing.T) *Config { t.Skip("Running only on Docker container") } cleanupBrowserProcesses() - cfg, err := getConfig(AuthTypeExternalBrowser) + cfg, err := getAuthTestsConfig(AuthTypeExternalBrowser) if err != nil { t.Fatalf("failed to get config: %v", err) } diff --git a/auth_with_oauth_test.go b/auth_with_oauth_test.go index 25187ff33..044f5a7d5 100644 --- a/auth_with_oauth_test.go +++ b/auth_with_oauth_test.go @@ -51,7 +51,7 @@ func setupOauthTest(t *testing.T) *Config { } skipOnJenkins(t, "Running only on Docker container") - cfg, err := getConfig(AuthTypeOAuth) + cfg, err := getAuthTestsConfig(AuthTypeOAuth) if err != nil { t.Fatalf("failed to get config: %v", err) } @@ -82,7 +82,7 @@ func getToken(cfg *Config) (string, error) { var response Response if err := json.NewDecoder(resp.Body).Decode(&response); err != nil { - panic(err) + return "", fmt.Errorf("failed to decode response: %v", err) } return response.Token, err diff --git a/auth_with_okta_test.go b/auth_with_okta_test.go index 838adc462..7ceaa2519 100644 --- a/auth_with_okta_test.go +++ b/auth_with_okta_test.go @@ -75,7 +75,7 @@ func setupOktaTest(t *testing.T) *Config { return nil } - cfg, err := getConfig(AuthTypeOkta) + cfg, err := getAuthTestsConfig(AuthTypeOkta) if err != nil { t.Fatalf("failed to get config: %v", err) } From 26d3ff28cc55eab113c00eaf582151f09d698f71 Mon Sep 17 00:00:00 2001 From: Patryk Cyrek Date: Fri, 13 Dec 2024 12:10:46 +0100 Subject: [PATCH 14/27] fix usernames --- auth_with_external_browser_test.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/auth_with_external_browser_test.go b/auth_with_external_browser_test.go index c8ad2ac9f..a342119d0 100644 --- a/auth_with_external_browser_test.go +++ b/auth_with_external_browser_test.go @@ -71,13 +71,14 @@ func TestExternalBrowserTimeout(t *testing.T) { func TestExternalBrowserMismatchUser(t *testing.T) { cfg := setupExternalBrowserTest(t) - wrongUsername := "fakeAccount" + correctUsername := cfg.User + cfg.User = "fakeAccount" var wg sync.WaitGroup wg.Add(2) go func() { defer wg.Done() - provideCredentials(externalBrowserType.Success, wrongUsername, cfg.Password) + provideCredentials(externalBrowserType.Success, correctUsername, cfg.Password) }() go func() { defer wg.Done() From ff49f15a3412306f50e5e9848e62b4da92270044 Mon Sep 17 00:00:00 2001 From: Patryk Cyrek Date: Mon, 16 Dec 2024 13:05:07 +0100 Subject: [PATCH 15/27] logging for flaky tc --- authexternalbrowser_test.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/authexternalbrowser_test.go b/authexternalbrowser_test.go index 22e285ce8..317388e4e 100644 --- a/authexternalbrowser_test.go +++ b/authexternalbrowser_test.go @@ -122,7 +122,8 @@ func TestAuthenticationTimeout(t *testing.T) { account := "testaccount" user := "u" password := "p" - timeout := 0 * time.Second + timeout := 1 * time.Second + errMsg := "authentication timed out" sr := &snowflakeRestful{ Protocol: "https", Host: "abc.com", @@ -131,8 +132,8 @@ func TestAuthenticationTimeout(t *testing.T) { TokenAccessor: getSimpleTokenAccessor(), } _, _, err := authenticateByExternalBrowser(context.Background(), sr, authenticator, application, account, user, password, timeout, ConfigBoolTrue) - if err.Error() != "authentication timed out" { - t.Fatal("should have timed out") + if err.Error() != errMsg { + t.Fatal("Expected", errMsg, "but got:", err.Error()) } } From 245ade2db1d1dea6cb06077f9e209e596e66989a Mon Sep 17 00:00:00 2001 From: Patryk Cyrek Date: Tue, 17 Dec 2024 15:42:29 +0100 Subject: [PATCH 16/27] after review session --- .../parameters_aws_auth_tests.json.gpg | Bin 516 -> 548 bytes .github/workflows/rsa_keys/rsa_key.p8.gpg | Bin 0 -> 1401 bytes .../workflows/rsa_keys/rsa_key_invalid.p8.gpg | Bin 0 -> 1409 bytes ...ds_test.go => auth_generic_test_methods.go | 11 +-- auth_with_external_browser_test.go | 70 +++++++----------- auth_with_keypair_test.go | 52 +++++++++++++ auth_with_oauth_test.go | 41 ++++------ auth_with_okta_test.go | 44 +++-------- authexternalbrowser_test.go | 2 +- ci/container/test_authentication.sh | 7 +- ci/test_authentication.sh | 3 +- util_test.go | 6 ++ 12 files changed, 119 insertions(+), 117 deletions(-) create mode 100644 .github/workflows/rsa_keys/rsa_key.p8.gpg create mode 100644 .github/workflows/rsa_keys/rsa_key_invalid.p8.gpg rename auth_generic_test_methods_test.go => auth_generic_test_methods.go (91%) create mode 100644 auth_with_keypair_test.go diff --git a/.github/workflows/parameters_aws_auth_tests.json.gpg b/.github/workflows/parameters_aws_auth_tests.json.gpg index e661c84096078ceea88d0c4737f7d3eb050bbd3d..bb9689577535b3c516cbe439cf5f5fdcc4072a66 100644 GIT binary patch literal 548 zcmV+<0^9wJ4Fm}T2!)<~jj(C+@c+{30f)Y|TWgQ2!w^~Gz`fau2sqzTgD)4(15Y z(F(C*jLNZ)4yRd`bK3gC&Ad(q%GPP%|8NspvBqWneiT?9`bx^}_?|X1mK5d=AW?K! zu9?O`7yNe*<;o%r&%d9@MJl*sB_Fex027_Twwn4CxRpXB^K8*96%2p^+DCI;+mQvs zzna5^qfzYqdy50{N_yJodK3^KxouLB^nyE!6Z;bMv)ArPfvSGZ6Q=cZfev?v@a9 zj8k7`zOFL@WPy?faH&CW?=BB46&)G}DF1>*)kP1D%~^&M6cx&;qtrC-f!(N}iuixZ z($_R8B`GGLGZ6@<6!8VP^n(8CQC?HW+D&mIvv*W_jqk92%}Y|DAP(kSRdLn3*b2~r zuFSSzR&f{X>fEJFRxrWhVrxn1!fz~c504r1^{RG3-;?UjU%K&JC;_91^?;NwOpe&0 zMJ9!#H0B{D+dlkniT+o2M5QSQY-87fg1k4G;IcB-iiF6~NB&!TCPa@}5l_u`;MTo& zfmG%XN_h8aj2reNFt;&!NM|hAcH?0CjzGbLJ>6bOoU?`w z(OoUm&#NCN{KvzBzW@c55LNDrf)I7R=#V70K=N4b_fjR(Qxo8tRQNQ*>&E(d=Sp1U zE2#e&`ba!3Imf)~cf4?5aib!srHzqcDWq?6zL8G_7pTNwvl!@w|0+)W7HJey+_WX{ zTy2AMUQbC1)k&3KQL6+3p>7@x{Yj9Ht*IMz@wVZUn`G!%uTywfP diff --git a/.github/workflows/rsa_keys/rsa_key.p8.gpg b/.github/workflows/rsa_keys/rsa_key.p8.gpg new file mode 100644 index 0000000000000000000000000000000000000000..e90253cd3ad49b88e9773f44a49601eed092b0d6 GIT binary patch literal 1401 zcmV-<1%~>J4Fm}T2sW}O5FyLDc>mJs0h2d8Frh+x^{u3Pa0SMoLHH6?e=*-mjvgH> z2vLe85YdPlUO(Q!9!pSB6A>H&jweedm{s1V#ne)B?*Ew@rwU_b#TnM9;UhFx3To6t z_P6?=sU*gyF;QLA_#Mo$(kPi1(JXYTssT|^+$&x*L$Eevm!oS`|43p5;KmqU%^l%$ zf+r)?+eT*09Xu(o5iEK_joJ$}Dsa`pjGsmZ`mI2lp`mFRNV1sTd0Ci*okFH%AmE-; zd+4|J!QjPk6^BSXKqE0mf|TlZ2zaMlTbpXsC}8o<%fLM^&iVvao*?ml+)$0U$bpAs zLH3TUT={fDCfq?VMddD_#HP=Ix7ckQ9C~_R0%&T!)P+`x2!}dM`3Kl20N3Op6C{~Z zk%{y}8JDX^xOP(EJHGc%(w2EuKHp1HMsLfzY%s9N>vQ-ncyy|Qjq?>IM#&zzy$VRR zr%PD_0L5TZ=Fq+8=!nISW!w4d)Xi~Qk&z;<)M=*IY0|V2k9kxLJ6xnHG=GW{Bg392 zo?6Jztg?5>fX#J^fhUfm$i9b1;ZAon)7!0dn2$1FkNQp#N_7b@%US|Ee+O>>6c8F4 z8a;2=rr9|#bXujzitOi+FSk`y)kNpN4i;$@tv4=b7o%a>uN;EdP^E?n_Q-{wPYw~N z|47S7IEO?Ln4ASaGSR=-{Pc#}G1?1n7$VDvPU~-ssYO&VbeM{lQ6Tp~cqGaD@u7^Q zI=D!g8j<4D=f7>QH~i4K*5V~kiz6_G@_&}0$@Ie*VgJ|q0mU-bVrDgK z_UU*pcX31M|Du$yhr*09q5N?I+Obt52dlq~F=T{M%>_PfJG&tD;yh$2qBNa0W78(P z7EH4YTCLzV3LEsaoI0=+vSlhsLYl05tRpzAMgiTn$G;mh*}Oz(beRb=+xUafENnD=V(wydV*G}ytLhk*&7QzvwqgUs=o-nJZ-IS zyIN22BCd+3IHMThQ_=?Ln=Z32HzU$-b^bf9-<7+E^Oe1i{7Dw>UUYPFfpKM zSJm^uuFIae{#^76r5G*dmsT@A!OKNo+nngu#=P3_}|z{JF#59A&4vatGc8TE>m`%l%m`jfVV^uj=t}2 zJrjj9LIj(iz@|1G{v+ne-Lu2Ma4?|)pY)`d7DVN&Mdu+ns=?BFgXcUpL>bfKjT)e^ z5#Oe^lh5|RCake@4!5fn+xoS3alDz$xCmS=-X%uTwpF6O@}3q#d~ql~M| z{kB*tpL=a+_a;5=UL!Dn=AI8#{FjG}b6lG2D_3jMpT61#hB#NJmASwqAG~!GxUJKz z4_kZU4Uh;r7}q4lRX{b!1gC|6Hy!yLx=(TabS-?4vr6ah6S(+)C!Sa9Ta?{g4vRQ{ zO8cfZ?^Cr!d+yUXE#jo78AFzI7^KK>Q|5XOhg20-DxIyW%1Va#`!v#!;>>o_8w@+y@ HBt6`SeZ8+W literal 0 HcmV?d00001 diff --git a/.github/workflows/rsa_keys/rsa_key_invalid.p8.gpg b/.github/workflows/rsa_keys/rsa_key_invalid.p8.gpg new file mode 100644 index 0000000000000000000000000000000000000000..3d2442a7c8c319f53ac8d6af8b12bcff78a364da GIT binary patch literal 1409 zcmV-{1%CRB4Fm}T2oOE^p^$#mNB`350dCH$DrP24&;&c@7=1}8SgJ`t2Jhbld~Tl6 z0G^#)CvI%Mkv<0lD%2OXL2~H0fW4z>z(2$S(~kytf&DxtVS*9dICkcS+ffG~Z})uY zB`zl9fytg}f2tY#aS$7$`dU!eSG^#6UQrisepTgBF1~k(CjXE)AYQUTzEc--YbK}u zfsLh_J)DoV(9go0v$9Lt*l~ZQa4WUnT`63VpmmGnc8nyJjA-hQ*mB*#+OG1a7ASWB ze9Raxfi?A`6~)p!PMM?gM{9IagV-L({Z#oVi}JuWJi|)kx!>=yOrS9Gq5B-*7@l)) z{1{^`_X~Fv&Doaj))DjJ-L^W*9SS1i*gV(ca; zCE#)|nKO-5uH?~G%8AdGged-2(o6$lg?