snowflake-cli 3.4.1__py3-none-any.whl → 3.6.0__py3-none-any.whl

snowflake/cli/_plugins/auth/keypair/manager.py

@@ -0,0 +1,331 @@
+from enum import Enum
+from typing import Dict, List, Optional, Tuple
+
+from click import ClickException
+from cryptography.hazmat.primitives import serialization
+from cryptography.hazmat.primitives.asymmetric import rsa
+from snowflake.cli._plugins.object.manager import ObjectManager
+from snowflake.cli.api import exceptions
+from snowflake.cli.api.cli_global_context import (
+    _CliGlobalContextAccess,
+    get_cli_context,
+)
+from snowflake.cli.api.config import (
+    connection_exists,
+    get_connection_dict,
+    set_config_value,
+)
+from snowflake.cli.api.console import cli_console
+from snowflake.cli.api.constants import ObjectType
+from snowflake.cli.api.identifiers import FQN
+from snowflake.cli.api.secret import SecretType
+from snowflake.cli.api.secure_path import SecurePath
+from snowflake.cli.api.sql_execution import SqlExecutionMixin
+from snowflake.connector import DictCursor
+from snowflake.connector.cursor import SnowflakeCursor
+
+
+class PublicKeyProperty(Enum):
+    RSA_PUBLIC_KEY = "RSA_PUBLIC_KEY"
+    RSA_PUBLIC_KEY_2 = "RSA_PUBLIC_KEY_2"
+
+
+class AuthManager(SqlExecutionMixin):
+    def setup(
+        self,
+        connection_name: Optional[str],
+        key_length: int,
+        output_path: SecurePath,
+        private_key_passphrase: SecretType,
+    ):
+        # When the user provide new connection name
+        if connection_name and connection_exists(connection_name):
+            raise ClickException(
+                f"Connection with name {connection_name} already exists."
+            )
+
+        cli_context = get_cli_context()
+        # When the use not provide connection name, so we overwrite the current connection
+        if not connection_name:
+            connection_name = cli_context.connection_context.connection_name
+
+        key_name = AuthManager._get_free_key_name(output_path, connection_name)  # type: ignore[arg-type]
+        self._generate_key_pair_and_set_public_key(
+            user=cli_context.connection.user,
+            key_length=key_length,
+            output_path=output_path,
+            key_name=key_name,  # type: ignore[arg-type]
+            private_key_passphrase=private_key_passphrase,
+        )
+
+        self._create_or_update_connection(
+            current_connection=cli_context.connection_context.connection_name,
+            connection_name=connection_name,  # type: ignore[arg-type]
+            private_key_path=self._get_private_key_path(
+                output_path=output_path, key_name=key_name  # type: ignore[arg-type]
+            ),
+        )
+
+    def rotate(
+        self,
+        key_length: int,
+        output_path: SecurePath,
+        private_key_passphrase: SecretType,
+    ):
+        cli_context = get_cli_context()
+        connection_name = cli_context.connection_context.connection_name
+
+        self._ensure_connection_has_private_key(
+            cli_context.connection_context.connection_name
+        )
+
+        public_key, public_key_2 = self._get_public_keys()
+
+        if not public_key and not public_key_2:
+            raise ClickException("No public key found. Use the setup command first.")
+
+        if public_key_2:
+            self.set_public_key(
+                cli_context.connection.user,
+                PublicKeyProperty.RSA_PUBLIC_KEY,
+                public_key_2,
+            )
+
+        key_name = AuthManager._get_free_key_name(output_path, connection_name)
+        public_key = self._generate_keys_and_return_public_key(
+            key_length=key_length,
+            output_path=output_path,
+            key_name=key_name,
+            private_key_passphrase=private_key_passphrase,
+        )
+        self.set_public_key(
+            cli_context.connection.user, PublicKeyProperty.RSA_PUBLIC_KEY_2, public_key
+        )
+        self._create_or_update_connection(
+            current_connection=cli_context.connection_context.connection_name,
