o RDi@sddlmZddlZddlZddlZddlZddlZddlZddlZddl Z ddl m Z ddl m Z ddl mZddlmZmZddlmZddlZddlZdd lmZmZdd lmZdd lmZmZdd lmZdd l m!Z!e e"Z#erzddl$Z$dddZ%dddZ&GdddZ'dS)) annotationsN)datetime) getLogger)Path)AnyAnyStr) getproxies) IS_WINDOWSurlparse)SnowflakeCursor)SessionManagerSessionManagerFactory)&extract_top_level_domain_from_hostname)urllib3ddict[str, dict[str, Any]]cCs`i}|D]'\}}t|tr|}t|tr|}n t|tr&t|}|||iq|SN)items isinstancebytesdecodedict _decode_dictupdate)rresultkeyvaluerb/var/www/Datamplify/venv/lib/python3.10/site-packages/snowflake/connector/connection_diagnostic.pyr s    r allowlistlist[dict[str, Any]]cCsFt|tr!tdd|Dr!zt|WdSty YdSwdS)Ncss|]}t|tVqdSr)rr).0itemrrr .  z+_is_list_of_json_objects..TF)rlistalljsondumps TypeError)r rrr_is_list_of_json_objects-s  r+c@seZdZdZ       d?d@ddZdAddZ   dBdCddZdDd d!ZdEd#d$ZdFdGd%d&Z dHdId'd(Z dJd+d,Z dKd.d/Z dDd0d1Z dDd2d3ZdDd4d5ZdLd9d:ZdMd=d>ZdS)NConnectionDiagnosticzyImplementation of a connection test utility for Snowflake connector Use new ConnectionTest() to get the object. Naccountstrhostconnection_diag_log_path str | Noneconnection_diag_allowlist_path proxy_host proxy_port proxy_userproxy_passwordsession_managerSessionManager | NonereturnNonec Cs||_||_gggggggd|_d} || d|j|| d|jt|} d| d| |jvrb|d| ddd d| |_td | d |d || d | d|jn||_g|_g|_ i|_ d|_ ||_ ||_ ||_||_|j durtd} d|_ ntd} d|_ || \|_ |_ |_|_||j|durt|nd|_|durt|nd|_t|_|jdurt|j|_n+|jstd|jdt|j|_n|jstd|jdt|j|_|jd|_td|j|jdur>|js&td|jdtdd|_n|js>td|jdtdd|_d|_| rT|j!d|jd |_n |j!d!| d"|_"d|_#| ro| j$d"d#|_'dSt%j&d"d#|_'dS)$N)INITIALPROXY SNOWFLAKE_URLSTAGEOCSP_RESPONDEROUT_OF_BAND_TELEMETRYIGNOREr;zSpecified snowflake account: z!Host based on specified account: .z.snowflakecomputing.z.snowr rz+Account should not have snowflakecomputing.z in it. You provided z. Continuing with fixed host.z%We removed extra .snowflakecomputing.z and will continue with host: params HTTPS_PROXY environmenthttpssystemzPath z% for connection test is not absolute.z$ for connection test does not exist.z!SnowflakeConnectionTestReport.txtzReporting to file zPath 'z0' for connection test allowlist is not absolute.zWill connect to Snowflake for allowlist json instead. If you did not provide a valid password, please make sure to update and run again.zFile 'z/' for connection test allowlist does not exist.zRselect /* snowflake-connector-python:connection_diagnostics */ system$allowlist();zocsp.z&select system$allowlist_privatelink();zocsp.snowflakecomputing.F) use_pooling)(r-r/ test_results%_ConnectionDiagnostic__append_messagersplitloggerwarning ocsp_urlscrl_urls cert_info proxy_typer3r4r5r6osgetenvr"_ConnectionDiagnostic__parse_proxy(_ConnectionDiagnostic__https_host_reportrfull_connection_diag_log_path#full_connection_diag_allowlist_pathtempfile gettempdirtmpdir is_absoluteexists report_fileinfo allowlist_sql%_ConnectionDiagnostic__is_privatelinkappendallowlist_retrieval_successcursorcloner get_manager_session_manager) selfr-r/r0r2r3r4r5r6r7 host_typetop_level_domain proxy_urlrrr__init__?s                      zConnectionDiagnostic.