Changed integration tests user auth to private key

snowflakedb · Jul 31, 2024 · d2a6665 · d2a6665
1 parent 3e95ca4
commit d2a6665
Show file tree

Hide file tree

Showing 11 changed files with 343 additions and 190 deletions.
diff --git a/.github/workflows/cleanup.yaml b/.github/workflows/cleanup.yaml
@@ -9,22 +9,9 @@ jobs:
   tests:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-        with:
-          persist-credentials: false
-      - name: Set up Python
-        uses: actions/setup-python@v5
+      - name: Run cleaunp
+        uses: ./.github/workflows/test_integration_ubuntu.yaml
         with:
           python-version: "3.11"
-      - name: Install dependencies
-        run: |
-          python -m pip install --upgrade pip hatch
-          python -m hatch env create e2e
-      - name: Run cleaunp
-        env:
-          TERM: unknown
-          SNOWFLAKE_CONNECTIONS_INTEGRATION_HOST: ${{ secrets.SNOWFLAKE_HOST }}
-          SNOWFLAKE_CONNECTIONS_INTEGRATION_USER: ${{ secrets.SNOWFLAKE_USER }}
-          SNOWFLAKE_CONNECTIONS_INTEGRATION_PASSWORD: ${{ secrets.SNOWFLAKE_PASSWORD }}
-          SNOWFLAKE_CONNECTIONS_INTEGRATION_ACCOUNT: ${{ secrets.SNOWFLAKE_ACCOUNT }}
-        run: python -m hatch run e2e:cleanup
+          python-env: e2e
+          hatch-run: e2e:cleanup
diff --git a/.github/workflows/test_cli_action.yaml b/.github/workflows/test_cli_action.yaml
@@ -1,27 +1,35 @@
-name: "CLI Action testing"
-
-on:
-  schedule:
-    - cron: "0 0 * * *"
-  workflow_dispatch:
-
-jobs:
-  version:
-    name: "Check Snowflake CLI version"
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repo
-        uses: actions/checkout@v4
-        with:
-          persist-credentials: false
-      - uses: Snowflake-Labs/snowflake-cli-action@v1
-        with:
-          cli-version: "latest"
-          default-config-file-path: "tests_integration/config/connection_configs.toml"
-      - name: Test connection
-        env:
-          TERM: unknown
-          SNOWFLAKE_CONNECTIONS_INTEGRATION_USER: ${{ secrets.SNOWFLAKE_USER }}
-          SNOWFLAKE_CONNECTIONS_INTEGRATION_PASSWORD: ${{ secrets.SNOWFLAKE_PASSWORD }}
-          SNOWFLAKE_CONNECTIONS_INTEGRATION_ACCOUNT: ${{ secrets.SNOWFLAKE_ACCOUNT }}
-        run: snow connection test -c integration | grep Status
+#name: "CLI Action testing"
+#
+#on:
+#  schedule:
+#    - cron: "0 0 * * *"
+#  workflow_dispatch:
+#
+#jobs:
+#  version:
+#    name: "Check Snowflake CLI version"
+#    runs-on: ubuntu-latest
+#    steps:
+#      - name: Checkout repo
+#        uses: actions/checkout@v4
+#        with:
+#          persist-credentials: false
+#      - uses: Snowflake-Labs/snowflake-cli-action@v1
+#        with:
+#          cli-version: "latest"
+#          default-config-file-path: "tests_integration/config/connection_configs.toml"
+#      - name: Set workspace parent directory
+#        run: echo "PARENT_DIR=$(dirname "${{ github.workspace }}")" >> $GITHUB_ENV
+#      - name: Test connection
+#        env:
+#          TERM: unknown
+#          SNOWFLAKE_CONNECTIONS_INTEGRATION_AUTHENTICATOR: SNOWFLAKE_JWT
+#          SNOWFLAKE_CONNECTIONS_INTEGRATION_USER: ${{ secrets.SNOWFLAKE_USER }}
+#          SNOWFLAKE_CONNECTIONS_INTEGRATION_ACCOUNT: ${{ secrets.SNOWFLAKE_ACCOUNT }}
+#          SNOWFLAKE_CONNECTIONS_INTEGRATION_PRIVATE_KEY_PATH: ${{ env.PARENT_DIR }}/.ssh/key.p8
+#          SNOWFLAKE_PRIVATE_KEY: ${{ secrets.SNOWFLAKE_PRIVATE_KEY }}
+#        run: |
+#          mkdir ${{ env.PARENT_DIR }}/.ssh
+#          echo "${SNOWFLAKE_PRIVATE_KEY}" > ${{ env.PARENT_DIR }}/.ssh/key.p8
+#          sudo chmod 600 ${{ env.PARENT_DIR }}/.ssh/key.p8
+#          snow connection test -c integration | grep Status
diff --git a/.github/workflows/test_e2e.yaml b/.github/workflows/test_e2e.yaml
@@ -1,127 +1,125 @@
-name: E2E testing
-
-on:
-  pull_request:
