Skip to content

Commit 1ee1a46

Browse files
dlouseiroedgarrmondragon
dlouseiro
and
edgarrmondragon
authored
feat: Add support for browser authentication (#204)
The purpose of this PR is to add support for SSO authentication via external browser (documented [here](https://docs.snowflake.com/en/developer-guide/node-js/nodejs-driver-authenticate#using-single-sign-on-sso-through-a-web-browser)). As I detailed in this [issue](#203), while the most common authentication methods used for production users (Snowflake service account) are basic authentication (user/password) and RSA key-pair authentication, local executions can be done with personal users which, in some companies' Snowflake setup don't have a password, but can only authenticate via SSO (using an external browser). ### Implementation details: - Add new configuration property `use_browser_authentication`, which defaults to `false` (added to `README.md`, `meltano.yml` and `target_snowflake/target.py`) - Added `secure-local-storage` extra to the `snowflake-connector-python` (needed for SSO tokens to be cacheable - documented [here](https://docs.snowflake.com/en/user-guide/admin-security-fed-auth-use#using-connection-caching-to-minimize-the-number-of-prompts-for-authentication-optional)) - Update `poetry.lock` - Add `settings_group_validation` for the three possible flows: user/password, user/private_key_path and user/use_browser_authentication Closes #203 --------- Co-authored-by: Edgar Ramírez Mondragón <[email protected]>
1 parent 82aceee commit 1ee1a46

File tree

6 files changed

+190
-68
lines changed

6 files changed

+190
-68
lines changed

Diff for: README.md

+26-25
Original file line numberDiff line numberDiff line change
@@ -13,31 +13,32 @@ Built with the [Meltano Singer SDK](https://sdk.meltano.com).
1313

