Prefect-Snowflake: Okta Endpoint Bug

goose_loose · December 21, 2022, 7:22pm

I believe there is a bug located within the following script, but am unsure. The arguments and the get values seem to be out of sync.

github.com

PrefectHQ/prefect-snowflake/blob/main/prefect_snowflake/credentials.py

"""Credentials block for authenticating with Snowflake."""

import re
import warnings
from pathlib import Path
from typing import Any, Dict, Optional, Union

from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.serialization import (
    Encoding,
    NoEncryption,
    PrivateFormat,
    load_pem_private_key,
)

try:
    from typing import Literal
except ImportError:
    from typing_extensions import Literal

This file has been truncated. show original

class SnowflakeCredentials(Block):
    """
    Block used to manage authentication with Snowflake.
    Args:
        account (str): The snowflake account name.
        user (str): The user name used to authenticate.
        password (SecretStr): The password used to authenticate.
        private_key (SecretStr): The PEM used to authenticate.
        authenticator (str): The type of authenticator to use for initializing
            connection (oauth, externalbrowser, etc); refer to
            [Snowflake documentation](https://docs.snowflake.com/en/user-guide/python-connector-api.html#connect)
            for details, and note that `externalbrowser` will only
            work in an environment where a browser is available.
        token (SecretStr): The OAuth or JWT Token to provide when
            authenticator is set to OAuth.
        okta_endpoint (str): The Okta endpoint to use when authenticator is
            set to `okta_endpoint`, e.g. `https://<okta_account_name>.okta.com`.
        role (str): The name of the default role to use.
        autocommit (bool): Whether to automatically commit.
    Example:
        Load stored Snowflake credentials:
        ```python
        from prefect_snowflake import SnowflakeCredentials
        snowflake_credentials_block = SnowflakeCredentials.load("BLOCK_NAME")
        ```

    authenticator: Literal[
        "snowflake",
        "externalbrowser",
        "okta_endpoint",
        "oauth",
        "username_password_mfa",
    ] = Field(  # noqa
        default="snowflake",
        description=("The type of authenticator to use for initializing connection"),
    ),
    )
    endpoint: Optional[str] = Field(
        default=None,
        description=(
            "The Okta endpoint to use when authenticator is set to `okta_endpoint`"
        ),
    )

Which then violates the following method below as the requested value doesn’t exist.

    @root_validator(pre=True)
    def _validate_okta_kwargs(cls, values):
        """
        Ensure an authorization value has been provided by the user.
        """
        authenticator = values.get("authenticator")
        okta_endpoint = values.get("okta_endpoint")
        if authenticator == "okta_endpoint" and not okta_endpoint:
            raise ValueError(
                "If authenticator is set to `okta_endpoint`, "
                "`okta_endpoint` must be provided"
            )
        return values

anna_geller · December 21, 2022, 7:24pm

thanks so much for spotting it and reporting it. could you open a bug report (GitHub issue) on the perfect-snowflake repo? this would help a lot

