implementd privatelink

snowflakedb · Oct 25, 2024 · baf8587 · baf8587
1 parent 617d6e0
commit baf8587
Show file tree

Hide file tree

Showing 6 changed files with 95 additions and 0 deletions.
diff --git a/include/snowflake/client.h b/include/snowflake/client.h
@@ -93,6 +93,8 @@ extern "C" {
  */
 #define SF_JWT_CNXN_WAIT_TIME 10
 
+#define PRIVATELINK_HOSTNAME_SUFFIX ".privatelink.snowflakecomputing."
+
 /**
  * Snowflake Data types
  *

diff --git a/lib/client.c b/lib/client.c
@@ -28,6 +28,7 @@
 
 #define curl_easier_escape(curl, string) curl_easy_escape(curl, string, 0)
 
+
 // Define internal constants
 sf_bool DISABLE_VERIFY_PEER;
 char *CA_BUNDLE_FILE;
@@ -475,15 +476,32 @@ _snowflake_check_connection_parameters(SF_CONNECT *sf) {
     }
 
     char* top_domain = strrchr(sf->host, '.');
+    char host_without_top_domain[4096];
     if (top_domain)
     {
         top_domain++;
+        size_t length = strlen(sf->host) - strlen(top_domain);
+        sf_strncpy(host_without_top_domain, sizeof(host_without_top_domain), sf->host,length);
     }
     else
     {
         // It's basically impossible not finding top domain in host.
         // Log the entire host just in case.
         top_domain = sf->host;
+        host_without_top_domain[0] = NULL;
+    }
+
+    //check privatelink
+    if (end_with(host_without_top_domain, PRIVATELINK_HOSTNAME_SUFFIX))
+    {
+        char urlbuf[4096];
+        sf_sprintf(urlbuf, sizeof(urlbuf), "http://ocsp.%s/%s",
+           sf->host, "ocsp_response_cache.json");
+        log_trace(
+            "sf", "Connection", "connect",
+            "Setting SF_OCSP_RESPONSE_CACHE_SERVER_URL to %s",
+            urlbuf);
+        sf_setenv("SF_OCSP_RESPONSE_CACHE_SERVER_URL", urlbuf);
     }
 
     log_info("Connecting to %s Snowflake domain", (strcasecmp(top_domain, "cn") == 0) ? "CHINA" : "GLOBAL");

diff --git a/lib/connection.c b/lib/connection.c
@@ -1344,4 +1344,17 @@ int64 get_retry_timeout(SF_CONNECT *sf)
 int8 get_login_retry_count(SF_CONNECT *sf)
 {
   return (int8)get_less_one(sf->retry_on_connect_count, sf->retry_count);
+}
+
+sf_bool end_with(char* a, char* b)
+{
+    if (strlen(b) > strlen(a))
+    {
+        return SF_BOOLEAN_FALSE;
+    }
+
+    char as[4096];
+    sf_strncpy(as, sizeof(as), a + (strlen(a) - strlen(b)), strlen(b));
+
+    return sf_strncasecmp(as, b, strlen(b)) == 0 ? SF_BOOLEAN_TRUE : SF_BOOLEAN_FALSE;
 }
diff --git a/lib/connection.h b/lib/connection.h
@@ -624,6 +624,8 @@ int64 get_retry_timeout(SF_CONNECT *sf);
 */
 uint64 sf_get_current_time_millis();
 
+sf_bool end_with(char* a, char* b);
+
 #ifdef __cplusplus
 }
 #endif

diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
@@ -44,6 +44,7 @@ SET(TESTS_C
         test_unit_oauth
         test_unit_mfa_auth
         test_ocsp_fail_open
+        test_unit_privatelink
 # FEATURE_INCREASED_MAX_LOB_SIZE_IN_MEMORY is internal switch
 # will enable lob test when the change on server side will be published
 #        test_lob

diff --git a/tests/test_unit_privatelink.c b/tests/test_unit_privatelink.c
@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) 2018-2024 Snowflake Computing, Inc. All rights reserved.
+ */
+
+#include <string.h>
+#include "utils/test_setup.h"
+#include "connection.h"
+#include "memory.h"
+
+/**
+ * Test json body is properly updated.
+ */
+void test_private_link_core(void** unused)
+{
+    char* original_env = getenv("SF_OCSP_RESPONSE_CACHE_SERVER_URL");
+    SF_CONNECT* sf = (SF_CONNECT*)SF_CALLOC(1, sizeof(SF_CONNECT));
+    sf->account = "testaccount";
+    sf->user = "testuser";
+    sf->password = "testpassword";
+    sf->authenticator = SF_AUTHENTICATOR_DEFAULT;
+
+    _snowflake_check_connection_parameters(sf);
+    assert_int_equal(NULL, getenv("SF_OCSP_RESPONSE_CACHE_SERVER_URL"));
+    sf_unsetenv("SF_OCSP_RESPONSE_CACHE_SERVER_URL");
+
+    sf->host = "account.privateLINK.snowflakecomputING.com";
+    _snowflake_check_connection_parameters(sf);
+    assert_string_equal("http://ocsp.account.privateLINK.snowflakecomputING.com/ocsp_response_cache.json", getenv("SF_OCSP_RESPONSE_CACHE_SERVER_URL"));
+    sf_unsetenv("SF_OCSP_RESPONSE_CACHE_SERVER_URL");
+
+    sf->host = "account.snowflakecomputing.com";
+    _snowflake_check_connection_parameters(sf);
+    assert_int_equal(NULL, getenv("SF_OCSP_RESPONSE_CACHE_SERVER_URL"));
+    sf_unsetenv("SF_OCSP_RESPONSE_CACHE_SERVER_URL");
+
+    sf->host = "account.privatelink.snowflakecomputing.cn";
+    _snowflake_check_connection_parameters(sf);
+    assert_string_equal("http://ocsp.account.privatelink.snowflakecomputing.cn/ocsp_response_cache.json", getenv("SF_OCSP_RESPONSE_CACHE_SERVER_URL"));
+    sf_unsetenv("SF_OCSP_RESPONSE_CACHE_SERVER_URL");
+
+
+    if (original_env) {
+        sf_setenv("SF_OCSP_RESPONSE_CACHE_SERVER_URL", original_env);
+    }
+    else {
+        sf_unsetenv("SF_OCSP_RESPONSE_CACHE_SERVER_URL");
+    }
+}
+
+int main(void)
+{
+    initialize_test(SF_BOOLEAN_FALSE);
+    const struct CMUnitTest tests[] = {
+        cmocka_unit_test(test_private_link_core),
+    };
+    int ret = cmocka_run_group_tests(tests, NULL, NULL);
+    snowflake_global_term();
+    return ret;
+}