+            connection_name=connection_name,
+            private_key_path=self._get_private_key_path(
+                output_path=output_path, key_name=key_name
+            ),
+        )
+
+    def _generate_key_pair_and_set_public_key(
+        self,
+        user: str,
+        key_length: int,
+        output_path: SecurePath,
+        key_name: str,
+        private_key_passphrase: SecretType,
+    ):
+        public_key_exists, public_key_2_exists = self._get_public_keys()
+
+        if public_key_exists or public_key_2_exists:
+            raise exceptions.CouldNotSetKeyPairError()
+
+        if not output_path.exists():
+            output_path.mkdir(parents=True)
+
+        public_key = self._generate_keys_and_return_public_key(
+            key_length=key_length,
+            output_path=output_path,
+            key_name=key_name,  # type: ignore[arg-type]
+            private_key_passphrase=private_key_passphrase,
+        )
+        self.set_public_key(user, PublicKeyProperty.RSA_PUBLIC_KEY, public_key)
+
+    def list_keys(self) -> List[Dict]:
+        key_properties = [
+            "RSA_PUBLIC_KEY",
+            "RSA_PUBLIC_KEY_FP",
+            "RSA_PUBLIC_KEY_LAST_SET_TIME",
+            "RSA_PUBLIC_KEY_2",
+            "RSA_PUBLIC_KEY_2_FP",
+            "RSA_PUBLIC_KEY_2_LAST_SET_TIME",
+        ]
+        cursor = ObjectManager(connection=self._conn).describe(
+            object_type=ObjectType.USER.value.sf_name,
+            fqn=FQN.from_string(self._conn.user),
+            cursor_class=DictCursor,
+        )
+        only_public_key_properties = [
+            p for p in cursor.fetchall() if p.get("property") in key_properties
+        ]
+        return only_public_key_properties
+
+    def set_public_key(
+        self, user: str, public_key_property: PublicKeyProperty, public_key: str
+    ) -> SnowflakeCursor:
+        return self.execute_query(
+            f"ALTER USER {user} SET {public_key_property.value}='{public_key}'"
+        )
+
+    def remove_public_key(
+        self, public_key_property: PublicKeyProperty
+    ) -> SnowflakeCursor:
+        cli_context = get_cli_context()
+        return self.execute_query(
+            f"ALTER USER {cli_context.connection.user} UNSET {public_key_property.value}"
+        )
+
+    def status(self):
+        cli_context = get_cli_context()
+        self._ensure_connection_has_private_key(
+            cli_context.connection_context.connection_name
+        )
+        cli_console.step("Private key set for connection - OK")
+        self._check_connection(cli_context)
+        cli_console.step("Test connection - OK")
+
+    def extend_connection_add(
+        self,
+        connection_name: str,
+        connection_options: Dict,
+        key_length: int,
+        output_path: SecurePath,
+        private_key_passphrase: SecretType,
+    ) -> Dict:
+        key_name = AuthManager._get_free_key_name(output_path, connection_name)
+
+        self._generate_key_pair_and_set_public_key(
+            user=connection_options["user"],
+            key_length=key_length,
+            output_path=output_path,
+            key_name=key_name,
+            private_key_passphrase=private_key_passphrase,
+        )
+
+        connection_options["authenticator"] = "SNOWFLAKE_JWT"
+        connection_options["private_key_file"] = str(
+            self._get_private_key_path(output_path=output_path, key_name=key_name).path
+        )
+        if connection_options.get("password"):
+            del connection_options["password"]
+
+        return connection_options
+
+    @staticmethod
+    def _ensure_connection_has_private_key(connection_name: str) -> None:
+        connection = get_connection_dict(connection_name)
+        if not connection.get("private_key_file") and not connection.get(
+            "private_key_path"
+        ):
+            raise ClickException(
+                f"The private key is not set in {connection_name} connection."
+            )
+
+    @staticmethod
+    def _check_connection(cli_context: _CliGlobalContextAccess) -> None:
+        cli_context.connection
