Merge branch 'master' into SNOW-1943242-jdbc-caches-closeablehttpclient-indefinitely

Author: sfc-gh-ext-simba-vb

src/main/java/net/snowflake/client/core/SessionUtil.java

@@ -391,6 +391,9 @@ private static boolean isNativeOAuthOriginalAuthenticator(SFLoginInput loginInpu
 
   private static WorkloadIdentityAttestation getWorkloadIdentityAttestation(SFLoginInput loginInput)
       throws SFException {
+    if (loginInput.getWorkloadIdentityProvider() == null) {
+      return null;
+    }
     WorkloadIdentityAttestationProvider attestationProvider =
         new WorkloadIdentityAttestationProvider(
             new AwsIdentityAttestationCreator(new AwsAttestationService()),

src/main/java/net/snowflake/client/core/auth/wif/WorkloadIdentityAttestationProvider.java

@@ -1,7 +1,5 @@
 package net.snowflake.client.core.auth.wif;
 
-import com.google.common.base.Strings;
-import java.util.function.Supplier;
 import net.snowflake.client.core.SFException;
 import net.snowflake.client.core.SnowflakeJdbcInternalApi;
 import net.snowflake.client.jdbc.ErrorCode;
@@ -31,12 +29,7 @@ public WorkloadIdentityAttestationProvider(
   }
 
   public WorkloadIdentityAttestation getAttestation(String identityProvider) throws SFException {
-    if (Strings.isNullOrEmpty(identityProvider)) {
-      logger.debug("Workload Identity Provider has not been specified. Using autodetect...");
-      return createAutodetectAttestation();
-    } else {
-      return getCreator(identityProvider).createAttestation();
-    }
+    return getCreator(identityProvider).createAttestation();
   }
 
   WorkloadIdentityAttestationCreator getCreator(String identityProvider) throws SFException {
@@ -54,48 +47,4 @@ WorkloadIdentityAttestationCreator getCreator(String identityProvider) throws SF
           "Unknown Workload Identity provider specified: " + identityProvider);
     }
   }
-
-  private WorkloadIdentityAttestation createAutodetectAttestation() throws SFException {
-    WorkloadIdentityAttestation oidcAttestation =
-        getAttestationForAutodetect(
-            oidcAttestationCreator::createAttestation, WorkloadIdentityProviderType.OIDC);
-    if (oidcAttestation != null) {
-      return oidcAttestation;
-    }
-    WorkloadIdentityAttestation awsAttestation =
-        getAttestationForAutodetect(
-            awsAttestationCreator::createAttestation, WorkloadIdentityProviderType.AWS);
-    if (awsAttestation != null) {
-      return awsAttestation;
-    }
-    WorkloadIdentityAttestation gcpAttestation =
-        getAttestationForAutodetect(
-            gcpAttestationCreator::createAttestation, WorkloadIdentityProviderType.GCP);
-    if (gcpAttestation != null) {
-      return gcpAttestation;
-    }
-    WorkloadIdentityAttestation azureAttestation =
-        getAttestationForAutodetect(
-            azureAttestationCreator::createAttestation, WorkloadIdentityProviderType.AZURE);
-    if (azureAttestation != null) {
-      return azureAttestation;
-    }
-    throw new SFException(
-        ErrorCode.WORKLOAD_IDENTITY_FLOW_ERROR,
-        "Unable to autodetect Workload Identity. None of supported Workload Identity environments has been identified.");
-  }
-
-  /**
-   * Method needed in case of autodetect feature. Drivers has to keep on trying next WIF providers,
-   * even if exceptions are thrown
-   */
-  private WorkloadIdentityAttestation getAttestationForAutodetect(
-      Supplier<WorkloadIdentityAttestation> supplier, WorkloadIdentityProviderType providerType) {
-    try {
-      return supplier.get();
-    } catch (Exception e) {
-      logger.debug("Unable to create identity attestation for {}, error: {}", providerType, e);
-      return null;
-    }
-  }
 }

src/main/java/net/snowflake/client/jdbc/cloud/storage/S3HttpUtil.java

@@ -4,6 +4,8 @@
 
 import com.amazonaws.ClientConfiguration;
 import com.amazonaws.Protocol;
+import com.amazonaws.ProxyAuthenticationMethod;
+import java.util.Arrays;
 import java.util.Properties;
 import net.snowflake.client.core.HttpClientSettingsKey;
 import net.snowflake.client.core.HttpProtocol;
@@ -50,6 +52,10 @@ public static void setProxyForS3(HttpClientSettingsKey key, ClientConfiguration
                 + SFLoggerUtil.isVariableProvided(key.getProxyPassword());
         clientConfig.setProxyUsername(key.getProxyUser());
         clientConfig.setProxyPassword(key.getProxyPassword());
+        // Force the use of BASIC authentication only for proxy authentication
+        // This ensures that when multiple authentication schemes are offered by the proxy
+        // (e.g., NEGOTIATE, NTLM, BASIC), we only use BASIC authentication
+        clientConfig.setProxyAuthenticationMethods(Arrays.asList(ProxyAuthenticationMethod.BASIC));
       }
       logger.debug(logMessage);
     } else {
@@ -116,6 +122,11 @@ public static void setSessionlessProxyForS3(
           logMessage += ", user: " + proxyUser + " with password provided";
           clientConfig.setProxyUsername(proxyUser);
           clientConfig.setProxyPassword(proxyPassword);
+          // Force the use of BASIC authentication only for proxy authentication
+          // This ensures that when multiple authentication schemes are offered by the proxy
+          // (e.g., NEGOTIATE, NTLM, BASIC), we only use BASIC authentication
+          clientConfig.setProxyAuthenticationMethods(
+              Arrays.asList(ProxyAuthenticationMethod.BASIC));
         }
         logger.debug(logMessage);
       } else {

src/test/java/net/snowflake/client/core/auth/wif/WorkloadIdentityAttestationProviderTest.java

@@ -1,9 +1,6 @@
 package net.snowflake.client.core.auth.wif;
 
 import static net.snowflake.client.core.auth.wif.WorkloadIdentityProviderType.AWS;
-import static net.snowflake.client.core.auth.wif.WorkloadIdentityProviderType.AZURE;
-import static net.snowflake.client.core.auth.wif.WorkloadIdentityProviderType.GCP;
-import static net.snowflake.client.core.auth.wif.WorkloadIdentityProviderType.OIDC;
 
 import java.util.HashMap;
 import net.snowflake.client.core.SFException;
@@ -53,72 +50,4 @@ public void shouldCreateProperAttestationCreatorByType() throws SFException {
     Assertions.assertThrows(
         SFException.class, () -> provider.getCreator("UNKNOWN_IDENTITY_PROVIDER"));
   }
-
-  @Test
-  public void shouldAutodetectAwsProvider() throws SFException {
-    WorkloadIdentityAttestationProvider provider = createMockProvider(AWS);
-    WorkloadIdentityAttestation attestation = provider.getAttestation(null);
-
-    Assertions.assertNotNull(attestation);
-    Assertions.assertEquals(AWS, attestation.getProvider());
-    Assertions.assertEquals("aws_cred", attestation.getCredential());
-  }
-
-  @Test
-  public void shouldAutodetectGCPProvider() throws SFException {
-    WorkloadIdentityAttestationProvider provider = createMockProvider(GCP);
-    WorkloadIdentityAttestation attestation = provider.getAttestation(null);
-
-    Assertions.assertNotNull(attestation);
-    Assertions.assertEquals(WorkloadIdentityProviderType.GCP, attestation.getProvider());
-    Assertions.assertEquals("gcp_cred", attestation.getCredential());
-  }
-
-  @Test
-  public void shouldAutodetectAzureProvider() throws SFException {
-    WorkloadIdentityAttestationProvider provider = createMockProvider(AZURE);
-    WorkloadIdentityAttestation attestation = provider.getAttestation(null);
-
-    Assertions.assertNotNull(attestation);
-    Assertions.assertEquals(WorkloadIdentityProviderType.AZURE, attestation.getProvider());
-    Assertions.assertEquals("azure_cred", attestation.getCredential());
-  }
-
-  @Test
-  public void shouldAutodetectOidcProvider() throws SFException {
-    WorkloadIdentityAttestationProvider provider = createMockProvider(OIDC);
-    WorkloadIdentityAttestation attestation = provider.getAttestation(null);
-    Assertions.assertNotNull(attestation);
-    Assertions.assertEquals(WorkloadIdentityProviderType.OIDC, attestation.getProvider());
-    Assertions.assertEquals("oidc_cred", attestation.getCredential());
-  }
-
-  WorkloadIdentityAttestationProvider createMockProvider(
-      WorkloadIdentityProviderType actualPresentType) {
-    AwsIdentityAttestationCreator aws = Mockito.mock(AwsIdentityAttestationCreator.class);
-    Mockito.when(aws.createAttestation())
-        .thenReturn(
-            actualPresentType == AWS
-                ? new WorkloadIdentityAttestation(AWS, "aws_cred", new HashMap<>())
-                : null);
-    GcpIdentityAttestationCreator gcp = Mockito.mock(GcpIdentityAttestationCreator.class);
-    Mockito.when(gcp.createAttestation())
-        .thenReturn(
-            actualPresentType == GCP
-                ? new WorkloadIdentityAttestation(GCP, "gcp_cred", new HashMap<>())
-                : null);
-    OidcIdentityAttestationCreator oidc = Mockito.mock(OidcIdentityAttestationCreator.class);
-    Mockito.when(oidc.createAttestation())
-        .thenReturn(
-            actualPresentType == OIDC
-                ? new WorkloadIdentityAttestation(OIDC, "oidc_cred", new HashMap<>())
-                : null);
-    AzureIdentityAttestationCreator azure = Mockito.mock(AzureIdentityAttestationCreator.class);
-    Mockito.when(azure.createAttestation())
-        .thenReturn(
-            actualPresentType == AZURE
-                ? new WorkloadIdentityAttestation(AZURE, "azure_cred", new HashMap<>())
-                : null);
-    return new WorkloadIdentityAttestationProvider(aws, gcp, azure, oidc);
-  }
 }

src/test/java/net/snowflake/client/wif/WIFLatestIT.java

@@ -33,14 +33,6 @@ public class WIFLatestIT {
   private static final String HOST = System.getenv("SNOWFLAKE_TEST_WIF_HOST");
   private static final String PROVIDER = System.getenv("SNOWFLAKE_TEST_WIF_PROVIDER");
 
-  @Test
-  void shouldAuthenticateUsingWIFWithProviderDetection() {
-    Properties properties = new Properties();
-    properties.put("account", ACCOUNT);
-    properties.put("authenticator", "WORKLOAD_IDENTITY");
-    connectAndExecuteSimpleQuery(properties);
-  }
-
   @Test
   void shouldAuthenticateUsingWIFWithDefinedProvider() {
     Properties properties = new Properties();