PyPI - omnata-plugin-devkit - Versions diffs - 0.13.2a185__tar.gz → 0.13.2a187__tar.gz - Mend

omnata-plugin-devkit 0.13.2a185tar.gz → 0.13.2a187tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (88) hide show

{omnata_plugin_devkit-0.13.2a185 → omnata_plugin_devkit-0.13.2a187}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: omnata-plugin-devkit
-Version: 0.13.2a185
+Version: 0.13.2a187
 Summary:
 License-File: LICENSE
 Author: James Weakley

{omnata_plugin_devkit-0.13.2a185 → omnata_plugin_devkit-0.13.2a187}/pyproject.toml RENAMED Viewed

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "omnata-plugin-devkit"
-version = "0.13.2a185"
+version = "0.13.2a187"
 description = ""
 authors = ["James Weakley <james.weakley@omnata.com>"]
 readme = "README.md"

{omnata_plugin_devkit-0.13.2a185 → omnata_plugin_devkit-0.13.2a187}/src/omnata_plugin_devkit/jinja_templates/CONFIGURE_APIS.sql.jinja RENAMED Viewed

@@ -323,7 +323,8 @@ try{
                                 OBJECT,
                                 VARCHAR,
                                 VARCHAR,
-                                VARCHAR)`
+                                VARCHAR)`,
+        `SET_CONNECTION_OBJECTS(OBJECT)`
             ];
     procsToAlter.forEach(function(procToAlter) {
         var sqlText = `alter procedure ${procToAlter}

omnata_plugin_devkit-0.13.2a187/src/omnata_plugin_devkit/jinja_templates/CREATE_GENERIC_SECRET_OBJECT.sql.jinja ADDED Viewed

@@ -0,0 +1,50 @@
+create or replace procedure PLUGIN.CREATE_GENERIC_SECRET_OBJECT(SECRET_NAME VARCHAR, SECRET_CONTENTS VARCHAR)
+returns object
+language python
+RUNTIME_VERSION = '3.10'
+PACKAGES = ({{packages}})
+HANDLER = 'run'
+COMMENT = $$
+Creates a generic secret object. SECRET_STRING is written via a dollar-quoted
+literal rather than a bind parameter: bind binding for SECRET_STRING = ? was
+observed to interpret backslash escapes inside the value, turning a JSON `\n`
+two-byte escape into a raw LF byte and corrupting the stored JSON. Dollar
+quoting is byte-faithful.
+$$
+execute as owner
+as
+$$
+from logging import getLogger
+logger = getLogger(__name__)
+# Avoid putting two literal dollar signs in this proc body (the body itself
+# is dollar-quoted, so a stray `$$` would close it early).
+_TWO_DOLLARS = "$" + "$"
+def run(session, secret_name, secret_contents):
+   try:
+      if secret_contents is None:
+         secret_contents = ""
+      if _TWO_DOLLARS in secret_contents:
+         raise ValueError(
+            "secret_contents contains '" + _TWO_DOLLARS + "', which is "
+            "currently not supported due to Snowflake delimiter requirements."
+         )
+      sql = (
+         "CREATE OR REPLACE SECRET IDENTIFIER(?) TYPE = GENERIC_STRING "
+         "SECRET_STRING = " + _TWO_DOLLARS + secret_contents + _TWO_DOLLARS
+      )
+      session.sql(sql, params=[secret_name]).collect()
+      session.sql(
+         "grant usage on secret IDENTIFIER(?) to application role OMNATA_MANAGEMENT",
+         params=[secret_name],
+      ).collect()
+      return {"success": True, "data": None}
+   except Exception as e:
+      return {"success": False, "error": f"CREATE_GENERIC_SECRET_OBJECT: {str(e)}"}
+$$
+;
+grant usage on procedure PLUGIN.CREATE_GENERIC_SECRET_OBJECT(VARCHAR, VARCHAR)
+to application role OMNATA_MANAGEMENT;

omnata_plugin_devkit-0.13.2a187/src/omnata_plugin_devkit/jinja_templates/CREATE_GENERIC_SECRET_OBJECT_FROM_EXISTING.sql.jinja ADDED Viewed

