NO-SNOW Add PAT to authenticators allowing empty username, remove handling of PAT in password field (#2264)

Author: sfc-gh-mkubik

src/snowflake/connector/connection.py

@@ -1171,8 +1171,6 @@ def __open_connection(self):
                     backoff_generator=self._backoff_generator,
                 )
             elif self._authenticator == PROGRAMMATIC_ACCESS_TOKEN:
-                if not self._token and self._password:
-                    self._token = self._password
                 self.auth_class = AuthByPAT(self._token)
             elif self._authenticator == WORKLOAD_IDENTITY_AUTHENTICATOR:
                 if ENV_VAR_EXPERIMENTAL_AUTHENTICATION not in os.environ:
@@ -1340,6 +1338,7 @@ def __config(self, **kwargs):
             OAUTH_AUTHENTICATOR,
             NO_AUTH_AUTHENTICATOR,
             WORKLOAD_IDENTITY_AUTHENTICATOR,
+            PROGRAMMATIC_ACCESS_TOKEN,
         }
 
         if not (self._master_token and self._session_token):

test/data/wiremock/mappings/auth/pat/invalid_token.json

@@ -11,7 +11,6 @@
           {
             "equalToJson" : {
               "data": {
-                "LOGIN_NAME": "testUser",
                 "AUTHENTICATOR": "PROGRAMMATIC_ACCESS_TOKEN",
                 "TOKEN": "some PAT"
               }

test/data/wiremock/mappings/auth/pat/successful_flow.json

@@ -11,7 +11,6 @@
           {
             "equalToJson" : {
               "data": {
-                "LOGIN_NAME": "testUser",
                 "AUTHENTICATOR": "PROGRAMMATIC_ACCESS_TOKEN",
                 "TOKEN": "some PAT"
               }

test/unit/test_programmatic_access_token.py

@@ -43,7 +43,6 @@ def test_valid_pat(wiremock_client: WiremockClient) -> None:
     )
 
     cnx = snowflake.connector.connect(
-        user="testUser",
         authenticator=PROGRAMMATIC_ACCESS_TOKEN,
         token="some PAT",
         account="testAccount",
@@ -70,7 +69,6 @@ def test_invalid_pat(wiremock_client: WiremockClient) -> None:
 
     with pytest.raises(snowflake.connector.errors.DatabaseError) as execinfo:
         snowflake.connector.connect(
-            user="testUser",
             authenticator=PROGRAMMATIC_ACCESS_TOKEN,
             token="some PAT",
             account="testAccount",
@@ -80,42 +78,3 @@ def test_invalid_pat(wiremock_client: WiremockClient) -> None:
         )
 
     assert str(execinfo.value).endswith("Programmatic access token is invalid.")
-
-
-@pytest.mark.skipolddriver
-def test_pat_as_password(wiremock_client: WiremockClient) -> None:
-    wiremock_data_dir = (
-        pathlib.Path(__file__).parent.parent
-        / "data"
-        / "wiremock"
-        / "mappings"
-        / "auth"
-        / "pat"
-    )
-
-    wiremock_generic_data_dir = (
-        pathlib.Path(__file__).parent.parent
-        / "data"
-        / "wiremock"
-        / "mappings"
-        / "generic"
-    )
-
-    wiremock_client.import_mapping(wiremock_data_dir / "successful_flow.json")
-    wiremock_client.add_mapping(
-        wiremock_generic_data_dir / "snowflake_disconnect_successful.json"
-    )
-
-    cnx = snowflake.connector.connect(
-        user="testUser",
-        authenticator=PROGRAMMATIC_ACCESS_TOKEN,
-        token=None,
-        password="some PAT",
-        account="testAccount",
-        protocol="http",
-        host=wiremock_client.wiremock_host,
-        port=wiremock_client.wiremock_http_port,
-    )
-
-    assert cnx, "invalid cnx"
-    cnx.close()