snowflake-cli-labs 3.0.0rc0__py3-none-any.whl → 3.0.0rc1__py3-none-any.whl

snowflake/cli/api/project/definition_conversion.py

@@ -0,0 +1,194 @@
+import logging
+from pathlib import Path
+from typing import Any, Dict, Literal, Optional
+
+from click import ClickException
+from snowflake.cli._plugins.snowpark.common import is_name_a_templated_one
+from snowflake.cli.api.constants import (
+    DEFAULT_ENV_FILE,
+    DEFAULT_PAGES_DIR,
+    PROJECT_TEMPLATE_VARIABLE_OPENING,
+    SNOWPARK_SHARED_MIXIN,
+)
+from snowflake.cli.api.project.schemas.project_definition import (
+    ProjectDefinition,
+    ProjectDefinitionV2,
+)
+from snowflake.cli.api.project.schemas.snowpark.callable import (
+    FunctionSchema,
+    ProcedureSchema,
+)
+from snowflake.cli.api.project.schemas.snowpark.snowpark import Snowpark
+from snowflake.cli.api.project.schemas.streamlit.streamlit import Streamlit
+
+log = logging.getLogger(__name__)
+
+
+def convert_project_definition_to_v2(
+    pd: ProjectDefinition, accept_templates: bool = False
+) -> ProjectDefinitionV2:
+    _check_if_project_definition_meets_requirements(pd, accept_templates)
+
+    snowpark_data = convert_snowpark_to_v2_data(pd.snowpark) if pd.snowpark else {}
+    streamlit_data = convert_streamlit_to_v2_data(pd.streamlit) if pd.streamlit else {}
+    envs = convert_envs_to_v2(pd)
+
+    data = {
+        "definition_version": "2",
+        "entities": get_list_of_all_entities(
+            snowpark_data.get("entities", {}), streamlit_data.get("entities", {})
+        ),
+        "mixins": snowpark_data.get("mixins", None),
+        "env": envs,
+    }
+
+    return ProjectDefinitionV2(**data)
+
+
+def convert_snowpark_to_v2_data(snowpark: Snowpark) -> Dict[str, Any]:
+    artifact_mapping = {"src": snowpark.src}
+    if snowpark.project_name:
+        artifact_mapping["dest"] = snowpark.project_name
+
+    data: dict = {
+        "mixins": {
+            SNOWPARK_SHARED_MIXIN: {
+                "stage": snowpark.stage_name,
+                "artifacts": [artifact_mapping],
+            }
+        },
+        "entities": {},
+    }
+
+    for index, entity in enumerate([*snowpark.procedures, *snowpark.functions]):
+        identifier = {"name": entity.name}
+        if entity.database is not None:
+            identifier["database"] = entity.database
+        if entity.schema_name is not None:
+            identifier["schema"] = entity.schema_name
+
+        entity_name = (
+            f"snowpark_entity_{index}"
+            if is_name_a_templated_one(entity.name)
+            else entity.name
+        )
+
+        if entity_name in data["entities"]:
+            raise ClickException(
+                f"Entity with name {entity_name} seems to be duplicated. Please rename it and try again."
+            )
+
+        v2_entity = {
+            "type": "function" if isinstance(entity, FunctionSchema) else "procedure",
+            "stage": snowpark.stage_name,
+            "handler": entity.handler,
+            "returns": entity.returns,
+            "signature": entity.signature,
+            "runtime": entity.runtime,
+            "external_access_integrations": entity.external_access_integrations,
+            "secrets": entity.secrets,
+            "imports": entity.imports,
+            "identifier": identifier,
+            "meta": {"use_mixins": [SNOWPARK_SHARED_MIXIN]},
+        }
+        if isinstance(entity, ProcedureSchema):
+            v2_entity["execute_as_caller"] = entity.execute_as_caller
+
+        data["entities"][entity_name] = v2_entity
+
+    return data
+
+
+def convert_streamlit_to_v2_data(streamlit: Streamlit):
+    # Process env file and pages dir
+    environment_file = _process_streamlit_files(streamlit.env_file, "environment")
+    pages_dir = _process_streamlit_files(streamlit.pages_dir, "pages")
+
+    # Build V2 definition
+    artifacts = [
+        streamlit.main_file,
+        environment_file,
+        pages_dir,
+    ]
+    artifacts = [a for a in artifacts if a is not None]
+
+    if streamlit.additional_source_files:
+        artifacts.extend(streamlit.additional_source_files)
+
+    identifier = {"name": streamlit.name}
+    if streamlit.schema_name:
+        identifier["schema"] = streamlit.schema_name
+    if streamlit.database:
+        identifier["database"] = streamlit.database
+
+    streamlit_name = (
+        "streamlit_entity_1"
+        if is_name_a_templated_one(streamlit.name)
+        else streamlit.name
+    )
+
+    data = {
+        "entities": {
+            streamlit_name: {
+                "type": "streamlit",
+                "identifier": identifier,
+                "title": streamlit.title,
+                "query_warehouse": streamlit.query_warehouse,
+                "main_file": str(streamlit.main_file),
+                "pages_dir": str(streamlit.pages_dir),
+                "stage": streamlit.stage,
+                "artifacts": artifacts,
+            }
+        }
+    }
+    return data
+
+
+def convert_envs_to_v2(pd: ProjectDefinition):
+    if hasattr(pd, "env") and pd.env:
+        data = {k: v for k, v in pd.env.items()}
+        return data
+    return None
+
+
+def _check_if_project_definition_meets_requirements(
+    pd: ProjectDefinition, accept_templates: bool
+):
+    if pd.meets_version_requirement("2"):
+        raise ClickException("Project definition is already at version 2.")
+
+    if PROJECT_TEMPLATE_VARIABLE_OPENING in str(pd):
+        if not accept_templates:
+            raise ClickException(
+                "Project definition contains templates. They may not be migrated correctly, and require manual migration."
+                "You can try again with --accept-templates  option, to attempt automatic migration."
+            )
+        log.warning(
+            "Your V1 definition contains templates. We cannot guarantee the correctness of the migration."
+        )
+    if pd.native_app:
+        raise ClickException(
+            "Your project file contains a native app definition. Conversion of Native apps is not yet supported"
+        )
+
+
+def _process_streamlit_files(
+    file_name: Optional[str], file_type: Literal["pages", "environment"]
+):
+    default = DEFAULT_PAGES_DIR if file_type == "pages" else DEFAULT_ENV_FILE
+
+    if file_name and not Path(file_name).exists():
+        raise ClickException(f"Provided file {file_name} does not exist")
+    elif file_name is None and Path(default).exists():
+        file_name = default
+    return file_name
+
+
+def get_list_of_all_entities(
+    snowpark_entities: Dict[str, Any], streamlit_entities: Dict[str, Any]
+):
+    if snowpark_entities.keys() & streamlit_entities.keys():
+        raise ClickException(
+            "In your project, streamlit and snowpark entities share the same name. Please rename them and try again."
+        )
+    return snowpark_entities | streamlit_entities