@@ -0,0 +1,82 @@
+create or replace procedure PLUGIN.CREATE_GENERIC_SECRET_OBJECT_FROM_EXISTING(
+   SECRET_NAME VARCHAR,
+   SECRET_TO_CLONE VARCHAR,
+   KEYS_TO_INCLUDE ARRAY,
+   NEW_CONTENTS_TO_MERGE VARCHAR DEFAULT NULL
+)
+returns object
+language python
+RUNTIME_VERSION = '3.10'
+PACKAGES = ({{packages}})
+HANDLER = 'run'
+COMMENT = $$
+Creates a generic secret object using an existing secret as the seed.
+  - KEYS_TO_INCLUDE (optional): if provided, restrict the cloned content to
+    these keys before any merging.
+  - NEW_CONTENTS_TO_MERGE (optional): JSON object string whose entries are
+    merged on top of the cloned content (overwriting matching keys). Use
+    this to add or update fields in one shot without a second proc call.
+The write itself is delegated to CREATE_GENERIC_SECRET_OBJECT, which uses a
+dollar-quoted SECRET_STRING literal to avoid bind-parameter escape
+interpretation that corrupts newlines in PEM values.
+$$
+execute as owner
+as
+$$
+import json
+from logging import getLogger
+logger = getLogger(__name__)
+def _call_proc(session, sql, params):
+   rows = session.sql(sql, params=params).collect()
+   if not rows:
+      raise RuntimeError(f"delegate proc returned no rows: {sql}")
+   val = rows[0][0]
+   if isinstance(val, str):
+      try:
+         val = json.loads(val)
+      except json.JSONDecodeError:
+         pass
+   if isinstance(val, dict) and val.get('success') is False:
+      raise RuntimeError(val.get('error') or f"delegate proc failed: {sql}")
+   return val.get('data') if isinstance(val, dict) else val
+def run(session, secret_name, secret_to_clone, keys_to_include, new_contents_to_merge):
+   try:
+      existing = _call_proc(
+         session,
+         "call PLUGIN.RETRIEVE_SECRETS(NULL, ?)",
+         [secret_to_clone],
+      ) or {}
+      if not isinstance(existing, dict):
+         existing = {}
+      if keys_to_include is not None:
+         existing = {k: existing[k] for k in keys_to_include if k in existing}
+      if new_contents_to_merge is not None:
+         try:
+            new_dict = json.loads(new_contents_to_merge)
+         except (TypeError, json.JSONDecodeError) as parse_err:
+            raise ValueError(
+               f"NEW_CONTENTS_TO_MERGE must be a JSON object string: {parse_err}"
+            ) from parse_err
+         if not isinstance(new_dict, dict):
+            raise ValueError("NEW_CONTENTS_TO_MERGE must decode to a JSON object")
+         existing = {**existing, **new_dict}
+      _call_proc(
+         session,
+         "call PLUGIN.CREATE_GENERIC_SECRET_OBJECT(?, ?)",
+         [secret_name, json.dumps(existing)],
+      )
+      return {"success": True, "data": None}
+   except Exception as e:
+      return {
+         "success": False,
+         "error": f"CREATE_GENERIC_SECRET_OBJECT_FROM_EXISTING: {str(e)}",
+      }
+$$
+;
+grant usage on procedure PLUGIN.CREATE_GENERIC_SECRET_OBJECT_FROM_EXISTING(VARCHAR, VARCHAR, ARRAY, VARCHAR)
+to application role OMNATA_MANAGEMENT;

{omnata_plugin_devkit-0.13.2a185 → omnata_plugin_devkit-0.13.2a187}/src/omnata_plugin_devkit/jinja_templates/RETRIEVE_SECRETS_UDF.sql.jinja RENAMED Viewed

