Skip to content

Commit b849f52

Browse files
committed
SNOW-2306184: config refactor - tests for value masking
1 parent 995f91a commit b849f52

File tree

2 files changed

+38
-7
lines changed

2 files changed

+38
-7
lines changed

src/snowflake/cli/_plugins/connection/commands.py

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -62,6 +62,7 @@
6262
set_config_value,
6363
unset_config_value,
6464
)
65+
from snowflake.cli.api.config_ng.masking import mask_sensitive_value
6566
from snowflake.cli.api.console import cli_console
6667
from snowflake.cli.api.constants import ObjectType
6768
from snowflake.cli.api.output.types import (
@@ -85,12 +86,11 @@ def __repr__(self):
8586
return "optional"
8687

8788

88-
def _mask_sensitive_parameters(connection_params: dict):
89-
if "password" in connection_params:
90-
connection_params["password"] = "****"
91-
if "oauth_client_secret" in connection_params:
92-
connection_params["oauth_client_secret"] = "****"
93-
return connection_params
89+
def mask_sensitive_parameters(connection_params: dict):
90+
return {
91+
key: mask_sensitive_value(key, value)
92+
for key, value in connection_params.items()
93+
}
9494

9595

9696
@app.command(name="list")
@@ -124,7 +124,7 @@ def list_connections(
124124
result = (
125125
{
126126
"connection_name": connection_name,
127-
"parameters": _mask_sensitive_parameters(
127+
"parameters": mask_sensitive_parameters(
128128
connection_config.to_dict_of_known_non_empty_values()
129129
),
130130
"is_default": connection_name == default_connection,

tests/test_connection.py

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,9 @@
2121

2222
import pytest
2323
import tomlkit
24+
from snowflake.cli._plugins.connection import commands as connection_commands
2425
from snowflake.cli.api.config import ConnectionConfig
26+
from snowflake.cli.api.config_ng.masking import MASKED_VALUE
2527
from snowflake.cli.api.constants import ObjectType
2628
from snowflake.cli.api.secret import SecretType
2729

@@ -366,6 +368,35 @@ def test_lists_connection_information(mock_get_default_conn_name, runner):
366368
]
367369

368370

371+
def test_mask_sensitive_parameters_masks_all_known_sensitive_keys():
372+
params = {
373+
"password": "hunter2",
374+
"oauth_client_secret": "secret1",
375+
"token": "token-value",
376+
"session_token": "session",
377+
"master_token": "master",
378+
"private_key_passphrase": "pk-pass",
379+
"mfa_passcode": "code",
380+
"warehouse": "xs",
381+
}
382+
383+
masked = connection_commands.mask_sensitive_parameters(params)
384+
385+
for key in (
386+
"password",
387+
"oauth_client_secret",
388+
"token",
389+
"session_token",
390+
"master_token",
391+
"private_key_passphrase",
392+
"mfa_passcode",
393+
):
394+
assert masked[key] == MASKED_VALUE
395+
396+
assert masked["warehouse"] == "xs"
397+
assert params["password"] == "hunter2"
398+
399+
369400
@mock.patch.dict(
370401
os.environ,
371402
{

0 commit comments

Comments
 (0)