__init__rjtuple[str, str, str, str]cCs,t|}|j}|j}|j}|j}||||fSr)r hostnameportusernamepassword)rgrjparsedr3r4r5r6rrr __parse_proxys  z"ConnectionDiagnostic.__parse_proxy r=rninttimeoutrhc Cs*zH|j||dd}ttjtj}|||jdurL|j|jf}|jdurF|jd|j}| d}t | d} d| d}||n ||t|f|dkr|jdurd |d|d |} | d |d } |t | |d  dttj} | tttdd} | rt| dr| j| O_| j||d} t| d}d|d|d|d}z | t |Wn ty}z| ||d|d|WYd}~nd}~ww|!|WS|jdurd |d|d |d } nd|d} |t | |d  d}|!|dur;d}t"#||s;| ||d|d|WdS| ||d|dWdStj$ys}zdt|vrh| ||d|d|WYd}~dSd}~wty}z| ||d|d|WYd}~dSd}~ww) N)rh:utf-8 zProxy-Authorization: Basic z rszCONNECT z HTTP/1.1 zHost: z iVERIFY_X509_PARTIAL_CHAINr verify_flags)server_hostnameTzGET / z5 HTTP/1.1 Host: z User-Agent: snowflake-connector-python-diagnostic z(: URL Check: Failed: Unknown Exception: zGET / HTTP/1.1 Host: z Connection: close z(200|301|cloudfront)z: URL Check: Failed: FAILED#: URL Check: Connected SuccessfullySUCCESSWRONG_VERSION_NUMBERz': URL Check: Failed: Proxy Auth Error: )%_ConnectionDiagnostic__list_ipssocketAF_INET SOCK_STREAM settimeoutr3r4r5r6encodebase64 b64encoderstripconnectrusendr.recvssl SSLContextPROTOCOL_TLS_CLIENTload_verify_locationscertifiwheregetattrhasattrr| wrap_socketDER_cert_to_PEM_cert getpeercert ExceptionrJcloseresearchSSLError)rgr/rnrvrh connect_credsconn proxy_addr proxy_auth credentialsrcontext _partial_flagsock certificate http_requesteresponsegood_responsesrrr__test_socket_get_certs             z+ConnectionDiagnostic.__test_socket_get_certc Csxd}|jdurC|jdurBz|jj|jdddd}tt|}d|_WnKt yA}zt d|WYd}~n6d}~wwn0t |j}z t |}d|_Wn t yr}z|dd|d|jdWYd}~nd}~wwt|r|D]8}|d }|d }|d }|d vr||jvr|j|||d qy|dvrz |j|||d Wqyt yYqywqydS|dddS)NT) _is_internalrz*Unable to do allowlist checks: exception: r;zAllowlist was not valid json: 'zB'. Please run 'select system$allowlist();' and validate the file z is correct.typer/rnr?rnrh)r>r@zAllowlist is not a valid list of json objects. Please run 'select system$allowlist();' and provide as a json file using the connection_diag_allowlist_path option.)rWrcexecuter_fetchallr(loadsr.rbrrLrMopenloadrJr+rN+_ConnectionDiagnostic__test_socket_get_certrU)rgresultsr results_filerrhr/ host_portrrr run_post_test1sn         z"ConnectionDiagnostic.run_post_testboolcCs d|jvS)N privatelink)r/)rgrrr__is_privatelinkas z%ConnectionDiagnostic.__is_privatelinkc CszYt|d}|d}d|vrL|D]5}t|jr,|s+|||d|dq|r=|||d|dq|||d|qWdS|||d|WdStyt}zt d |WYd}~dSd}~ww) Nz: nslookup resultssnowflakecomputingz: private ip: z<: WARNING: this is not typical for a non-privatelink accountz : public ip: z7: WARNING: privatelink accounts must have a private ip.: z)Connectivity Test Exception in list_ips: ) rgethostbyname_ex ipaddress ip_address is_privater`rJrrLrM)rgr/rhips base_messageiprrrr __list_ipsds4  zConnectionDiagnostic.__list_ipsc sNz|j|||d}d|vrtjtjj|tt t t ddt t ddd}||j|<fddtD}i}|D] }t |||d<q]|d\} } } | t |d vr|||d |d n%d |vr| t |d vr|||d |d n |||d |d |||dt|d } |||d| t|d} |||d| |||d|d|||d|d|||d|d|||d|d|dkr[d|vr0td|d} | D]}|j|ddq n|dd d!|vrUtd|d!