-    branches:
-      - "*"
-  push:
-    tags:
-      - "v*" # Push events to matching v*, i.e. v1.0, v20.15.10
-    branches:
-      - main
-  repository_dispatch:
-    types: [ok-to-test-command]
-  schedule:
-    - cron: "0 8 * * *"
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  define-matrix:
-    uses: ./.github/workflows/matrix.yaml
-
-  e2e-trusted:
-    needs: define-matrix
-    strategy:
-      fail-fast: true
-      matrix:
-        os: ${{ fromJSON(needs.define-matrix.outputs.os) }}
-        python-version: ${{ fromJSON(needs.define-matrix.outputs.python) }}
-    runs-on: ${{ matrix.os }}
-    if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          persist-credentials: false
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: ${{ matrix.python-version }}
-      - name: Install dependencies
-        run: |
-          python -m pip install --upgrade pip hatch
-          python -m hatch env create e2e
-      - name: Run end to end tests
-        env:
-          TERM: unknown
-          SNOWFLAKE_CONNECTIONS_INTEGRATION_HOST: ${{ secrets.SNOWFLAKE_HOST }}
-          SNOWFLAKE_CONNECTIONS_INTEGRATION_USER: ${{ secrets.SNOWFLAKE_USER }}
-          SNOWFLAKE_CONNECTIONS_INTEGRATION_PASSWORD: ${{ secrets.SNOWFLAKE_PASSWORD }}
-          SNOWFLAKE_CONNECTIONS_INTEGRATION_ACCOUNT: ${{ secrets.SNOWFLAKE_ACCOUNT }}
-        run: python -m hatch run e2e:test
-
-  # Repo owner has commented /ok-to-test on a (fork-based) pull request
-  e2e-fork:
-    needs: define-matrix
-    strategy:
-      fail-fast: true
-      matrix:
-        os: ${{ fromJSON(needs.define-matrix.outputs.os) }}
-        python-version: ${{ fromJSON(needs.define-matrix.outputs.python) }}
-    runs-on: ${{ matrix.os }}
-    permissions:
-      pull-requests: write
-      checks: write
-    if: |
-      github.event_name == 'repository_dispatch' &&
-      github.event.client_payload.slash_command.args.named.sha != '' &&
-      contains(
-        github.event.client_payload.pull_request.head.sha,
-        github.event.client_payload.slash_command.args.named.sha
-      )
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          persist-credentials: false
-          ref: 'refs/pull/${{ github.event.client_payload.pull_request.number }}/merge'
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: ${{ matrix.python-version }}
-      - name: Install dependencies
-        run: |
-          python -m pip install --upgrade pip hatch
-          python -m hatch env create e2e
-      - name: Run end to end tests
-        env:
-          TERM: unknown
-          SNOWFLAKE_CONNECTIONS_INTEGRATION_HOST: ${{ secrets.SNOWFLAKE_HOST }}
-          SNOWFLAKE_CONNECTIONS_INTEGRATION_USER: ${{ secrets.SNOWFLAKE_USER }}
-          SNOWFLAKE_CONNECTIONS_INTEGRATION_PASSWORD: ${{ secrets.SNOWFLAKE_PASSWORD }}
-          SNOWFLAKE_CONNECTIONS_INTEGRATION_ACCOUNT: ${{ secrets.SNOWFLAKE_ACCOUNT }}
-        run: python -m hatch run e2e:test
-      # Update check run called "e2e-fork"
-      - uses: actions/github-script@v7
-        id: update-check-run
-        if: ${{ always() }}
-        env:
-          number: ${{ github.event.client_payload.pull_request.number }}
-          job: ${{ github.job }}
-          # Conveniently, job.status maps to https://developer.github.com/v3/checks/runs/#update-a-check-run
-          conclusion: ${{ job.status }}
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          script: |
-            const { data: pull } = await github.rest.pulls.get({
-              ...context.repo,
-              pull_number: process.env.number
-            });
-            const ref = pull.head.sha;
-
-            const { data: checks } = await github.rest.checks.listForRef({
-              ...context.repo,
-              ref
-            });
-
-            const check = checks.check_runs.filter(c => c.name === process.env.job);