+
+    def _get_public_keys(self) -> Tuple[str, str]:
+        keys = self.list_keys()
+        public_key = ""
+        public_key_2 = ""
+        for p in keys:
+            if (
+                p.get("property") == PublicKeyProperty.RSA_PUBLIC_KEY.value
+                and p.get("value") != "null"
+            ):
+                public_key = p.get("value")  # type: ignore
+            if (
+                p.get("property") == PublicKeyProperty.RSA_PUBLIC_KEY_2.value
+                and p.get("value") != "null"
+            ):
+                public_key_2 = p.get("value")  # type: ignore
+        return public_key, public_key_2
+
+    @staticmethod
+    def _generate_keys_and_return_public_key(
+        key_length: int,
+        output_path: SecurePath,
+        key_name: str,
+        private_key_passphrase: SecretType,
+    ) -> str:
+        private_key = rsa.generate_private_key(
+            public_exponent=65537,
+            key_size=key_length,
+        )
+
+        if private_key_passphrase:
+            pem = SecretType(
+                private_key.private_bytes(
+                    encoding=serialization.Encoding.PEM,
+                    format=serialization.PrivateFormat.PKCS8,
+                    encryption_algorithm=serialization.BestAvailableEncryption(
+                        private_key_passphrase.value.encode("utf-8")
+                    ),
+                )
+            )
+            cli_console.message(
+                "Set the `PRIVATE_KEY_PASSPHRASE` environment variable before using the connection."
+            )
+        else:
+            pem = SecretType(
+                private_key.private_bytes(
+                    encoding=serialization.Encoding.PEM,
+                    format=serialization.PrivateFormat.PKCS8,
+                    encryption_algorithm=serialization.NoEncryption(),
+                )
+            )
+
+        with AuthManager._get_private_key_path(output_path, key_name).open(
+            mode="wb"
+        ) as file:
+            file.write(pem.value)
+
+        public_key = private_key.public_key()
+        public_pem = public_key.public_bytes(
+            encoding=serialization.Encoding.PEM,
+            format=serialization.PublicFormat.SubjectPublicKeyInfo,
+        )
+        with AuthManager._get_public_key_path(output_path, key_name).open(
+            mode="wb"
+        ) as file:
+            file.write(public_pem)
+
+        return public_pem.decode("utf-8")
+
+    @staticmethod
+    def _get_free_key_name(output_path: SecurePath, key_name: str) -> str:
+        new_private_key = f"{key_name}.p8"
+        new_public_key = f"{key_name}.pub"
+        new_key_name = key_name
+        counter = 1
+
+        while (
+            (output_path / new_private_key).exists()
+            and (output_path / new_public_key).exists()
+            and counter <= 100
+        ):
+            new_key_name = f"{key_name}_{counter}"
+            new_private_key = f"{new_key_name}.p8"
+            new_public_key = f"{new_key_name}.pub"
+            counter += 1
+
+        if counter == 100:
+            raise ClickException(
+                "Too many key pairs with the same name in the output directory."
+            )
+
+        return new_key_name
+
+    @staticmethod
+    def _get_private_key_path(output_path: SecurePath, key_name: str) -> SecurePath:
+        return (output_path / f"{key_name}.p8").resolve()
+
+    @staticmethod
+    def _get_public_key_path(output_path: SecurePath, key_name: str) -> SecurePath:
+        return (output_path / f"{key_name}.pub").resolve()
+
+    @staticmethod
+    def _create_or_update_connection(
+        current_connection: Optional[str],
+        connection_name: str,
+        private_key_path: SecurePath,
+    ):
+        connection = get_connection_dict(current_connection)
+        connection.pop("password", None)
+        connection["authenticator"] = "SNOWFLAKE_JWT"
+        connection["private_key_file"] = str(private_key_path.path)
+
+        set_config_value(["connections", connection_name], value=connection)

