Merge branch 'main' into npeshkov/separate_redirect_and_socket

Author: sfc-gh-mmishchenko

.github/workflows/parameters/private/parameters_aws_auth_tests.json.gpg

@@ -7,6 +7,14 @@ https://docs.snowflake.com/
 Source code is also available at: https://github.com/snowflakedb/snowflake-connector-python
 
 # Release Notes
+- v3.16.1(TBD)
+  - Added in-band OCSP exception telemetry.
+  - Added `APPLICATION_PATH` within `CLIENT_ENVIRONMENT` to distinguish between multiple scripts using the PythonConnector in the same environment.
+  - Disabled token caching for OAuth Client Credentials authentication
+  - Added in-band HTTP exception telemetry.
+  - Fixed a bug where timezoned timestamps fetched as pandas.DataFrame or pyarrow.Table would overflow for the sake of unnecessary precision. In the case where an overflow cannot be prevented a clear error will be raised now.
+  - Fix OAuth authenticator values.
+
 - v3.16.0(July 04,2025)
   - Bumped numpy dependency from <2.1.0 to <=2.2.4.
   - Added Windows support for Python 3.13.

DESCRIPTION.md

@@ -23,5 +23,5 @@ docker run \
   -v $(cd $THIS_DIR/.. && pwd):/mnt/host \
   -v $WORKSPACE:/mnt/workspace \
   --rm \
-  nexus.int.snowflakecomputing.com:8086/docker/snowdrivers-test-external-browser-python:1 \
+    nexus.int.snowflakecomputing.com:8086/docker/snowdrivers-test-external-browser-python:2 \
   "/mnt/host/ci/container/test_authentication.sh"

ci/test_authentication.sh

@@ -2,6 +2,7 @@
 
 import string
 from enum import Enum
+from inspect import stack
 from random import choice
 from threading import Timer
 from uuid import UUID
@@ -32,6 +33,15 @@ class TempObjectType(Enum):
 
 REQUEST_ID_STATEMENT_PARAM_NAME = "requestId"
 
+# Default server side cap on Degree of Parallelism for file transfer
+# This default value is set to 2^30 (~ 10^9), such that it will not
+# throttle regular sessions.
+_DEFAULT_VALUE_SERVER_DOP_CAP_FOR_FILE_TRANSFER = 1 << 30
+# Variable name of server DoP cap for file transfer
+_VARIABLE_NAME_SERVER_DOP_CAP_FOR_FILE_TRANSFER = (
+    "snowflake_server_dop_cap_for_file_transfer"
+)
+
 
 def generate_random_alphanumeric(length: int = 10) -> str:
     return "".join(choice(ALPHANUMERIC) for _ in range(length))
@@ -60,6 +70,15 @@ def is_uuid4(str_or_uuid: str | UUID) -> bool:
     return uuid_str == str_or_uuid
 
 
+def _snowflake_max_parallelism_for_file_transfer(connection):
+    """Returns the server side cap on max parallelism for file transfer for the given connection."""
+    return getattr(
+        connection,
+        f"_{_VARIABLE_NAME_SERVER_DOP_CAP_FOR_FILE_TRANSFER}",
+        _DEFAULT_VALUE_SERVER_DOP_CAP_FOR_FILE_TRANSFER,
+    )
+
+
 class _TrackedQueryCancellationTimer(Timer):
     def __init__(self, interval, function, args=None, kwargs=None):
         super().__init__(interval, function, args, kwargs)
@@ -68,3 +87,12 @@ def __init__(self, interval, function, args=None, kwargs=None):
     def run(self):
         super().run()
         self.executed = True
+
+
+def get_application_path() -> str:
+    """Get the path of the application script using the connector."""
+    try:
+        outermost_frame = stack()[-1]
+        return outermost_frame.filename
+    except Exception:
+        return "unknown"

src/snowflake/connector/_utils.py

@@ -17,6 +17,7 @@
     load_pem_private_key,
 )
 
+from .._utils import get_application_path
 from ..compat import urlencode
 from ..constants import (
     DAY_IN_SECONDS,
@@ -110,6 +111,7 @@ def base_auth_data(
                 "LOGIN_NAME": user,
                 "CLIENT_ENVIRONMENT": {
                     "APPLICATION": application,
+                    "APPLICATION_PATH": get_application_path(),
                     "OS": OPERATING_SYSTEM,
                     "OS_VERSION": PLATFORM,
                     "PYTHON_VERSION": PYTHON_VERSION,

src/snowflake/connector/auth/_auth.py

@@ -50,7 +50,7 @@ class AuthType(Enum):
     ID_TOKEN = "ID_TOKEN"
     USR_PWD_MFA = "USERNAME_PASSWORD_MFA"
     OKTA = "OKTA"
-    PAT = "PROGRAMMATIC_ACCESS_TOKEN'"
+    PAT = "PROGRAMMATIC_ACCESS_TOKEN"
     NO_AUTH = "NO_AUTH"
     WORKLOAD_IDENTITY = "WORKLOAD_IDENTITY"
     PAT_WITH_EXTERNAL_SESSION = "PAT_WITH_EXTERNAL_SESSION"

