fix: Ensure tokens are cached when using browser authentication or ba…

…sic authentication with MFA (#50) The purpose of this PR is to fix the issue reported [here](#49), essentially making sure that oauth tokens are cached when using browser authentication to avoid having multiple browser windows popping in consecutive runs, even when the Snowflake account being accessed has [ALLOW_ID_TOKEN](https://docs.snowflake.com/en/sql-reference/parameters#allow-id-token) option enabled. While there, also ensured proper caching of MFA tokens (when the user account has [ALLOW_CLIENT_MFA_CACHING](https://docs.snowflake.com/en/sql-reference/parameters#allow-client-mfa-caching) enabled). ### Implementation details: - Add `secure-local-storage` extra to `snowflake-connector-python` dependency - Add `"client_request_mfa_token": True` and `"client_store_temporary_credential": True` to the connection arguments of the SQLAlchemy engine. This is mostly relevant for Linux users, as for MacOs (at least) the `secure-local-storage` extra is enough. - Fix some linting issues (done by `pre-commit` steps)
MeltanoLabs · Oct 25, 2024 · 833642e · 833642e
1 parent 38c8cc5
commit 833642e
Show file tree

Hide file tree

Showing 7 changed files with 558 additions and 340 deletions.
diff --git a/README.md b/README.md
@@ -25,11 +25,11 @@ tap-snowflake --about
 
 An array of the table names that you want to sync. The table names should be fully qualified, including schema and table name.
 
-NOTES: 
+NOTES:
 * This limits discovery to the tables specified for performance reasons. Do not specify `tables` if you intend to discover the entire available catalog.
 * Syntax to specify `tables` differs slightly from `select` (`schema_name.table_name` vs `schema_name-table_name.*`)
 
-:bulb: When adding more elements to `select` ensure the table is specified in `tables` if using `tables`. 
+:bulb: When adding more elements to `select` ensure the table is specified in `tables` if using `tables`.
 
 Example:
 ```yaml

diff --git a/meltano.yml b/meltano.yml
@@ -33,4 +33,4 @@ plugins:
     variant: andyh1203
     pip_url: target-jsonl
 environments:
-- name: dev
+- name: dev
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -18,7 +18,7 @@ python = ">=3.8,<3.12"
 requests = "^2.25.1"
 singer-sdk = "~=0.39.1"
 snowflake-sqlalchemy = "1.6.1"
-snowflake-connector-python = "~=3.12.1"
+snowflake-connector-python = { version = "~=3.12.1", extras = ["secure-local-storage"] }
 sqlalchemy = "~=2.0.34"
 cryptography = ">=3.4.6,<42.0.0"
 

diff --git a/tap_snowflake/client.py b/tap_snowflake/client.py
@@ -162,7 +162,10 @@ def create_engine(self) -> sqlalchemy.engine.Engine:
         Returns:
             A SQLAlchemy engine.
         """
-        connect_args = {}
+        connect_args: dict[str, Any] = {
+            "client_request_mfa_token": True,
+            "client_store_temporary_credential": True,
+        }
         if self.auth_method == SnowflakeAuthMethod.KEY_PAIR:
             connect_args["private_key"] = self.get_private_key()
         return sqlalchemy.create_engine(

diff --git a/tests/test_core.py b/tests/test_core.py
@@ -1,4 +1,5 @@
 """Tests standard tap features using the built-in SDK tests library."""
+
 import os
 
 from singer_sdk.testing import SuiteConfig, get_tap_test_class
@@ -28,7 +29,8 @@
     tap_class=TapSnowflake,
     config=SAMPLE_CONFIG,
     suite_config=SuiteConfig(
-        max_records_limit=100, ignore_no_records_for_streams=["tpch_sf1-lineitem"],
+        max_records_limit=100,
+        ignore_no_records_for_streams=["tpch_sf1-lineitem"],
     ),
     catalog="tests/catalog.json",
 )
diff --git a/tox.ini b/tox.ini
@@ -40,6 +40,3 @@ commands =
     poetry run ruff format --check
     # refer to mypy.ini for specific settings
     poetry run mypy tap_snowflake
-
-
-