(fJ4+X01x(E6BVUjyzwz#mG9;gAgohtx= z+&#TCKz~*>R9}QeY_}#N+573zc^{U_Y4gN;>sP>M4jpt_~jH>I~>|f z@HAD^fpJJ@X(hwEc(W@+EO*05}n$URL!)yDLn$0&x z^Y^TAlbtX(ef+HM*}-W=_w*kkq{JQnh7gX=9dA%?Uj;erdH&Br>=oUw^F_@8# zLANF=N8ti7r*?em#%jnoCdOAhX5?oaWg<8t>FGIOrHxIeM@3$j&RnDKL$ZO^m($@tnS=DJfQX8u0o%kqgA|Ez(3Xdev20sf`K49<(%)+s=$Lqn7cLK zcYr+C2QO{oaBUN&oPOqMtoXcn*^>5AfVW*-OjbrWWwCs<;gyMKQ_0~e9`Pd2^zd>R zPX&|_DioP6LIMMh`;dZ*njth+Ku%Gg29O|p4;>}oQFCY>4qILxtFqk;)Bc%ZF3f)+`?qFwQwiKph#32+tK`; z=hK)V8LHpTW2$|D8@l``@kxvrP5`g*-?MM*%hfFnknxU z8cM#TPhCW@difY~FYFCSv86g8s5|^8##L%J7Ja|v+O~qJJ-y}x5Zh}k_BaO;v=2G` z+ny&dA%H9;I6Ct#0(NHo*n(D4L>KHT*TeodHh;rXV#}gki)mI%l-}(jmh@%C=yj&+ zS&Cj=Jp0|>K~z)V(Z4UOueoNTy4huPrFV~!yPZp;MUU5kNFE>N@{W&7(!v#LnSkIr zRv~<=iZTb7zF~)46dwn2zL%K#j?aMpW8ffUfnkv<{;fKOMqmyh5>jTxsWit;I&THD zL{Eh#W~~%SQQ8F3URzklBVsset&u0^faeR4!Z66t3mnorN#pDIQGk~3E%IowD9NC0 Plk!d)KNyEuj^Ur;bOOha literal 0 HcmV?d00001 diff --git a/auth_generic_test_methods_test.go b/auth_generic_test_methods.go similarity index 91% rename from auth_generic_test_methods_test.go rename to auth_generic_test_methods.go index 15b7f4c02..a4d4a93b9 100644 --- a/auth_generic_test_methods_test.go +++ b/auth_generic_test_methods.go @@ -3,11 +3,10 @@ package gosnowflake import ( "context" "database/sql" - "flag" "log" ) -func getConfigFromEnv() (*Config, error) { +func getAuthTestConfigFromEnv() (*Config, error) { return GetConfigFromEnv([]*ConfigParam{ {Name: "Account", EnvName: "SNOWFLAKE_TEST_ACCOUNT", FailOnMissing: true}, {Name: "User", EnvName: "SNOWFLAKE_AUTH_TEST_OKTA_USER", FailOnMissing: true}, @@ -20,7 +19,7 @@ func getConfigFromEnv() (*Config, error) { } func getAuthTestsConfig(authMethod AuthType) (*Config, error) { - cfg, err := getConfigFromEnv() + cfg, err := getAuthTestConfigFromEnv() if err != nil { return nil, err } @@ -31,12 +30,6 @@ func getAuthTestsConfig(authMethod AuthType) (*Config, error) { return cfg, nil } -func parseFlags() { - if !flag.Parsed() { - flag.Parse() - } -} - func executeQuery(query string, dsn string) (rows *sql.Rows, err error) { db, err := sql.Open("snowflake", dsn) if err != nil { diff --git a/auth_with_external_browser_test.go b/auth_with_external_browser_test.go index a342119d0..2a61618d2 100644 --- a/auth_with_external_browser_test.go +++ b/auth_with_external_browser_test.go @@ -2,7 +2,7 @@ package gosnowflake import ( "context" - "database/sql" + "errors" "fmt" "log" "os/exec" @@ -21,10 +21,8 @@ func TestExternalBrowserSuccessful(t *testing.T) { }() go func() { defer wg.Done() - _, err := connectToSnowflake(cfg, "SELECT 1", true) - if err != nil { - t.Errorf("Connection failed: err %v", err) - } + err := connectToSnowflake(cfg, "SELECT 1", true) + assertNilF(t, err, fmt.Sprintf("Connection failed due to %v", err)) }() wg.Wait() } @@ -41,10 +39,8 @@ func TestExternalBrowserFailed(t *testing.T) { go func() { defer wg.Done() tOut := "authentication timed out" - _, err := connectToSnowflake(cfg, "SELECT 1", false) - if err.Error() != tOut { - t.Errorf("Expected %v, but got %v", tOut, err) - } + err := connectToSnowflake(cfg, "SELECT 1", false) + assertTrueF(t, err.Error() == tOut, fmt.Sprintf("Expected %v, but got %v", tOut, err)) }() wg.Wait() } @@ -61,10 +57,8 @@ func TestExternalBrowserTimeout(t *testing.T) { go func() { defer wg.Done() tOut := "authentication timed out" - _, err := connectToSnowflake(cfg, "SELECT 1", false) - if err.Error() != tOut { - t.Errorf("Expected %v, but got %v", tOut, err) - } + err := connectToSnowflake(cfg, "SELECT 1", false) + assertTrueF(t, err.Error() == tOut, fmt.Sprintf("Expected %v, but got %v", tOut, err)) }() wg.Wait() } @@ -84,11 +78,8 @@ func TestExternalBrowserMismatchUser(t *testing.T) { defer wg.Done() expectedErrorMsg := "390191 (08004): The user you were trying to authenticate " + "as differs from the user currently logged in at the IDP." - - _, err := connectToSnowflake(cfg, "SELECT 1", false) - if err.Error() != expectedErrorMsg { - t.Errorf("Expected %v, but got %v", expectedErrorMsg, err) - } + err := connectToSnowflake(cfg, "SELECT 1", false) + assertTrueF(t, err.Error() == expectedErrorMsg, fmt.Sprintf("Expected %v, but got %v", expectedErrorMsg, err)) }() wg.Wait() } @@ -108,11 +99,8 @@ func TestClientStoreCredentials(t *testing.T) { }() go func() { defer wg.Done() - conn, err := connectToSnowflake(cfg, "SELECT 1", true) - if err != nil { - t.Errorf("Connection failed: err %v", err) - } - defer conn.Close() + err := connectToSnowflake(cfg, "SELECT 1", true) + assertNilF(t, err, fmt.Sprintf("Connection failed: err %v", err)) }() wg.Wait() }) @@ -122,9 +110,7 @@ func TestClientStoreCredentials(t *testing.T) { cfg.ClientStoreTemporaryCredential = 1 conn, _ := createConnection(getDbHandler(cfg)) _, err := conn.QueryContext(context.Background(), "SELECT 1") - if err != nil { - log.Fatalf("failed to run a query. err: %v", err) - } + assertNilF(t, err, fmt.Sprintf("Failed to run a query. err: %v", err)) }) t.Run("Verify validation of IDToken if option disabled", func(t *testing.T) { @@ -132,9 +118,7 @@ func TestClientStoreCredentials(t *testing.T) { cfg.ClientStoreTemporaryCredential = 0 tOut := "authentication timed out" _, err := createConnection(getDbHandler(cfg)) - if err.Error() != tOut { - t.Errorf("Expected %v, but got %v", tOut, err) - } + assertTrueF(t, err.Error() == tOut, fmt.Sprintf("Expected %v, but got %v", tOut, err)) }) } @@ -166,40 +150,36 @@ func provideCredentials(ExternalBrowserProcess string, user string, password str } } -func connectToSnowflake(cfg *Config, query string, isCatchException bool) (rows *sql.Rows, err error) { - parseFlags() +func connectToSnowflake(cfg *Config, query string, isCatchException bool) (err error) { dsn, err := DSN(cfg) if err != nil { log.Fatalf("failed to create DSN from Config: %v, err: %v", cfg, err) } - rows, err = executeQuery(query, dsn) + rows, err := executeQuery(query, dsn) if isCatchException && err != nil { - log.Fatalf("failed to run a query. %v, err: %v", rows, err) + log.Fatalf("failed to run a query. %v, err: %v", query, err) } else if err != nil { - return rows, err + return err } defer rows.Close() var v int - if !rows.Next() { - fmt.Printf("There were no results for query: %v \n", query) - return rows, err - } + var hasAnyRows bool for rows.Next() { + hasAnyRows = true err := rows.Scan(&v) if isCatchException && err != nil { log.Fatalf("failed to get result. err: %v", err) - } else if isCatchException { - fmt.Printf("Congrats! You have successfully run '%v' with Snowflake DB! \n", query) } } - return rows, err + if !hasAnyRows { + return errors.New("There were no results for query: ") + } + fmt.Printf("Congrats! You have successfully run '%v' with Snowflake DB! \n", query) + return err } func setupExternalBrowserTest(t *testing.T) *Config { - skipOnJenkins(t, "Running only on Docker container") - if runningOnGithubAction() { - t.Skip("Running only on Docker container") - } + runOnlyOnDockerContainer(t, "Running only on Docker container") cleanupBrowserProcesses() cfg, err := getAuthTestsConfig(AuthTypeExternalBrowser) if err != nil { diff --git a/auth_with_keypair_test.go b/auth_with_keypair_test.go new file mode 100644 index 000000000..62120a1fa --- /dev/null +++ b/auth_with_keypair_test.go @@ -0,0 +1,52 @@ +package gosnowflake + +import ( + "crypto/rsa" + "fmt" + "golang.org/x/crypto/ssh" + "os" + "strings" + "testing" +) + +func TestKeypairSuccessful(t *testing.T) { + cfg := setupKeyPairTest(t) + cfg.PrivateKey = loadRsaPrivateKeyForKeyPair(t, "SNOWFLAKE_AUTH_TEST_PRIVATE_KEY_PATH") + + err := connectToSnowflake(cfg, "SELECT 1", true) + assertNilF(t, err, fmt.Sprintf("failed to connect. err: %v", err)) +} + +func TestKeypairInvalidKey(t *testing.T) { + cfg := setupKeyPairTest(t) + cfg.PrivateKey = loadRsaPrivateKeyForKeyPair(t, "SNOWFLAKE_AUTH_TEST_INVALID_PRIVATE_KEY_PATH") + var errParts string + errMsg := "390144 (08004): JWT token is invalid." + err := connectToSnowflake(cfg, "SELECT 1", false) + if err != nil { + errParts = strings.Split(err.Error(), " [")[0] + } + assertTrueF(t, err != nil, fmt.Sprintf("Expected error, but got nil")) + assertTrueF(t, errParts == errMsg, fmt.Sprintf("Expected %v, but got %v", errMsg, errParts)) +} + +func setupKeyPairTest(t *testing.T) *Config { + runOnlyOnDockerContainer(t, "Running only on Docker container") + + cfg, err := getAuthTestsConfig(AuthTypeJwt) + assertTrueF(t, err == nil, fmt.Sprintf("failed to get config: %v", err)) + + return cfg +} + +func loadRsaPrivateKeyForKeyPair(t *testing.T, envName string) *rsa.PrivateKey { + filePath, err := GetFromEnv(envName, true) + + bytes, err := os.ReadFile(filePath) + assertNilF(t, err, fmt.Sprintf("failed to read file: %v", err)) + + key, err := ssh.ParseRawPrivateKey(bytes) + assertNilF(t, err, fmt.Sprintf("failed to parse private key: %v", err)) + + return key.