search

Snowflake-Labs / schemachange

A Database Change Management tool for Snowflake
Apache License 2.0
481 stars 219 forks source link

Schemachange with OKTA snowflake_authenticator https://xx.xx.com not working #181

Closed AnilBakuru closed 10 months ago

AnilBakuru commented 1 year ago

Hi, I am trying to use Schemachange with OKTA snowflake_authenticator https://xx.xx.com but is not working. I am passing SNOWFLAKE_PASSWORD AND SNOWFLAKE_AUTHENTICATOR as environment variables.

I am using GITHB ACTIONS -

- name: Run Snowflake schemachange
  env:
   SNOWFLAKE_ACCOUNT: ${{ env.SNOWFLAKE_ACCOUNT }}
   SNOWFLAKE_ROLE: ${{ env.SNOWFLAKE_ROLE }}
   SNOWFLAKE_USER: ${{ env.SNOWFLAKE_USER }}
   SNOWFLAKE_WAREHOUSE: ${{ env.SNOWFLAKE_WAREHOUSE }}
   SNOWFLAKE_DATABASE: ${{ env.SNOWFLAKE_DATABASE }}
   SNOWFLAKE_PASSWORD: ${{ env.SNOWFLAKE_PASSWORD }}
   SNOWFLAKE_AUTHENTICATOR: ${{ env.SNOWFLAKE_AUTHENTICATOR }}
      # Add other required Snowflake environment v
  run: |
    echo "Running schemachange."
    schemachange \
      -f $GIT_SRC_PATH/snowflake/metadata/CORE_TEST/ \
      -a $SNOWFLAKE_ACCOUNT \
      -r $SNOWFLAKE_ROLE \
      -u $SNOWFLAKE_USER \
      -w $SNOWFLAKE_WAREHOUSE \
      -d $SNOWFLAKE_DATABASE \
      -c ${SNOWFLAKE_DATABASE}.SCHEMACHANGE.CHANGE_HISTORY --create-change-history-table \
      -v

I have verified that all credentials look good. This is our corporate snowflake account.

ERROR- Using variables: {} Using Snowflake account Using default role Using default warehouse Using default database Proceeding with password authentication Traceback (most recent call last): File "/opt/hostedtoolcache/Python/3.8.17/x64/bin/schemachange", line 8, in sys.exit(main()) File "/opt/hostedtoolcache/Python/3.8.17/x64/lib/python3.8/site-packages/schemachange/cli.py", line 865, in main deploy_command(config) File "/opt/hostedtoolcache/Python/3.8.17/x64/lib/python3.8/site-packages/schemachange/cli.py", line 472, in deploy_command session = SnowflakeSchemachangeSession(config) File "/opt/hostedtoolcache/Python/3.8.17/x64/lib/python3.8/site-packages/schemachange/cli.py", line 232, in init self.con = self.authenticate() File "/opt/hostedtoolcache/Python/3.8.17/x64/lib/python3.8/site-packages/schemachange/cli.py", line 329, in authenticate return snowflake.connector.connect(self.conArgs) File "/opt/hostedtoolcache/Python/3.8.17/x64/lib/python3.8/site-packages/snowflake/connector/init.py", line 51, in Connect return SnowflakeConnection(kwargs) File "/opt/hostedtoolcache/Python/3.8.17/x64/lib/python3.8/site-packages/snowflake/connector/connection.py", line 302, in init self.connect(**kwargs) File "/opt/hostedtoolcache/Python/3.8.17/x64/lib/python3.8/site-packages/snowflake/connector/connection.py", line 566, in connect self.__open_connection() File "/opt/hostedtoolcache/Python/3.8.17/x64/lib/python3.8/site-packages/snowflake/connector/connection.py", line 819, in __open_connection self.authenticate_with_retry(self.auth_class) File "/opt/hostedtoolcache/Python/3.8.17/x64/lib/python3.8/site-packages/snowflake/connector/connection.py", line 1075, in authenticate_with_retry self._authenticate(auth_instance) File "/opt/hostedtoolcache/Python/3.8.17/x64/lib/python3.8/site-packages/snowflake/connector/connection.py", line 1096, in _authenticate auth.authenticate( File "/opt/hostedtoolcache/Python/3.8.17/x64/lib/python3.8/site-packages/snowflake/connector/auth/_auth.py", line 396, in authenticate Error.errorhandler_wrapper( File "/opt/hostedtoolcache/Python/3.8.17/x64/lib/python3.8/site-packages/snowflake/connector/errors.py", line 275, in errorhandler_wrapper handed_over = Error.hand_to_other_handler( File "/opt/hostedtoolcache/Python/3.8.17/x64/lib/python3.8/site-packages/snowflake/connector/errors.py", line 333, in hand_to_other_handler connection.errorhandler(connection, cursor, error_class, error_value) File "/opt/hostedtoolcache/Python/3.8.17/x64/lib/python3.8/site-packages/snowflake/connector/errors.py", line 209, in default_errorhandler raise error_class( snowflake.connector.errors.DatabaseError: 250001 (08001): Failed to connect to DB: *:443. Incorrect username or password was specified.** Error: Process completed with exit code 1.

AnilBakuru commented 1 year ago

Hi, Is this repo active?

danielmdubois commented 1 year ago

It looks like there is a problem with the code. If you successfully enter this if block:

    if snowflake_password:
      if self.verbose:
        print(_log_auth_type %  'password' )
      self.conArgs['password'] = snowflake_password

then you'll not hit this elif block:

    elif os.getenv("SNOWFLAKE_AUTHENTICATOR").lower()[:8]=='https://' \
      and os.getenv("SNOWFLAKE_AUTHENTICATOR"):
      okta = os.getenv("SNOWFLAKE_AUTHENTICATOR")
      self.conArgs['authenticator'] = okta

The author stated in PR141 that he did not have an Okta account to test with. So it seems he didn't catch that this use case requires both authenticator and password parameters to the snowflake python connector.

AnilBakuru commented 1 year ago

Hi Daniel, Good find. Unfortunately, it does not look like code base is supported constantly. At this time using this repo into production processes does seem like a good idea.

sfc-gh-jhansen commented 11 months ago

Hey all, I apologize for the slow response here. This project is still active, I've just been wicked busy with work :). Please submit a PR for required code changes and I'll get them out. Thanks!

AnilBakuru commented 11 months ago

Hi Jhansen, I have created a pull request - https://github.com/Snowflake-Labs/schemachange/pull/188

Appreciate your time and help!