snowflakedb
diff --git a/‎.gitignore‎
Lines changed: 5 additions & 0 deletions b/‎.gitignore‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎DESCRIPTION.md‎
Lines changed: 4 additions & 0 deletions b/‎DESCRIPTION.md‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎Jenkinsfile‎
Lines changed: 12 additions & 0 deletions b/‎Jenkinsfile‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎ci/container/test_authentication.sh‎
Lines changed: 0 additions & 1 deletion b/‎ci/container/test_authentication.sh‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎ci/test_wif.sh‎
Lines changed: 79 additions & 0 deletions b/‎ci/test_wif.sh‎
Lines changed: 79 additions & 0 deletions
diff --git a/‎ci/wif/parameters/parameters_wif.json.gpg‎
294 Bytes b/‎ci/wif/parameters/parameters_wif.json.gpg‎
294 Bytes
diff --git a/‎ci/wif/parameters/rsa_wif_aws_azure.gpg‎
344 Bytes b/‎ci/wif/parameters/rsa_wif_aws_azure.gpg‎
344 Bytes
diff --git a/‎ci/wif/parameters/rsa_wif_gcp.gpg‎
356 Bytes b/‎ci/wif/parameters/rsa_wif_gcp.gpg‎
356 Bytes
diff --git a/‎ci/wif/test_wif.sh‎
Lines changed: 11 additions & 0 deletions b/‎ci/wif/test_wif.sh‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎src/snowflake/connector/_utils.py‎
Lines changed: 10 additions & 0 deletions b/‎src/snowflake/connector/_utils.py‎
Lines changed: 10 additions & 0 deletions
@@ -129,3 +129,8 @@ src/snowflake/connector/nanoarrow_cpp/ArrowIterator/nanoarrow_arrow_iterator.cpp
 # Prober files
 prober/parameters.json
 prober/snowflake_prober.egg-info/
+
+# SSH private key for WIF tests
+ci/wif/parameters/rsa_wif_aws_azure
+ci/wif/parameters/rsa_wif_gcp
+ci/wif/parameters/parameters_wif.json
@@ -16,8 +16,12 @@ Source code is also available at: https://github.com/snowflakedb/snowflake-conne
 
 - v3.16.1(TBD)
   - Added in-band OCSP exception telemetry.
+  - Added `APPLICATION_PATH` within `CLIENT_ENVIRONMENT` to distinguish between multiple scripts using the PythonConnector in the same environment.
+  - Disabled token caching for OAuth Client Credentials authentication
   - Added in-band HTTP exception telemetry.
   - Fixed a bug where timezoned timestamps fetched as pandas.DataFrame or pyarrow.Table would overflow for the sake of unnecessary precision. In the case where an overflow cannot be prevented a clear error will be raised now.
+  - Fix OAuth authenticator values.
+  - Add `unsafe_skip_file_permissions_check` flag to skip file permissions check on cache and config.
 
 - v3.16.0(July 04,2025)
   - Bumped numpy dependency from <2.1.0 to <=2.2.4.
 
@@ -71,6 +71,18 @@ timestamps {
             '''.stripMargin()
           }
         }
+      },
+      'Test WIF': {
+        stage('Test WIF') {
+          withCredentials([
+            string(credentialsId: 'sfctest0-parameters-secret', variable: 'PARAMETERS_SECRET')
+          ]) {
+            sh '''\
+            |#!/bin/bash -e
+            |$WORKSPACE/ci/test_wif.sh
+            '''.stripMargin()
+          }
+        }
       }
     )
   }
 
@@ -6,7 +6,6 @@ set -o pipefail
 export WORKSPACE=${WORKSPACE:-/mnt/workspace}
 export SOURCE_ROOT=${SOURCE_ROOT:-/mnt/host}
 
-MVNW_EXE=$SOURCE_ROOT/mvnw
 AUTH_PARAMETER_FILE=./.github/workflows/parameters/private/parameters_aws_auth_tests.json
 eval $(jq -r '.authtestparams | to_entries | map("export \(.key)=\(.value|tostring)")|.[]' $AUTH_PARAMETER_FILE)
 