snowflake/cli/api/project/schemas/entities/application_package_entity_model.py

@@ -75,3 +75,20 @@ class ApplicationPackageEntityModel(EntityModelBase):
         if isinstance(input_value, Identifier):
             return input_value.model_copy(update=dict(name=with_suffix))
         return with_suffix
+
+    @field_validator("artifacts")
+    @classmethod
+    def transform_artifacts(
+        cls, orig_artifacts: List[Union[PathMapping, str]]
+    ) -> List[PathMapping]:
+        transformed_artifacts = []
+        if orig_artifacts is None:
+            return transformed_artifacts
+
+        for artifact in orig_artifacts:
+            if isinstance(artifact, PathMapping):
+                transformed_artifacts.append(artifact)
+            else:
+                transformed_artifacts.append(PathMapping(src=artifact))
+
+        return transformed_artifacts

snowflake/cli/api/project/schemas/project_definition.py

@@ -19,7 +19,6 @@ from typing import Any, Dict, List, Optional, Union
 
 from packaging.version import Version
 from pydantic import Field, ValidationError, field_validator, model_validator
-from snowflake.cli.api.feature_flags import FeatureFlag
 from snowflake.cli.api.project.errors import SchemaValidationError
 from snowflake.cli.api.project.schemas.entities.application_entity_model import (
     ApplicationEntityModel,
@@ -244,9 +243,7 @@ ProjectDefinition = Union[ProjectDefinitionV1, ProjectDefinitionV2]
 
 
 def get_version_map():
-    version_map = {"1": DefinitionV10, "1.1": DefinitionV11}
-    if FeatureFlag.ENABLE_PROJECT_DEFINITION_V2.is_enabled():
-        version_map["2"] = DefinitionV20
+    version_map = {"1": DefinitionV10, "1.1": DefinitionV11, "2": DefinitionV20}
     return version_map
 
 

snowflake/cli/api/rendering/jinja.py

@@ -82,7 +82,7 @@ class IgnoreAttrEnvironment(Environment):
             return self.undefined(obj=obj, name=argument)
 
