diff --git a/packages/php-storage-driver-snowflake/.env.dist b/packages/php-storage-driver-snowflake/.env.dist index 8d5ddfafc..11799aee8 100644 --- a/packages/php-storage-driver-snowflake/.env.dist +++ b/packages/php-storage-driver-snowflake/.env.dist @@ -1,7 +1,6 @@ SNOWFLAKE_HOST= SNOWFLAKE_PORT= SNOWFLAKE_USER= -SNOWFLAKE_PASSWORD= SNOWFLAKE_PRIVATE_KEY= SNOWFLAKE_CERT= SNOWFLAKE_DATABASE= diff --git a/packages/php-storage-driver-snowflake/README.md b/packages/php-storage-driver-snowflake/README.md index cdb57f4bc..1443f1311 100644 --- a/packages/php-storage-driver-snowflake/README.md +++ b/packages/php-storage-driver-snowflake/README.md @@ -27,9 +27,9 @@ GRANT ALL PRIVILEGES ON DATABASE "KEBOOLA_CI_PHP_STORAGE_DRIVER_SNOWFLAKE" TO RO GRANT USAGE ON WAREHOUSE "DEV" TO ROLE "KEBOOLA_CI_PHP_STORAGE_DRIVER_SNOWFLAKE"; CREATE USER "KEBOOLA_CI_PHP_STORAGE_DRIVER_SNOWFLAKE" -PASSWORD = '' DEFAULT_ROLE = "KEBOOLA_CI_PHP_STORAGE_DRIVER_SNOWFLAKE" RSA_PUBLIC_KEY = '' +TYPE = SERVICE ; GRANT ROLE "KEBOOLA_CI_PHP_STORAGE_DRIVER_SNOWFLAKE" TO USER "KEBOOLA_CI_PHP_STORAGE_DRIVER_SNOWFLAKE"; @@ -41,7 +41,6 @@ set up env variables: SNOWFLAKE_HOST: keboolaconnectiondev.us-east-1.snowflakecomputing.com SNOWFLAKE_PORT: 443 SNOWFLAKE_USER: KEBOOLA_CI_PHP_STORAGE_DRIVER_SNOWFLAKE -SNOWFLAKE_PASSWORD: ${{ secrets.SNOWFLAKE_PASSWORD }} SNOWFLAKE_PRIVATE_KEY: ${{ secrets.SNOWFLAKE_PRIVATE_KEY }} # note: it has to be full private key in PEM format, including the header and footer SNOWFLAKE_DATABASE: KEBOOLA_CI_PHP_STORAGE_DRIVER_SNOWFLAKE SNOWFLAKE_WAREHOUSE: DEV diff --git a/packages/php-storage-driver-snowflake/src/ConnectionFactory.php b/packages/php-storage-driver-snowflake/src/ConnectionFactory.php index 10bb8e64f..7ef1d9ec3 100644 --- a/packages/php-storage-driver-snowflake/src/ConnectionFactory.php +++ b/packages/php-storage-driver-snowflake/src/ConnectionFactory.php @@ -12,30 +12,6 @@ final class ConnectionFactory { - /** - * Check if a string is a valid RSA private key - */ - private static function isValidRsaPrivateKey(string $key): bool - { - // Remove any whitespace and check if it looks like a PEM encoded key - $key = trim($key); - if (!str_contains($key, '-----BEGIN') || !str_contains($key, 'PRIVATE KEY-----')) { - return false; - } - - // Try to get the private key details - $privateKey = openssl_pkey_get_private($key); - if ($privateKey === false) { - return false; - } - - // Get the details to verify it's an RSA key - $details = openssl_pkey_get_details($privateKey); - - // Check if it's an RSA key - return $details !== false && isset($details['key']) && $details['type'] === OPENSSL_KEYTYPE_RSA; - } - public static function createFromCredentials(GenericBackendCredentials $credentials): Connection { $meta = $credentials->getMeta(); @@ -45,30 +21,17 @@ public static function createFromCredentials(GenericBackendCredentials $credenti } else { throw new Exception('SnowflakeCredentialsMeta is required.'); } - - // Check if the secret is a valid RSA private key - $isRsaKey = self::isValidRsaPrivateKey($credentials->getSecret()); - $connectionParams = [ 'port' => (string) $credentials->getPort(), 'warehouse' => $meta->getWarehouse(), 'database' => $meta->getDatabase(), ]; - if ($isRsaKey) { - return SnowflakeConnectionFactory::getConnectionWithCert( - $credentials->getHost(), - $credentials->getPrincipal(), - $credentials->getSecret(), - $connectionParams, - ); - } else { - return SnowflakeConnectionFactory::getConnection( - $credentials->getHost(), - $credentials->getPrincipal(), - $credentials->getSecret(), - $connectionParams, - ); - } + return SnowflakeConnectionFactory::getConnectionWithCert( + $credentials->getHost(), + $credentials->getPrincipal(), + $credentials->getSecret(), + $connectionParams, + ); } } diff --git a/packages/php-storage-driver-snowflake/tests/Functional/ConnectionFactoryTest.php b/packages/php-storage-driver-snowflake/tests/Functional/ConnectionFactoryTest.php index ab0232244..efb168e9c 100644 --- a/packages/php-storage-driver-snowflake/tests/Functional/ConnectionFactoryTest.php +++ b/packages/php-storage-driver-snowflake/tests/Functional/ConnectionFactoryTest.php @@ -12,31 +12,6 @@ class ConnectionFactoryTest extends TestCase { - public function testCreateFromCredentialsWithPassword(): void - { - // Create credentials with a password - $credentials = new GenericBackendCredentials(); - $credentials->setHost((string) getenv('SNOWFLAKE_HOST')); - $credentials->setPrincipal((string) getenv('SNOWFLAKE_USER')); - $credentials->setSecret((string) getenv('SNOWFLAKE_PASSWORD')); - $credentials->setPort((int) getenv('SNOWFLAKE_PORT')); - - $meta = new Any(); - $meta->pack( - (new SnowflakeCredentialsMeta()) - ->setWarehouse((string) getenv('SNOWFLAKE_WAREHOUSE')) - ->setDatabase((string) getenv('SNOWFLAKE_DATABASE')), - ); - $credentials->setMeta($meta); - - // Create connection - $connection = ConnectionFactory::createFromCredentials($credentials); - - // Test connection works - $result = $connection->executeQuery('SELECT 1 as TEST'); - $this->assertEquals(1, $result->fetchOne()); - } - public function testCreateFromCredentialsWithPrivateKey(): void { // Create credentials with a key diff --git a/packages/php-storage-driver-snowflake/tests/Functional/ConnectionTestWithPassword.php b/packages/php-storage-driver-snowflake/tests/Functional/ConnectionTestWithPassword.php deleted file mode 100644 index a167562e0..000000000 --- a/packages/php-storage-driver-snowflake/tests/Functional/ConnectionTestWithPassword.php +++ /dev/null @@ -1,36 +0,0 @@ -getSnowflakeConnection(); - $connection->executeQuery('SELECT 1'); - } - - protected function getSnowflakeConnection(): Connection - { - $this->connection = SnowflakeConnectionFactory::getConnection( - (string) getenv('SNOWFLAKE_HOST'), - (string) getenv('SNOWFLAKE_USER'), - (string) getenv('SNOWFLAKE_PASSWORD'), - [ - 'port' => (string) getenv('SNOWFLAKE_PORT'), - 'warehouse' => (string) getenv('SNOWFLAKE_WAREHOUSE'), - 'database' => (string) getenv('SNOWFLAKE_DATABASE'), - ], - ); - - return $this->connection; - } -}