(*rsa.PrivateKey) +} diff --git a/auth_with_oauth_test.go b/auth_with_oauth_test.go index 044f5a7d5..116134516 100644 --- a/auth_with_oauth_test.go +++ b/auth_with_oauth_test.go @@ -11,55 +11,41 @@ import ( func TestOauthSuccessful(t *testing.T) { cfg := setupOauthTest(t) - token, _ := getToken(cfg) + token, _ := getToken(t, cfg) cfg.Token = token - conn, err := connectToSnowflake(cfg, "SELECT 1", true) - if err != nil { - t.Fatalf("failed to connect. err: %v", err) - } - defer conn.Close() + err := connectToSnowflake(cfg, "SELECT 1", true) + assertNilF(t, err, fmt.Sprintf("failed to connect. err: %v", err)) } func TestOauthInvalidToken(t *testing.T) { cfg := setupOauthTest(t) expErr := "390303 (08004): Invalid OAuth access token. " cfg.Token = "invalid_token" - - _, err := connectToSnowflake(cfg, "SELECT 1", false) - if err.Error() != expErr { - t.Fatalf("Expected %v, but got %v", expErr, err) - } + err := connectToSnowflake(cfg, "SELECT 1", false) + assertTrueF(t, err.Error() == expErr, fmt.Sprintf("Expected %v, but got %v", expErr, err)) } func TestOauthMismatchedUser(t *testing.T) { cfg := setupOauthTest(t) - token, _ := getToken(cfg) + token, _ := getToken(t, cfg) cfg.Token = token cfg.User = "fakeaccount" expErr := "390309 (08004): The user you were trying to authenticate " + "as differs from the user tied to the access token." - - _, err := connectToSnowflake(cfg, "SELECT 1", false) - if err.Error() != expErr { - t.Fatalf("Expected %v, but got %v", expErr, err) - } + err := connectToSnowflake(cfg, "SELECT 1", false) + assertTrueF(t, err.Error() == expErr, fmt.Sprintf("Expected %v, but got %v", expErr, err)) } func setupOauthTest(t *testing.T) *Config { - if runningOnGithubAction() { - t.Skip("Running only on Docker container") - } - skipOnJenkins(t, "Running only on Docker container") + runOnlyOnDockerContainer(t, "Running only on Docker container") cfg, err := getAuthTestsConfig(AuthTypeOAuth) - if err != nil { - t.Fatalf("failed to get config: %v", err) - } + assertNilF(t, err, fmt.Sprintf("failed to connect. err: %v", err)) return cfg } -func getToken(cfg *Config) (string, error) { +func getToken(t *testing.T, cfg *Config) (string, error) { client := &http.Client{} authURL, oauthClientID, oauthClientSecret := getCredentials() @@ -70,9 +56,8 @@ func getToken(cfg *Config) (string, error) { req.Header.Set("Content-Type", "application/x-www-form-urlencoded;charset=UTF-8") req.SetBasicAuth(oauthClientID, oauthClientSecret) resp, err := client.Do(req) - if err != nil { - fmt.Printf("Response failed %v", err) - } + + assertNilF(t, err, fmt.Sprintf("Response failed %v", err)) if resp.StatusCode != http.StatusOK { return "", fmt.Errorf("failed to get access token, status code: %d", resp.StatusCode) diff --git a/auth_with_okta_test.go b/auth_with_okta_test.go index 7ceaa2519..84f38accd 100644 --- a/auth_with_okta_test.go +++ b/auth_with_okta_test.go @@ -8,11 +8,8 @@ import ( func TestOktaSuccessful(t *testing.T) { cfg := setupOktaTest(t) - conn, err := connectToSnowflake(cfg, "SELECT 1", true) - if err != nil { - t.Fatalf("failed to connect. err: %v", err) - } - defer conn.Close() + err := connectToSnowflake(cfg, "SELECT 1", true) + assertNilF(t, err, fmt.Sprintf("failed to connect. err: %v", err)) } func TestOktaWrongCredentials(t *testing.T) { @@ -21,11 +18,9 @@ func TestOktaWrongCredentials(t *testing.T) { errMsg := fmt.Sprintf("261006 (08004): failed to auth via OKTA for unknown reason. HTTP: 401, "+ "URL: %vapi/v1/authn", cfg.OktaURL) - _, err := connectToSnowflake(cfg, "SELECT 1", false) - if err.Error() != errMsg { - t.Fatalf("failed, expected: %v, but got: %v", errMsg, err.Error()) - } + err := connectToSnowflake(cfg, "SELECT 1", false) + assertTrueF(t, err.Error() == errMsg, fmt.Sprintf("Expected %v, but got %v", errMsg, err.Error())) } func TestOktaWrongAuthenticator(t *testing.T) { @@ -39,11 +34,8 @@ func TestOktaWrongAuthenticator(t *testing.T) { errMsg := "390139 (08004): The specified authenticator is not accepted by your Snowflake account configuration. " + "Please contact your local system administrator to get the correct URL to use." - _, err = connectToSnowflake(cfg, "SELECT 1", false) - if err.Error() != errMsg { - t.Fatalf("failed, expected: %v, but got: %v", errMsg, err.Error()) - } - + err = connectToSnowflake(cfg, "SELECT 1", false) + assertTrueF(t, err.Error() == errMsg, fmt.Sprintf("Expected %v, but got %v", errMsg, err.Error())) } func TestOktaWrongURL(t *testing.T) { @@ -57,33 +49,21 @@ func TestOktaWrongURL(t *testing.T) { errMsg := "390139 (08004): The specified authenticator is not accepted by your Snowflake account configuration. " + "Please contact your local system administrator to get the correct URL to use." - _, err = connectToSnowflake(cfg, "SELECT 1", false) - if err.Error() != errMsg { - t.Fatalf("failed, expected: %v, but got: %v", errMsg, err.Error()) - } - + err = connectToSnowflake(cfg, "SELECT 1", false) + assertTrueF(t, err.Error() == errMsg, fmt.Sprintf("Expected %v, but got %v", errMsg, err.Error())) } func setupOktaTest(t *testing.T) *Config { - if runningOnGithubAction() { - t.Skip("Running only on Docker container") - } - skipOnJenkins(t, "Running only on Docker container") + runOnlyOnDockerContainer(t, "Running only on Docker container") urlEnv, err := GetFromEnv("SNOWFLAKE_AUTH_TEST_OKTA_AUTH", true) - if err != nil { - return nil - } + assertNilF(t, err, fmt.Sprintf("failed to get env: %v", err)) cfg, err := getAuthTestsConfig(AuthTypeOkta) - if err != nil { - t.Fatalf("failed to get config: %v", err) - } + assertNilF(t, err, fmt.Sprintf("failed to get config: %v", err)) cfg.OktaURL, err = url.Parse(urlEnv) - if err != nil { - t.Fatalf("failed to parse: %v", err) - } + assertNilF(t, err, fmt.Sprintf("failed to parse: %v", err)) return cfg } diff --git a/authexternalbrowser_test.go b/authexternalbrowser_test.go index 317388e4e..017c3285c 100644 --- a/authexternalbrowser_test.go +++ b/authexternalbrowser_test.go @@ -122,7 +122,7 @@ func TestAuthenticationTimeout(t *testing.T) { account := "testaccount" user := "u" password := "p" - timeout := 1 * time.Second + timeout := 0 * time.Second errMsg := "authentication timed out" sr := &snowflakeRestful{ Protocol: "https", diff --git a/ci/container/test_authentication.sh b/ci/container/test_authentication.sh index abbd33079..e4b8c32c9 100755 --- a/ci/container/test_authentication.sh +++ b/ci/container/test_authentication.sh @@ -5,7 +5,12 @@ set -o pipefail export AUTH_PARAMETER_FILE=./.github/workflows/parameters_aws_auth_tests.json eval $(jq -r '.authtestparams | to_entries | map("export \(.key)=\(.value|tostring)")|.[]' $AUTH_PARAMETER_FILE) +export SNOWFLAKE_AUTH_TEST_PRIVATE_KEY_PATH=./.github/workflows/rsa_keys/rsa_key.p8 +export SNOWFLAKE_AUTH_TEST_INVALID_PRIVATE_KEY_PATH=./.github/workflows/rsa_keys/rsa_key_invalid.p8 +export DOCKER_CONTAINER_SETUP=true + go test -run TestExternalBrowser* go test -run TestClientStoreCredentials go test -run TestOkta* -go test -run TestOauth* \ No newline at end of file +go test -run TestOauth* +go test -run TestKeypair* \ No newline at end of file diff --git a/ci/test_authentication.sh b/ci/test_authentication.sh index 9b137c668..9fe3b2696 100755 --- a/ci/test_authentication.sh +++ b/ci/test_authentication.sh @@ -20,7 +20,8 @@ if [[ -n "$JENKINS_HOME" ]]; then fi gpg --quiet --batch --yes --decrypt --passphrase="$PARAMETERS_SECRET" --output $THIS_DIR/../.github/workflows/parameters_aws_auth_tests.json "$THIS_DIR/../.github/workflows/parameters_aws_auth_tests.json.gpg" - +gpg --quiet --batch --yes --decrypt --passphrase="$PARAMETERS_SECRET" --output $THIS_DIR/../.github/workflows/rsa_keys/rsa_key.p8 "$THIS_DIR/../.github/workflows/rsa_keys/rsa_key.p8.gpg" +gpg --quiet --batch --yes --decrypt --passphrase="$PARAMETERS_SECRET" --output $THIS_DIR/../.github/workflows/rsa_keys/rsa_key_invalid.p8 "$THIS_DIR/../.github/workflows/rsa_keys/rsa_key_invalid.p8.gpg" docker run \ -v $(cd $THIS_DIR/.. && pwd):/mnt/host \ diff --git a/util_test.go b/util_test.go index bed222559..c9db13bdd 100644 --- a/util_test.go +++ b/util_test.go @@ -391,6 +391,12 @@ func skipOnJenkins(t *testing.T, message string) { } } +func runOnlyOnDockerContainer(t *testing.T, message string) { + if os.Getenv("DOCKER_CONTAINER_SETUP") == "" { + t.Skip("Running only on Docker container: " + message) + } +} + func randomString(n int) string { r := rand.New(rand.NewSource(time.Now().UnixNano())) alpha := []rune("abcdefghijklmnopqrstuvwxyz") From bf866bf0a8873648e7c6213e7c4b667b04ae6c85 Mon Sep 17 00:00:00 2001 From: Patryk Cyrek Date: Tue, 17 Dec 2024 15:44:19 +0100 Subject: [PATCH 17/27] after review session2 --- auth_generic_test_methods.go => auth_generic_test_methods_test.go | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename auth_generic_test_methods.go => auth_generic_test_methods_test.go (100%) diff --git a/auth_generic_test_methods.go b/auth_generic_test_methods_test.go similarity index 100% rename from auth_generic_test_methods.go rename to auth_generic_test_methods_test.go From ca5c1d7fc475a5d96fbddc2bb0099e357a4043c6 Mon Sep 17 00:00:00 2001 From: Patryk Cyrek Date: Tue, 17 Dec 2024 15:49:55 +0100 Subject: [PATCH 18/27] linters fix --- auth_with_keypair_test.