 
-def _get_jinja_env(loader: Optional[loaders.BaseLoader] = None) -> Environment:
+def get_basic_jinja_env(loader: Optional[loaders.BaseLoader] = None) -> Environment:
     return env_bootstrap(
         IgnoreAttrEnvironment(
             loader=loader or loaders.BaseLoader(),
@@ -92,20 +92,6 @@ def _get_jinja_env(loader: Optional[loaders.BaseLoader] = None) -> Environment:
     )
 
 
-def jinja_render_from_str(template_content: str, data: Dict[str, Any]) -> str:
-    """
-    Renders a jinja template and outputs either the rendered contents as string or writes to a file.
-
-    Args:
-        template_content (str): template contents
-        data (dict): A dictionary of jinja variables and their actual values
-
-    Returns:
-        None if file path is provided, else returns the rendered string.
-    """
-    return _get_jinja_env().from_string(template_content).render(data)
-
-
 def jinja_render_from_file(
     template_path: Path, data: Dict[str, Any], output_file_path: Optional[Path] = None
 ) -> Optional[str]:
@@ -120,7 +106,7 @@ def jinja_render_from_file(
     Returns:
         None if file path is provided, else returns the rendered string.
     """
-    env = _get_jinja_env(
+    env = get_basic_jinja_env(
         loader=loaders.FileSystemLoader(template_path.parent.as_posix())
     )
     loaded_template = env.get_template(template_path.name)

snowflake/cli/api/rendering/project_definition_templates.py

@@ -24,7 +24,7 @@ _YML_TEMPLATE_START = "<%"
 _YML_TEMPLATE_END = "%>"
 
 
-def get_project_definition_cli_jinja_env() -> Environment:
+def get_client_side_jinja_env() -> Environment:
     _random_block = "___very___unique___block___to___disable___logic___blocks___"
     return env_bootstrap(
         IgnoreAttrEnvironment(

snowflake/cli/api/rendering/sql_templates.py

@@ -14,7 +14,7 @@
 
 from __future__ import annotations
 
-from typing import Dict
+from typing import Dict, Optional
 
 from click import ClickException
 from jinja2 import Environment, StrictUndefined, loaders, meta
@@ -55,19 +55,22 @@ def _does_template_have_env_syntax(env: Environment, template_content: str) -> b
     return bool(meta.find_undeclared_variables(template))
 
 
-def choose_sql_jinja_env_based_on_template_syntax(template_content: str) -> Environment:
+def choose_sql_jinja_env_based_on_template_syntax(
+    template_content: str, reference_name: Optional[str] = None
+) -> Environment:
     old_syntax_env = _get_sql_jinja_env(_OLD_SQL_TEMPLATE_START, _OLD_SQL_TEMPLATE_END)
     new_syntax_env = _get_sql_jinja_env(_SQL_TEMPLATE_START, _SQL_TEMPLATE_END)
     has_old_syntax = _does_template_have_env_syntax(old_syntax_env, template_content)
     has_new_syntax = _does_template_have_env_syntax(new_syntax_env, template_content)
+    reference_name_str = f" in {reference_name}" if reference_name else ""
     if has_old_syntax and has_new_syntax:
         raise InvalidTemplate(
-            f"The SQL query mixes {_OLD_SQL_TEMPLATE_START} ... {_OLD_SQL_TEMPLATE_END} syntax"
+            f"The SQL query{reference_name_str} mixes {_OLD_SQL_TEMPLATE_START} ... {_OLD_SQL_TEMPLATE_END} syntax"
             f" and {_SQL_TEMPLATE_START} ... {_SQL_TEMPLATE_END} syntax."
         )
     if has_old_syntax:
         cli_console.warning(
-            f"Warning: {_OLD_SQL_TEMPLATE_START} ... {_OLD_SQL_TEMPLATE_END} syntax is deprecated."
+            f"Warning: {_OLD_SQL_TEMPLATE_START} ... {_OLD_SQL_TEMPLATE_END} syntax{reference_name_str} is deprecated."
             f" Use {_SQL_TEMPLATE_START} ... {_SQL_TEMPLATE_END} syntax instead."
         )
         return old_syntax_env

snowflake/cli/api/secure_path.py

@@ -24,6 +24,12 @@ from pathlib import Path
 from typing import Optional, Union
 
 from snowflake.cli.api.exceptions import DirectoryIsNotEmptyError, FileTooLargeError
+from snowflake.cli.api.secure_utils import (
+    chmod as secure_chmod,
+)
+from snowflake.cli.api.secure_utils import (
+    restrict_file_permissions,
+)
 
 log = logging.getLogger(__name__)
 
