Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[AIRFLOW-5906] Add authenticator parameter to snowflake_hook #8642

Merged
merged 4 commits into from
May 10, 2020
Merged

[AIRFLOW-5906] Add authenticator parameter to snowflake_hook #8642

merged 4 commits into from
May 10, 2020

Conversation

koszti
Copy link
Contributor

@koszti koszti commented Apr 30, 2020
edited
Loading

To use Snowflake with SSO, Okta, ADFS or any other SAML 2.0 compliant identify provider we need to pass the authenticator=externalbrowser extra parameter to the snowflake connection string. Currently the authenticator parameter not extracted from the connection extras JSON and not possible to use Airflow and Snowflake with SAML/SSO

This PR extracts the authenticator parameter from the connection "extra"s JSON and passing it to the snowflake uri. This allows to use Airflow and Snowflake configured with SAML/SSO.

Example airflow connection config:

Conn Id: <CONNECTION_ID>
Conn Type: Snowflake
Host: <YOUR_SNOWFLAKE_HOSTNAME>
Schema: <YOUR_SNOWFLAKE_SCHEMA>
Login: <YOUR_SNOWFLAKE_USERNAME>
Password: <YOUR_SNOWFLAKE_PASSWORD>
Extra: {
        "account": <YOUR_SNOWFLAKE_ACCOUNT_NAME>,
        "warehouse": <YOUR_SNOWFLAKE_WAREHOUSE_NAME>,
         "database": <YOUR_SNOWFLAKE_DB_NAME>,
         "region": <YOUR_SNOWFLAKE_HOSTED_REGION>,
         "authenticator": "externalbrowser"
    }

Related snowflake documentation with the valid authentication strings: Snowflake Python: Connecting using Federated Authentication

Make sure to mark the boxes below before creating PR: [x]

  • Description above provides context of the change
  • Unit tests coverage for changes (not needed for documentation changes)
  • Target Github ISSUE in description if exists
  • Commits follow "How to write a good git commit message"
  • Relevant documentation is updated including usage instructions.
  • I will engage committers as explained in Contribution Workflow Example.

In case of fundamental code change, Airflow Improvement Proposal (AIP) is needed.
In case of a new dependency, check compliance with the ASF 3rd Party License Policy.
In case of backwards incompatible changes please leave a note in UPDATING.md.
Read the Pull Request Guidelines for more information.

@boring-cyborg
Copy link

boring-cyborg bot commented Apr 30, 2020

Congratulations on your first Pull Request and welcome to the Apache Airflow community! If you have any issues or are unsure about any anything please check our Contribution Guide (https://github.com/apache/airflow/blob/master/CONTRIBUTING.rst)
Here are some useful points:

  • Pay attention to the quality of your code (flake8, pylint and type annotations). Our pre-commits will help you with that.
  • In case of a new feature add useful documentation (in docstrings or in docs/ directory). Adding a new operator? Check this short guide Consider adding an example DAG that shows how users should use it.
  • Consider using Breeze environment for testing locally, it’s a heavy docker but it ships with a working Airflow and a lot of integrations.
  • Be patient and persistent. It might take some time to get a review or get the final approval from Committers.
  • Be sure to read the Airflow Coding style.
    Apache Airflow is a community-driven project and together we are making it better 🚀.
    In case of doubts contact the developers at:
    Mailing List: [email protected]
    Slack: https://apache-airflow-slack.herokuapp.com/

kaxil
kaxil reviewed May 10, 2020
View reviewed changes
tests/providers/snowflake/hooks/test_snowflake.py Outdated
Comment on lines 140 to 150
def test_authenticator(self):
self.conn.extra_dejson = {'database': 'db',
'account': 'airflow',
'warehouse': 'af_wh',
'region': 'af_region',
'role': 'af_role',
'authenticator': 'externalbrowser'}

uri_shouldbe = 'snowflake://user:pw@airflow/db/public?warehouse=af_wh&role=af_role' \
'&authenticator=externalbrowser'
self.assertEqual(uri_shouldbe, self.db_hook.get_uri())
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This test is not related to the changes in this PR. It just checks if extra_dejson of any Connection object is changed, they are reflected and can be retrieved with get_uri().

@kaxil kaxil merged commit cd635dd into apache:master May 10, 2020
@boring-cyborg
Copy link

boring-cyborg bot commented May 10, 2020

Awesome work, congrats on your first merged pull request!

@kaxil kaxil added this to the Airflow 1.10.11 milestone May 10, 2020
@koszti koszti deleted the airflow-5906 branch May 11, 2020 10:23
@jeffolsi jeffolsi mentioned this pull request May 11, 2020
Merged
6 tasks
kaxil pushed a commit that referenced this pull request Jun 30, 2020
@koszti @kaxil
[AIRFLOW-5906] Add authenticator parameter to snowflake_hook (#8642)
8d23325 
(cherry picked from commit cd635dd)
@kaxil kaxil added the type:improvement Changelog: Improvements label Jul 1, 2020
kaxil pushed a commit that referenced this pull request Jul 1, 2020
@koszti @kaxil
[AIRFLOW-5906] Add authenticator parameter to snowflake_hook (#8642)
ef82cc1 
(cherry picked from commit cd635dd)
cfei18 pushed a commit to cfei18/incubator-airflow that referenced this pull request Mar 5, 2021
@koszti
Add authenticator parameter to snowflake_hook (apache#8642)
e5e1c66 
(cherry picked from commit cd635dd)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kaxil kaxil kaxil approved these changes

Assignees
No one assigned
Labels
type:improvement Changelog: Improvements
Projects
None yet
Milestone
Airflow 1.10.11
Development

Successfully merging this pull request may close these issues.
2 participants
@koszti @kaxil