snowflake-cli-labs 3.0.0rc4__py3-none-any.whl → 3.0.1__py3-none-any.whl

snowflake/cli/api/rest_api.py

@@ -1,178 +0,0 @@
-# Copyright (c) 2024 Snowflake Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-from __future__ import annotations
-
-import json
-import logging
-from typing import Any, Dict, Optional
-
-from click import ClickException
-from snowflake.cli.api.constants import SF_REST_API_URL_PREFIX
-from snowflake.connector.connection import SnowflakeConnection
-from snowflake.connector.errors import BadRequest
-from snowflake.connector.network import SnowflakeRestful
-from snowflake.connector.vendored.requests.exceptions import HTTPError
-
-log = logging.getLogger(__name__)
-
-
-def _pluralize_object_type(object_type: str) -> str:
-    """
-    Pluralize object type without depending on OBJECT_TO_NAMES.
-    """
-    if object_type.endswith("y"):
-        return object_type[:-1].lower() + "ies"
-    else:
-        return object_type.lower() + "s"
-
-
-class RestApi:
-    def __init__(self, connection: SnowflakeConnection):
-        self.conn = connection
-        self.rest: SnowflakeRestful = connection.rest
-
-    def get_endpoint_exists(self, url: str) -> bool:
-        """
-        Check whether [get] endpoint exists under given URL.
-        """
-        try:
-            self.send_rest_request(url, method="get")
-            return True
-        except HTTPError as err:
-            if err.response.status_code == 404:
-                return False
-            raise err
-
-    def _fetch_endpoint_exists(self, url: str) -> bool:
-        try:
-            result = self.send_rest_request(url, method="get")
-            return bool(result)
-        except BadRequest:
-            return False
-        except HTTPError as err:
-            if err.response.status_code == 404:
-                return False
-            raise err
-
-    def send_rest_request(
-        self, url: str, method: str, data: Optional[Dict[str, Any]] = None
-    ):
-        """
-        Executes rest request via snowflake.connector.network.SnowflakeRestful
-        """
-        # SnowflakeRestful.request assumes that API response is always a dict,
-        # which is not true in case of this API, so we need to do this workaround:
-        from snowflake.connector.network import (
-            CONTENT_TYPE_APPLICATION_JSON,
-            HTTP_HEADER_ACCEPT,
-            HTTP_HEADER_CONTENT_TYPE,
-            HTTP_HEADER_USER_AGENT,
-            PYTHON_CONNECTOR_USER_AGENT,
-        )
-
-        log.debug("Sending %s request to %s", method, url)
-        full_url = f"{self.rest.server_url}{url}"
-        headers = {
-            HTTP_HEADER_CONTENT_TYPE: CONTENT_TYPE_APPLICATION_JSON,
-            HTTP_HEADER_ACCEPT: CONTENT_TYPE_APPLICATION_JSON,
-            HTTP_HEADER_USER_AGENT: PYTHON_CONNECTOR_USER_AGENT,
-        }
-        return self.rest.fetch(
-            method=method,
-            full_url=full_url,
-            headers=headers,
-            token=self.rest.token,
-            data=json.dumps(data if data else {}),
-            no_retry=True,
-            raise_raw_http_failure=True,
-        )
-
-    def _database_exists(self, db_name: str) -> bool:
-        url = f"{SF_REST_API_URL_PREFIX}/databases/{db_name}"
-        return self._fetch_endpoint_exists(url)
-
-    def _schema_exists(self, db_name: str, schema_name: str) -> bool:
-        url = f"{SF_REST_API_URL_PREFIX}/databases/{db_name}/schemas/{schema_name}"
-        return self._fetch_endpoint_exists(url)
-
-    def determine_url_for_create_query(self, object_type: str) -> str:
-        """
-        Determine an url for creating an object of given type via REST API.
-        If URL cannot be determined, the function throws CannotDetermineCreateURLException exception.
-
-        URLs we check:
-         * /api/v2/<type>/
-         * /api/v2/databases/<database>/<type>/
-         * /api/v2/databases/<database>/schemas/<schema>/<type>/
-
-         We assume that the URLs for CREATE and LIST are the same for every type of object
-         (endpoints differ by method: POST vs GET, accordingly).
-         To check whether an URL exists, we send read-only GET request (LIST endpoint,
-         which should imply CREATE endpoint).
-        """
-        plural_object_type = _pluralize_object_type(object_type)
-
-        if self.get_endpoint_exists(
-            url := f"{SF_REST_API_URL_PREFIX}/{plural_object_type}/"
-        ):
-            return url
-
-        db = self.conn.database
-        if not db:
-            raise DatabaseNotDefinedException(
-                "Database not defined in connection. Please try again with `--database` flag."