@@ -47,6 +53,12 @@ class SecurePath:
         """
         return self._path
 
+    def chmod(self, permissions_mask: int) -> None:
+        """
+        Change the file mode and permissions, like os.chmod().
+        """
+        secure_chmod(self._path, permissions_mask)
+
     @property
     def parent(self):
         """
@@ -97,28 +109,11 @@ class SecurePath:
         """A string representing the final path component."""
         return self._path.name
 
-    def chmod(self, permissions_mask: int) -> None:
-        """
-        Change the file mode and permissions, like os.chmod().
-        """
-        log.info(
-            "Update permissions of file %s to %s", self._path, oct(permissions_mask)
-        )
-        self._path.chmod(permissions_mask)
-
     def restrict_permissions(self) -> None:
         """
         Restrict file/directory permissions to owner-only.
         """
-        import stat
-
-        owner_permissions = (
-            # https://docs.python.org/3/library/stat.html
-            stat.S_IRUSR  # readable by owner
-            | stat.S_IWUSR  # writeable by owner
-            | stat.S_IXUSR  # executable by owner
-        )
-        self.chmod(self._path.stat().st_mode & owner_permissions)
+        restrict_file_permissions(self._path)
 
     def touch(self, permissions_mask: int = 0o600, exist_ok: bool = True) -> None:
         """

snowflake/cli/api/secure_utils.py

@@ -12,11 +12,64 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+import logging
 import stat
 from pathlib import Path
+from typing import List
 
+from snowflake.connector.compat import IS_WINDOWS
 
-def file_permissions_are_strict(file_path: Path) -> bool:
+log = logging.getLogger(__name__)
+
+
+def _get_windows_whitelisted_users():
+    # whitelisted users list obtained in consultation with prodsec: CASEC-9627
+    import os
+
+    return [
+        "SYSTEM",
+        "Administrators",
+        "Network",
+        "Domain Admins",
+        "Domain Users",
+        os.getlogin(),
+    ]
+
+
+def _run_icacls(file_path: Path) -> str:
+    import subprocess
+
+    return subprocess.check_output(["icacls", str(file_path)], text=True)
+
+
+def _windows_permissions_are_denied(permission_codes: str) -> bool:
+    # according to https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/icacls
+    return "(DENY)" in permission_codes or "(N)" in permission_codes
+
+
+def windows_get_not_whitelisted_users_with_access(file_path: Path) -> List[str]:
+    import re
+
+    # according to https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/icacls
+    icacls_output_regex = (
+        rf"({re.escape(str(file_path))})?.*\\(?P<user>.*):(?P<permissions>[(A-Z),]+)"
+    )
+    whitelisted_users = _get_windows_whitelisted_users()
+
+    users_with_access = []
+    for permission in re.finditer(icacls_output_regex, _run_icacls(file_path)):
+        if (permission.group("user") not in whitelisted_users) and (
+            not _windows_permissions_are_denied(permission.group("permissions"))
+        ):
+            users_with_access.append(permission.group("user"))
+    return list(set(users_with_access))
+
+
+def _windows_file_permissions_are_strict(file_path: Path) -> bool:
+    return windows_get_not_whitelisted_users_with_access(file_path) == []
+
+
+def _unix_file_permissions_are_strict(file_path: Path) -> bool:
     accessible_by_others = (
         # https://docs.python.org/3/library/stat.html
         stat.S_IRGRP  # readable by group
@@ -27,3 +80,39 @@ def file_permissions_are_strict(file_path: Path) -> bool:
         | stat.S_IXOTH  # executable by others
     )
     return (file_path.stat().st_mode & accessible_by_others) == 0
+
+
+def file_permissions_are_strict(file_path: Path) -> bool:
+    if IS_WINDOWS:
+        return _windows_file_permissions_are_strict(file_path)
+    return _unix_file_permissions_are_strict(file_path)
+
+
+def chmod(path: Path, permissions_mask: int) -> None:
+    log.info("Update permissions of file %s to %s", path, oct(permissions_mask))
+    path.chmod(permissions_mask)
+
+
+def _unix_restrict_file_permissions(path: Path) -> None:
+    owner_permissions = (
+        # https://docs.python.org/3/library/stat.html
+        stat.S_IRUSR  # readable by owner
+        | stat.S_IWUSR  # writeable by owner
+        | stat.S_IXUSR  # executable by owner
+    )
+    chmod(path, path.stat().st_mode & owner_permissions)
+
+
+def _windows_restrict_file_permissions(path: Path) -> None:
+    import subprocess
+
+    for user in windows_get_not_whitelisted_users_with_access(path):
+        log.info("Removing permissions of user %s from file %s", user, path)
+        subprocess.run(["icacls", str(path), "/DENY", f"{user}:F"])
+
+
+def restrict_file_permissions(file_path: Path) -> None:
+    if IS_WINDOWS:
+        _windows_restrict_file_permissions(file_path)
+    else:
+        _unix_restrict_file_permissions(file_path)

snowflake/cli/api/sql_execution.py

@@ -97,6 +97,13 @@ class SqlExecutor:
                 f"Could not use {object_type} {name}. Object does not exist, or operation cannot be performed."
             )
 
