Skip to content

SNOW-2041980 Kerberos Proxy Auth - NodeJS #1102

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 26 commits into
base: master
Choose a base branch
from
Open

SNOW-2041980 Kerberos Proxy Auth - NodeJS #1102

wants to merge 26 commits into from
+371 −42

Conversation

sfc-gh-ext-simba-jy
Copy link
Collaborator

@sfc-gh-ext-simba-jy sfc-gh-ext-simba-jy commented Jun 16, 2025
edited
Loading

Description

Please explain the changes you made here.

  • Added the customizer Header connection configs
  • In request Util, create some functions to validate customizer headers and get headers
  • Added 'isRetry' options in snowflake connection requests and GCS and S3 utils (It can be in remote_util, but difficult to test)
  • Added testings.

Checklist

  • Format code according to the existing code style (run npm run lint:check -- CHANGED_FILES and fix problems in changed code)
  • Create tests which fail without the change (if possible)
  • Make all tests (unit and integration) pass (npm run test:unit and npm run test:integration)
  • Extend the types in index.d.ts file (if necessary)
  • Extend the README / documentation and ensure is properly displayed (if necessary)
  • Provide JIRA issue id (if possible) or GitHub issue id in commit message

@sfc-gh-ext-simba-jy sfc-gh-ext-simba-jy changed the title implement custom headers SNOW-2041980 Kerberos Proxy Auth - NodeJS Jun 17, 2025
@sfc-gh-ext-simba-jy sfc-gh-ext-simba-jy marked this pull request as ready for review June 18, 2025 02:59
@sfc-gh-ext-simba-jy sfc-gh-ext-simba-jy requested a review from a team as a code owner June 18, 2025 02:59
@codecov Codecov
Copy link

codecov bot commented Jun 18, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 85.00000% with 15 lines in your changes missing coverage. Please review.

Project coverage is 89.62%. Comparing base (9200f50) to head (0086cd2).

Files with missing lines Patch % Lines
lib/connection/statement.js 16.66% 5 Missing ⚠️
lib/file_transfer_agent/remote_storage_util.js 20.00% 4 Missing ⚠️
lib/file_transfer_agent/s3_util.js 73.33% 4 Missing ⚠️
lib/file_transfer_agent/gcs_util.js 87.50% 2 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #1102      +/-   ##
==========================================
- Coverage   89.63%   89.62%   -0.02%     
==========================================
  Files          83       83              
  Lines        7689     7775      +86     
  Branches       67       67              
==========================================
+ Hits         6892     6968      +76     
- Misses        790      800      +10     
  Partials        7        7

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

sfc-gh-rsavenok
sfc-gh-rsavenok reviewed Jun 20, 2025
View reviewed changes
package.json Outdated
"test": "mocha 'test/unit/**/*.{js,ts}'",
"test:authentication": "mocha 'test/authentication/**/*.{js,ts}'",
"test:integration": "mocha 'test/integration/**/*.{js,ts}'",
"test": "mocha test/unit/**/*.{js,ts}",
Copy link
Collaborator

@sfc-gh-rsavenok sfc-gh-rsavenok Jun 20, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The quotes were added recently in #1079

Mocha's behaviour is poorly documented: when a test pattern is passed without quotes, it uses the default shell pattern matching mechanism (different on every OS/shell), and if a string is passed, it uses glob from the npm package.

You can confirm this by running npm run test:unit on a command with quotes and without, and you'll see that it runs 300 fewer tests if quotes aren't set 🙈

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmmm, interesting. On my machine(Windows), I cannot execute the npm command with the quote, and the 791 unit testing were executed without the quote. Anyway, I will have a look and let you know if I find any other solutions. I will revert this back when I need to update the PR based on the feedbacks. Thank you.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mocha Docs

Maybe it should be double quotes instead of single to work correctly?