@@ -25,13 +25,11 @@ def run(oauth_secret_name,other_secrets_name):
                other_secrets_name
             )
             if len(secret_string_content) > 2:
-               logger.info(f"Raw secret string: {secret_string_content}")
                other_secrets = json.loads(secret_string_content)
                connection_secrets = {
                   **connection_secrets,
                   **other_secrets,
                }
-               logger.info(f"Parsed secret string: {connection_secrets}")
       except Exception as exception:
             logger.error(f"Error parsing secrets content for secret {other_secrets_name}: {str(exception)}")
             raise ValueError(f"Error parsing secrets content: {str(exception)}") from exception

{omnata_plugin_devkit-0.13.2a185 → omnata_plugin_devkit-0.13.2a187}/src/omnata_plugin_devkit/jinja_templates/SET_CONNECTION_OBJECTS.sql.jinja RENAMED Viewed

@@ -45,6 +45,7 @@ execute as owner
 as
 $$
 import json
+import _snowflake
 from logging import getLogger
 from typing import Any, Dict, List, Literal, Optional
 from pydantic import BaseModel, ConfigDict, Field, model_validator
@@ -244,35 +245,20 @@ def run(session, parameters):
          logger.info(f"Executing SQL: {cfg_sql}")
          session.sql(cfg_sql).collect()
-      # (6) Other secrets — seeded from an existing secret and/or caller-supplied values.
+      # (6) Other secrets — read the seed directly via _snowflake.get_generic_secret_string
+      # rather than going through RETRIEVE_SECRETS / CREATE_GENERIC_SECRET_OBJECT_FROM_EXISTING.
+      # The cross-proc VARCHAR bind path was observed to mangle backslash escapes in JSON
+      # payloads; reading the secret in-process avoids any extra hop. The secret must be
+      # bound to this proc by CONFIGURE_APIS — the alias is the unqualified name.
       seed_secrets = {}
       if merge_with_secret_name:
-         # RETRIEVE_SECRETS_UDF reads the secret contents via _snowflake.get_generic_secret_string,
-         # which takes the binding alias (the unqualified name) — not the FQN. The source secret
-         # must already be bound to RETRIEVE_SECRETS_UDF via a prior CONFIGURE_APIS run.
-         # Passing NULL for the OAuth secret name keeps the access_token key out of the returned object.
-         seed_rows = session.sql(
-            "select PLUGIN.RETRIEVE_SECRETS_UDF(NULL, ?)",
-            params=[merge_with_secret_name],
-         ).collect()
-         seed_value = seed_rows[0][0] if seed_rows else None
-         if isinstance(seed_value, str):
-            try:
-               seed_value = json.loads(seed_value)
-            except json.JSONDecodeError:
-               seed_value = None
-         if isinstance(seed_value, dict):
-            seed_secrets = dict(seed_value)
-            logger.info(f"Seeded secret value {seed_secrets}")
+         raw = _snowflake.get_generic_secret_string(merge_with_secret_name)
+         if raw and len(raw) > 2:
+            decoded = json.loads(raw)
+            if isinstance(decoded, dict):
+               seed_secrets = decoded
       if connection_secrets:
-         for k, v in connection_secrets.items():
-            seed_secrets[k] = v
-      # json.dumps emits strict JSON: every U+0000–U+001F byte is escaped, so PEM line breaks
-      # in caller-supplied values land in SECRET_STRING as `\n` (two bytes) rather than as a
-      # raw LF that would later trip strict json.loads on the read paths.
-      logger.info(f"Writing generic secrets, dict: {seed_secrets}")
-      logger.info(f"Writing generic secrets, raw: {json.dumps(seed_secrets)}")
-      json.loads(json.dumps(seed_secrets))
+         seed_secrets.update(connection_secrets)
       _call_proc(
          session,
          "call PLUGIN.CREATE_GENERIC_SECRET_OBJECT(?, ?)",

omnata_plugin_devkit-0.13.2a185/src/omnata_plugin_devkit/jinja_templates/CREATE_GENERIC_SECRET_OBJECT.sql.jinja DELETED Viewed