1414
## Settings
1515

16-
| Setting | Required | Default | Description |
17-
| :--------------------- | :------- | :---------------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
18-
| user | True | None | The login name for your Snowflake user. |
19-
| password | False | None | The password for your Snowflake user. |
20-
| private_key_path | False | None | Path to file containing private key. |
21-
| private_key_passphrase | False | None | Passphrase to decrypt private key if encrypted. |
22-
| account | True | None | Your account identifier. See [Account Identifiers](https://docs.snowflake.com/en/user-guide/admin-account-identifier.html). |
23-
| database | True | None | The initial database for the Snowflake session. |
24-
| schema | False | None | The initial schema for the Snowflake session. |
25-
| warehouse | False | None | The initial warehouse for the session. |
26-
| role | False | None | The initial role for the session. |
27-
| add_record_metadata | False | 1 | Whether to add metadata columns. |
28-
| clean_up_batch_files | False | 1 | Whether to remove batch files after processing. |
29-
| default_target_schema | False | None | The default target database schema name to use for all streams. |
30-
| hard_delete | False | 0 | Hard delete records. |
31-
| load_method | False | TargetLoadMethods.APPEND_ONLY | The method to use when loading data into the destination. `append-only` will always write all input records whether that records already exists or not. `upsert` will update existing records and insert new records. `overwrite` will delete all existing records and insert all input records. |
32-
| batch_size_rows | False | None | Maximum number of rows in each batch. |
33-
| validate_records | False | 1 | Whether to validate the schema of the incoming streams. |
34-
| stream_maps | False | None | Config object for stream maps capability. For more information check out [Stream Maps](https://sdk.meltano.com/en/latest/stream_maps.html). |
35-
| stream_map_config | False | None | User-defined config values to be used within map expressions. |
36-
| faker_config | False | None | Config for the [`Faker`](https://faker.readthedocs.io/en/master/) instance variable `fake` used within map expressions. Only applicable if the plugin specifies `faker` as an addtional dependency (through the `singer-sdk` `faker` extra or directly). |
37-
| faker_config.seed | False | None | Value to seed the Faker generator for deterministic output: https://faker.readthedocs.io/en/master/#seeding-the-generator |
38-
| faker_config.locale | False | None | One or more LCID locale strings to produce localized output for: https://faker.readthedocs.io/en/master/#localization |
39-
| flattening_enabled | False | None | 'True' to enable schema flattening and automatically expand nested properties. |
40-
| flattening_max_depth | False | None | The max depth to flatten schemas. |
16+
| Setting | Required | Default | Description |
17+
|:---------------------------|:---------|:------------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
18+
| user | True | None | The login name for your Snowflake user. |
19+
| password | False | None | The password for your Snowflake user. |
20+
| private_key_path | False | None | Path to file containing private key. |
21+
| private_key_passphrase | False | None | Passphrase to decrypt private key if encrypted. |
22+
| account | True | None | Your account identifier. See [Account Identifiers](https://docs.snowflake.com/en/user-guide/admin-account-identifier.html). |
23+
| database | True | None | The initial database for the Snowflake session. |
24+
| schema | False | None | The initial schema for the Snowflake session. |
25+
| warehouse | False | None | The initial warehouse for the session. |
26+
| role | False | None | The initial role for the session. |
27+
| add_record_metadata | False | 1 | Whether to add metadata columns. |
28+
| clean_up_batch_files | False | 1 | Whether to remove batch files after processing. |
29+
| default_target_schema | False | None | The default target database schema name to use for all streams. |
30+
| hard_delete | False | 0 | Hard delete records. |
31+
| load_method | False | TargetLoadMethods.APPEND_ONLY | The method to use when loading data into the destination. `append-only` will always write all input records whether that records already exists or not. `upsert` will update existing records and insert new records. `overwrite` will delete all existing records and insert all input records. |
32+
| batch_size_rows | False | None | Maximum number of rows in each batch. |
33+
| validate_records | False | 1 | Whether to validate the schema of the incoming streams. |
34+
| stream_maps | False | None | Config object for stream maps capability. For more information check out [Stream Maps](https://sdk.meltano.com/en/latest/stream_maps.html). |
35+
| stream_map_config | False | None | User-defined config values to be used within map expressions. |
36+
| faker_config | False | None | Config for the [`Faker`](https://faker.readthedocs.io/en/master/) instance variable `fake` used within map expressions. Only applicable if the plugin specifies `faker` as an addtional dependency (through the `singer-sdk` `faker` extra or directly). |
37+
| faker_config.seed | False | None | Value to seed the Faker generator for deterministic output: https://faker.readthedocs.io/en/master/#seeding-the-generator |
38+
| faker_config.locale | False | None | One or more LCID locale strings to produce localized output for: https://faker.readthedocs.io/en/master/#localization |
39+
| flattening_enabled | False | None | 'True' to enable schema flattening and automatically expand nested properties. |
40+
| flattening_max_depth | False | None | The max depth to flatten schemas. |
41+
| use_browser_authentication | False | False | If authentication should be done using SSO (via external browser). See See [SSO browser authentication](https://docs.snowflake.com/en/developer-guide/node-js/nodejs-driver-authenticate#using-single-sign-on-sso-through-a-web-browser). |
4142

4243
A full list of supported settings and capabilities is available by running: `target-snowflake --about`
4344

Diff for: meltano.yml

+13
Original file line numberDiff line numberDiff line change
@@ -74,6 +74,11 @@ plugins:
7474
kind: object
7575
label: Stream Maps
7676
name: stream_maps
77+
- description: If browser based SSO authentication should be used. See [SSO browser authentication](https://docs.snowflake.com/en/developer-guide/node-js/nodejs-driver-authenticate#using-single-sign-on-sso-through-a-web-browser).
78+
kind: boolean
79+
label: Use browser authentication
80+
name: use_browser_authentication
81+
value: false
7782
- description: The login name for your Snowflake user.
7883
kind: string
7984
label: User
@@ -87,3 +92,11 @@ plugins:
8792
- database
8893
- password
8994
- user
95+
- - account
96+
- database
97+
- private_key_path
98+
- user
99+
- - account
100+
- database
101+
- use_browser_authentication
102+
- user

0 commit comments

Comments
 (0)