Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ENTERPRISE-1418] Add support for plain JWT authentication #1078

Merged
merged 4 commits into from
Jun 11, 2024
Merged

[ENTERPRISE-1418] Add support for plain JWT authentication #1078

merged 4 commits into from
Jun 11, 2024

Conversation

llam15
Copy link
Contributor

@llam15 llam15 commented Jun 10, 2024
edited
Loading

resolves #1079
resolves #726
docs dbt-labs/docs.getdbt.com/#

Problem

  • Today, the dbt-snowflake adapter only supports Snowflake OAuth, where the Client ID/Secret belong to a Snowflake OAuth Client, and the token property is expected to be a refresh token, and the adapter will automatically perform the refresh token flow with it.

Solution

  • This PR introduces a new authenticator type, jwt
  • When authenticator is set to jwt, the token attribute will be treated as a plain JWT token, and passed directly into the snowflake connect method.

Checklist

  • I have read the contributing guide and understand what's expected of me
  • I have run this code in development and it appears to resolve the stated issue
  • This PR includes tests, or tests are not required/relevant for this PR
  • This PR has no interface changes (e.g. macros, cli, logs, json artifacts, config files, adapter interface, etc) or this PR has already received feedback and approval from Product or DX

Manual Testing

Spun up a dbt project and validated that dbt run, dbt test, and dbt build pass with the following profile:

dbt_snowflake_test:
  target: dev
  outputs:
    dev:
      type: snowflake
      account: cmvgrnf-dbt_infra_sandbox

      authenticator: jwt
      token: <REDACTED. Token obtained from an OAuth Flow with Okta, and Snowflake is configured to accept this token>

      role: external_oauth_testing
      database: llam_dbt_snowflake_testing
      warehouse: llam_dbt_snowflake_testing_wh
      schema: raw
      threads: 4
      client_session_keep_alive: False

      # optional
      connect_retries: 0 # default 0
      connect_timeout: 10 # default: 10
      retry_on_database_errors: False # default: false
      retry_all: False  # default: false
      reuse_connections: False # default: false
dbt-build.mov
dbt-run.mov

@cla-bot cla-bot bot added the cla:yes label Jun 10, 2024
@github-actions GitHub Actions
Copy link
Contributor

Thank you for your pull request! We could not find a changelog entry for this change. For details on how to document a change, see the dbt-snowflake contributing guide.

@llam15 llam15 force-pushed the leslie/enterprise-1418-jwt-authenticator branch from e1fd7b1 to 5f6a4db Compare June 10, 2024 21:06
@llam15 llam15 marked this pull request as ready for review June 10, 2024 21:15
@llam15 llam15 requested a review from a team as a code owner June 10, 2024 21:15
@llam15 llam15 requested review from gcs272 and nm0s June 10, 2024 21:16
gcs272
gcs272 approved these changes Jun 10, 2024
View reviewed changes
Copy link

@gcs272 gcs272 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not super up to speed on exhaustive adapter testing, but lgtm

@nm0s
Copy link

nm0s commented Jun 11, 2024

LGTM, but I'll let someone from the adapters team give the approval

@llam15 llam15 force-pushed the leslie/enterprise-1418-jwt-authenticator branch from 19a7831 to aa21c14 Compare June 11, 2024 17:59
@colin-rogers-dbt colin-rogers-dbt merged commit 5ede6fe into main Jun 11, 2024
18 checks passed
@colin-rogers-dbt colin-rogers-dbt deleted the leslie/enterprise-1418-jwt-authenticator branch June 11, 2024 19:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@colin-rogers-dbt colin-rogers-dbt colin-rogers-dbt approved these changes

@gcs272 gcs272 gcs272 approved these changes

@nm0s nm0s Awaiting requested review from nm0s

Assignees
No one assigned
Labels
cla:yes
Projects
None yet
Milestone
No milestone
4 participants
@llam15 @nm0s @gcs272 @colin-rogers-dbt