goose_loose · December 21, 2022, 7:31pm

github.com/PrefectHQ/prefect-snowflake

Snowflake Credentials Endpoint Issue

opened 07:29PM - 21 Dec 22 UTC

gooseLoose

I believe there is a bug located within the following script, but am unsure. The… arguments and the get values seem to be out of sync. https://github.com/PrefectHQ/prefect-snowflake/blob/main/prefect_snowflake/credentials.py ``` class SnowflakeCredentials(Block): """ Block used to manage authentication with Snowflake. Args: account (str): The snowflake account name. user (str): The user name used to authenticate. password (SecretStr): The password used to authenticate. private_key (SecretStr): The PEM used to authenticate. authenticator (str): The type of authenticator to use for initializing connection (oauth, externalbrowser, etc); refer to [Snowflake documentation](https://docs.snowflake.com/en/user-guide/python-connector-api.html#connect) for details, and note that `externalbrowser` will only work in an environment where a browser is available. token (SecretStr): The OAuth or JWT Token to provide when authenticator is set to OAuth. okta_endpoint (str): The Okta endpoint to use when authenticator is set to `okta_endpoint`, e.g. `https://<okta_account_name>.okta.com`. role (str): The name of the default role to use. autocommit (bool): Whether to automatically commit. Example: Load stored Snowflake credentials: ```python from prefect_snowflake import SnowflakeCredentials snowflake_credentials_block = SnowflakeCredentials.load("BLOCK_NAME") ``` authenticator: Literal[ "snowflake", "externalbrowser", "okta_endpoint", "oauth", "username_password_mfa", ] = Field( # noqa default="snowflake", description=("The type of authenticator to use for initializing connection"), ), ) endpoint: Optional[str] = Field( default=None, description=( "The Okta endpoint to use when authenticator is set to `okta_endpoint`" ), ) ``` Which then violates the following method below as the requested value doesn't exist. ``` @root_validator(pre=True) def _validate_okta_kwargs(cls, values): """ Ensure an authorization value has been provided by the user. """ authenticator = values.get("authenticator") okta_endpoint = values.get("okta_endpoint") if authenticator == "okta_endpoint" and not okta_endpoint: raise ValueError( "If authenticator is set to `okta_endpoint`, " "`okta_endpoint` must be provided" ) return values ``` My output trace points back to this, and within the Orion UI there is no Okta Endpoint field fwiw. ``` Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/local/lib/python3.9/site-packages/prefect/utilities/asyncutils.py", line 205, in coroutine_wrapper return run_async_in_new_loop(async_fn, *args, **kwargs) File "/usr/local/lib/python3.9/site-packages/prefect/utilities/asyncutils.py", line 156, in run_async_in_new_loop return anyio.run(partial(__fn, *args, **kwargs)) File "/usr/local/lib/python3.9/site-packages/anyio/_core/_eventloop.py", line 70, in run return asynclib.run(func, *args, **backend_options) File "/usr/local/lib/python3.9/site-packages/anyio/_backends/_asyncio.py", line 292, in run return native_run(wrapper(), debug=debug) File "/usr/local/lib/python3.9/asyncio/runners.py", line 44, in run return loop.run_until_complete(main) File "/usr/local/lib/python3.9/asyncio/base_events.py", line 647, in run_until_complete return future.result() File "/usr/local/lib/python3.9/site-packages/anyio/_backends/_asyncio.py", line 287, in wrapper return await func(*args) File "/usr/local/lib/python3.9/site-packages/prefect/client/utilities.py", line 47, in with_injected_client return await fn(*args, **kwargs) File "/usr/local/lib/python3.9/site-packages/prefect/blocks/core.py", line 655, in load return cls._from_block_document(block_document) File "/usr/local/lib/python3.9/site-packages/prefect/blocks/core.py", line 554, in _from_block_document block = block_cls.parse_obj(block_document.data) File "pydantic/main.py", line 526, in pydantic.main.BaseModel.parse_obj File "/usr/local/lib/python3.9/site-packages/prefect/blocks/core.py", line 175, in __init__ super().__init__(*args, **kwargs) File "pydantic/main.py", line 342, in pydantic.main.BaseModel.__init__ pydantic.error_wrappers.ValidationError: 1 validation error for SnowflakeCredentials __root__ If authenticator is set to `okta_endpoint`, `okta_endpoint` must be provided (type=value_error) ```

anna_geller · December 21, 2022, 7:36pm

thank you so much

Topic		Replies	Views
How to best connect to external resources with a configurable authentification method? Archive prefect-2-0 , secrets , context-manager , blocks	3	774	August 22, 2022
Trouble with dbt cloud SSL cert [SSL: CERTIFICATE_VERIFY_FAILED] Help	1	529	August 28, 2023
SSL certificate issue - Not able to connect to prefect cloud and not able to run the deployment Help prefect-2-0 , deployment , server , failure	0	562	April 8, 2023
How to set GCP_CREDENTIALS or GOOGLE_APPLICATION_CREDENTIALS to use GCP modules or GCS storage with Prefect flows? Archive prefect-1-0 , auth-and-permissions , gcp , environment-variable , local-agent , docker-agent , gcs	0	1434	May 7, 2022
Windows 10 Set Up Archive prefect-1-0	2	672	June 30, 2022

Prefect-Snowflake: Okta Endpoint Bug

Related Topics