-            )
-        if not self._database_exists(db):
-            raise DatabaseNotExistsException(f"Database '{db}' does not exist.")
-        if self.get_endpoint_exists(
-            url := f"{SF_REST_API_URL_PREFIX}/databases/{db}/{plural_object_type}/"
-        ):
-            return url
-
-        schema = self.conn.schema
-        if not schema:
-            raise SchemaNotDefinedException(
-                "Schema not defined in connection. Please try again with `--schema` flag."
-            )
-        if not self._schema_exists(db_name=db, schema_name=schema):
-            raise SchemaNotExistsException(f"Schema '{schema}' does not exist.")
-        if self.get_endpoint_exists(
-            url := f"{SF_REST_API_URL_PREFIX}/databases/{self.conn.database}/schemas/{self.conn.schema}/{plural_object_type}/"
-        ):
-            return url
-
-        raise CannotDetermineCreateURLException(
-            f"Create operation for type {object_type} is not supported. Try using `sql -q 'CREATE ...'` command."
-        )
-
-
-class DatabaseNotDefinedException(ClickException):
-    pass
-
-
-class SchemaNotDefinedException(ClickException):
-    pass
-
-
-class DatabaseNotExistsException(ClickException):
-    pass
-
-
-class SchemaNotExistsException(ClickException):
-    pass
-
-
-class CannotDetermineCreateURLException(ClickException):
-    pass

snowflake/cli/api/sanitizers.py

@@ -1,43 +0,0 @@
-# Copyright (c) 2024 Snowflake Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-from __future__ import annotations
-
-import re
-
-# 7-bit C1 ANSI sequences
-_ANSI_ESCAPE = re.compile(
-    r"""
-    \x1B  # ESC
-    (?:   # 7-bit C1 Fe (except CSI)
-        [@-Z\\-_]
-    |     # or [ for CSI, followed by a control sequence
-        \[
-        [0-?]*  # Parameter bytes
-        [ -/]*  # Intermediate bytes
-        [@-~]   # Final byte
-    )
-""",
-    re.VERBOSE,
-)
-
-
-def sanitize_for_terminal(text: str) -> str | None:
-    """
-    Escape ASCII escape codes in string. This should be always used
-    when printing output to terminal.
-    """
-    if text is None:
-        return None
-    return _ANSI_ESCAPE.sub("", text)

snowflake/cli/api/secure_path.py

@@ -1,360 +0,0 @@
-# Copyright (c) 2024 Snowflake Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-from __future__ import annotations
-
-import errno
-import logging
-import os
-import shutil
-import tempfile
-from contextlib import contextmanager
-from pathlib import Path
-from typing import Optional, Union
-
-from snowflake.cli.api.exceptions import DirectoryIsNotEmptyError, FileTooLargeError
-from snowflake.cli.api.secure_utils import (
-    chmod as secure_chmod,
-)
-from snowflake.cli.api.secure_utils import (
-    restrict_file_permissions,
-)
-
-log = logging.getLogger(__name__)
-
-UNLIMITED = -1
-
-
-class SecurePath:
-    def __init__(self, path: Union[Path, str]):
-        self._path = Path(path)
-
-    def __repr__(self):
-        return f'SecurePath("{self._path}")'
-
-    def __truediv__(self, key):
-        return SecurePath(self._path / key)
-
-    @property
-    def path(self) -> Path:
-        """
-        Returns itself in pathlib.Path format
-        """
-        return self._path
-
-    def chmod(self, permissions_mask: int) -> None:
-        """
-        Change the file mode and permissions, like os.chmod().
-        """
-        secure_chmod(self._path, permissions_mask)
-
-    @property
-    def parent(self):
-        """
-        The logical parent of the path. For details, check pathlib.Path.parent
-        """
-        return SecurePath(self._path.parent)
-
-    def absolute(self):
-        """
-        Make the path absolute, without normalization or resolving symlinks.
-        """
-        return SecurePath(self._path.absolute())
-
-    def iterdir(self):
-        """
-        When the path points to a directory, yield path objects of the directory contents.
-        Otherwise, NotADirectoryError is raised.
-        If the location does not exist, FileNotFoundError is raised.
-
-        For details, check pathlib.Path.iterdir()
-        """
-        self.assert_exists()
-        self.assert_is_directory()
-        return (SecurePath(p) for p in self._path.iterdir())
-
-    def exists(self) -> bool:
-        """
-        Return True if the path points to an existing file or directory.