}|D]}|j|ddqEn|d"d#d |vrm|||d$|d |||d%|j|||d&|jWdSWdSty}zt d'|WYd}~dSd}~ww)(NrzBEGIN CERTIFICATEryz %Y%m%d%H%M%SZ)subjectissuer serialNumberversion notBeforenotAfterc3s|]}|VqdSr) get_extension)r"ix509rrr$r%z;ConnectionDiagnostic.__https_host_report..rBrrxrsubjectAltNamezK: URL Check: Failed: Certificate mismatch: Host not in subject or alt namesz : Cert info:z : subject: rz : issuer: z: serialNumber: rz : version: rz : notBefore: rz : notAfter: rr=authorityInfoAccessz(https?://\S+)/rr;z(Unable to find ocsp URLs in certificate.crlDistributionPointsrAz'Unable to find crl URLs in certificate.z: subjectAltName: z : crlUrls: z : ocspURLs: z2Connectivity Test Exception in https_host_report: )!rOpenSSLcryptoload_certificate FILETYPE_PEMr get_subjectget_components get_issuerget_serial_number get_versionrstrptimer. get_notBeforer get_notAfterrPrangeget_extension_countget_short_name partitionrJrrfindallrNrarKrOrrLrM)rgr/rnrhrr extensionsextension_datar_ host_suffix subject_str issuer_strocsp_urls_origurl crl_urls_origrrr__https_host_reports         ]z(ConnectionDiagnostic.__https_host_reportrdict[bytes, bytes]cCs,tddtt|dddd}|S)Nz[{}"]rwr=,;)rsubr(r)rreplace)rgrrrrr__get_issuer_strings z(ConnectionDiagnostic.__get_issuer_stringmessagecCs|j||d|dS)Nr)rIra)rgrhrrrr__append_messagesz%ConnectionDiagnostic.__append_messagec Cs<i}d}g}|D]}|tjvr"tj|||<tj|=||qd}t}||d|d|vrk|td\}}} } | durVd| d| d|d|} nd|d|} ||d| d | d |D] } || tj| <qm||d td } d d| d}|j |j vr| |j |j d}t ||s||d|j d|d| d}|j|ddd||j vr| |j |d}t ||s||d|d|d| trd}ddg}|D] }||||qzWtddd}|jdur3|jdur"d|jd|jd|jd|j}n d|jd|j}||d|d<|jj d)d!di|}d"|jvrN||d#WdSWdSty}z@d$t|vrj||d%|n!d&t|vr{||d'|n||d(|WYd}~dSWYd}~dSWYd}~dSd}~ww)*N) HTTP_PROXYrD https_proxy http_proxyr<z/Proxies with Env vars removed(SYSTEM PROXIES): rFhttp://rx@zIf there are failures, try using the SYSTEM PROXY: On Windows, do "set HTTPS_PROXY='z]'". On Linux/Mac, do "export HTTPS_PROXY='z'" z-Proxies with Env vars restored(ENV PROXIES): )z!C=US; O=Google Trust Services LLCzC=US; O=AmazonzC=US; O=DigiCert Incz(^z|^)rz/There is likely a proxy because the issuer for z is not correct. Got z and expected one of zwww.google.comrsrArz)Software\Microsoft\Windows\CurrentVersionHKEY_CURRENT_USERHKEY_LOCAL_MACHINErtF)rvverify)httprFproxies!https://nonexistentdomain.invalidrHzdoes not existz5It is likely there is a proxy based on HTTP response.NewConnectionErrorzfProxy check using invalid URL did not show proxy: Review result, but you can probably ignore: Result: ProxyErrorz2It is likely there is a proxy based on Exception: zJCould not determine if a proxy does or does not exist based on Exception: )r)rRenvironkeysgetrarrJrTjoinr/rP(_ConnectionDiagnostic__get_issuer_stringrrrUr (_ConnectionDiagnostic__walk_win_registryrdisable_warningsr3r5r6r4rftextrr.)rgenv_proxy_backup proxy_keys restore_keys proxy_keyrhsystem_proxiesr3r4r5r6proxy_url_example restore_keycert_authorities check_patternr test_hostregistry_start_key hkey_stringshkey_strrequest_kwargsrjresprrrr__check_for_proxiess         &   z(ConnectionDiagnostic.