Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SNOW-715504: MFA token cache support #988

Open
wants to merge 31 commits into
base: master
Choose a base branch
from
Open

SNOW-715504: MFA token cache support #988

wants to merge 31 commits into from

Conversation

sfc-gh-jmartinezramirez
Copy link
Collaborator

@sfc-gh-jmartinezramirez sfc-gh-jmartinezramirez commented Jul 4, 2024
edited
Loading

Description

Added support for MFA token cache.

Checklist

  • Code compiles correctly
  • Code is formatted according to Coding Conventions
  • Created tests which fail without the change (if possible)
  • All tests passing (dotnet test)
  • Extended the README / documentation, if necessary
  • Provide JIRA issue id (if possible) or GitHub issue id in PR name

@sfc-gh-jmartinezramirez sfc-gh-jmartinezramirez force-pushed the SNOW-715504-MFA-Token-Cache branch 5 times, most recently from 6eba99f to 69d80c7 Compare July 5, 2024 21:54
@sfc-gh-jmartinezramirez sfc-gh-jmartinezramirez changed the title Snow 715504 mfa token cache SNOW-715504: MFA token cache support Jul 8, 2024
@codecov Codecov
Copy link

codecov bot commented Jul 9, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 91.51376% with 37 lines in your changes missing coverage. Please review.

Project coverage is 86.41%. Comparing base (5e16693) to head (7d959a3).

Files with missing lines Patch % Lines
Snowflake.Data/Core/Session/SFSession.cs 78.94% 6 Missing and 2 partials ⚠️
...e.Data/Client/SnowflakeCredentialManagerFactory.cs 89.09% 3 Missing and 3 partials ⚠️
Snowflake.Data/Core/Tools/UnixOperations.cs 71.42% 3 Missing and 3 partials ⚠️
...astructure/SFCredentialManagerWindowsNativeImpl.cs 92.72% 2 Missing and 2 partials ⚠️
Snowflake.Data/Core/Session/SessionPool.cs 92.00% 0 Missing and 4 partials ⚠️
...ager/Infrastructure/SFCredentialManagerFileImpl.cs 97.75% 0 Missing and 2 partials ⚠️
Snowflake.Data/Core/Tools/StringUtils.cs 75.00% 1 Missing and 1 partial ⚠️
...Core/Authenticator/ExternalBrowserAuthenticator.cs 0.00% 1 Missing ⚠️
...nowflake.Data/Core/Authenticator/IAuthenticator.cs 95.83% 0 Missing and 1 partial ⚠️
...ke.Data/Core/Authenticator/KeyPairAuthenticator.cs 0.00% 1 Missing ⚠️
... and 2 more
Additional details and impacted files 
@@            Coverage Diff             @@
##           master     #988      +/-   ##
==========================================
+ Coverage   86.11%   86.41%   +0.30%     
==========================================
  Files         120      126       +6     
  Lines       11628    12028     +400     
  Branches     1167     1217      +50     
==========================================
+ Hits        10013    10394     +381     
- Misses       1332     1335       +3     
- Partials      283      299      +16

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

sfc-gh-knozderko
sfc-gh-knozderko requested changes Jul 29, 2024
View reviewed changes
Snowflake.Data/Core/CredentialManager/Infrastructure/SFCredentialManagerWindowsNativeImpl.cs Outdated Show resolved Hide resolved
Snowflake.Data/Core/Authenticator/IAuthenticator.cs Outdated Show resolved Hide resolved
Snowflake.Data/Core/Authenticator/IAuthenticator.cs
@@ -116,13 +134,19 @@ private SFRestRequest BuildLoginRequest()
{
loginName = session.properties[SFSessionProperty.USER],
accountName = session.properties[SFSessionProperty.ACCOUNT],
// TODO LOCAL TEST MFA temp change should be removed before merge
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why would we need to pretend to be a jdbc driver?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was only for testing it should use .NET before complete the PR

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why can't we just test as .net driver? Is there any particular reason to pretend to be a jdbc driver?
Anyway we need to remove it before merging the PR.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, we will do it before merging