@@ -1,35 +0,0 @@
-create or replace procedure PLUGIN.CREATE_GENERIC_SECRET_OBJECT(SECRET_NAME VARCHAR,SECRET_CONTENTS VARCHAR)
-   returns object
-   language javascript
-   COMMENT = $$
-   Creates a generic secret object.
-   $$
-   execute as owner
-as
-$$
-try{
-   snowflake.createStatement( {
-      sqlText: `CREATE OR REPLACE SECRET IDENTIFIER(?) TYPE = GENERIC_STRING SECRET_STRING = ?`,
-      binds:[SECRET_NAME,SECRET_CONTENTS]
-   } ).execute();
-   snowflake.createStatement( {
-      sqlText: `grant usage on secret IDENTIFIER(?) to application role OMNATA_MANAGEMENT`,
-      binds:[SECRET_NAME]
-   } ).execute();
-    return {
-        "success": true,
-        "data": null
-    }
-}
-catch(e){
-   return {
-      "success": false,
-      "error": `CREATE_GENERIC_SECRET_OBJECT: ${String(e)}`
-   }
-}
-$$
-;
-grant usage on procedure PLUGIN.CREATE_GENERIC_SECRET_OBJECT(VARCHAR,VARCHAR)
-to application role OMNATA_MANAGEMENT;

omnata_plugin_devkit-0.13.2a185/src/omnata_plugin_devkit/jinja_templates/CREATE_GENERIC_SECRET_OBJECT_FROM_EXISTING.sql.jinja DELETED Viewed

@@ -1,55 +0,0 @@
-create or replace procedure PLUGIN.CREATE_GENERIC_SECRET_OBJECT_FROM_EXISTING(SECRET_NAME VARCHAR,SECRET_TO_CLONE VARCHAR,KEYS_TO_INCLUDE ARRAY)
-   returns object
-   language javascript
-   COMMENT = $$
-   Creates a generic secret object, using an existing object as a starting point.
-   $$
-   execute as owner
-as
-$$
-try{
-   // retrieve the existing secrets
-   var results = snowflake.createStatement( {
-         sqlText: `call RETRIEVE_SECRETS(null,?)`,
-         binds:[SECRET_TO_CLONE]
-      } ).execute();
-   results.next();
-   var procResult = results.getColumnValue(1);
-   if (procResult.success===false){
-      throw procResult.error;
-   }
-   var existingSecrets = procResult.data;
-   if (KEYS_TO_INCLUDE != null){
-      // pick out the specific keys from the KEYS_TO_INCLUDE array
-      existingSecrets = KEYS_TO_INCLUDE.reduce((acc,key) => {
-         acc[key] = existingSecrets[key];
-         return acc;
-      }, {})
-   }
-   // create the secret object by calling the regular proc
-   var results = snowflake.createStatement( {
-         sqlText: `call CREATE_GENERIC_SECRET_OBJECT(?,?)`,
-         binds:[SECRET_NAME,JSON.stringify(existingSecrets)]
-      } ).execute();
-   results.next();
-   var procResult = results.getColumnValue(1);
-   if (procResult.success===false){
-      throw procResult.error;
-   }
-   return {
-      "success": true,
-      "data": null
-   }
-}
-catch(e){
-   return {
-      "success": false,
-      "error": `CREATE_GENERIC_SECRET_OBJECT_FROM_EXISTING: ${String(e)}`
-   }
-}
-$$
-;
-grant usage on procedure PLUGIN.CREATE_GENERIC_SECRET_OBJECT_FROM_EXISTING(VARCHAR,VARCHAR,ARRAY)
-to application role OMNATA_MANAGEMENT;