Skip to content

SNOW-2171791: Add platform telemetry #2387

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 20 commits into
base: main
Choose a base branch
from
+602 −0
Open

SNOW-2171791: Add platform telemetry #2387

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
3e3d732
added telemetry emission for AWS Lambda, AWS EC2, Azure VM, GCE VM, a…
sfc-gh-sshetkar Jun 23, 2025
0d6683b
added github action platform check
sfc-gh-sshetkar Jun 24, 2025
f7879bd
linter fixes
sfc-gh-sshetkar Jun 24, 2025
2e5168f
added checks for managed identity
sfc-gh-sshetkar Jun 25, 2025
a8ad08d
put telemetry on a separate thread since it makes some network calls …
sfc-gh-sshetkar Jun 26, 2025
ce185da
added check for aws identity and refactored ec2 check to use AWS library
sfc-gh-sshetkar Jun 26, 2025
b1734ec
updated name for aws arn identity check function
sfc-gh-sshetkar Jun 30, 2025
99f4bf8
added gcp identity checks and updated AWS checks to do generic except…
sfc-gh-sshetkar Jun 30, 2025
c66c054
updated azure managed identity check to go against the default snowfl…
sfc-gh-sshetkar Jul 2, 2025
d62e955
switched to 0.5 second timeout because eventually it won't be run on …
sfc-gh-sshetkar Jul 3, 2025
44ac14c
changed to return list of signals instead of dictionary of true and f…
sfc-gh-sshetkar Jul 3, 2025
d163d32
switched to detect platforms by adding it to the base_auth data which…
sfc-gh-sshetkar Jul 3, 2025
69c637e
changed gcp identity check to be 0.5 seconds for timeout
sfc-gh-sshetkar Jul 4, 2025
87668c6
Merge branch 'main' into sshetkar-SNOW-2171791-add-platform-telemetry
sfc-gh-sshetkar Jul 4, 2025
fb4ccf7
Merge branch 'main' into sshetkar-SNOW-2171791-add-platform-telemetry
sfc-gh-sshetkar Jul 7, 2025
7a527ab
added unit tests for detecting platforms
sfc-gh-sshetkar Jul 7, 2025
fc611be
refactored platform detection to it's own file and updates unit tests
sfc-gh-sshetkar Jul 7, 2025
48e0541
updated unit tests
sfc-gh-sshetkar Jul 7, 2025
2394414
mocked detect_platform in connection tests to not affect the tests in…
sfc-gh-sshetkar Jul 8, 2025
0963b72
Merge branch 'main' into sshetkar-SNOW-2171791-add-platform-telemetry
sfc-gh-sshetkar Jul 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions src/snowflake/connector/auth/_auth.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@
PYTHON_CONNECTOR_USER_AGENT,
ReauthenticationRequest,
)
from ..platform_detection import detect_platforms
from ..sqlstate import SQLSTATE_CONNECTION_WAS_NOT_ESTABLISHED
from ..token_cache import TokenCache, TokenKey, TokenType
from ..version import VERSION
Expand Down Expand Up @@ -120,6 +121,7 @@ def base_auth_data(
"LOGIN_TIMEOUT": login_timeout,
"NETWORK_TIMEOUT": network_timeout,
"SOCKET_TIMEOUT": socket_timeout,
"PLATFORM": detect_platforms(),
},
},
}
Expand Down
151 changes: 151 additions & 0 deletions src/snowflake/connector/platform_detection.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,151 @@
from __future__ import annotations

import os
import re
from concurrent.futures.thread import ThreadPoolExecutor

import boto3
from botocore.utils import IMDSFetcher

from .vendored import requests
from .wif_util import DEFAULT_ENTRA_SNOWFLAKE_RESOURCE


def is_ec2_instance(timeout=0.5):
try:
fetcher = IMDSFetcher(timeout=timeout, num_attempts=2)
document = fetcher._get_request(
"/latest/dynamic/instance-identity/document",
None,
fetcher._fetch_metadata_token(),
)
return bool(document.content)
except Exception:
return False