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/auth_with_keypair_test.go b/auth_with_keypair_test.go index 62120a1fa..b57be52ec 100644 --- a/auth_with_keypair_test.go +++ b/auth_with_keypair_test.go @@ -26,7 +26,7 @@ func TestKeypairInvalidKey(t *testing.T) { if err != nil { errParts = strings.Split(err.Error(), " [")[0] } - assertTrueF(t, err != nil, fmt.Sprintf("Expected error, but got nil")) + assertTrueF(t, err != nil, "Expected error, but got nil") assertTrueF(t, errParts == errMsg, fmt.Sprintf("Expected %v, but got %v", errMsg, errParts)) } @@ -41,6 +41,7 @@ func setupKeyPairTest(t *testing.T) *Config { func loadRsaPrivateKeyForKeyPair(t *testing.T, envName string) *rsa.PrivateKey { filePath, err := GetFromEnv(envName, true) + assertNilF(t, err, fmt.Sprintf("failed to get env: %v", err)) bytes, err := os.ReadFile(filePath) assertNilF(t, err, fmt.Sprintf("failed to read file: %v", err)) From e78d18f78876dc961ede7511f248cdc48ded6027 Mon Sep 17 00:00:00 2001 From: Patryk Cyrek Date: Wed, 18 Dec 2024 12:36:03 +0100 Subject: [PATCH 19/27] review - round 2 --- auth_generic_test_methods_test.go | 41 ++--------- auth_with_external_browser_test.go | 107 +++++++++++++--------------- auth_with_keypair_test.go | 22 +++--- auth_with_oauth_test.go | 50 +++++++------ auth_with_okta_test.go | 37 +++++----- authexternalbrowser_test.go | 5 +- ci/container/test_authentication.sh | 1 - ci/test_authentication.sh | 2 +- driver_test.go | 10 +++ util_test.go | 2 +- 10 files changed, 120 insertions(+), 157 deletions(-) diff --git a/auth_generic_test_methods_test.go b/auth_generic_test_methods_test.go index a4d4a93b9..02c1cf483 100644 --- a/auth_generic_test_methods_test.go +++ b/auth_generic_test_methods_test.go @@ -1,9 +1,8 @@ package gosnowflake import ( - "context" - "database/sql" - "log" + "fmt" + "testing" ) func getAuthTestConfigFromEnv() (*Config, error) { @@ -18,43 +17,11 @@ func getAuthTestConfigFromEnv() (*Config, error) { }) } -func getAuthTestsConfig(authMethod AuthType) (*Config, error) { +func getAuthTestsConfig(t *testing.T, authMethod AuthType) (*Config, error) { cfg, err := getAuthTestConfigFromEnv() - if err != nil { - return nil, err - } + assertNilF(t, err, fmt.Sprintf("failed to get config: %v", err)) cfg.Authenticator = authMethod - cfg.DisableQueryContextCache = true return cfg, nil } - -func executeQuery(query string, dsn string) (rows *sql.Rows, err error) { - db, err := sql.Open("snowflake", dsn) - if err != nil { - log.Fatalf("failed to connect. %v, err: %v", dsn, err) - } - defer db.Close() - - rows, err = db.Query(query) - return rows, err -} - -func getDbHandler(cfg *Config) *sql.DB { - dsn, err := DSN(cfg) - if err != nil { - log.Fatalf("failed to create DSN from Config: %v, err: %v", cfg, err) - } - - db, err := sql.Open("snowflake", dsn) - if err != nil { - log.Fatalf("failed to open database. %v, err: %v", dsn, err) - } - return db -} - -func createConnection(db *sql.DB) (*sql.Conn, error) { - conn, err := db.Conn(context.Background()) - return conn, err -} diff --git a/auth_with_external_browser_test.go b/auth_with_external_browser_test.go index 2a61618d2..5762c551b 100644 --- a/auth_with_external_browser_test.go +++ b/auth_with_external_browser_test.go @@ -2,6 +2,7 @@ package gosnowflake import ( "context" + "database/sql" "errors" "fmt" "log" @@ -17,12 +18,12 @@ func TestExternalBrowserSuccessful(t *testing.T) { wg.Add(2) go func() { defer wg.Done() - provideCredentials(externalBrowserType.Success, cfg.User, cfg.Password) + provideCredentials(t, externalBrowserType.Success, cfg.User, cfg.Password) }() go func() { defer wg.Done() - err := connectToSnowflake(cfg, "SELECT 1", true) - assertNilF(t, err, fmt.Sprintf("Connection failed due to %v", err)) + err := connectToSnowflake(t, cfg) + assertNilE(t, err, fmt.Sprintf("Connection failed due to %v", err)) }() wg.Wait() } @@ -34,13 +35,13 @@ func TestExternalBrowserFailed(t *testing.T) { wg.Add(2) go func() { defer wg.Done() - provideCredentials(externalBrowserType.Fail, "FakeAccount", "NotARealPassword") + provideCredentials(t, externalBrowserType.Fail, "FakeAccount", "NotARealPassword") }() go func() { defer wg.Done() tOut := "authentication timed out" - err := connectToSnowflake(cfg, "SELECT 1", false) - assertTrueF(t, err.Error() == tOut, fmt.Sprintf("Expected %v, but got %v", tOut, err)) + err := connectToSnowflake(t, cfg) + assertEqualE(t, err.Error(), tOut, fmt.Sprintf("Expected %v, but got %v", tOut, err)) }() wg.Wait() } @@ -52,13 +53,13 @@ func TestExternalBrowserTimeout(t *testing.T) { wg.Add(2) go func() { defer wg.Done() - provideCredentials(externalBrowserType.Timeout, cfg.User, cfg.Password) + provideCredentials(t, externalBrowserType.Timeout, cfg.User, cfg.Password) }() go func() { defer wg.Done() tOut := "authentication timed out" - err := connectToSnowflake(cfg, "SELECT 1", false) - assertTrueF(t, err.Error() == tOut, fmt.Sprintf("Expected %v, but got %v", tOut, err)) + err := connectToSnowflake(t, cfg) + assertEqualE(t, err.Error(), tOut, fmt.Sprintf("Expected %v, but got %v", tOut, err)) }() wg.Wait() } @@ -72,14 +73,14 @@ func TestExternalBrowserMismatchUser(t *testing.T) { wg.Add(2) go func() { defer wg.Done() - provideCredentials(externalBrowserType.Success, correctUsername, cfg.Password) + provideCredentials(t, externalBrowserType.Success, correctUsername, cfg.Password) }() go func() { defer wg.Done() - expectedErrorMsg := "390191 (08004): The user you were trying to authenticate " + - "as differs from the user currently logged in at the IDP." - err := connectToSnowflake(cfg, "SELECT 1", false) - assertTrueF(t, err.Error() == expectedErrorMsg, fmt.Sprintf("Expected %v, but got %v", expectedErrorMsg, err)) + err := connectToSnowflake(t, cfg) + var snowflakeErr *SnowflakeError + assertTrueF(t, errors.As(err, &snowflakeErr)) + assertEqualE(t, snowflakeErr.Number, 390191, fmt.Sprintf("Expected 390191, but got %v", snowflakeErr.Number)) }() wg.Wait() } @@ -90,100 +91,88 @@ func TestClientStoreCredentials(t *testing.T) { cfg.ExternalBrowserTimeout = time.Duration(10) * time.Second t.Run("Obtains the ID token from the server and saves it on the local storage", func(t *testing.T) { - cleanupBrowserProcesses() + cleanupBrowserProcesses(t) var wg sync.WaitGroup wg.Add(2) go func() { defer wg.Done() - provideCredentials(externalBrowserType.Success, cfg.User, cfg.Password) + provideCredentials(t, externalBrowserType.Success, cfg.User, cfg.Password) }() go func() { defer wg.Done() - err := connectToSnowflake(cfg, "SELECT 1", true) - assertNilF(t, err, fmt.Sprintf("Connection failed: err %v", err)) + err := connectToSnowflake(t, cfg) + assertNilE(t, err, fmt.Sprintf("Connection failed: err %v", err)) }() wg.Wait() }) t.Run("Verify validation of ID token if option enabled", func(t *testing.T) { - cleanupBrowserProcesses() + cleanupBrowserProcesses(t) cfg.ClientStoreTemporaryCredential = 1 - conn, _ := createConnection(getDbHandler(cfg)) + db := getDbHandlerFromConfig(t, cfg) + conn, _ := db.Conn(context.Background()) _, err := conn.QueryContext(context.Background(), "SELECT 1") - assertNilF(t, err, fmt.Sprintf("Failed to run a query. err: %v", err)) + assertNilE(t, err, fmt.Sprintf("Failed to run a query. err: %v", err)) }) t.Run("Verify validation of IDToken if option disabled", func(t *testing.T) { - cleanupBrowserProcesses() + cleanupBrowserProcesses(t) cfg.ClientStoreTemporaryCredential = 0 tOut := "authentication timed out" - _, err := createConnection(getDbHandler(cfg)) - assertTrueF(t, err.Error() == tOut, fmt.Sprintf("Expected %v, but got %v", tOut, err)) + db := getDbHandlerFromConfig(t, cfg) + _, err := db.Conn(context.Background()) + assertEqualE(t, err.Error(), tOut, fmt.Sprintf("Expected %v, but got %v", tOut, err)) }) } -type ExternalBrowserProcess struct { +type ExternalBrowserProcessResult struct { Success string Fail string Timeout string } -var externalBrowserType = ExternalBrowserProcess{ +var externalBrowserType = ExternalBrowserProcessResult{ Success: "success", Fail: "fail", Timeout: "timeout", } -func cleanupBrowserProcesses() { +func cleanupBrowserProcesses(t *testing.T) { const cleanBrowserProcessesPath = "/externalbrowser/cleanBrowserProcesses.js" _, err := exec.Command("node", cleanBrowserProcessesPath).Output() - if err != nil { - log.Fatalf("failed to execute command: %v", err) - } + assertNilE(t, err, fmt.Sprintf("failed to execute command: %v", err)) } -func provideCredentials(ExternalBrowserProcess string, user string, password string) { +func provideCredentials(t *testing.T, ExternalBrowserProcess string, user string, password string) { const provideBrowserCredentialsPath = "/externalbrowser/provideBrowserCredentials.js" _, err := exec.Command("node", provideBrowserCredentialsPath, ExternalBrowserProcess, user, password).Output() - if err != nil { - log.Fatalf("failed to execute command: %v", err) - } + assertNilE(t, err, fmt.Sprintf("failed to execute command: %v", err)) } -func connectToSnowflake(cfg *Config, query string, isCatchException bool) (err error) { +func connectToSnowflake(t *testing.T, cfg *Config) (err error) { dsn, err := DSN(cfg) + assertNilE(t, err, "failed to create DSN from Config") + + db, err := sql.Open("snowflake", dsn) + assertNilE(t, err, "failed to open Snowflake DB connection") + defer db.Close() + + rows, err := db.Query("SELECT 1") if err != nil { - log.Fatalf("failed to create DSN from Config: %v, err: %v", cfg, err) - } - rows, err := executeQuery(query, dsn) - if isCatchException && err != nil { - log.Fatalf("failed to run a query. %v, err: %v", query, err) - } else if err != nil { + log.Printf("failed to run a query. 'SELECT 1', err: %v", err) return err } + defer rows.Close() - var v int - var hasAnyRows bool - for rows.Next() { - hasAnyRows = true - err := rows.Scan(&v) - if isCatchException && err != nil { - log.Fatalf("failed to get result. err: %v", err) - } - } - if !hasAnyRows { - return errors.New("There were no results for query: ") - } - fmt.Printf("Congrats! You have successfully run '%v' with Snowflake DB! \n", query) + assertTrueE(t, rows.Next(), "failed to get result", "There were no results for query: ") + return err } func setupExternalBrowserTest(t *testing.T) *Config { runOnlyOnDockerContainer(t, "Running only on Docker container") - cleanupBrowserProcesses() - cfg, err := getAuthTestsConfig(AuthTypeExternalBrowser) - if err != nil { - t.Fatalf("failed to get config: %v", err) - } + cleanupBrowserProcesses(t) + cfg, err := getAuthTestsConfig(t, AuthTypeExternalBrowser) + assertNilF(t, err, fmt.Sprintf("failed to get config: %v", err)) return cfg } diff --git a/auth_with_keypair_test.go b/auth_with_keypair_test.go index b57be52ec..7b2b3fb74 100644 --- a/auth_with_keypair_test.go +++ b/auth_with_keypair_test.go @@ -2,10 +2,10 @@ package gosnowflake import ( "crypto/rsa" + "errors" "fmt" "golang.org/x/crypto/ssh" "os" - "strings" "testing" ) @@ -13,28 +13,24 @@ func TestKeypairSuccessful(t *testing.T) { cfg := setupKeyPairTest(t) cfg.PrivateKey = loadRsaPrivateKeyForKeyPair(t, "SNOWFLAKE_AUTH_TEST_PRIVATE_KEY_PATH") - err := connectToSnowflake(cfg, "SELECT 1", true) - assertNilF(t, err, fmt.Sprintf("failed to connect. err: %v", err)) + err := connectToSnowflake(t, cfg) + assertNilE(t, err, fmt.Sprintf("failed to connect. err: %v", err)) } func TestKeypairInvalidKey(t *testing.T) { cfg := setupKeyPairTest(t) cfg.PrivateKey = loadRsaPrivateKeyForKeyPair(t, "SNOWFLAKE_AUTH_TEST_INVALID_PRIVATE_KEY_PATH") - var errParts string - errMsg := "390144 (08004): JWT token is invalid." - err := connectToSnowflake(cfg, "SELECT 1", false) - if err != nil { - errParts = strings.Split(err.Error(), " [")[0] - } - assertTrueF(t, err != nil, "Expected error, but got nil") - assertTrueF(t, errParts == errMsg, fmt.Sprintf("Expected %v, but got %v", errMsg, errParts)) + err := connectToSnowflake(t, cfg) + var snowflakeErr *SnowflakeError + assertTrueF(t, errors.As(err, &snowflakeErr)) + assertEqualE(t, snowflakeErr.Number, 390144, fmt.Sprintf("Expected 390144, but got %v", snowflakeErr.Number)) } func setupKeyPairTest(t *testing.T) *Config { runOnlyOnDockerContainer(t, "Running only on Docker container") - cfg, err := getAuthTestsConfig(AuthTypeJwt) - assertTrueF(t, err == nil, fmt.Sprintf("failed to get config: %v", err)) + cfg, err := getAuthTestsConfig(t, AuthTypeJwt) + assertEqualE(t, err, nil, fmt.Sprintf("failed to get config: %v", err)) return cfg } diff --git a/auth_with_oauth_test.go b/auth_with_oauth_test.go index 116134516..29a92b50d 100644 --- a/auth_with_oauth_test.go +++ b/auth_with_oauth_test.go @@ -2,6 +2,7 @@ package gosnowflake import ( "encoding/json" + "errors" "fmt" "net/http" "net/url" @@ -11,44 +12,57 @@ import ( func TestOauthSuccessful(t *testing.T) { cfg := setupOauthTest(t) - token, _ := getToken(t, cfg) + token, _ := getOauthTestToken(t, cfg) cfg.Token = token - err := connectToSnowflake(cfg, "SELECT 1", true) - assertNilF(t, err, fmt.Sprintf("failed to connect. err: %v", err)) + err := connectToSnowflake(t, cfg) + assertNilE(t, err, fmt.Sprintf("failed to connect. err: %v", err)) } func TestOauthInvalidToken(t *testing.T) { cfg := setupOauthTest(t) - expErr := "390303 (08004): Invalid OAuth access token. " cfg.Token = "invalid_token" - err := connectToSnowflake(cfg, "SELECT 1", false) - assertTrueF(t, err.Error() == expErr, fmt.Sprintf("Expected %v, but got %v", expErr, err)) + + err := connectToSnowflake(t, cfg) + + var snowflakeErr *SnowflakeError + assertTrueF(t, errors.As(err, &snowflakeErr)) + assertEqualE(t, snowflakeErr.Number, 390303, fmt.Sprintf("Expected 390303, but got %v", snowflakeErr.Number)) } func TestOauthMismatchedUser(t *testing.T) { cfg := setupOauthTest(t) - token, _ := getToken(t, cfg) + token, _ := getOauthTestToken(t, cfg) cfg.Token = token cfg.User = "fakeaccount" - expErr := "390309 (08004): The user you were trying to authenticate " + - "as differs from the user tied to the access token." - err := connectToSnowflake(cfg, "SELECT 1", false) - assertTrueF(t, err.Error() == expErr, fmt.Sprintf("Expected %v, but got %v", expErr, err)) + + err := connectToSnowflake(t, cfg) + + var snowflakeErr *SnowflakeError + assertTrueF(t, errors.As(err, &snowflakeErr)) + assertEqualE(t, snowflakeErr.Number, 390309, fmt.Sprintf("Expected 390309, but got %v", snowflakeErr.Number)) } func setupOauthTest(t *testing.T) *Config { runOnlyOnDockerContainer(t, "Running only on Docker container") - cfg, err := getAuthTestsConfig(AuthTypeOAuth) + cfg, err := getAuthTestsConfig(t, AuthTypeOAuth) assertNilF(t, err, fmt.Sprintf("failed to connect. err: %v", err)) return cfg } -func getToken(t *testing.T, cfg *Config) (string, error) { +func getOauthTestToken(t *testing.T, cfg *Config) (string, error) { client := &http.Client{} - authURL, oauthClientID, oauthClientSecret := getCredentials() + + authURL, err := GetFromEnv("SNOWFLAKE_AUTH_TEST_OAUTH_URL", true) + assertNotEqualF(t, authURL, nil, "SNOWFLAKE_AUTH_TEST_OAUTH_URL is not set") + + oauthClientID, err := GetFromEnv("SNOWFLAKE_AUTH_TEST_OAUTH_CLIENT_ID", true) + assertNotEqualF(t, authURL, nil, "SNOWFLAKE_AUTH_TEST_OAUTH_CLIENT_ID is not set") + + oauthClientSecret, err := GetFromEnv("SNOWFLAKE_AUTH_TEST_OAUTH_CLIENT_SECRET", true) + assertNotEqualF(t, authURL, nil, "SNOWFLAKE_AUTH_TEST_OAUTH_CLIENT_SECRET is not set") inputData := formData(cfg) @@ -84,14 +98,6 @@ func formData(cfg *Config) url.Values { } -func getCredentials() (string, string, string) { - authURL, _ := GetFromEnv("SNOWFLAKE_AUTH_TEST_OAUTH_URL", true) - oauthClientID, _ := GetFromEnv("SNOWFLAKE_AUTH_TEST_OAUTH_CLIENT_ID", true) - oauthClientSecret, _ := GetFromEnv("SNOWFLAKE_AUTH_TEST_OAUTH_CLIENT_SECRET", true) - - return authURL, oauthClientID, oauthClientSecret -} - type Response struct { Type string `json:"token_type"` Expiration int `json:"expires_in"` diff --git a/auth_with_okta_test.go b/auth_with_okta_test.go index 84f38accd..b2663b3a8 100644 --- a/auth_with_okta_test.go +++ b/auth_with_okta_test.go @@ -1,6 +1,7 @@ package gosnowflake import ( + "errors" "fmt" "net/url" "testing" @@ -8,34 +9,31 @@ import ( func TestOktaSuccessful(t *testing.T) { cfg := setupOktaTest(t) - err := connectToSnowflake(cfg, "SELECT 1", true) - assertNilF(t, err, fmt.Sprintf("failed to connect. err: %v", err)) + err := connectToSnowflake(t, cfg) + assertNilE(t, err, fmt.Sprintf("failed to connect. err: %v", err)) } func TestOktaWrongCredentials(t *testing.T) { cfg := setupOktaTest(t) cfg.Password = "fakePassword" - errMsg := fmt.Sprintf("261006 (08004): failed to auth via OKTA for unknown reason. HTTP: 401, "+ - "URL: %vapi/v1/authn", cfg.OktaURL) + err := connectToSnowflake(t, cfg) - err := connectToSnowflake(cfg, "SELECT 1", false) - - assertTrueF(t, err.Error() == errMsg, fmt.Sprintf("Expected %v, but got %v", errMsg, err.Error())) + var snowflakeErr *SnowflakeError + assertTrueF(t, errors.As(err, &snowflakeErr)) + assertEqualE(t, snowflakeErr.Number, 261006, fmt.Sprintf("Expected 261006, but got %v", snowflakeErr.Number)) } func TestOktaWrongAuthenticator(t *testing.T) { cfg := setupOktaTest(t) invalidAddress, err := url.Parse("https://fake-account-0000.okta.com") - if err != nil { - t.Fatalf("failed to parse: %v", err) - } + assertNilF(t, err, fmt.Sprintf("failed to parse: %v", err)) cfg.OktaURL = invalidAddress - errMsg := "390139 (08004): The specified authenticator is not accepted by your Snowflake account configuration. " + - "Please contact your local system administrator to get the correct URL to use." + err = connectToSnowflake(t, cfg) - err = connectToSnowflake(cfg, "SELECT 1", false) - assertTrueF(t, err.Error() == errMsg, fmt.Sprintf("Expected %v, but got %v", errMsg, err.Error())) + var snowflakeErr *SnowflakeError + assertTrueF(t, errors.As(err, &snowflakeErr)) + assertEqualE(t, snowflakeErr.Number, 390139, fmt.Sprintf("Expected 390139, but got %v", snowflakeErr.Number)) } func TestOktaWrongURL(t *testing.T) { @@ -46,11 +44,12 @@ func TestOktaWrongURL(t *testing.T) { } cfg.OktaURL = invalidAddress - errMsg := "390139 (08004): The specified authenticator is not accepted by your Snowflake account configuration. " + - "Please contact your local system administrator to get the correct URL to use." - err = connectToSnowflake(cfg, "SELECT 1", false) - assertTrueF(t, err.Error() == errMsg, fmt.Sprintf("Expected %v, but got %v", errMsg, err.Error())) + err = connectToSnowflake(t, cfg) + var snowflakeErr *SnowflakeError + assertTrueF(t, errors.As(err, &snowflakeErr)) + + assertEqualE(t, snowflakeErr.Number, 390139, fmt.Sprintf("Expected 390139, but got %v", snowflakeErr.Number)) } func setupOktaTest(t *testing.T) *Config { @@ -59,7 +58,7 @@ func setupOktaTest(t *testing.T) *Config { urlEnv, err := GetFromEnv("SNOWFLAKE_AUTH_TEST_OKTA_AUTH", true) assertNilF(t, err, fmt.Sprintf("failed to get env: %v", err)) - cfg, err := getAuthTestsConfig(AuthTypeOkta) + cfg, err := getAuthTestsConfig(t, AuthTypeOkta) assertNilF(t, err, fmt.Sprintf("failed to get config: %v", err)) cfg.OktaURL, err = url.Parse(urlEnv) diff --git a/authexternalbrowser_test.go b/authexternalbrowser_test.go index 017c3285c..4546da461 100644 --- a/authexternalbrowser_test.go +++ b/authexternalbrowser_test.go @@ -123,7 +123,6 @@ func TestAuthenticationTimeout(t *testing.T) { user := "u" password := "p" timeout := 0 * time.Second - errMsg := "authentication timed out" sr := &snowflakeRestful{ Protocol: "https", Host: "abc.com", @@ -132,9 +131,7 @@ func TestAuthenticationTimeout(t *testing.T) { TokenAccessor: getSimpleTokenAccessor(), } _, _, err := authenticateByExternalBrowser(context.Background(), sr, authenticator, application, account, user, password, timeout, ConfigBoolTrue) - if err.Error() != errMsg { - t.Fatal("Expected", errMsg, "but got:", err.Error()) - } + assertEqualE(t, err.Error(), "authentication timed out", err.Error()) } func Test_createLocalTCPListener(t *testing.T) { diff --git a/ci/container/test_authentication.sh b/ci/container/test_authentication.sh index e4b8c32c9..1a2735612 100755 --- a/ci/container/test_authentication.sh +++ b/ci/container/test_authentication.sh @@ -7,7 +7,6 @@ eval $(jq -r '.authtestparams | to_entries | map("export \(.key)=\(.value|tostri export SNOWFLAKE_AUTH_TEST_PRIVATE_KEY_PATH=./.github/workflows/rsa_keys/rsa_key.p8 export SNOWFLAKE_AUTH_TEST_INVALID_PRIVATE_KEY_PATH=./.github/workflows/rsa_keys/rsa_key_invalid.p8 -export DOCKER_CONTAINER_SETUP=true go test -run TestExternalBrowser* go test -run TestClientStoreCredentials diff --git a/ci/test_authentication.sh b/ci/test_authentication.sh index 9fe3b2696..f41db0ece 100755 --- a/ci/test_authentication.sh +++ b/ci/test_authentication.sh @@ -27,5 +27,5 @@ docker run \ -v $(cd $THIS_DIR/.. && pwd):/mnt/host \ -v $WORKSPACE:/mnt/workspace \ --rm \ - nexus.int.snowflakecomputing.com:8086/docker/snowdrivers-test-external-browser-golang:2 \ + nexus.int.snowflakecomputing.com:8086/docker/snowdrivers-test-external-browser-golang:3 \ "/mnt/host/ci/container/test_authentication.sh" diff --git a/driver_test.go b/driver_test.go index 77da293d8..0960bc764 100644 --- a/driver_test.go +++ b/driver_test.go @@ -462,6 +462,16 @@ func runSnowflakeConnTest(t *testing.T, test func(sct *SCTest)) { test(sct) } +func getDbHandlerFromConfig(t *testing.T, cfg *Config) *sql.DB { + dsn, err := DSN(cfg) + assertNilF(t, err, "failed to create DSN from Config") + + db, err := sql.Open("snowflake", dsn) + assertNilF(t, err, "failed to open database") + + return db +} + func runningOnAWS() bool { return os.Getenv("CLOUD_PROVIDER") == "AWS" } diff --git a/util_test.go b/util_test.go index c9db13bdd..807123214 100644 --- a/util_test.go +++ b/util_test.go @@ -392,7 +392,7 @@ func skipOnJenkins(t *testing.T, message string) { } func runOnlyOnDockerContainer(t *testing.T, message string) { - if os.Getenv("DOCKER_CONTAINER_SETUP") == "" { + if os.Getenv("AUTHENTICATION_TESTS_ENV") == "" { t.Skip("Running only on Docker container: " + message) } } From a26313a7411397a8b855a3561ef7913c21699cd3 Mon Sep 17 00:00:00 2001 From: Patryk Cyrek Date: Wed, 18 Dec 2024 12:46:21 +0100 Subject: [PATCH 20/27] linters fix --- auth_with_oauth_test.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/auth_with_oauth_test.go b/auth_with_oauth_test.go index 29a92b50d..225aeba2a 100644 --- a/auth_with_oauth_test.go +++ b/auth_with_oauth_test.go @@ -56,13 +56,13 @@ func getOauthTestToken(t *testing.T, cfg *Config) (string, error) { client := &http.Client{} authURL, err := GetFromEnv("SNOWFLAKE_AUTH_TEST_OAUTH_URL", true) - assertNotEqualF(t, authURL, nil, "SNOWFLAKE_AUTH_TEST_OAUTH_URL is not set") + assertEqualF(t, err, nil, "SNOWFLAKE_AUTH_TEST_OAUTH_URL is not set") oauthClientID, err := GetFromEnv("SNOWFLAKE_AUTH_TEST_OAUTH_CLIENT_ID", true) - assertNotEqualF(t, authURL, nil, "SNOWFLAKE_AUTH_TEST_OAUTH_CLIENT_ID is not set") + assertEqualF(t, err, nil, "SNOWFLAKE_AUTH_TEST_OAUTH_CLIENT_ID is not set") oauthClientSecret, err := GetFromEnv("SNOWFLAKE_AUTH_TEST_OAUTH_CLIENT_SECRET", true) - assertNotEqualF(t, authURL, nil, "SNOWFLAKE_AUTH_TEST_OAUTH_CLIENT_SECRET is not set") + assertEqualF(t, err, nil, "SNOWFLAKE_AUTH_TEST_OAUTH_CLIENT_SECRET is not set") inputData := formData(cfg) From 03adfa19ad09cc3bb86ba9c38deed9142eb7f1ce Mon Sep 17 00:00:00 2001 From: Patryk Cyrek Date: Wed, 18 Dec 2024 12:50:58 +0100 Subject: [PATCH 21/27] linters fix2 --- auth_with_oauth_test.go | 5 ----- 1 file changed, 5 deletions(-) diff --git a/auth_with_oauth_test.go b/auth_with_oauth_test.go index 225aeba2a..afb157ad2 100644 --- a/auth_with_oauth_test.go +++ b/auth_with_oauth_test.go @@ -56,13 +56,8 @@ func getOauthTestToken(t *testing.T, cfg *Config) (string, error) { client := &http.Client{} authURL, err := GetFromEnv("SNOWFLAKE_AUTH_TEST_OAUTH_URL", true) - assertEqualF(t, err, nil, "SNOWFLAKE_AUTH_TEST_OAUTH_URL is not set") - oauthClientID, err := GetFromEnv("SNOWFLAKE_AUTH_TEST_OAUTH_CLIENT_ID", true) - assertEqualF(t, err, nil, "SNOWFLAKE_AUTH_TEST_OAUTH_CLIENT_ID is not set") - oauthClientSecret, err := GetFromEnv("SNOWFLAKE_AUTH_TEST_OAUTH_CLIENT_SECRET", true) - assertEqualF(t, err, nil, "SNOWFLAKE_AUTH_TEST_OAUTH_CLIENT_SECRET is not set") inputData := formData(cfg) From 49598763ba6305e01efa7b11effcebfd383d15d6 Mon Sep 17 00:00:00 2001 From: Patryk Cyrek Date: Wed, 18 Dec 2024 12:54:15 +0100 Subject: [PATCH 22/27] linters fix3 --- auth_with_oauth_test.