snowflake/cli/_plugins/auth/keypair/plugin_spec.py

@@ -0,0 +1,30 @@
+# Copyright (c) 2024 Snowflake Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from snowflake.cli._plugins.auth import app
+from snowflake.cli.api.plugins.command import (
+    SNOWCLI_ROOT_COMMAND_PATH,
+    CommandSpec,
+    CommandType,
+    plugin_hook_impl,
+)
+
+
+@plugin_hook_impl
+def command_spec():
+    return CommandSpec(
+        parent_command_path=SNOWCLI_ROOT_COMMAND_PATH,
+        command_type=CommandType.COMMAND_GROUP,
+        typer_instance=app.create_instance(),
+    )

snowflake/cli/_plugins/connection/commands.py

@@ -16,8 +16,9 @@ from __future__ import annotations
 
 import logging
 import os.path
+from copy import deepcopy
 from pathlib import Path
-from typing import Optional
+from typing import Dict, Optional, Tuple
 
 import typer
 from click import (  # type: ignore
@@ -28,10 +29,14 @@ from click import (  # type: ignore
 )
 from click.core import ParameterSource  # type: ignore
 from snowflake import connector
+from snowflake.cli._app.snow_connector import connect_to_snowflake
+from snowflake.cli._plugins.auth.keypair.commands import KEY_PAIR_DEFAULT_PATH
+from snowflake.cli._plugins.auth.keypair.manager import AuthManager
 from snowflake.cli._plugins.connection.util import (
     strip_if_value_present,
 )
 from snowflake.cli._plugins.object.manager import ObjectManager
+from snowflake.cli.api import exceptions
 from snowflake.cli.api.cli_global_context import get_cli_context
 from snowflake.cli.api.commands.flags import (
     PLAIN_PASSWORD_MSG,
@@ -67,6 +72,8 @@ from snowflake.cli.api.output.types import (
     MessageResult,
     ObjectResult,
 )
+from snowflake.cli.api.secret import SecretType
+from snowflake.cli.api.secure_path import SecurePath
 from snowflake.connector import ProgrammingError
 from snowflake.connector.constants import CONNECTIONS_FILE
 
@@ -282,15 +289,26 @@ def add(
     if connection_exists(connection_name):
         raise UsageError(f"Connection {connection_name} already exists")
 
+    if not no_interactive:
+        connection_options, keypair_error = _extend_add_with_key_pair(
+            connection_name, connection_options
+        )
+    else:
+        keypair_error = ""
+
     connections_file = add_connection_to_proper_file(
         connection_name,
         ConnectionConfig(**connection_options),
     )
     if set_as_default:
-        set_config_value(
-            section=None, key="default_connection_name", value=connection_name
-        )
+        set_config_value(path=["default_connection_name"], value=connection_name)
 
+    if keypair_error:
+        return MessageResult(
+            f"Wrote new password-based connection {connection_name} to {connections_file}, "
+            f"however there were some issues during key pair setup. Review the following error and check 'snow auth keypair' "
+            f"commands to setup key pair authentication:\n * {keypair_error}"
+        )
     return MessageResult(
         f"Wrote new connection {connection_name} to {connections_file}"
     )
@@ -357,7 +375,7 @@ def set_default(
 ):
     """Changes default connection to provided value."""
     get_connection_dict(connection_name=name)
-    set_config_value(section=None, key="default_connection_name", value=name)
+    set_config_value(path=["default_connection_name"], value=name)
     return MessageResult(f"Default connection set to: {name}")
 
 
@@ -404,3 +422,59 @@ def generate_jwt(
         return MessageResult(token)
     except (ValueError, TypeError) as err:
         raise ClickException(str(err))
+
+
+def _extend_add_with_key_pair(
+    connection_name: str, connection_options: Dict
+) -> Tuple[Dict, str]:
+    if not _should_extend_with_key_pair(connection_options):
+        return connection_options, ""
+
+    configure_key_pair = typer.confirm(
+        "Do you want to configure key pair authentication?",
+        default=False,
+    )
+    if not configure_key_pair:
+        return connection_options, ""
+
+    key_length = typer.prompt(
+        "Key length",
+        default=2048,
+        show_default=True,
+    )
+
+    output_path = typer.prompt(
+        "Output path",
+        default=KEY_PAIR_DEFAULT_PATH,
+        show_default=True,
+        value_proc=lambda value: SecurePath(value),
+    )
+    private_key_passphrase = typer.prompt(
+        "Private key passphrase",
+        default="",
+        hide_input=True,
+        show_default=False,
+        value_proc=lambda value: SecretType(value),
+    )
+    connection = connect_to_snowflake(temporary_connection=True, **connection_options)
+    try:
+        connection_options = AuthManager(connection=connection).extend_connection_add(
+            connection_name=connection_name,
+            connection_options=deepcopy(connection_options),
+            key_length=key_length,
+            output_path=output_path,
+            private_key_passphrase=private_key_passphrase,
+        )
+    except exceptions.CouldNotSetKeyPairError:
+        return connection_options, "The public key is set already."
+    except Exception as e:
+        return connection_options, str(e)
+    return connection_options, ""
+
+
+def _should_extend_with_key_pair(connection_options: Dict) -> bool:
+    return (
+        connection_options.get("password") is not None
+        and connection_options.get("private_key_file") is None
+        and connection_options.get("private_key_path") is None
+    )