 
@@ -0,0 +1,79 @@
+#!/bin/bash -e
+
+set -o pipefail
+
+export THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+export RSA_KEY_PATH_AWS_AZURE="$THIS_DIR/wif/parameters/rsa_wif_aws_azure"
+export RSA_KEY_PATH_GCP="$THIS_DIR/wif/parameters/rsa_wif_gcp"
+export PARAMETERS_FILE_PATH="$THIS_DIR/wif/parameters/parameters_wif.json"
+
+run_tests_and_set_result() {
+  local provider="$1"
+  local host="$2"
+  local snowflake_host="$3"
+  local rsa_key_path="$4"
+
+  ssh -i "$rsa_key_path" -o IdentitiesOnly=yes -p 443 "$host" env BRANCH="$BRANCH" SNOWFLAKE_TEST_WIF_HOST="$snowflake_host" SNOWFLAKE_TEST_WIF_PROVIDER="$provider" SNOWFLAKE_TEST_WIF_ACCOUNT="$SNOWFLAKE_TEST_WIF_ACCOUNT" bash << EOF
+      set -e
+      set -o pipefail
+      docker run \
+        --rm \
+        -e BRANCH \
+        -e SNOWFLAKE_TEST_WIF_PROVIDER \
+        -e SNOWFLAKE_TEST_WIF_HOST \
+        -e SNOWFLAKE_TEST_WIF_ACCOUNT \
+        snowflakedb/client-python-test:1 \
+          bash -c "
+            echo 'Running tests on branch: \$BRANCH'
+            if [[ \"\$BRANCH\" =~ ^PR-[0-9]+\$ ]]; then
+              curl -L https://github.com/snowflakedb/snowflake-connector-python/archive/refs/pull/\$(echo \$BRANCH | cut -d- -f2)/head.tar.gz | tar -xz
+              mv snowflake-connector-python-* snowflake-connector-python
+            else
+              curl -L https://github.com/snowflakedb/snowflake-connector-python/archive/refs/heads/\$BRANCH.tar.gz | tar -xz
+              mv snowflake-connector-python-\$BRANCH snowflake-connector-python
+            fi
+            cd snowflake-connector-python
+            bash ci/wif/test_wif.sh
+          "
+EOF
+  local status=$?
+
+  if [[ $status -ne 0 ]]; then
+    echo "$provider tests failed with exit status: $status"
+    EXIT_STATUS=1
+  else
+    echo "$provider tests passed"
+  fi
+}
+
+get_branch() {
+  local branch
+  branch=$(git rev-parse --abbrev-ref HEAD)
+  if [[ "$branch" == "HEAD" ]]; then
+    branch=$(git name-rev --name-only HEAD | sed 's#^remotes/origin/##;s#^origin/##')
+  fi
+  echo "$branch"
+}
+
+setup_parameters() {
+  gpg --quiet --batch --yes --decrypt --passphrase="$PARAMETERS_SECRET" --output "$RSA_KEY_PATH_AWS_AZURE" "${RSA_KEY_PATH_AWS_AZURE}.gpg"
+  gpg --quiet --batch --yes --decrypt --passphrase="$PARAMETERS_SECRET" --output "$RSA_KEY_PATH_GCP" "${RSA_KEY_PATH_GCP}.gpg"
+  chmod 600 "$RSA_KEY_PATH_AWS_AZURE"
+  chmod 600 "$RSA_KEY_PATH_GCP"
+  gpg --quiet --batch --yes --decrypt --passphrase="$PARAMETERS_SECRET" --output "$PARAMETERS_FILE_PATH" "${PARAMETERS_FILE_PATH}.gpg"
+  eval $(jq -r '.wif | to_entries | map("export \(.key)=\(.value|tostring)")|.[]' $PARAMETERS_FILE_PATH)
+}
+
+BRANCH=$(get_branch)
+export BRANCH
+setup_parameters
+
+# Run tests for all cloud providers
+EXIT_STATUS=0
+set +e  # Don't exit on first failure
+run_tests_and_set_result "AZURE" "$HOST_AZURE" "$SNOWFLAKE_TEST_WIF_HOST_AZURE" "$RSA_KEY_PATH_AWS_AZURE"
+run_tests_and_set_result "AWS" "$HOST_AWS" "$SNOWFLAKE_TEST_WIF_HOST_AWS" "$RSA_KEY_PATH_AWS_AZURE"
+run_tests_and_set_result "GCP" "$HOST_GCP" "$SNOWFLAKE_TEST_WIF_HOST_GCP" "$RSA_KEY_PATH_GCP"
+set -e  # Re-enable exit on error
+echo "Exit status: $EXIT_STATUS"
+exit $EXIT_STATUS
@@ -0,0 +1,11 @@
+#!/bin/bash -e
+
+set -o pipefail
+
+export SF_OCSP_TEST_MODE=true
+export SF_ENABLE_EXPERIMENTAL_AUTHENTICATION=true
+export RUN_WIF_TESTS=true
+
+/opt/python/cp39-cp39/bin/python -m pip install --break-system-packages -e .
+/opt/python/cp39-cp39/bin/python -m pip install --break-system-packages pytest
+/opt/python/cp39-cp39/bin/python -m pytest test/wif/*
@@ -2,6 +2,7 @@
 
 import string
 from enum import Enum
+from inspect import stack
 from random import choice
 from threading import Timer
 from uuid import UUID
@@ -86,3 +87,12 @@ def __init__(self, interval, function, args=None, kwargs=None):
     def run(self):
         super().run()
         self.executed = True
+
+
+def get_application_path() -> str:
+    """Get the path of the application script using the connector."""
+    try:
+        outermost_frame = stack()[-1]
+        return outermost_frame.filename
+    except Exception:
+        return "unknown"
Original file line number	Diff line number	Diff line change
`@@ -71,6 +71,18 @@ timestamps {`
`71`	`71`	`'''.stripMargin()`
`72`	`72`	`}`
`73`	`73`	`}`
	`74`	`+ },`
	`75`	`+ 'Test WIF': {`
	`76`	`+ stage('Test WIF') {`
	`77`	`+ withCredentials([`
	`78`	`+ string(credentialsId: 'sfctest0-parameters-secret', variable: 'PARAMETERS_SECRET')`
	`79`	`+ ]) {`
	`80`	`+ sh '''\`
	`81`	`+ \|#!/bin/bash -e`
	`82`	`+ \|$WORKSPACE/ci/test_wif.sh`
	`83`	`+ '''.stripMargin()`
	`84`	`+ }`
	`85`	`+ }`
`74`	`86`	`}`
`75`	`87`	`)`
`76`	`88`	`}`