Updated to allow the token_file_path parameter

[sfc-gh-dflippo]

resolves dbt-labs/dbt-adapters#684

Problem

dbt currently does not support the token_file_path parameter which is used when connecting from a Snowpark Container.

Snowflake Container Services (SPCS) provides an OAuth token file, /snowflake/session/token, to containers to allow them to log into Snowflake without needing a service account. The token in this file expires but is refreshed automatically by the SPCS service. The Snowflake Python Connector added a token_file_path parameter in version 3.11.0 (June 2024) to make it easier for clients to connect without having to read the OAuth token from the file every time a new connection is needed. Instead, by passing the token_file_path parameter set to /snowflake/session/token the driver will automatically handle retrieving new OAuth tokens whenever a new connection is created.

Solution

I have made the necessary changes to the connection.py file and have successfully tested these changes in a Snowpark container. I made my changes branched from the v1.9.0 tag because I was unable to get hatch in the main branch to build an adapter that dbt would pick up. I would deploy it but dbt --version would not show the snowflake adapter and projects would fail saying that it could not find the snowflake adapter. Switching back to the v1.9.0 branch I was able to use make dev, build my wheel for SPCS using bash ./scripts/build-dist.sh and install locally using pip install .. After local regression testing, I deployed the wheel to SPCS and verified it could connect using the token file. I'm guessing that I'm not the only person unable to build from main right now.

As you will see in my PR, I also updated the error checking for this and related parameters. When the parameter is added, my code validates that the token file exists and has a useful error message if it does not. I also removed the error for a missing user parameter when token_file_path is used because SPCS OAuth does not need a user specified. Finally, I also added a condition to skip the token parameter logic when token_file_path is being used.

Checklist

• I have read the contributing guide and understand what's expected of me
• I have run this code in development and it appears to resolve the stated issue
• This PR includes tests, or tests are not required/relevant for this PR
• This PR has no interface changes (e.g. macros, cli, logs, json artifacts, config files, adapter interface, etc) or this PR has already received feedback and approval from Product or DX

[cla-bot]

Thanks for your pull request, and welcome to our community! We require contributors to sign our Contributor License Agreement and we don't seem to have your signature on file. Check out this article for more information on why we have a CLA.

In order for us to review and merge your code, please submit the Individual Contributor License Agreement form attached above above. If you have questions about the CLA, or if you believe you've received this message in error, please reach out through a comment on this PR.

CLA has not been signed by users: @sfc-gh-dflippo

[sfc-gh-dflippo]

Snowflake has signed the CLA. I am part of Snowflake, working with our SPCS engineers, and Luis Leon at dbt Labs can verify this. Please let me know if you need me to take any additional actions to get my user flagged as having signed the CLA.

[luisleon90]

@dbt-labs/adapters can you verify that Dan won't need to sign the CLA since he works and is submitting on behalf of Snowflake?

[colin-rogers-dbt]

@luisleon90 & @sfc-gh-dflippo, apologies for the delay here, confirming internally but I believe each individual needs to sign the CLA

[sfc-gh-dflippo]

I am familiar with the form for Corporate contributions - https://docs.google.com/forms/d/e/1FAIpQLScDSTwGIlVyGWCMMvmszaXSE5IhIIRyeLQkgWf1-CSC2RnLww/viewform

However, this clause makes me think there is a mechanism to add additional Snowflake employees outside of that form.
"It is your responsibility to notify dbt Labs when any change is required to the list of designated employees authorized to submit Contributions on behalf of the Corporation, or to the Corporation's Point of Contact with dbt Labs."

If we figure out the proper process, I will be happy to get our "Point of Contact" to send the request but so far I haven't found internally who that officially is. If someone can give me a lead, please DM or email me (dan.flippo at snowflake.com).

[amychen1776]

Hi folks - since dbt Labs has a direct partnership contract with Snowflake, we can bypass the CLA. I do want to flag that this does not mean this is an approved PR; it will go through our external PR review and we will get back to you.