+    def current_role(self) -> str:
+        *_, cursor = self._execute_string(
+            "select current_role()", cursor_class=DictCursor
+        )
+        role_result = cursor.fetchone()
+        return role_result["CURRENT_ROLE()"]
+
     @contextmanager
     def use_role(self, new_role: str):
         """
@@ -117,6 +124,12 @@ class SqlExecutor:
             if is_different_role:
                 self._execute_query(f"use role {prev_role}")
 
+    def session_has_warehouse(self) -> bool:
+        result = self._execute_query(
+            "select current_warehouse() is not null as result", cursor_class=DictCursor
+        ).fetchone()
+        return bool(result.get("RESULT"))
+
     @contextmanager
     def use_warehouse(self, new_wh: str):
         """

snowflake/cli/api/utils/definition_rendering.py

@@ -28,7 +28,7 @@ from snowflake.cli.api.project.schemas.project_definition import (
 from snowflake.cli.api.project.schemas.updatable_model import context
 from snowflake.cli.api.rendering.jinja import CONTEXT_KEY, FUNCTION_KEY
 from snowflake.cli.api.rendering.project_definition_templates import (
-    get_project_definition_cli_jinja_env,
+    get_client_side_jinja_env,
 )
 from snowflake.cli.api.utils.dict_utils import deep_merge_dicts, traverse
 from snowflake.cli.api.utils.graph import Graph, Node
@@ -96,7 +96,7 @@ class TemplatedEnvironment:
             )
             or current_attr_chain is not None
         ):
-            raise InvalidTemplate(f"Unexpected templating syntax in {template_value}")
+            raise InvalidTemplate(f"Unexpected template syntax in {template_value}")
 
         for child_node in ast_node.iter_child_nodes():
             all_referenced_vars.update(
@@ -318,7 +318,7 @@ def render_definition_template(
     if definition is None:
         return ProjectProperties(None, {CONTEXT_KEY: {"env": environment_overrides}})
 
-    template_env = TemplatedEnvironment(get_project_definition_cli_jinja_env())
+    template_env = TemplatedEnvironment(get_client_side_jinja_env())
 
     if "definition_version" not in definition or Version(
         definition["definition_version"]
@@ -353,9 +353,7 @@ def render_definition_template(
     )
 
     def on_cycle_action(node: Node[TemplateVar]):
-        raise CycleDetectedError(
-            f"Cycle detected in templating variable {node.data.key}"
-        )
+        raise CycleDetectedError(f"Cycle detected in template variable {node.data.key}")
 
     dependencies_graph.dfs(
         visit_action=lambda node: _render_graph_node(template_env, node),

{snowflake_cli_labs-3.0.0rc0.dist-info → snowflake_cli_labs-3.0.0rc1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: snowflake-cli-labs
-Version: 3.0.0rc0
+Version: 3.0.0rc1
 Summary: Snowflake CLI
 Project-URL: Source code, https://github.com/snowflakedb/snowflake-cli
 Project-URL: Bug Tracker, https://github.com/snowflakedb/snowflake-cli/issues
@@ -225,14 +225,14 @@ Requires-Dist: pluggy==1.5.0
 Requires-Dist: pydantic==2.8.2
 Requires-Dist: pyyaml==6.0.1
 Requires-Dist: requests==2.32.3
-Requires-Dist: requirements-parser==0.10.2
+Requires-Dist: requirements-parser==0.11.0
 Requires-Dist: rich==13.7.1
-Requires-Dist: setuptools==70.3.0
-Requires-Dist: snowflake-connector-python[secure-local-storage]==3.12.0
+Requires-Dist: setuptools==74.1.0
+Requires-Dist: snowflake-connector-python[secure-local-storage]==3.12.1
 Requires-Dist: snowflake-core==0.8.0; python_version < '3.12'
 Requires-Dist: snowflake-snowpark-python>=1.15.0; python_version < '3.12'
 Requires-Dist: tomlkit==0.13.2
-Requires-Dist: typer==0.12.4
+Requires-Dist: typer==0.12.5
 Requires-Dist: urllib3<2.3,>=1.24.3
 Provides-Extra: development
 Requires-Dist: coverage==7.6.1; extra == 'development'