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/auth_with_oauth_test.go b/auth_with_oauth_test.go index afb157ad2..d08c3010d 100644 --- a/auth_with_oauth_test.go +++ b/auth_with_oauth_test.go @@ -55,9 +55,9 @@ func getOauthTestToken(t *testing.T, cfg *Config) (string, error) { client := &http.Client{} - authURL, err := GetFromEnv("SNOWFLAKE_AUTH_TEST_OAUTH_URL", true) - oauthClientID, err := GetFromEnv("SNOWFLAKE_AUTH_TEST_OAUTH_CLIENT_ID", true) - oauthClientSecret, err := GetFromEnv("SNOWFLAKE_AUTH_TEST_OAUTH_CLIENT_SECRET", true) + authURL, _ := GetFromEnv("SNOWFLAKE_AUTH_TEST_OAUTH_URL", true) + oauthClientID, _ := GetFromEnv("SNOWFLAKE_AUTH_TEST_OAUTH_CLIENT_ID", true) + oauthClientSecret, _ := GetFromEnv("SNOWFLAKE_AUTH_TEST_OAUTH_CLIENT_SECRET", true) inputData := formData(cfg) From b1073b11332ce184e8c6ee3c67c01d698762b0f5 Mon Sep 17 00:00:00 2001 From: Patryk Cyrek Date: Wed, 18 Dec 2024 14:14:56 +0100 Subject: [PATCH 23/27] linterfix4 --- auth_with_oauth_test.go | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/auth_with_oauth_test.go b/auth_with_oauth_test.go index d08c3010d..225aeba2a 100644 --- a/auth_with_oauth_test.go +++ b/auth_with_oauth_test.go @@ -55,9 +55,14 @@ func getOauthTestToken(t *testing.T, cfg *Config) (string, error) { client := &http.Client{} - authURL, _ := GetFromEnv("SNOWFLAKE_AUTH_TEST_OAUTH_URL", true) - oauthClientID, _ := GetFromEnv("SNOWFLAKE_AUTH_TEST_OAUTH_CLIENT_ID", true) - oauthClientSecret, _ := GetFromEnv("SNOWFLAKE_AUTH_TEST_OAUTH_CLIENT_SECRET", true) + authURL, err := GetFromEnv("SNOWFLAKE_AUTH_TEST_OAUTH_URL", true) + assertEqualF(t, err, nil, "SNOWFLAKE_AUTH_TEST_OAUTH_URL is not set") + + oauthClientID, err := GetFromEnv("SNOWFLAKE_AUTH_TEST_OAUTH_CLIENT_ID", true) + assertEqualF(t, err, nil, "SNOWFLAKE_AUTH_TEST_OAUTH_CLIENT_ID is not set") + + oauthClientSecret, err := GetFromEnv("SNOWFLAKE_AUTH_TEST_OAUTH_CLIENT_SECRET", true) + assertEqualF(t, err, nil, "SNOWFLAKE_AUTH_TEST_OAUTH_CLIENT_SECRET is not set") inputData := formData(cfg) From d2f480bcf71f96f8c587c494fe07e5388da244e9 Mon Sep 17 00:00:00 2001 From: Patryk Cyrek Date: Wed, 18 Dec 2024 14:17:40 +0100 Subject: [PATCH 24/27] linterfix5 --- auth_with_oauth_test.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/auth_with_oauth_test.go b/auth_with_oauth_test.go index 225aeba2a..906509e18 100644 --- a/auth_with_oauth_test.go +++ b/auth_with_oauth_test.go @@ -56,13 +56,13 @@ func getOauthTestToken(t *testing.T, cfg *Config) (string, error) { client := &http.Client{} authURL, err := GetFromEnv("SNOWFLAKE_AUTH_TEST_OAUTH_URL", true) - assertEqualF(t, err, nil, "SNOWFLAKE_AUTH_TEST_OAUTH_URL is not set") + assertNilF(t, err, "SNOWFLAKE_AUTH_TEST_OAUTH_URL is not set") oauthClientID, err := GetFromEnv("SNOWFLAKE_AUTH_TEST_OAUTH_CLIENT_ID", true) - assertEqualF(t, err, nil, "SNOWFLAKE_AUTH_TEST_OAUTH_CLIENT_ID is not set") + assertNilF(t, err, "SNOWFLAKE_AUTH_TEST_OAUTH_CLIENT_ID is not set") oauthClientSecret, err := GetFromEnv("SNOWFLAKE_AUTH_TEST_OAUTH_CLIENT_SECRET", true) - assertEqualF(t, err, nil, "SNOWFLAKE_AUTH_TEST_OAUTH_CLIENT_SECRET is not set") + assertNilF(t, err, "SNOWFLAKE_AUTH_TEST_OAUTH_CLIENT_SECRET is not set") inputData := formData(cfg) From a52cb60da299c7e164081d16993cec059b5366bd Mon Sep 17 00:00:00 2001 From: Patryk Cyrek Date: Wed, 18 Dec 2024 14:27:57 +0100 Subject: [PATCH 25/27] errorhandling --- auth_with_external_browser_test.go | 6 ++++-- auth_with_oauth_test.go | 13 ++++++++----- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/auth_with_external_browser_test.go b/auth_with_external_browser_test.go index 5762c551b..840922c3f 100644 --- a/auth_with_external_browser_test.go +++ b/auth_with_external_browser_test.go @@ -110,8 +110,9 @@ func TestClientStoreCredentials(t *testing.T) { cleanupBrowserProcesses(t) cfg.ClientStoreTemporaryCredential = 1 db := getDbHandlerFromConfig(t, cfg) - conn, _ := db.Conn(context.Background()) - _, err := conn.QueryContext(context.Background(), "SELECT 1") + conn, err := db.Conn(context.Background()) + assertNilE(t, err, fmt.Sprintf("Failed to connect to Snowflake. err: %v", err)) + _, err = conn.QueryContext(context.Background(), "SELECT 1") assertNilE(t, err, fmt.Sprintf("Failed to run a query. err: %v", err)) }) @@ -164,6 +165,7 @@ func connectToSnowflake(t *testing.T, cfg *Config) (err error) { } defer rows.Close() + assertTrueE(t, rows.Next(), "failed to get result", "There were no results for query: ") return err diff --git a/auth_with_oauth_test.go b/auth_with_oauth_test.go index 906509e18..4c63b93bf 100644 --- a/auth_with_oauth_test.go +++ b/auth_with_oauth_test.go @@ -12,9 +12,10 @@ import ( func TestOauthSuccessful(t *testing.T) { cfg := setupOauthTest(t) - token, _ := getOauthTestToken(t, cfg) + token, err := getOauthTestToken(t, cfg) + assertNilE(t, err, fmt.Sprintf("failed to get token. err: %v", err)) cfg.Token = token - err := connectToSnowflake(t, cfg) + err = connectToSnowflake(t, cfg) assertNilE(t, err, fmt.Sprintf("failed to connect. err: %v", err)) } @@ -31,11 +32,12 @@ func TestOauthInvalidToken(t *testing.T) { func TestOauthMismatchedUser(t *testing.T) { cfg := setupOauthTest(t) - token, _ := getOauthTestToken(t, cfg) + token, err := getOauthTestToken(t, cfg) + assertNilE(t, err, fmt.Sprintf("failed to get token. err: %v", err)) cfg.Token = token cfg.User = "fakeaccount" - err := connectToSnowflake(t, cfg) + err = connectToSnowflake(t, cfg) var snowflakeErr *SnowflakeError assertTrueF(t, errors.As(err, &snowflakeErr)) @@ -66,7 +68,8 @@ func getOauthTestToken(t *testing.T, cfg *Config) (string, error) { inputData := formData(cfg) - req, _ := http.NewRequest("POST", authURL, strings.NewReader(inputData.Encode())) + req, err := http.NewRequest("POST", authURL, strings.NewReader(inputData.Encode())) + assertNilF(t, err, fmt.Sprintf("Request failed %v", err)) req.Header.Set("Content-Type", "application/x-www-form-urlencoded;charset=UTF-8") req.SetBasicAuth(oauthClientID, oauthClientSecret) resp, err := client.Do(req) From c3ef9e5f8cd690f761f52ce1a045f80120361c12 Mon Sep 17 00:00:00 2001 From: Patryk Cyrek Date: Thu, 19 Dec 2024 09:10:55 +0100 Subject: [PATCH 26/27] review - round 3 --- auth_with_external_browser_test.go | 38 ++++++++++++++---------------- auth_with_keypair_test.go | 4 ++-- auth_with_oauth_test.go | 10 ++++---- auth_with_okta_test.go | 8 +++---- 4 files changed, 29 insertions(+), 31 deletions(-) diff --git a/auth_with_external_browser_test.go b/auth_with_external_browser_test.go index 840922c3f..b9446fdc0 100644 --- a/auth_with_external_browser_test.go +++ b/auth_with_external_browser_test.go @@ -18,11 +18,11 @@ func TestExternalBrowserSuccessful(t *testing.T) { wg.Add(2) go func() { defer wg.Done() - provideCredentials(t, externalBrowserType.Success, cfg.User, cfg.Password) + provideExternalBrowserCredentials(t, externalBrowserType.Success, cfg.User, cfg.Password) }() go func() { defer wg.Done() - err := connectToSnowflake(t, cfg) + err := verifyConnectionToSnowflakeAuthTests(t, cfg) assertNilE(t, err, fmt.Sprintf("Connection failed due to %v", err)) }() wg.Wait() @@ -35,13 +35,12 @@ func TestExternalBrowserFailed(t *testing.T) { wg.Add(2) go func() { defer wg.Done() - provideCredentials(t, externalBrowserType.Fail, "FakeAccount", "NotARealPassword") + provideExternalBrowserCredentials(t, externalBrowserType.Fail, "FakeAccount", "NotARealPassword") }() go func() { defer wg.Done() - tOut := "authentication timed out" - err := connectToSnowflake(t, cfg) - assertEqualE(t, err.Error(), tOut, fmt.Sprintf("Expected %v, but got %v", tOut, err)) + err := verifyConnectionToSnowflakeAuthTests(t, cfg) + assertEqualE(t, err.Error(), "authentication timed out") }() wg.Wait() } @@ -53,13 +52,12 @@ func TestExternalBrowserTimeout(t *testing.T) { wg.Add(2) go func() { defer