You should always quote your globs in npm scripts. If you use quotes, the node-glob module will handle its expansion. For maximum compatibility, surround the entire expression with double quotes and refrain from $, ", ^, and \ within your expression.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, it worked well when I replaced the single quote with the double quote. Currently, I revert it back. If you want me to fix this in this PR, I will update it. Please let me know.

sfc-gh-rsavenok
sfc-gh-rsavenok reviewed Jun 24, 2025
View reviewed changes
lib/constants/error_messages.js Outdated
@@ -86,6 +86,8 @@ exports[404059] = 'Invalid oauth client id. The specified value must not be an e
exports[404060] = 'Invalid oauth client secret. The specified value must not be an empty string';
exports[404061] = 'Invalid oauth token request URL. The specified value must be a valid URL starting with the https or http protocol.';
exports[404062] = 'No workload identity credentials were found. Provider: %s';
exports[404063] = 'Invalid http header customizers. The specified value must contain the following functions: \'applices\', \'newHeaders\' and \'invokeOnce\'';
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would suggest to adjust eslint config: 'quotes': ['error', 'single', { 'avoidEscape': true }],

So it lets us use "" instead of '' when a string contains ' :)

It will let us make this line:

exports[404063] = "Invalid http header customizers. The specified value must contain the following functions: 'applices', 'newHeaders' and 'invokeOnce'";

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When I replaced the double quote with the single quote, the linter said:

Error:   89:19   error  Strings must use singlequote      quotes
Error:   89:[11](https://github.com/snowflakedb/snowflake-connector-nodejs/actions/runs/15858048698/job/44708146624?pr=1102#step:5:12)1  error  Unnecessary escape character: \'  no-useless-escape
Error:   89:[12](https://github.com/snowflakedb/snowflake-connector-nodejs/actions/runs/15858048698/job/44708146624?pr=1102#step:5:13)1  error  Unnecessary escape character: \'  no-useless-escape
Error:   89:125  error  Unnecessary escape character: \'  no-useless-escape
Error:   89:[13](https://github.com/snowflakedb/snowflake-connector-nodejs/actions/runs/15858048698/job/44708146624?pr=1102#step:5:14)7  error  Unnecessary escape character: \'  no-useless-escape
Error:   89:[14](https://github.com/snowflakedb/snowflake-connector-nodejs/actions/runs/15858048698/job/44708146624?pr=1102#step:5:15)4  error  Unnecessary escape character: \'  no-useless-escape
Error:   89:[15](https://github.com/snowflakedb/snowflake-connector-nodejs/actions/runs/15858048698/job/44708146624?pr=1102#step:5:16)6  error  Unnecessary escape character: \'  no-useless-escape

Currently, the linter enforces the use of single quotes only.

lib/util.ts Outdated
@@ -678,3 +683,19 @@ export function escapeHTML(value: string) {
export async function dynamicImportESMInTypescriptWithCommonJS(moduleName: string) {
return Function(`return import("${moduleName}")`)()
}

export function isValidHTTPHeaderCustomizers(customizers: HttpHeadersCustomizer[]) : boolean {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In one of the recent PRs, there was a discussion that util file is a mess and we should try to reduce it's size by moving helpers next to business logic that needs them.

Would suggest to move both this helper function and HttpHeadersCustomizer type http folder:

  • add types.ts
  • helper in request_util.js

package.json Outdated
"test": "mocha 'test/unit/**/*.{js,ts}'",
"test:authentication": "mocha 'test/authentication/**/*.{js,ts}'",
"test:integration": "mocha 'test/integration/**/*.{js,ts}'",
"test": "mocha test/unit/**/*.{js,ts}",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mocha Docs

Maybe it should be double quotes instead of single to work correctly?

You should always quote your globs in npm scripts. If you use quotes, the node-glob module will handle its expansion. For maximum compatibility, surround the entire expression with double quotes and refrain from $, ", ^, and \ within your expression.

@sfc-gh-fpawlowski
Copy link
Contributor

Wouldn't it make sense to use this HttpInterceptor class for headers customziation?

https://github.com/snowflakedb/snowflake-connector-nodejs/blob/master/test/integration/test_utils/httpInterceptorUtils.js

@sfc-gh-ext-simba-jy
Copy link
Collaborator Author

Wouldn't it make sense to use this HttpInterceptor class for headers customziation?

https://github.com/snowflakedb/snowflake-connector-nodejs/blob/master/test/integration/test_utils/httpInterceptorUtils.js

I will have a look. It looks the interceptor you mentioned is for the testing purpose.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sfc-gh-rsavenok sfc-gh-rsavenok sfc-gh-rsavenok left review comments

@sfc-gh-dheyman sfc-gh-dheyman Awaiting requested review from sfc-gh-dheyman

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sfc-gh-ext-simba-jy @sfc-gh-fpawlowski @sfc-gh-rsavenok