-        """
-        return self._path.exists()
-
-    def is_dir(self) -> bool:
-        """
-        Return True if the path points to a directory (or a symbolic link pointing to a directory),
-        False if it points to another kind of file.
-        """
-        return self._path.is_dir()
-
-    def is_file(self) -> bool:
-        """
-        Return True if the path points to a regular file (or a symbolic link pointing to a regular file),
-        False if it points to another kind of file.
-        """
-        return self._path.is_file()
-
-    @property
-    def name(self) -> str:
-        """A string representing the final path component."""
-        return self._path.name
-
-    def restrict_permissions(self) -> None:
-        """
-        Restrict file/directory permissions to owner-only.
-        """
-        restrict_file_permissions(self._path)
-
-    def touch(self, permissions_mask: int = 0o600, exist_ok: bool = True) -> None:
-        """
-        Create a file at this given path. For details, check pathlib.Path.touch()
-        """
-        if not self.exists():
-            log.info("Creating file %s", str(self._path))
-        self._path.touch(mode=permissions_mask, exist_ok=exist_ok)
-
-    def mkdir(
-        self,
-        permissions_mask: int = 0o700,
-        parents: bool = False,
-        exist_ok: bool = False,
-    ) -> None:
-        """
-        Create a directory at this given path. For details, check pathlib.Path.mkdir()
-        """
-        if parents and not self.parent.exists():
-            self.parent.mkdir(
-                permissions_mask=permissions_mask, exist_ok=exist_ok, parents=True
-            )
-        if not self.exists():
-            log.info("Creating directory %s", str(self._path))
-        self._path.mkdir(mode=permissions_mask, exist_ok=exist_ok)
-
-    def read_text(self, file_size_limit_mb: int, *args, **kwargs) -> str:
-        """
-        Return the decoded contents of the file as a string.
-        Raises an error of the file exceeds the specified size limit.
-        For details, check pathlib.Path.read_text()
-        """
-        self._assert_exists_and_is_file()
-        self._assert_file_size_limit(file_size_limit_mb)
-        log.info("Reading file %s", self._path)
-        return self._path.read_text(*args, **kwargs)
-
-    def write_text(self, *args, **kwargs):
-        """
-        Open the file pointed to in text mode, write data to it, and close the file.
-        """
-        if not self.exists():
-            self.touch()
-        log.info("Writing to file %s", self._path)
-        self.path.write_text(*args, **kwargs)
-
-    @contextmanager
-    def open(  # noqa: A003
-        self,
-        mode="r",
-        read_file_limit_mb: Optional[int] = None,
-        **open_kwargs,
-    ):
-        """
-        Open the file pointed by this path and return a file object, as
-        the built-in open() function does.
-        If the file is opened for reading, [read_file_limit_kb] parameter must be provided.
-        Raises error if the read file exceeds the specified size limit.
-        """
-        opened_for_reading = "r" in mode
-        if opened_for_reading:
-            assert (
-                read_file_limit_mb is not None
-            ), "For reading mode ('r') read_file_limit_mb must be provided"
-            self._assert_exists_and_is_file()
-            self._assert_file_size_limit(read_file_limit_mb)
-
-        if self.exists():
-            self.assert_is_file()
-        else:
-            self.touch()  # makes sure permissions of freshly-created file are strict
-
-        log.info("Opening file %s in mode '%s'", self._path, mode)
-        with self._path.open(mode=mode, **open_kwargs) as fd:
-            yield fd
-        log.info("Closing file %s", self._path)
-
-    def move(self, destination: Union[Path, str]) -> "SecurePath":
-        """Recursively move a file or directory (src) to another location and return the destination.
-
-        If dst is an existing directory or a symlink to a directory, then src is moved inside that directory.
-        The destination path in that directory must not already exist.
-        """
-        destination = Path(destination)
-        if destination.is_dir():
-            destination = destination / self._path.name
-        if destination.exists():
-            _raise_file_exists_error(destination)
-        log.info("Moving %s to %s", str(self._path), destination.resolve())
-        return SecurePath(shutil.move(str(self._path), destination))
-
-    def copy(
-        self, destination: Union[Path, str], dirs_exist_ok: bool = False
-    ) -> "SecurePath":
-        """
-        Copy the file/directory into the destination.
-        If source is a directory, its whole content is copied recursively.
-        Permissions of the copy are limited only to the owner.
-
-        If destination is an existing directory, the copy will be created inside it,
-        unless dirs_exist_ok is true and the destination has the same name as this path.