wg.Done() - provideCredentials(t, externalBrowserType.Timeout, cfg.User, cfg.Password) + provideExternalBrowserCredentials(t, externalBrowserType.Timeout, cfg.User, cfg.Password) }() go func() { defer wg.Done() - tOut := "authentication timed out" - err := connectToSnowflake(t, cfg) - assertEqualE(t, err.Error(), tOut, fmt.Sprintf("Expected %v, but got %v", tOut, err)) + err := verifyConnectionToSnowflakeAuthTests(t, cfg) + assertEqualE(t, err.Error(), "authentication timed out") }() wg.Wait() } @@ -73,11 +71,11 @@ func TestExternalBrowserMismatchUser(t *testing.T) { wg.Add(2) go func() { defer wg.Done() - provideCredentials(t, externalBrowserType.Success, correctUsername, cfg.Password) + provideExternalBrowserCredentials(t, externalBrowserType.Success, correctUsername, cfg.Password) }() go func() { defer wg.Done() - err := connectToSnowflake(t, cfg) + err := verifyConnectionToSnowflakeAuthTests(t, cfg) var snowflakeErr *SnowflakeError assertTrueF(t, errors.As(err, &snowflakeErr)) assertEqualE(t, snowflakeErr.Number, 390191, fmt.Sprintf("Expected 390191, but got %v", snowflakeErr.Number)) @@ -96,11 +94,11 @@ func TestClientStoreCredentials(t *testing.T) { wg.Add(2) go func() { defer wg.Done() - provideCredentials(t, externalBrowserType.Success, cfg.User, cfg.Password) + provideExternalBrowserCredentials(t, externalBrowserType.Success, cfg.User, cfg.Password) }() go func() { defer wg.Done() - err := connectToSnowflake(t, cfg) + err := verifyConnectionToSnowflakeAuthTests(t, cfg) assertNilE(t, err, fmt.Sprintf("Connection failed: err %v", err)) }() wg.Wait() @@ -111,18 +109,19 @@ func TestClientStoreCredentials(t *testing.T) { cfg.ClientStoreTemporaryCredential = 1 db := getDbHandlerFromConfig(t, cfg) conn, err := db.Conn(context.Background()) + defer conn.Close() assertNilE(t, err, fmt.Sprintf("Failed to connect to Snowflake. err: %v", err)) - _, err = conn.QueryContext(context.Background(), "SELECT 1") + rows, err := conn.QueryContext(context.Background(), "SELECT 1") + rows.Close() assertNilE(t, err, fmt.Sprintf("Failed to run a query. err: %v", err)) }) t.Run("Verify validation of IDToken if option disabled", func(t *testing.T) { cleanupBrowserProcesses(t) cfg.ClientStoreTemporaryCredential = 0 - tOut := "authentication timed out" db := getDbHandlerFromConfig(t, cfg) _, err := db.Conn(context.Background()) - assertEqualE(t, err.Error(), tOut, fmt.Sprintf("Expected %v, but got %v", tOut, err)) + assertEqualE(t, err.Error(), "authentication timed out", fmt.Sprintf("Expected timeout, but got %v", err)) }) } @@ -144,13 +143,13 @@ func cleanupBrowserProcesses(t *testing.T) { assertNilE(t, err, fmt.Sprintf("failed to execute command: %v", err)) } -func provideCredentials(t *testing.T, ExternalBrowserProcess string, user string, password string) { +func provideExternalBrowserCredentials(t *testing.T, ExternalBrowserProcess string, user string, password string) { const provideBrowserCredentialsPath = "/externalbrowser/provideBrowserCredentials.js" _, err := exec.Command("node", provideBrowserCredentialsPath, ExternalBrowserProcess, user, password).Output() assertNilE(t, err, fmt.Sprintf("failed to execute command: %v", err)) } -func connectToSnowflake(t *testing.T, cfg *Config) (err error) { +func verifyConnectionToSnowflakeAuthTests(t *testing.T, cfg *Config) (err error) { dsn, err := DSN(cfg) assertNilE(t, err, "failed to create DSN from Config") @@ -165,7 +164,6 @@ func connectToSnowflake(t *testing.T, cfg *Config) (err error) { } defer rows.Close() - assertTrueE(t, rows.Next(), "failed to get result", "There were no results for query: ") return err diff --git a/auth_with_keypair_test.go b/auth_with_keypair_test.go index 7b2b3fb74..3e9897b5e 100644 --- a/auth_with_keypair_test.go +++ b/auth_with_keypair_test.go @@ -13,14 +13,14 @@ func TestKeypairSuccessful(t *testing.T) { cfg := setupKeyPairTest(t) cfg.PrivateKey = loadRsaPrivateKeyForKeyPair(t, "SNOWFLAKE_AUTH_TEST_PRIVATE_KEY_PATH") - err := connectToSnowflake(t, cfg) + err := verifyConnectionToSnowflakeAuthTests(t, cfg) assertNilE(t, err, fmt.Sprintf("failed to connect. err: %v", err)) } func TestKeypairInvalidKey(t *testing.T) { cfg := setupKeyPairTest(t) cfg.PrivateKey = loadRsaPrivateKeyForKeyPair(t, "SNOWFLAKE_AUTH_TEST_INVALID_PRIVATE_KEY_PATH") - err := connectToSnowflake(t, cfg) + err := verifyConnectionToSnowflakeAuthTests(t, cfg) var snowflakeErr *SnowflakeError assertTrueF(t, errors.As(err, &snowflakeErr)) assertEqualE(t, snowflakeErr.Number, 390144, fmt.Sprintf("Expected 390144, but got %v", snowflakeErr.Number)) diff --git a/auth_with_oauth_test.go b/auth_with_oauth_test.go index 4c63b93bf..2c5f4056a 100644 --- a/auth_with_oauth_test.go +++ b/auth_with_oauth_test.go @@ -15,7 +15,7 @@ func TestOauthSuccessful(t *testing.T) { token, err := getOauthTestToken(t, cfg) assertNilE(t, err, fmt.Sprintf("failed to get token. err: %v", err)) cfg.Token = token - err = connectToSnowflake(t, cfg) + err = verifyConnectionToSnowflakeAuthTests(t, cfg) assertNilE(t, err, fmt.Sprintf("failed to connect. err: %v", err)) } @@ -23,7 +23,7 @@ func TestOauthInvalidToken(t *testing.T) { cfg := setupOauthTest(t) cfg.Token = "invalid_token" - err := connectToSnowflake(t, cfg) + err := verifyConnectionToSnowflakeAuthTests(t, cfg) var snowflakeErr *SnowflakeError assertTrueF(t, errors.As(err, &snowflakeErr)) @@ -37,7 +37,7 @@ func TestOauthMismatchedUser(t *testing.T) { cfg.Token = token cfg.User = "fakeaccount" - err = connectToSnowflake(t, cfg) + err = verifyConnectionToSnowflakeAuthTests(t, cfg) var snowflakeErr *SnowflakeError assertTrueF(t, errors.As(err, &snowflakeErr)) @@ -82,7 +82,7 @@ func getOauthTestToken(t *testing.T, cfg *Config) (string, error) { defer resp.Body.Close() - var response Response + var response OAuthTokenResponse if err := json.NewDecoder(resp.Body).Decode(&response); err != nil { return "", fmt.Errorf("failed to decode response: %v", err) } @@ -101,7 +101,7 @@ func formData(cfg *Config) url.Values { } -type Response struct { +type OAuthTokenResponse struct { Type string `json:"token_type"` Expiration int `json:"expires_in"` Token string `json:"access_token"` diff --git a/auth_with_okta_test.go b/auth_with_okta_test.go index b2663b3a8..31ae43b71 100644 --- a/auth_with_okta_test.go +++ b/auth_with_okta_test.go @@ -9,14 +9,14 @@ import ( func TestOktaSuccessful(t *testing.T) { cfg := setupOktaTest(t) - err := connectToSnowflake(t, cfg) + err := verifyConnectionToSnowflakeAuthTests(t, cfg) assertNilE(t, err, fmt.Sprintf("failed to connect. err: %v", err)) } func TestOktaWrongCredentials(t *testing.T) { cfg := setupOktaTest(t) cfg.Password = "fakePassword" - err := connectToSnowflake(t, cfg) + err := verifyConnectionToSnowflakeAuthTests(t, cfg) var snowflakeErr *SnowflakeError assertTrueF(t, errors.As(err, &snowflakeErr)) @@ -29,7 +29,7 @@ func TestOktaWrongAuthenticator(t *testing.T) { assertNilF(t, err, fmt.Sprintf("failed to parse: %v", err)) cfg.OktaURL = invalidAddress - err = connectToSnowflake(t, cfg) + err = verifyConnectionToSnowflakeAuthTests(t, cfg) var snowflakeErr *SnowflakeError assertTrueF(t, errors.As(err, &snowflakeErr)) @@ -45,7 +45,7 @@ func TestOktaWrongURL(t *testing.T) { cfg.OktaURL = invalidAddress - err = connectToSnowflake(t, cfg) + err = verifyConnectionToSnowflakeAuthTests(t, cfg) var snowflakeErr *SnowflakeError assertTrueF(t, errors.As(err, &snowflakeErr)) From cf0a1125a722b2b40e903af0a4a3e1d6f5dae5fd Mon Sep 17 00:00:00 2001 From: Patryk Cyrek Date: Thu, 19 Dec 2024 09:13:55 +0100 Subject: [PATCH 27/27] lintersfix1 --- auth_with_external_browser_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/auth_with_external_browser_test.go b/auth_with_external_browser_test.go index b9446fdc0..53fc976f4 100644 --- a/auth_with_external_browser_test.go +++ b/auth_with_external_browser_test.go @@ -109,11 +109,11 @@ func TestClientStoreCredentials(t *testing.T) { cfg.ClientStoreTemporaryCredential = 1 db := getDbHandlerFromConfig(t, cfg) conn, err := db.Conn(context.Background()) - defer conn.Close() assertNilE(t, err, fmt.Sprintf("Failed to connect to Snowflake. err: %v", err)) + defer conn.Close() rows, err := conn.QueryContext(context.Background(), "SELECT 1") - rows.Close() assertNilE(t, err, fmt.Sprintf("Failed to run a query. err: %v", err)) + rows.Close() }) t.Run("Verify validation of IDToken if option disabled", func(t *testing.T) {