snowflake/cli/_plugins/helpers/commands.py

@@ -49,7 +49,7 @@ def v1_to_v2(
     accept_templates: bool = typer.Option(
         False, "-t", "--accept-templates", help="Allows the migration of templates."
     ),
-    migrate_local_yml: (bool | None) = typer.Option(
+    migrate_local_yml: Optional[bool] = typer.Option(
         None,
         "-l",
         "--migrate-local-overrides/--no-migrate-local-overrides",
@@ -234,7 +234,7 @@ def _validate_imported_default_connection_name(
 
 
 def _convert_connection_from_snowsql_config_section(
-    snowsql_connection: list[tuple[str, Any]]
+    snowsql_connection: list[tuple[str, Any]],
 ) -> dict[str, Any]:
     from ast import literal_eval
 
@@ -290,7 +290,6 @@ def _validate_and_save_connections_imported_from_snowsql(
             f"Setting [{default_cli_connection_name}] connection as Snowflake CLI's default connection."
         )
         set_config_value(
-            section=None,
-            key="default_connection_name",
+            path=["default_connection_name"],
             value=default_cli_connection_name,
         )

snowflake/cli/_plugins/nativeapp/entities/application.py

@@ -669,7 +669,7 @@ class ApplicationEntity(EntityBase[ApplicationEntityModel]):
                 role_to_use=package.role,
             )
 
-        return get_snowflake_facade().create_application(
+        create_app_result, warnings = get_snowflake_facade().create_application(
             name=self.name,
             package_name=package.name,
             install_method=install_method,
@@ -680,6 +680,9 @@ class ApplicationEntity(EntityBase[ApplicationEntityModel]):
             warehouse=self.warehouse,
             release_channel=release_channel,
         )
+        for warning in warnings:
+            self.console.warning(warning)
+        return create_app_result
 
     @span("update_app_object")
     def create_or_upgrade_app(

snowflake/cli/_plugins/nativeapp/sf_sql_facade.py

@@ -60,6 +60,7 @@ from snowflake.cli.api.errno import (
     CANNOT_DISABLE_MANDATORY_TELEMETRY,
     CANNOT_DISABLE_RELEASE_CHANNELS,
     CANNOT_MODIFY_RELEASE_CHANNEL_ACCOUNTS,
+    CANNOT_SET_DEBUG_MODE_WITH_MANIFEST_VERSION,
     DOES_NOT_EXIST_OR_CANNOT_BE_PERFORMED,
     DOES_NOT_EXIST_OR_NOT_AUTHORIZED,
     INSUFFICIENT_PRIVILEGES,
@@ -854,7 +855,7 @@ class SnowflakeSQLFacade:
         debug_mode: bool | None,
         should_authorize_event_sharing: bool | None,
         release_channel: str | None = None,
-    ) -> list[tuple[str]]:
+    ) -> tuple[list[tuple[str]], list[str]]:
         """
         Creates a new application object using an application package,
         running the setup script of the application package
@@ -868,6 +869,7 @@ class SnowflakeSQLFacade:
         @param debug_mode: Whether to enable debug mode; None means not explicitly enabled or disabled
         @param should_authorize_event_sharing: Whether to enable event sharing; None means not explicitly enabled or disabled
         @param release_channel [Optional]: Release channel to use when creating the application
+        @return: a tuple containing the result of the create application query and possible warning messages
         """
         package_name = to_identifier(package_name)
         name = to_identifier(name)
@@ -875,11 +877,9 @@ class SnowflakeSQLFacade:
 
