Merge pull request #56 from keboola/marek-CT-2030-key-pair-root

Update: CT-2030 - Key pair for root user

Author: themark147

.env.dist

@@ -2,6 +2,7 @@ KBC_RUNID=
 SNOWFLAKE_HOST=
 SNOWFLAKE_USER=
 SNOWFLAKE_PASSWORD=
+SNOWFLAKE_KEYPAIR=
 SNOWFLAKE_SCHEMA_KEYPAIR=
 SNOWFLAKE_DATABASE=
 SNOWFLAKE_WAREHOUSE=

.github/workflows/push.yml

@@ -20,6 +20,7 @@ env:
   SNOWFLAKE_WAREHOUSE: "DEV"
   SNOWFLAKE_USER: "DWHM_TRAVIS_TESTS"
   SNOWFLAKE_PASSWORD: "${{ secrets.SNOWFLAKE_PASSWORD }}"
+  SNOWFLAKE_KEYPAIR: "${{ secrets.SNOWFLAKE_KEYPAIR }}"
   SNOWFLAKE_SCHEMA_KEYPAIR: "${{ secrets.SNOWFLAKE_SCHEMA_KEYPAIR }}"
   SNOWFLAKE_DATABASE: "DWHM_TRAVIS_TESTS"
   KBC_RUNID: "runId"
@@ -98,6 +99,7 @@ jobs:
           -e SNOWFLAKE_HOST \
           -e SNOWFLAKE_USER \
           -e SNOWFLAKE_PASSWORD \
+          -e SNOWFLAKE_KEYPAIR \
           -e SNOWFLAKE_SCHEMA_KEYPAIR \
           -e SNOWFLAKE_DATABASE \
           -e SNOWFLAKE_WAREHOUSE \

docker-compose.yml

@@ -8,6 +8,7 @@ services:
       - SNOWFLAKE_HOST
       - SNOWFLAKE_USER
       - SNOWFLAKE_PASSWORD
+      - SNOWFLAKE_KEYPAIR
       - SNOWFLAKE_DATABASE
       - SNOWFLAKE_WAREHOUSE
       - SNOWFLAKE_SCHEMA_KEYPAIR

src/Config.php

@@ -6,13 +6,35 @@
 
 use Couchbase\UserSettings;
 use Keboola\Component\Config\BaseConfig;
+use Keboola\Component\UserException;
 use Keboola\SnowflakeDwhManager\Configuration\Schema;
 use Keboola\SnowflakeDwhManager\Configuration\SchemaDefinition;
 use Keboola\SnowflakeDwhManager\Configuration\User;
 use Keboola\SnowflakeDwhManager\Configuration\UserDefinition;
+use Symfony\Component\Config\Definition\ConfigurationInterface;
 
 class Config extends BaseConfig
 {
+    /**
+     * @inheritDoc
+     */
+    public function __construct(array $config, ?ConfigurationInterface $configDefinition = null)
+    {
+        /** @var array<string, array<string, mixed>> $config */
+        $password = $config['parameters']['#master_password'] ?? '';
+        $keyPair = $config['parameters']['#master_key_pair'] ?? null;
+
+        if (empty($password) && $keyPair === null) {
+            throw new UserException('Either "password" or "keyPair" must be provided.');
+        }
+
+        if (!empty($password) && !empty($keyPair)) {
+            throw new UserException('Both "password" and "keyPair" cannot be set at the same time.');
+        }
+
+        parent::__construct($config, $configDefinition);
+    }
+
     /**
      * @return string[]
      */
@@ -22,6 +44,7 @@ public function getSnowflakeConnectionOptions(): array
             'host' => $this->getValue(['parameters', 'master_host']),
             'user' => $this->getValue(['parameters', 'master_user']),
             'password' => $this->getValue(['parameters', '#master_password']),
+            'keyPair' => $this->getValue(['parameters', '#master_key_pair']),
             'database' => $this->getValue(['parameters', 'master_database']),
             'warehouse' => $this->getValue(['parameters', 'warehouse']),
         ];

src/ConfigDefinition.php

@@ -28,8 +28,10 @@ protected function getParametersDefinition(): ArrayNodeDefinition
                     ->isRequired()
                 ->end()
                 ->scalarNode('#master_password')
-                    ->cannotBeEmpty()
-                    ->isRequired()
+                    ->defaultValue('')
+                ->end()
+                ->scalarNode('#master_key_pair')
+                    ->defaultNull()
                 ->end()
                 ->scalarNode('master_database')
                     ->cannotBeEmpty()

tests/functional/DatadirScenarioTest.php

@@ -142,6 +142,26 @@ private static function getSchema3Config(): array
         ];
     }
 
+    /**
+     * @return array<string, array<mixed>>
+     */
+    private static function getSchema4Config(): array
+    {
+        return [
+            'parameters' => [
+                'master_host' => getenv('SNOWFLAKE_HOST'),
+                'master_user' => getenv('SNOWFLAKE_USER'),
+                '#master_key_pair' => getenv('SNOWFLAKE_KEYPAIR'),
+                'master_database' => getenv('SNOWFLAKE_DATABASE'),
+                'warehouse' => getenv('SNOWFLAKE_WAREHOUSE'),
+                'business_schema' => [
+                    'schema_name' => 'my_dwh_schema4',
+                    'key_pair' => getenv('SNOWFLAKE_SCHEMA_KEYPAIR'),
+                ],
+            ],
+        ];
+    }
+
     protected function getScript(): string
     {
         return $this->getTestFileDir() . '/../../src/run.php';
@@ -168,6 +188,23 @@ private static function getTestConfigs(): array
         ];
     }
 