-
-        Otherwise, the copied file/base directory will be renamed to match destination.
-        If dirs_exist_ok is false (the default) and dst already exists,
-        a FileExistsError is raised. If dirs_exist_ok is true,
-        the copying operation will continue if it encounters existing directories,
-        and files within the destination tree will be overwritten by corresponding
-        files from the src tree.
-        """
-        self.assert_exists()
-
-        destination = Path(destination)
-        if destination.exists():
-            if destination.is_dir() and (
-                destination.name != self._path.name or self.path.is_file()
-            ):
-                destination = destination / self._path.name
-
-            if destination.exists():
-                if not all([destination.is_dir(), self._path.is_dir(), dirs_exist_ok]):
-                    raise FileExistsError(
-                        errno.EEXIST, os.strerror(errno.EEXIST), self._path.resolve()
-                    )
-
-        def _recursive_check_for_conflicts(src: Path, dst: Path):
-            if dst.exists() and not dirs_exist_ok:
-                _raise_file_exists_error(dst)
-            if dst.is_file() and not src.is_file():
-                _raise_not_a_directory_error(dst)
-            if dst.is_dir() and not src.is_dir():
-                _raise_is_a_directory_error(dst)
-            if src.is_dir():
-                for child in src.iterdir():
-                    _recursive_check_for_conflicts(child, dst / child.name)
-
-        def _recursive_copy(src: SecurePath, dst: SecurePath):
-            if src.is_file():
-                log.info("Copying file %s into %s", src.path, dst.path)
-                if dst.exists():
-                    dst.unlink()
-                shutil.copyfile(src.path, dst.path)
-                dst.restrict_permissions()
-            if src.is_dir():
-                dst.mkdir(exist_ok=True)
-                for child in src.iterdir():
-                    _recursive_copy(child, dst / child.name)
-
-        _recursive_check_for_conflicts(self._path, destination)
-        _recursive_copy(self, self.__class__(destination))
-
-        return SecurePath(destination)
-
-    def unlink(self, missing_ok=False):
-        """
-        Remove this file or symbolic link.
-        If the path points to a directory, use SecurePath.rmdir() instead.
-
-        Check pathlib.Path.unlink() for details.
-        """
-        if not self.exists():
-            if not missing_ok:
-                self.assert_exists()
-            return
-
-        self.assert_is_file()
-        log.info("Removing file %s", self._path)
-        self._path.unlink()
-
-    def rmdir(self, recursive=False, missing_ok=False):
-        """
-        Remove this directory.
-        If the path points to a file, use SecurePath.unlink() instead.
-
-        If path points to a file, NotADirectoryError will be raised.
-        If directory does not exist, FileNotFoundError will be raised unless [missing_ok] is True.
-        If the directory is not empty, DirectoryNotEmpty will be raised unless [recursive] is True.
-        """
-        if not self.exists():
-            if not missing_ok:
-                self.assert_exists()
-            return
-
-        self.assert_is_directory()
-
-        if not recursive and any(self._path.iterdir()):
-            raise DirectoryIsNotEmptyError(self._path.resolve())
-
-        log.info("Removing directory %s", self._path)
-        shutil.rmtree(str(self._path))
-
-    @classmethod
-    @contextmanager
-    def temporary_directory(cls):
-        """
-        Creates a temporary directory in the most secure manner possible.
-        The directory is readable, writable, and searchable only by the creating user ID.
-        Yields SecurePath pointing to the absolute location of created directory.
