forked from snowflakedb/gosnowflake
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathauth_with_mfa_test.go
More file actions
90 lines (69 loc) · 2.37 KB
/
auth_with_mfa_test.go
File metadata and controls
90 lines (69 loc) · 2.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
package gosnowflake
import (
"errors"
"fmt"
"log"
"os/exec"
"strings"
"testing"
)
func TestMfaSuccessful(t *testing.T) {
cfg := setupMfaTest(t)
// Enable MFA token caching
cfg.ClientRequestMfaToken = ConfigBoolTrue
//Provide your own TOTP code/codes here, to test manually
//totpKeys := []string{"222222", "333333", "444444"}
totpKeys := getTOPTcodes(t)
verifyConnectionToSnowflakeUsingTotpCodes(t, cfg, totpKeys)
log.Printf("Testing MFA token caching with second connection...")
// Clear the passcode to force use of cached MFA token
cfg.Passcode = ""
// Attempt to connect using cached MFA token
cacheErr := verifyConnectionToSnowflakeAuthTests(t, cfg)
assertNilF(t, cacheErr, "Failed to connect with cached MFA token")
}
func setupMfaTest(t *testing.T) *Config {
skipAuthTests(t, "Skipping MFA tests")
cfg, err := getAuthTestsConfig(t, AuthTypeUsernamePasswordMFA)
assertNilF(t, err, "failed to get config")
cfg.User, err = GetFromEnv("SNOWFLAKE_AUTH_TEST_MFA_USER", true)
assertNilF(t, err, "failed to get MFA user from environment")
cfg.Password, err = GetFromEnv("SNOWFLAKE_AUTH_TEST_MFA_PASSWORD", true)
assertNilF(t, err, "failed to get MFA password from environment")
return cfg
}
func getTOPTcodes(t *testing.T) []string {
if isTestRunningInDockerContainer() {
const provideTotpPath = "/externalbrowser/totpGenerator.js"
output, err := exec.Command("node", provideTotpPath).CombinedOutput()
assertNilF(t, err, fmt.Sprintf("failed to execute command: %v", err))
totpCodes := strings.Fields(string(output))
return totpCodes
}
return []string{}
}
func verifyConnectionToSnowflakeUsingTotpCodes(t *testing.T, cfg *Config, totpKeys []string) {
if len(totpKeys) == 0 {
t.Fatalf("no TOTP codes provided")
}
var lastError error
for i, totpKey := range totpKeys {
cfg.Passcode = totpKey
err := verifyConnectionToSnowflakeAuthTests(t, cfg)
if err == nil {
return
}
lastError = err
errorMsg := err.Error()
log.Printf("TOTP code %d failed: %v", i+1, errorMsg)
var snowflakeErr *SnowflakeError
if errors.As(err, &snowflakeErr) && (snowflakeErr.Number == 394633 || snowflakeErr.Number == 394507) {
log.Printf("MFA error detected (%d), trying next code...", snowflakeErr.Number)
continue
} else {
log.Printf("Non-MFA error detected: %v", errorMsg)
break
}
}
assertNilF(t, lastError, "failed to connect with any TOTP code")
}