__check_for_proxiescCs8|tt|j|_|jD] }|j|dddqdS)NPr?r)(_ConnectionDiagnostic__check_for_proxiesr&setrNr)rgrrrrrun_testqs  zConnectionDiagnostic.run_testcCsd}d|jd}|d|d}d|jd}|d|d}d|jd}|d|d}|jrFd|jd}|d |d}n|d }|d }d|jd }|jra|d }n|d}|d|d}|jrd|jd}|d|d}t||j|dS)NzG=========Connectivity diagnostic report================================rzr;r<zI =========Proxy information - These are best guesses, not guarantees==== r=zI =========Snowflake URL information===================================== r>zt =========Snowflake Stage information=================================== We retrieved stage info from the allowlist z =========Snowflake Stage information - Unavailable===================== We could not connect to Snowflake to get allowlist, so we do not have stage diagnostic info zH =========Snowflake OCSP information====================================r?zi We were able to retrieve system allowlist. These OCSP hosts came from the certificate and the allowlist.z^ We were unable to retrieve system allowlist. These OCSP hosts only came from the certificate.r@zI =========Snowflake Out of bound telemetry check======================== )r rIrbrLdebugr] write_text)rgrinitial_joined_resultsproxy_joined_resultssnowflake_url_joined_resultssnowflake_stage_joined_resultssnowflake_ocsp_joined_results"snowflake_telemetry_joined_resultsrrrgenerate_reportwsR z$ConnectionDiagnostic.generate_report registry_keyrdict[str, str]cCsNi}d} zt||}Wn tyY|Sw|dd||d<|d}q)z%Gets values from windows registry keyrTr N)winreg EnumValueOSError)rgr,registry_key_valuesrregistry_key_valuerrr__get_win_registry_valuess z.ConnectionDiagnostic.__get_win_registry_valuesrregistry_key_strc Cs|dkrtj}n |dkrtj}nd}t||}d}|durz t||}|d}|rtj||}dt| vsCdt| vrt||dtj } | | } d | vr| d d} | |d |d |d | d | d} z|jj| dd} | j}| |d|WnTtyYnLwd| vr| dd}| |d|d |d|n/d| vr| dd}|dkr| |d|d |d|n| |d|d |d| ||||q tyYdSwdS)z@Walks the windows registry to search for key relating to proxiesrrNrTr zinternet settingswpad AutoConfigURLziThere may be a proxy: Found a Wpad in Windows registry: Check proxy config for auto detect script: hkey: z : z : wpad: rz /wpad.datrt)rvz&Wpad request returned possible proxy: ProxyServerzFThere may be a proxy: Found a proxy server in Windows registry: hkey: z : ProxyServer: ProxyEnablez?There may be a proxy: Proxy is enabled per the registry: hkey: z : ProxyEnable: zCFound Wpad key in registry: Most likely nothing, but review: hkey: z : value: )r.rrOpenKeyEnumKeyrRpathr r.lowerKEY_READ._ConnectionDiagnostic__get_win_registry_valuesrrJrfr rrr r0)rgrhrr4hkeyregistryrr,new_registry_key_strnew_registry_keyvaluesr5rr proxy_infoproxy proxy_enablerrr__walk_win_registrys             @z(ConnectionDiagnostic.__walk_win_registry)NNNNNNN)r-r.r/r.r0r1r2r1r3r1r4r1r5r1r6r1r7r8r9r:)rjr.r9rl)rsrtr=) r/r.rnrurvrurhr.r9r.)r9r:)r9r)r=)r/r.rhr.r9r:)rsr=)r/r.rnrurhr.r9r:)rrr9r.)rhr.rr.r9r:)r,rr9r-)rhr.rr.r4r.r9r:)__name__ __module__ __qualname____doc__rkrTrrr`rrUr rJr r"r+r>r rrrrr,9s8     ^ 0  g   ~  E r,)rr)r r!)( __future__rrrr(rRrrrrXrloggingrpathlibrtypingrrurllib.requestrrrcompatr r rcr r7r rurl_utilrvendoredrrHrLr.rr+r,rrrrs6