Snowflake.Data/Core/Authenticator/MFACacheAuthenticator.cs Outdated Show resolved Hide resolved
Snowflake.Data/Core/Authenticator/MFACacheAuthenticator.cs Show resolved Hide resolved
Snowflake.Data/Core/Session/SessionPool.cs Outdated Show resolved Hide resolved
Snowflake.Data/Core/Session/SessionPool.cs Outdated Show resolved Hide resolved
Snowflake.Data/Core/Session/SessionPool.cs Outdated Show resolved Hide resolved
Snowflake.Data/Core/Session/SessionPool.cs Outdated Show resolved Hide resolved
Snowflake.Data/Core/Session/SessionPool.cs Outdated Show resolved Hide resolved
@sfc-gh-jmartinezramirez sfc-gh-jmartinezramirez force-pushed the SNOW-715504-MFA-Token-Cache branch 4 times, most recently from 6af9d1a to e36f8ed Compare September 4, 2024 13:31
@sfc-gh-jmartinezramirez sfc-gh-jmartinezramirez force-pushed the SNOW-715504-MFA-Token-Cache branch 2 times, most recently from e795b5f to 9316bbc Compare September 18, 2024 23:08
@sfc-gh-jmartinezramirez sfc-gh-jmartinezramirez marked this pull request as ready for review October 4, 2024 02:42
@sfc-gh-jmartinezramirez sfc-gh-jmartinezramirez requested a review from a team as a code owner October 4, 2024 02:42
sfc-gh-knozderko
sfc-gh-knozderko requested changes Oct 8, 2024
View reviewed changes
Snowflake.Data/Client/SFCredentialManagerFactory.cs Outdated Show resolved Hide resolved
Snowflake.Data/Client/SFCredentialManagerFactory.cs Outdated Show resolved Hide resolved
Snowflake.Data/Client/SFCredentialManagerFactory.cs Outdated Show resolved Hide resolved
Snowflake.Data/Client/SFCredentialManagerFactory.cs Outdated Show resolved Hide resolved
Snowflake.Data/Client/SFCredentialManagerFactory.cs Outdated Show resolved Hide resolved
Snowflake.Data/Core/CredentialManager/Infrastructure/SFCredentialManagerFileImpl.cs Show resolved Hide resolved
Snowflake.Data/Core/CredentialManager/Infrastructure/SFCredentialManagerFileImpl.cs Outdated Show resolved Hide resolved
Snowflake.Data/Core/CredentialManager/Infrastructure/SFCredentialManagerWindowsNativeImpl.cs Outdated Show resolved Hide resolved
Snowflake.Data/Core/Session/ConnectionCacheManager.cs Outdated Show resolved Hide resolved
Snowflake.Data/Core/Session/ConnectionPoolManager.cs Outdated Show resolved Hide resolved
sfc-gh-knozderko
sfc-gh-knozderko requested changes Oct 9, 2024
View reviewed changes
Snowflake.Data/Core/Session/SessionPool.cs Outdated Show resolved Hide resolved
Snowflake.Data/Core/Session/SessionPool.cs Outdated Show resolved Hide resolved
Snowflake.Data/Core/Session/SessionPool.cs Outdated Show resolved Hide resolved
Snowflake.Data/Core/Session/SFSession.cs Outdated Show resolved Hide resolved
Snowflake.Data/Core/Tools/StringUtils.cs Outdated Show resolved Hide resolved
Snowflake.Data.Tests/UnitTests/CredentialManager/SFCredentialManagerTest.cs Outdated Show resolved Hide resolved
Snowflake.Data.Tests/UnitTests/CredentialManager/SFCredentialManagerTest.cs Outdated Show resolved Hide resolved
Snowflake.Data.Tests/UnitTests/CredentialManager/SFCredentialManagerTest.cs Show resolved Hide resolved
Snowflake.Data.Tests/UnitTests/SFSessionTest.cs Outdated Show resolved Hide resolved
Snowflake.Data/Core/CredentialManager/Infrastructure/SFCredentialManagerFileImpl.cs Show resolved Hide resolved
sfc-gh-knozderko
sfc-gh-knozderko requested changes Oct 17, 2024
View reviewed changes
Snowflake.Data/Client/SnowflakeCredentialManagerFactory.cs Outdated Show resolved Hide resolved
Snowflake.Data/Core/Session/SessionPool.cs Outdated Show resolved Hide resolved
Snowflake.Data/Core/Tools/UnixOperations.cs Outdated Show resolved Hide resolved
Snowflake.Data/Core/SFError.cs Outdated Show resolved Hide resolved
Snowflake.Data.Tests/IntegrationTests/SFConnectionIT.cs Outdated Show resolved Hide resolved
Snowflake.Data.Tests/IntegrationTests/SFConnectionIT.cs Outdated Show resolved Hide resolved
Snowflake.Data/Core/Session/SFSessionProperty.cs Outdated Show resolved Hide resolved
Snowflake.Data/Core/CredentialManager/Infrastructure/SFCredentialManagerFileImpl.cs Show resolved Hide resolved
@sfc-gh-jmartinezramirez sfc-gh-jmartinezramirez force-pushed the SNOW-715504-MFA-Token-Cache branch 3 times, most recently from 5d32b9c to be6f19d Compare October 19, 2024 03:51
sfc-gh-knozderko
sfc-gh-knozderko requested changes Oct 22, 2024
View reviewed changes
Snowflake.Data/Core/Session/SessionPool.cs Outdated Show resolved Hide resolved
Snowflake.Data/Client/SFCredentialManagerFactory.cs Outdated Show resolved Hide resolved
Snowflake.Data/Core/Session/SessionPool.cs Outdated Show resolved Hide resolved
Snowflake.Data/Client/SnowflakeCredentialManagerFactory.cs Outdated Show resolved Hide resolved
Snowflake.Data/Client/SnowflakeCredentialManagerFactory.cs Outdated Show resolved Hide resolved
Snowflake.Data/Client/SnowflakeCredentialManagerFactory.cs Outdated Show resolved Hide resolved
Snowflake.Data/Client/SnowflakeCredentialManagerFactory.cs Outdated Show resolved Hide resolved
Snowflake.Data/Client/SnowflakeCredentialManagerFactory.cs Outdated Show resolved Hide resolved
Snowflake.Data/Client/SnowflakeCredentialManagerFactory.cs Outdated Show resolved Hide resolved
Snowflake.Data.Tests/IntegrationTests/SFConnectionIT.cs Outdated Show resolved Hide resolved
@sfc-gh-jmartinezramirez
Added implementation for MFA token cache base on changes for sso toke…
10a901f 
…n cache and passcode for MFA
@sfc-gh-jmartinezramirez
Implementing test for new MFA token cache (In progress)
31d77f1
@sfc-gh-jmartinezramirez
temp workaround for login request with appid and app version
d3b464a
@sfc-gh-jmartinezramirez
Added mechanism to handle connection pooling when using username_pass…
4a92c08 
…word_mfa authenticator.