         # by default, applications are created in debug mode when possible;
         # this can be overridden in the project definition
-        debug_mode_clause = ""
+        initial_debug_mode = False
         if install_method.is_dev_mode:
             initial_debug_mode = debug_mode if debug_mode is not None else True
-            debug_mode_clause = f"debug_mode = {initial_debug_mode}"
-
         authorize_telemetry_clause = ""
         if should_authorize_event_sharing is not None:
             self._log.info(
@@ -903,13 +903,13 @@ class SnowflakeSQLFacade:
                                     from application package {package_name}
                                     {using_clause}
                                     {release_channel_clause}
-                                    {debug_mode_clause}
                                     {authorize_telemetry_clause}
                                     comment = {SPECIAL_COMMENT}
                             """
                         )
                     ),
                 )
+
             except Exception as err:
                 if isinstance(err, ProgrammingError):
                     if err.errno == APPLICATION_REQUIRES_TELEMETRY_SHARING:
@@ -927,9 +927,36 @@ class SnowflakeSQLFacade:
                             f"Failed to create application {name} with the following error message:\n"
                             f"{err.msg}"
                         ) from err
+
                 handle_unclassified_error(err, f"Failed to create application {name}.")
 
-            return create_cursor.fetchall()
+            warnings = []
+            try:
+                if initial_debug_mode:
+                    self._sql_executor.execute_query(
+                        dedent(
+                            _strip_empty_lines(
+                                f"""\
+                                    alter application {name}
+                                    set debug_mode = {initial_debug_mode}
+                                """
+                            )
+                        )
+                    )
+            except Exception as err:
+                if (
+                    isinstance(err, ProgrammingError)
+                    and err.errno == CANNOT_SET_DEBUG_MODE_WITH_MANIFEST_VERSION
+                ):
+                    warnings.append(
+                        "Did not apply debug mode to application because the manifest version is set to 2 or higher. Please use session debugging instead."
+                    )
+                else:
+                    warnings.append(
+                        f"Failed to set debug mode for application {name}. {str(err)}"
+                    )
+
+            return create_cursor.fetchall(), warnings
 
     def create_application_package(
         self,

snowflake/cli/_plugins/notebook/commands.py

@@ -21,9 +21,7 @@ from snowflake.cli._plugins.notebook.notebook_entity_model import NotebookEntity
 from snowflake.cli._plugins.notebook.types import NotebookStagePath
 from snowflake.cli._plugins.workspace.manager import WorkspaceManager
 from snowflake.cli.api.cli_global_context import get_cli_context
-from snowflake.cli.api.commands.decorators import (
-    with_project_definition,
-)
+from snowflake.cli.api.commands.decorators import with_project_definition
 from snowflake.cli.api.commands.flags import (
     ReplaceOption,
     entity_argument,
@@ -107,7 +105,8 @@ def create(
 def deploy(
     entity_id: str = entity_argument("notebook"),
     replace: bool = ReplaceOption(
-        help="Replace notebook object if it already exists.",
+        help="Replace notebook object if it already exists. It only uploads new and overwrites existing files, "
+        "but does not remove any files already on the stage.",
     ),
     **options,
 ) -> CommandResult:

snowflake/cli/_plugins/object/command_aliases.py

@@ -36,8 +36,10 @@ def add_object_command_aliases(
     name_argument: typer.Argument,
     like_option: Optional[typer.Option],
     scope_option: Optional[typer.Option],
-    ommit_commands: List[str] = [],
+    ommit_commands: Optional[List[str]] = None,
 ):
+    if ommit_commands is None:
+        ommit_commands = list()
     if "list" not in ommit_commands:
         if not like_option:
             raise ClickException('[like_option] have to be defined for "list" command')

snowflake/cli/_plugins/object/manager.py

@@ -58,14 +58,16 @@ class ObjectManager(SqlExecutionMixin):
         object_name = _get_object_names(object_type).sf_name
         return self.execute_query(f"drop {object_name} {fqn.sql_identifier}")
 
-    def describe(self, *, object_type: str, fqn: FQN):
+    def describe(self, *, object_type: str, fqn: FQN, **kwargs):
         # Image repository is the only supported object that does not have a DESCRIBE command.
         if object_type == "image-repository":
             raise ClickException(
                 f"Describe is currently not supported for object of type image-repository"
             )
         object_name = _get_object_names(object_type).sf_name
-        return self.execute_query(f"describe {object_name} {fqn.sql_identifier}")
+        return self.execute_query(
+            f"describe {object_name} {fqn.sql_identifier}", **kwargs
+        )
 
     def object_exists(self, *, object_type: str, fqn: FQN):
         try: