Skip to content

Commit 850d001

Browse files
sfc-gh-pczajkasfc-gh-pczajka
committed
[ASYNC] apply #2281 to async code
1 parent c2150f9 commit 850d001

File tree

2 files changed

+25
-2
lines changed

2 files changed

+25
-2
lines changed

src/snowflake/connector/aio/_wif_util.py

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -202,7 +202,10 @@ async def create_azure_attestation(
202202
issuer, subject = extract_iss_and_sub_without_signature_verification(jwt_str)
203203
if not issuer or not subject:
204204
return None
205-
if not issuer.startswith("https://sts.windows.net/"):
205+
if not (
206+
issuer.startswith("https://sts.windows.net/")
207+
or issuer.startswith("https://login.microsoftonline.com/")
208+
):
206209
# This might happen if we're running on a different platform that responds to the same metadata request signature as Azure.
207210
logger.debug("Unexpected Azure token issuer '%s'", issuer)
208211
return None

test/unit/aio/test_auth_workload_identity_async.py

Lines changed: 21 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -271,14 +271,34 @@ async def test_explicit_azure_metadata_server_error_raises_auth_error(exception)
271271

272272

273273
async def test_explicit_azure_wrong_issuer_raises_error(fake_azure_metadata_service):
274-
fake_azure_metadata_service.iss = "not-azure"
274+
fake_azure_metadata_service.iss = "https://notazure.com"
275275

276276
auth_class = AuthByWorkloadIdentity(provider=AttestationProvider.AZURE)
277277
with pytest.raises(ProgrammingError) as excinfo:
278278
await auth_class.prepare()
279279
assert "No workload identity credential was found for 'AZURE'" in str(excinfo.value)
280280

281281

282+
@pytest.mark.parametrize(
283+
"issuer",
284+
[
285+
"https://sts.windows.net/067802cd-8f92-4c7c-bceb-ea8f15d31cc5",
286+
"https://login.microsoftonline.com/067802cd-8f92-4c7c-bceb-ea8f15d31cc5",
287+
"https://login.microsoftonline.com/067802cd-8f92-4c7c-bceb-ea8f15d31cc5/v2.0",
288+
],
289+
ids=["v1", "v2_without_suffix", "v2_with_suffix"],
290+
)
291+
async def test_explicit_azure_v1_and_v2_issuers_accepted(
292+
fake_azure_metadata_service, issuer
293+
):
294+
fake_azure_metadata_service.iss = issuer
295+
296+
auth_class = AuthByWorkloadIdentity(provider=AttestationProvider.AZURE)
297+
await auth_class.prepare()
298+
299+
assert issuer == json.loads(auth_class.assertion_content)["iss"]
300+
301+
282302
async def test_explicit_azure_plumbs_token_to_api(fake_azure_metadata_service):
283303
auth_class = AuthByWorkloadIdentity(provider=AttestationProvider.AZURE)
284304
await auth_class.prepare()

0 commit comments

Comments
 (0)