Added mechanism to disable or throw an error if using a different authenticator using passcode in connection.
@sfc-gh-jmartinezramirez
Added hash encode for credential manager keys using sha256
48b1e63
@sfc-gh-jmartinezramirez
Changed passcode to be an optional argument in ParseConnectionString
3990373
@sfc-gh-jmartinezramirez
Changed passcode to be an optional argument in connection and session…
751369a 
… methods
@sfc-gh-jmartinezramirez
Remove changes related to sso token cache implementation
332f0de
@sfc-gh-jmartinezramirez
Applying suggestions
b68a3f9
@sfc-gh-jmartinezramirez
Removed additional sso token cache code related
82a8e34
@sfc-gh-jmartinezramirez
Fix testing
e0f87be
@sfc-gh-jmartinezramirez
Comment out workaround to test MFA
2bdd747
@sfc-gh-jmartinezramirez
Additional fixes for test
ae23407
@sfc-gh-jmartinezramirez
Improve logic to validate if passcode is used with mfaAuthenticator,
155516f
@sfc-gh-jmartinezramirez
Fixed ambiguous constructor issue in mock
2aed351
@sfc-gh-jmartinezramirez
Fixed mismatch credential exception message
9fc91d6
@sfc-gh-jmartinezramirez
Change validation process for session pool, if using passcode in conn…
0d4d055 
…ection string without username_password_authentication an exception will be thrown to indicate the user

that the passcode should not be used if pooling is enabled or with a minimum pool size greater than 0.
Additionally, if the passcode is provided by an argument and not part of the connection string, it will not be used for the session created by the session pool, and the push MFA mechanism will be triggered.
@sfc-gh-jmartinezramirez
Applying PR suggestions
5852597
@sfc-gh-knozderko @sfc-gh-jmartinezramirez
some refactor
b8b9790 
(cherry picked from commit ac28924)
@sfc-gh-jmartinezramirez
Applying PR suggestions
e048d23
@sfc-gh-jmartinezramirez
Fixed test for mfa
795f578
@sfc-gh-jmartinezramirez
Fix connection pool renamed method.
07eb444
@sfc-gh-jmartinezramirez
Applying PR suggestions
d0240f3
@sfc-gh-jmartinezramirez
Applying new PR suggestions
d87f1cb
@sfc-gh-jmartinezramirez
Added additional errors that could be thrown when the cached MFA toke…
d6a884b 
…n is expired or invalid. Multi-factor authentication (MFA) will try to use the passcode from the connection string if available; otherwise, send a Duo push notification to try to authenticate again; if it fails, the token will be removed.
@sfc-gh-jmartinezramirez
Applying PR suggestions
2e5b088
@sfc-gh-jmartinezramirez
Added property to LoginRequestData to specify httpRequest timeout.
14d2ea0
@sfc-gh-jmartinezramirez
Apply suggestion to SnowflakeCredentialManagerFactory and other addit…
78301da 
…ional comments
@sfc-gh-jmartinezramirez
Additional comments
3d90b4d
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sfc-gh-knozderko sfc-gh-knozderko sfc-gh-knozderko requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sfc-gh-jmartinezramirez @sfc-gh-knozderko