-
-            const { data: result } = await github.rest.checks.update({
-              ...context.repo,
-              check_run_id: check[0].id,
-              status: 'completed',
-              conclusion: process.env.conclusion
-            });
-
-            return result;
+#name: E2E testing
+#
+#on:
+#  pull_request:
+#    branches:
+#      - "*"
+#  push:
+#    tags:
+#      - "v*" # Push events to matching v*, i.e. v1.0, v20.15.10
+#    branches:
+#      - main
+#  repository_dispatch:
+#    types: [ok-to-test-command]
+#  schedule:
+#    - cron: "0 8 * * *"
+#
+#concurrency:
+#  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+#  cancel-in-progress: true
+#
+#jobs:
+#  define-matrix:
+#    uses: ./.github/workflows/matrix.yaml
+#
+#  e2e-trusted:
+#    needs: define-matrix
+#    strategy:
+#      fail-fast: true
+#      matrix:
+#        os: ${{ fromJSON(needs.define-matrix.outputs.os) }}
+#        python-version: ${{ fromJSON(needs.define-matrix.outputs.python) }}
+#    runs-on: ubuntu-latest
+#    if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository
+#    steps:
+#      - name: E2E Ubuntu / MacOS
+#        if: matrix.os == 'ubuntu-latest' || matrix.os == 'macos-latest'
+#        uses: ./.github/workflows/test_ubuntu_macos.yaml
+#        with:
+#          runs-on: ${{ matrix.os }}
+#          python-version: ${{ matrix.python-version }}
+#          python-env: e2e
+#          hatch-run: e2e:test
+#      - name: E2E Windows
+#        if: matrix.os == 'windows-latest'
+#        uses: ./.github/workflows/test_windows.yaml
+#        with:
+#          python-version: ${{ matrix.python-version }}
+#          python-env: e2e
+#          hatch-run: e2e:test
+#
+#
+#  # Repo owner has commented /ok-to-test on a (fork-based) pull request
+#  e2e-fork:
+#    needs: define-matrix
+#    strategy:
+#      fail-fast: true
+#      matrix:
+#        os: ${{ fromJSON(needs.define-matrix.outputs.os) }}
+#        python-version: ${{ fromJSON(needs.define-matrix.outputs.python) }}
+#    runs-on: ${{ matrix.os }}
+#    permissions:
+#      pull-requests: write
+#      checks: write
+#    if: |
+#      github.event_name == 'repository_dispatch' &&
+#      github.event.client_payload.slash_command.args.named.sha != '' &&
+#      contains(
+#        github.event.client_payload.pull_request.head.sha,
+#        github.event.client_payload.slash_command.args.named.sha
+#      )
+#    steps:
+#      - uses: actions/checkout@v4
+#        with:
+#          persist-credentials: false
+#          ref: 'refs/pull/${{ github.event.client_payload.pull_request.number }}/merge'
+#      - name: Set up Python
+#        uses: actions/setup-python@v5
+#        with:
+#          python-version: ${{ matrix.python-version }}
+#      - name: Install dependencies
+#        run: |
+#          python -m pip install --upgrade pip hatch
+#          python -m hatch env create e2e
+#      - name: Run end to end tests
+#        env:
+#          TERM: unknown
+#          SNOWFLAKE_CONNECTIONS_INTEGRATION_AUTHENTICATOR: SNOWFLAKE_JWT
+#          SNOWFLAKE_CONNECTIONS_INTEGRATION_HOST: ${{ secrets.SNOWFLAKE_HOST }}
+#          SNOWFLAKE_CONNECTIONS_INTEGRATION_USER: ${{ secrets.SNOWFLAKE_USER }}
+#          SNOWFLAKE_CONNECTIONS_INTEGRATION_ACCOUNT: ${{ secrets.SNOWFLAKE_ACCOUNT }}
+#          SNOWFLAKE_CONNECTIONS_INTEGRATION_PRIVATE_KEY_PATH: ${{ secrets.SNOWFLAKE_PRIVATE_KEY_PATH }}
+#        run: python -m hatch run e2e:test
+#      # Update check run called "e2e-fork"
+#      - uses: actions/github-script@v7
+#        id: update-check-run
+#        if: ${{ always() }}
+#        env:
+#          number: ${{ github.event.client_payload.pull_request.number }}
+#          job: ${{ github.job }}
+#          # Conveniently, job.status maps to https://developer.github.com/v3/checks/runs/#update-a-check-run
