Skip to content

feat: add support for using CDP auth token directly#177

Open
reblem wants to merge 8 commits into
mainfrom
rlemma/support-cdp-auth
Open

feat: add support for using CDP auth token directly#177
reblem wants to merge 8 commits into
mainfrom
rlemma/support-cdp-auth

Conversation

@reblem
Copy link
Copy Markdown
Contributor

@reblem reblem commented Apr 30, 2026

Adds support for using a CDP auth token directly instead of requiring a Core Salesforce token that must be exchanged for a CDP token. The CDP access token is accepted as a Bearer token via new cdpToken and tenantUrl connection properties, and validates the JWT eagerly.

@reblem reblem changed the title feat: add support for using CDP Auth Token directly feat: add support for using CDP auth token directly Apr 30, 2026
@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 30, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 81.48148% with 15 lines in your changes missing coverage. Please review.
✅ Project coverage is 82.67%. Comparing base (f47714f) to head (f6a93ac).

Files with missing lines Patch % Lines
...salesforce/datacloud/jdbc/DataCloudDatasource.java 44.44% 6 Missing and 4 partials ⚠️
...e/datacloud/jdbc/auth/DirectCdpTokenProcessor.java 91.22% 1 Missing and 4 partials ⚠️

❌ Your patch check has failed because the patch coverage (58.33%) is below the target coverage (90.00%). You can increase the patch coverage or adjust the target coverage.

Additional details and impacted files 
@@             Coverage Diff              @@
##               main     #177      +/-   ##
============================================
+ Coverage     82.37%   82.67%   +0.30%     
- Complexity     1871     1896      +25     
============================================
  Files           125      126       +1     
  Lines          5020     5092      +72     
  Branches        540      548       +8     
============================================
+ Hits           4135     4210      +75     
+ Misses          642      634       -8     
- Partials        243      248       +5
Components Coverage Δ
JDBC Core 83.14% <ø> (ø)
JDBC Main 57.42% <58.33%> (+16.72%) ⬆️
JDBC HTTP 90.40% <91.22%> (+0.10%) ⬆️
JDBC Utilities 65.25% <ø> (ø)
Spark Datasource ∅ <ø> (∅)
Files with missing lines Coverage Δ
...cloud/jdbc/interceptor/TokenProcessorSupplier.java 100.00% <100.00%> (+100.00%) ⬆️
...e/datacloud/jdbc/auth/DirectCdpTokenProcessor.java 91.22% <91.22%> (ø)
...salesforce/datacloud/jdbc/DataCloudDatasource.java 50.00% <44.44%> (+9.64%) ⬆️

... and 1 file with indirect coverage changes

Impacted file tree graph

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

KaviarasuSakthivadivel
KaviarasuSakthivadivel requested changes Apr 30, 2026
View reviewed changes
Comment thread jdbc/src/main/java/com/salesforce/datacloud/jdbc/DataCloudDatasource.java Outdated
reblem and others added 8 commits May 15, 2026 10:59
@reblem @KaviarasuSakthivadivel
feat: add support for using CDP Auth Token directly
91a495e
@reblem @KaviarasuSakthivadivel
fix: fix stashing issue and compile issues
d1e55a8
@reblem @KaviarasuSakthivadivel
fix: Remove files added back accidentally
c4c21d3
@reblem @KaviarasuSakthivadivel
fix: fix format violations
5820adb
@KaviarasuSakthivadivel
refactor: collapse duplicate createConnection helpers in DataCloudDat…
01a329d 
…asource

Both the OAuth and direct CDP-token flows built identical auth
interceptor, gRPC channel, stub provider, and DataCloudConnection
wiring. Merge them into a single createConnection that takes the
already-constructed collaborators (TokenProcessorSupplier, host,
userName, lakehouse supplier, dataspaces supplier).
@KaviarasuSakthivadivel
test: cover TokenProcessorSupplier and direct CDP-token connect path
312fd6d 
- TokenProcessorSupplierTest: exercises all three constructors
  (DataCloudTokenProvider, DirectCdpTokenProcessor, raw supplier)
  asserting getToken / getAudience delegate correctly.
- DataCloudJDBCDriverTest: end-to-end DriverManager.getConnection
  via the cdpToken/tenantUrl branch, plus a negative case for an
  invalid JWT.
@KaviarasuSakthivadivel
test: cover token-cache rebuild and supplier exception paths
ea58df1 
- DirectCdpTokenProcessorTest: add cases for the rebuild branch
  (cache cleared, cached-but-expired) and the wrap-on-rebuild-failure
  path. DirectCdpTokenProcessor is now at 100% line/branch coverage.
- TokenProcessorSupplierTest: add cases asserting SneakyThrows
  propagates supplier SQLExceptions through getToken / getAudience.
@KaviarasuSakthivadivel
fix: validate tenantUrl, derive cache TTL from JWT exp, dedupe tests
f6a93ac 
- Validate tenantUrl is a bare hostname (reject scheme/port/path/whitespace)
  so users get a clear error instead of an opaque gRPC connect failure
- Drive cached-token TTL from the JWT exp claim instead of a fixed 3600s
  default, with safe fallback when the JWT can't be parsed
- Drop the brittle reflection-based test that forced an unreachable rebuild
  failure; replace with focused secondsUntilJwtExpiry unit tests
- Collapse the duplicate TokenProcessorSupplier delegation test that
  re-exercised JWT parsing already covered in DirectCdpTokenProcessorTest
- Generate JWTs dynamically in tests so exp stays in the future
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@KaviarasuSakthivadivel KaviarasuSakthivadivel KaviarasuSakthivadivel requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@reblem @KaviarasuSakthivadivel