+    public function testCreateSchemaAsMasterUserWithKeyPair(): void
+    {
+        $schema4config = $this->getConfigFromConfigArray(self::getSchema4Config());
+        $connection = $this->getConnectionForConfig($schema4config);
+
+        self::dropCreatedSchema($connection, $schema4config->getDatabase(), $schema4config->getSchema());
+
+        $this->runAppWithConfig(self::getSchema4Config());
+
+        $userName = implode('_', [$schema4config->getDatabase(), $schema4config->getSchema()->getName()]);
+
+        /** @var array<int, array<string, string|int>> $users */
+        $users = $connection->fetchAll('SHOW USERS LIKE \'%' . $userName . '%\' LIMIT 1');
+
+        self::assertSame('SERVICE', $users[0]['type']);
+    }
+
     public function testCreateSchemaWithKeyPairUser(): void
     {
         $schema3config = $this->getConfigFromConfigArray(self::getSchema3Config());

tests/phpunit/ConfigDefinitionTest.php

@@ -54,6 +54,7 @@ public function provideValidConfigs(): array
                             'disabled' => false,
                             'reset_password' => false,
                         ],
+                        '#master_key_pair' => null,
                     ],
                 ],
                 [
@@ -92,6 +93,7 @@ public function provideValidConfigs(): array
                             'statement_timeout' => 10800,
                             'disabled' => false,
                         ],
+                        '#master_key_pair' => null,
                     ],
                 ],
                 [
@@ -133,6 +135,7 @@ public function provideValidConfigs(): array
                             'disabled' => false,
                             'reset_password' => false,
                         ],
+                        '#master_key_pair' => null,
                     ],
                 ],
                 [
@@ -174,6 +177,7 @@ public function provideValidConfigs(): array
                             'disabled' => false,
                             'reset_password' => false,
                         ],
+                        '#master_key_pair' => null,
                     ],
                 ],
                 [
@@ -208,6 +212,7 @@ public function provideValidConfigs(): array
                             'reset_password' => false,
                             'key_pair' => null,
                         ],
+                        '#master_key_pair' => null,
                     ],
                 ],
                 [
@@ -237,6 +242,7 @@ public function provideValidConfigs(): array
                             'reset_password' => false,
                             'key_pair' => null,
                         ],
+                        '#master_key_pair' => null,
                     ],
                 ],
                 [
@@ -267,6 +273,7 @@ public function provideValidConfigs(): array
                             'statement_timeout' => 10800,
                             'key_pair' => null,
                         ],
+                        '#master_key_pair' => null,
                     ],
                 ],
                 [
@@ -468,22 +475,6 @@ public function provideInvalidConfigs(): array
                     ],
                 ],
             ],
-            'empty master_password' => [
-                InvalidConfigurationException::class,
-                'The path "root.parameters.#master_password" cannot contain an empty value',
-                [
-                    'parameters' => [
-                        'master_host' => 'host',
-                        'master_user' => 'user',
-                        '#master_password' => '',
-                        'master_database' => 'database',
-                        'warehouse' => 'warehouse',
-                        'user' => [
-                            'email' => '[email protected]',
-                        ],
-                    ],
-                ],
-            ],
             'empty master_database' => [
                 InvalidConfigurationException::class,
                 'The path "root.parameters.master_database" cannot contain an empty value',

tests/phpunit/ConfigTest.php

@@ -4,11 +4,13 @@
 
 namespace Keboola\SnowflakeDwhManager\Tests;
 
+use Keboola\Component\UserException;
 use Keboola\SnowflakeDwhManager\Config;
 use Keboola\SnowflakeDwhManager\ConfigDefinition;
 use Keboola\SnowflakeDwhManager\Configuration\Schema;
 use Keboola\SnowflakeDwhManager\Configuration\User;
 use PHPUnit\Framework\TestCase;
+use Throwable;
 
 class ConfigTest extends TestCase
 {
@@ -61,4 +63,59 @@ public function testGetSchema(): void
         $this->assertInstanceOf(Schema::class, $schema);
         $this->assertSame('dwh1', $schema->getName());
     }
+
+    /**
+     * @param class-string<Throwable> $exceptionClass
+     * @param array<string, array<class-string|string|array<mixed>>> $rawConfig
+     *
+     * @dataProvider invalidConfigsDataProvider
+     */
+    public function testInvalidConfigs(string $exceptionClass, string $exceptionMessage, array $rawConfig): void
+    {
+        self::expectException($exceptionClass);
+        self::expectExceptionMessage($exceptionMessage);
+        new Config($rawConfig, new ConfigDefinition());
+    }
+
+    /**
+     * @return array<string, array<class-string|string|array<mixed>>>
+     */
+    public static function invalidConfigsDataProvider(): array
+    {
+        return [
+            'empty master_password & master_key_pair' => [
+                UserException::class,
+                'Either "password" or "keyPair" must be provided.',
+                [
+                    'parameters' => [
+                        'master_host' => 'host',
+                        'master_user' => 'user',
+                        '#master_password' => '',
+                        'master_database' => 'database',
+                        'warehouse' => 'warehouse',
+                        'user' => [
+                            'email' => '[email protected]',
+                        ],
+                    ],
+                ],
+            ],
+            'master_password & master_key_pair' => [
+                UserException::class,
+                'Both "password" and "keyPair" cannot be set at the same time.',
+                [
+                    'parameters' => [
+                        'master_host' => 'host',
+                        'master_user' => 'user',
+                        '#master_password' => 'gr3eatpassword',
+                        '#master_key_pair' => getenv('SNOWFLAKE_KEYPAIR'),
+                        'master_database' => 'database',
+                        'warehouse' => 'warehouse',
+                        'user' => [
+                            'email' => '[email protected]',
+                        ],
+                    ],
+                ],
+            ],
+        ];
+    }
 }