Skip to content

Commit aae2f0d

Browse files
sfc-gh-pczajkasfc-gh-pczajka
committed
[ASYNC] apply #2281 to async code
1 parent 8e03822 commit aae2f0d

File tree

2 files changed

+25
-2
lines changed

2 files changed

+25
-2
lines changed

src/snowflake/connector/aio/_wif_util.py

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -202,7 +202,10 @@ async def create_azure_attestation(
202202
issuer, subject = extract_iss_and_sub_without_signature_verification(jwt_str)
203203
if not issuer or not subject:
204204
return None
205-
if not issuer.startswith("https://sts.windows.net/"):
205+
if not (
206+
issuer.startswith("https://sts.windows.net/")
207+
or issuer.startswith("https://login.microsoftonline.com/")
208+
):
206209
# This might happen if we're running on a different platform that responds to the same metadata request signature as Azure.
207210
logger.debug("Unexpected Azure token issuer '%s'", issuer)
208211
return None

test/unit/aio/test_auth_workload_identity_async.py

Lines changed: 21 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -261,14 +261,34 @@ async def test_explicit_azure_metadata_server_error_raises_auth_error(exception)
261261

262262

263263
async def test_explicit_azure_wrong_issuer_raises_error(fake_azure_metadata_service):
264-
fake_azure_metadata_service.iss = "not-azure"
264+
fake_azure_metadata_service.iss = "https://notazure.com"
265265

266266
auth_class = AuthByWorkloadIdentity(provider=AttestationProvider.AZURE)
267267
with pytest.raises(ProgrammingError) as excinfo:
268268
await auth_class.prepare()
269269
assert "No workload identity credential was found for 'AZURE'" in str(excinfo.value)
270270

271271

272+
@pytest.mark.parametrize(
273+
"issuer",
274+
[
275+
"https://sts.windows.net/067802cd-8f92-4c7c-bceb-ea8f15d31cc5",
276+
"https://login.microsoftonline.com/067802cd-8f92-4c7c-bceb-ea8f15d31cc5",
277+
"https://login.microsoftonline.com/067802cd-8f92-4c7c-bceb-ea8f15d31cc5/v2.0",
278+
],
279+
ids=["v1", "v2_without_suffix", "v2_with_suffix"],
280+
)
281+
async def test_explicit_azure_v1_and_v2_issuers_accepted(
282+
fake_azure_metadata_service, issuer
283+
):
284+
fake_azure_metadata_service.iss = issuer
285+
286+
auth_class = AuthByWorkloadIdentity(provider=AttestationProvider.AZURE)
287+
await auth_class.prepare()
288+
289+
assert issuer == json.loads(auth_class.assertion_content)["iss"]
290+
291+
272292
async def test_explicit_azure_plumbs_token_to_api(fake_azure_metadata_service):
273293
auth_class = AuthByWorkloadIdentity(provider=AttestationProvider.AZURE)
274294
await auth_class.prepare()

0 commit comments

Comments
 (0)