+#          conclusion: ${{ job.status }}
+#        with:
+#          github-token: ${{ secrets.GITHUB_TOKEN }}
+#          script: |
+#            const { data: pull } = await github.rest.pulls.get({
+#              ...context.repo,
+#              pull_number: process.env.number
+#            });
+#            const ref = pull.head.sha;
+#
+#            const { data: checks } = await github.rest.checks.listForRef({
+#              ...context.repo,
+#              ref
+#            });
+#
+#            const check = checks.check_runs.filter(c => c.name === process.env.job);
+#
+#            const { data: result } = await github.rest.checks.update({
+#              ...context.repo,
+#              check_run_id: check[0].id,
+#              status: 'completed',
+#              conclusion: process.env.conclusion
+#            });
+#
+#            return result;
diff --git a/.github/workflows/test_integration.yaml b/.github/workflows/test_integration.yaml
@@ -45,13 +45,40 @@ jobs:
         run: |
           python -m pip install --upgrade pip hatch
           python -m hatch env create integration
-      - name: Run integration tests
+
+      - name: Set workspace parent directory (Ubuntu / MacOS)
+        if: matrix.os == 'ubuntu-latest' || matrix.os == 'macos-latest'
+        run: echo "PARENT_DIR=$(dirname "${{ github.workspace }}")" >> $GITHUB_ENV
+      - name: Run integration tests (Ubuntu / MacOS)
+        if: matrix.os == 'ubuntu-latest' || matrix.os == 'macos-latest'
         env:
           TERM: unknown
+          SNOWFLAKE_CONNECTIONS_INTEGRATION_AUTHENTICATOR: SNOWFLAKE_JWT
           SNOWFLAKE_CONNECTIONS_INTEGRATION_USER: ${{ secrets.SNOWFLAKE_USER }}
-          SNOWFLAKE_CONNECTIONS_INTEGRATION_PASSWORD: ${{ secrets.SNOWFLAKE_PASSWORD }}
           SNOWFLAKE_CONNECTIONS_INTEGRATION_ACCOUNT: ${{ secrets.SNOWFLAKE_ACCOUNT }}
-        run: python -m hatch run integration:test
+          SNOWFLAKE_CONNECTIONS_INTEGRATION_PRIVATE_KEY_PATH: ${{ env.PARENT_DIR }}/.ssh/key.p8
+          SNOWFLAKE_PRIVATE_KEY: ${{ secrets.SNOWFLAKE_CONNECTIONS_INTEGRATION_PRIVATE_KEY }}
+        run: |
+          python -m hatch run integration:test
+
+      - name: Set workspace parent directory (Windows)
+        if: matrix.os == 'windows-latest'
+        run: |
+          $parentDir = Split-Path -Parent "${{ github.workspace }}"
+          echo "PARENT_DIR=$parentDir" >> $env:GITHUB_ENV
+        shell: pwsh
+      - name: Run integration tests (Windows)
+        if: matrix.os == 'windows-latest'
+        env:
+          TERM: unknown
+          SNOWFLAKE_CONNECTIONS_INTEGRATION_AUTHENTICATOR: SNOWFLAKE_JWT
+          SNOWFLAKE_CONNECTIONS_INTEGRATION_USER: ${{ secrets.SNOWFLAKE_USER }}
+          SNOWFLAKE_CONNECTIONS_INTEGRATION_ACCOUNT: ${{ secrets.SNOWFLAKE_ACCOUNT }}
+          SNOWFLAKE_CONNECTIONS_INTEGRATION_PRIVATE_KEY_PATH: ${{ env.PARENT_DIR }}\\ssh\\key.p8
+          SNOWFLAKE_PRIVATE_KEY: ${{ secrets.SNOWFLAKE_CONNECTIONS_INTEGRATION_PRIVATE_KEY }}
+        run: |
+          python -m hatch run integration:test
+        shell: pwsh
 
 
   # Repo owner has commented /ok-to-test on a (fork-based) pull request
@@ -89,9 +116,10 @@ jobs:
       - name: Run integration tests
         env:
           TERM: unknown
+          SNOWFLAKE_CONNECTIONS_INTEGRATION_AUTHENTICATOR: SNOWFLAKE_JWT
           SNOWFLAKE_CONNECTIONS_INTEGRATION_USER: ${{ secrets.SNOWFLAKE_USER }}
-          SNOWFLAKE_CONNECTIONS_INTEGRATION_PASSWORD: ${{ secrets.SNOWFLAKE_PASSWORD }}
           SNOWFLAKE_CONNECTIONS_INTEGRATION_ACCOUNT: ${{ secrets.SNOWFLAKE_ACCOUNT }}
+          SNOWFLAKE_CONNECTIONS_INTEGRATION_PRIVATE_KEY_PATH: ${{ secrets.SNOWFLAKE_PRIVATE_KEY_PATH }}
         run: python -m hatch run integration:test
       # Update check run called "integration-fork"
       - uses: actions/github-script@v7