def is_aws_lambda():
return "LAMBDA_TASK_ROOT" in os.environ


def is_valid_arn_for_wif(arn: str) -> bool:
patterns = [
r"^arn:[^:]+:iam::[^:]+:user/.+$",
r"^arn:[^:]+:sts::[^:]+:assumed-role/.+$",
]
return any(re.match(p, arn) for p in patterns)


def has_aws_identity():
try:
caller_identity = boto3.client("sts").get_caller_identity()
if not caller_identity or "Arn" not in caller_identity:
return False
else:
return is_valid_arn_for_wif(caller_identity["Arn"])
except Exception:
return False


def is_azure_vm(timeout=0.5):
try:
token_resp = requests.get(
"http://169.254.169.254/metadata/instance?api-version=2021-02-01",
headers={"Metadata": "true"},
timeout=timeout,
)
return token_resp.status_code == 200
except requests.RequestException:
return False


def is_azure_function():
service_vars = [
"FUNCTIONS_WORKER_RUNTIME",
"FUNCTIONS_EXTENSION_VERSION",
"AzureWebJobsStorage",
]
return all(var in os.environ for var in service_vars)


def is_managed_identity_available_on_azure_vm(
resource=DEFAULT_ENTRA_SNOWFLAKE_RESOURCE, timeout=0.5
):
endpoint = f"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource={resource}"
headers = {"Metadata": "true"}
try:
response = requests.get(endpoint, headers=headers, timeout=timeout)
return response.status_code == 200
except requests.RequestException:
return False


def has_azure_managed_identity(on_azure_vm, on_azure_function):
if on_azure_function:
return bool(os.environ.get("IDENTITY_HEADER"))
if on_azure_vm:
return is_managed_identity_available_on_azure_vm()
return False


def is_gce_vm(timeout=0.5):
try:
response = requests.get("http://metadata.google.internal", timeout=timeout)
return response.headers.get("Metadata-Flavor") == "Google"
except requests.RequestException:
return False


def is_gce_cloud_run_service():
service_vars = ["K_SERVICE", "K_REVISION", "K_CONFIGURATION"]
return all(var in os.environ for var in service_vars)


def is_gce_cloud_run_job():
job_vars = ["CLOUD_RUN_JOB", "CLOUD_RUN_EXECUTION"]
return all(var in os.environ for var in job_vars)


def has_gcp_identity(timeout=0.5):
try:
response = requests.get(
"http://metadata/computeMetadata/v1/instance/service-accounts/default/email",
headers={"Metadata-Flavor": "Google"},
timeout=timeout,
)
response.raise_for_status()
return bool(response.text)
except requests.RequestException:
return False


def is_github_action():
return "GITHUB_ACTIONS" in os.environ


def detect_platforms() -> list[str]:
with ThreadPoolExecutor(max_workers=10) as executor:
futures = {
"is_ec2_instance": executor.submit(is_ec2_instance),
"is_aws_lambda": executor.submit(is_aws_lambda),
"has_aws_identity": executor.submit(has_aws_identity),
"is_azure_vm": executor.submit(is_azure_vm),
"is_azure_function": executor.submit(is_azure_function),
"is_gce_vm": executor.submit(is_gce_vm),
"is_gce_cloud_run_service": executor.submit(is_gce_cloud_run_service),
"is_gce_cloud_run_job": executor.submit(is_gce_cloud_run_job),
"has_gcp_identity": executor.submit(has_gcp_identity),
"is_github_action": executor.submit(is_github_action),
}

platforms = {key: future.result() for key, future in futures.items()}

platforms["azure_managed_identity"] = has_azure_managed_identity(
platforms["is_azure_vm"], platforms["is_azure_function"]
)

detected_platforms = [
platform for platform, detected in platforms.items() if detected
]

return detected_platforms
8 changes: 8 additions & 0 deletions test/unit/test_connection.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,14 @@ def __init__(self, password: str, mfa_token: str) -> None:
pass


@pytest.fixture(autouse=True)
def mock_detect_platforms():
with patch(
"snowflake.connector.auth._auth.detect_platforms", return_value=[]
) as mock_detect:
yield mock_detect


def fake_connector(**kwargs) -> snowflake.connector.SnowflakeConnection:
return snowflake.connector.connect(
user="user",
Expand Down
Loading
Loading