From a95dd389bf529e57e60fe6583f4e8c1d4b2785d6 Mon Sep 17 00:00:00 2001 From: Dawid Heyman Date: Tue, 8 Oct 2024 15:00:09 +0200 Subject: [PATCH] SNOW-1692674 Remove *.okta.com check from native Okta authenticator validation (#1216) --- auth.go | 2 +- dsn_test.go | 22 ++++++++++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/auth.go b/auth.go index 1ada05f2b..3839e78b0 100644 --- a/auth.go +++ b/auth.go @@ -93,7 +93,7 @@ func determineAuthenticatorType(cfg *Config, value string) error { } } - if oktaURL.Scheme != "https" || !strings.HasSuffix(oktaURL.Host, "okta.com") { + if oktaURL.Scheme != "https" { return &SnowflakeError{ Number: ErrCodeFailedToParseAuthenticator, Message: errMsgFailedToParseAuthenticator, diff --git a/dsn_test.go b/dsn_test.go index a7f910369..d439556c8 100644 --- a/dsn_test.go +++ b/dsn_test.go @@ -645,6 +645,28 @@ func TestParseDSN(t *testing.T) { ocspMode: ocspModeFailOpen, err: nil, }, + { + dsn: fmt.Sprintf("u:p@ac.snowflake.local:9876?account=ac&protocol=http&authenticator=%v", url.QueryEscape("https://ac.some-host.com/custom-okta-url")), + config: &Config{ + Account: "ac", User: "u", Password: "p", + Authenticator: AuthTypeOkta, + OktaURL: &url.URL{ + Scheme: "https", + Host: "ac.some-host.com", + Path: "/custom-okta-url", + }, + PrivateKey: testPrivKey, + Protocol: "http", Host: "ac.snowflake.local", Port: 9876, + OCSPFailOpen: OCSPFailOpenTrue, + ValidateDefaultParameters: ConfigBoolTrue, + ClientTimeout: defaultClientTimeout, + JWTClientTimeout: defaultJWTClientTimeout, + ExternalBrowserTimeout: defaultExternalBrowserTimeout, + IncludeRetryReason: ConfigBoolTrue, + }, + ocspMode: ocspModeFailOpen, + err: nil, + }, { dsn: fmt.Sprintf("u:p@a.snowflake.local:9876?account=a&protocol=http&authenticator=SNOWFLAKE_JWT&privateKey=%v", privKeyPKCS1), config: &Config{