-
-        Works similarly to tempfile.TemporaryDirectory
-        """
-        with tempfile.TemporaryDirectory(prefix="snowflake-cli") as tmpdir:
-            log.info("Created temporary directory %s", tmpdir)
-            yield SecurePath(tmpdir)
-            log.info("Removing temporary directory %s", tmpdir)
-
-    def _assert_exists_and_is_file(self) -> None:
-        self.assert_exists()
-        self.assert_is_file()
-
-    def assert_exists(self) -> None:
-        if not self.exists():
-            raise FileNotFoundError(
-                errno.ENOENT, os.strerror(errno.ENOENT), self._path.resolve()
-            )
-
-    def assert_is_file(self) -> None:
-        if not self._path.is_file():
-            _raise_is_a_directory_error(self._path.resolve())
-
-    def assert_is_directory(self) -> None:
-        if not self._path.is_dir():
-            _raise_not_a_directory_error(self._path.resolve())
-
-    def _assert_file_size_limit(self, size_limit_in_mb):
-        if (
-            size_limit_in_mb != UNLIMITED
-            and self._path.stat().st_size > size_limit_in_mb * 1024 * 1024
-        ):
-            raise FileTooLargeError(self._path.resolve(), size_limit_in_mb)
-
-    def rename(self, new_name: Union[str | Path]):
-        self._path.rename(new_name)
-
-
-def _raise_file_exists_error(path: Path):
-    raise FileExistsError(errno.EEXIST, os.strerror(errno.EEXIST), path)
-
-
-def _raise_is_a_directory_error(path: Path):
-    raise IsADirectoryError(errno.EISDIR, os.strerror(errno.EISDIR), path)
-
-
-def _raise_not_a_directory_error(path: Path):
-    raise NotADirectoryError(errno.ENOTDIR, os.strerror(errno.ENOTDIR), path)

snowflake/cli/api/secure_utils.py

@@ -1,118 +0,0 @@
-# Copyright (c) 2024 Snowflake Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-import logging
-import stat
-from pathlib import Path
-from typing import List
-
-from snowflake.connector.compat import IS_WINDOWS
-
-log = logging.getLogger(__name__)
-
-
-def _get_windows_whitelisted_users():
-    # whitelisted users list obtained in consultation with prodsec: CASEC-9627
-    import os
-
-    return [
-        "SYSTEM",
-        "Administrators",
-        "Network",
-        "Domain Admins",
-        "Domain Users",
-        os.getlogin(),
-    ]
-
-
-def _run_icacls(file_path: Path) -> str:
-    import subprocess
-
-    return subprocess.check_output(["icacls", str(file_path)], text=True)
-
-
-def _windows_permissions_are_denied(permission_codes: str) -> bool:
-    # according to https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/icacls
-    return "(DENY)" in permission_codes or "(N)" in permission_codes
-
-
-def windows_get_not_whitelisted_users_with_access(file_path: Path) -> List[str]:
-    import re
-
-    # according to https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/icacls
-    icacls_output_regex = (
-        rf"({re.escape(str(file_path))})?.*\\(?P<user>.*):(?P<permissions>[(A-Z),]+)"
-    )
-    whitelisted_users = _get_windows_whitelisted_users()
-
-    users_with_access = []
-    for permission in re.finditer(icacls_output_regex, _run_icacls(file_path)):
-        if (permission.group("user") not in whitelisted_users) and (
-            not _windows_permissions_are_denied(permission.group("permissions"))
-        ):
-            users_with_access.append(permission.group("user"))
-    return list(set(users_with_access))
-
-
-def _windows_file_permissions_are_strict(file_path: Path) -> bool:
-    return windows_get_not_whitelisted_users_with_access(file_path) == []
-
-
-def _unix_file_permissions_are_strict(file_path: Path) -> bool:
-    accessible_by_others = (
-        # https://docs.python.org/3/library/stat.html
-        stat.S_IRGRP  # readable by group
-        | stat.S_IROTH  # readable by others
-        | stat.S_IWGRP  # writeable by group
-        | stat.S_IWOTH  # writeable by others
-        | stat.S_IXGRP  # executable by group
-        | stat.S_IXOTH  # executable by others
-    )
-    return (file_path.stat().st_mode & accessible_by_others) == 0
-
-
-def file_permissions_are_strict(file_path: Path) -> bool:
-    if IS_WINDOWS:
-        return _windows_file_permissions_are_strict(file_path)
-    return _unix_file_permissions_are_strict(file_path)
-
-
-def chmod(path: Path, permissions_mask: int) -> None:
-    log.info("Update permissions of file %s to %s", path, oct(permissions_mask))
-    path.chmod(permissions_mask)
-
-
-def _unix_restrict_file_permissions(path: Path) -> None:
-    owner_permissions = (
-        # https://docs.python.org/3/library/stat.html
-        stat.S_IRUSR  # readable by owner
-        | stat.S_IWUSR  # writeable by owner
-        | stat.S_IXUSR  # executable by owner
-    )
-    chmod(path, path.stat().st_mode & owner_permissions)
-
-
-def _windows_restrict_file_permissions(path: Path) -> None:
-    import subprocess
-
-    for user in windows_get_not_whitelisted_users_with_access(path):
-        log.info("Removing permissions of user %s from file %s", user, path)
-        subprocess.run(["icacls", str(path), "/DENY", f"{user}:F"])
-
-
-def restrict_file_permissions(file_path: Path) -> None:
-    if IS_WINDOWS:
-        _windows_restrict_file_permissions(file_path)
-    else:
-        _unix_restrict_file_permissions(file_path)