src/snowflake/connector/auth/by_plugin.py

@@ -8,7 +8,6 @@
 from typing import TYPE_CHECKING, Any
 
 from ..constants import OAUTH_TYPE_CLIENT_CREDENTIALS
-from ..token_cache import TokenCache
 from ._oauth_base import AuthByOAuthBase
 
 if TYPE_CHECKING:
@@ -27,8 +26,6 @@ def __init__(
         client_secret: str,
         token_request_url: str,
         scope: str,
-        token_cache: TokenCache | None = None,
-        refresh_token_enabled: bool = False,
         connection: SnowflakeConnection | None = None,
         **kwargs,
     ) -> None:
@@ -38,8 +35,8 @@ def __init__(
             client_secret=client_secret,
             token_request_url=token_request_url,
             scope=scope,
-            token_cache=token_cache,
-            refresh_token_enabled=refresh_token_enabled,
+            token_cache=None,
+            refresh_token_enabled=False,
             **kwargs,
         )
         self._application = application

src/snowflake/connector/auth/oauth_credentials.py

@@ -13,6 +13,7 @@ def __init__(self, pat_token: str, **kwargs) -> None:
         super().__init__(**kwargs)
         self._pat_token: str | None = pat_token
 
+    @property
     def type_(self) -> AuthType:
         return AuthType.PAT
 

src/snowflake/connector/auth/pat.py

@@ -29,6 +29,10 @@
 
 from . import errors, proxy
 from ._query_context_cache import QueryContextCache
+from ._utils import (
+    _DEFAULT_VALUE_SERVER_DOP_CAP_FOR_FILE_TRANSFER,
+    _VARIABLE_NAME_SERVER_DOP_CAP_FOR_FILE_TRANSFER,
+)
 from .auth import (
     FIRST_PARTY_AUTHENTICATORS,
     Auth,
@@ -369,6 +373,14 @@ def _get_private_bytes_from_file(
         str,
         # SNOW-2096721: External (Spark) session ID
     ),
+    "unsafe_file_write": (
+        False,
+        bool,
+    ),  # SNOW-1944208: add unsafe write flag
+    _VARIABLE_NAME_SERVER_DOP_CAP_FOR_FILE_TRANSFER: (
+        _DEFAULT_VALUE_SERVER_DOP_CAP_FOR_FILE_TRANSFER,  # default value
+        int,  # type
+    ),  # snowflake internal
 }
 
 APPLICATION_RE = re.compile(r"[\w\d_]+")
@@ -1252,12 +1264,6 @@ def __open_connection(self):
                         host=self.host, port=self.port
                     ),
                     scope=self._oauth_scope,
-                    token_cache=(
-                        auth.get_token_cache()
-                        if self._client_store_temporary_credential
-                        else None
-                    ),
-                    refresh_token_enabled=self._oauth_enable_refresh_tokens,
                     connection=self,
                 )
             elif self._authenticator == USR_PWD_MFA_AUTHENTICATOR:
@@ -1402,11 +1408,6 @@ def __config(self, **kwargs):
             if "host" not in kwargs:
                 self._host = construct_hostname(kwargs.get("region"), self._account)
 
-        if "unsafe_file_write" in kwargs:
-            self._unsafe_file_write = kwargs["unsafe_file_write"]
-        else:
-            self._unsafe_file_write = False
-
         logger.info(
             f"Connecting to {_DOMAIN_NAME_MAP.get(extract_top_level_domain_from_hostname(self._host), 'GLOBAL')} Snowflake domain"
         )

src/snowflake/connector/connection.py

@@ -37,6 +37,8 @@
 _TOP_LEVEL_DOMAIN_REGEX = r"\.[a-zA-Z]{1,63}$"
 _SNOWFLAKE_HOST_SUFFIX_REGEX = r"snowflakecomputing(\.[a-zA-Z]{1,63}){1,2}$"
 
+_PARAM_USE_SCOPED_TEMP_FOR_PANDAS_TOOLS = "ENABLE_FIX_1375538"
+
 
 class FieldType(NamedTuple):
     name: str
@@ -438,5 +440,5 @@ class IterUnit(Enum):
 )
 
 _OAUTH_DEFAULT_SCOPE = "session:role:{role}"
-OAUTH_TYPE_AUTHORIZATION_CODE = "authorization_code"
-OAUTH_TYPE_CLIENT_CREDENTIALS = "client_credentials"
+OAUTH_TYPE_AUTHORIZATION_CODE = "oauth_authorization_code"
+OAUTH_TYPE_CLIENT_CREDENTIALS = "oauth_client_credentials"