Skip to content

Commit

Permalink
Make resolve-private-key include private-key-options in database …
Browse files Browse the repository at this point in the history 
…details (#41941) (#42006)

* Update resolve-private-key and add test

Co-authored-by: lbrdnk <lbrdnk@users.noreply.github.com>
  • Loading branch information
@metabase-bot @lbrdnk
metabase-bot[bot] and lbrdnk committed Apr 29, 2024
1 parent 4972d06 commit 30f8778
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 3 deletions.
7 changes: 5 additions & 2 deletions modules/drivers/snowflake/src/metabase/driver/snowflake.clj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,8 +110,11 @@
private-key-file (handle-conn-uri user account private-key-file)))

:else
;; get-secret-string should get the right value (using private-key-value or private-key-id) and decode it automatically
(let [decoded (secret/get-secret-string details "private-key")
;; Why setting `:private-key-options` to "uploaded"? To fix the issue #41852. Snowflake's database edit gui
;; is designed in a way, that `:private-key-options` are not sent if `hosting` enterprise feature is enabled.
;; The option must be set to "uploaded" for base64 decoding to happen. Setting that option at this point is fine
;; because the alternative ("local") is ruled out already in this `cond` branch.
(let [decoded (secret/get-secret-string (assoc details :private-key-options "uploaded") "private-key")
file (secret/value->file! {:connection-property-name "private-key-file"
:value decoded})]
(assoc (handle-conn-uri base-details user account file)
Expand Down
16 changes: 15 additions & 1 deletion modules/drivers/snowflake/test/metabase/driver/snowflake_test.clj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -321,7 +321,7 @@

(defn- format-env-key ^String [env-key]
(let [[_ header body footer]
(re-find #"(-----BEGIN (?:\p{Alnum}+ )?PRIVATE KEY-----)(.*)(-----END (?:\p{Alnum}+ )?PRIVATE KEY-----)" env-key)]
(re-find #"(?s)(-----BEGIN (?:\p{Alnum}+ )?PRIVATE KEY-----)(.*)(-----END (?:\p{Alnum}+ )?PRIVATE KEY-----)" env-key)]
(str header (str/replace body #"\s+|\\n" "\n") footer)))

(deftest can-connect-test
Expand Down Expand Up @@ -357,6 +357,20 @@
(merge {:db pk-db :user pk-user} to-merge))]
(is (can-connect? details)))))))))))

(deftest can-connect-pk-no-options-test
(mt/test-driver
:snowflake
(testing "Can connect with base64 encoded `:private-key-value` and no `:private-key-options` set (#41852)"
(let [pk-key (format-env-key (tx/db-test-env-var-or-throw :snowflake :pk-private-key))
pk-user (tx/db-test-env-var :snowflake :pk-user)
pk-db "SNOWFLAKE_SAMPLE_DATA"
details (-> (:details (mt/db))
(dissoc :password)
(assoc :dbname pk-db
:private-key-value (u/encode-base64 pk-key)
:user pk-user))]
(is (driver/can-connect? :snowflake details))))))

(deftest report-timezone-test
(mt/test-driver :snowflake
(testing "Make sure temporal parameters are set and returned correctly when report-timezone is set (#11036)"
Expand Down

0 comments on commit 30f8778

Please sign in to comment.