diff --git a/libs/output-mapping/tests/AbstractTestCase.php b/libs/output-mapping/tests/AbstractTestCase.php index 185b5558c..aa0222323 100644 --- a/libs/output-mapping/tests/AbstractTestCase.php +++ b/libs/output-mapping/tests/AbstractTestCase.php @@ -5,7 +5,6 @@ namespace Keboola\OutputMapping\Tests; use InvalidArgumentException; -use Keboola\KeyGenerator\PemKeyCertificateGenerator; use Keboola\OutputMapping\Staging\StrategyFactory; use Keboola\OutputMapping\TableLoader; use Keboola\OutputMapping\Tests\Needs\TestSatisfyer; @@ -13,7 +12,6 @@ use Keboola\StagingProvider\Staging\File\FileStagingInterface; use Keboola\StagingProvider\Staging\StagingProvider; use Keboola\StagingProvider\Staging\StagingType; -use Keboola\StagingProvider\Workspace\SnowflakeKeypairGenerator; use Keboola\StorageApi\ClientException; use Keboola\StorageApi\Options\ListFilesOptions; use Keboola\StorageApi\WorkspaceLoginType; @@ -151,12 +149,10 @@ protected function initWorkspace(): void }]; // Snowflake no longer allows creating workspace users with the legacy service account type, which is - // what the empty/default login type maps to. Request a key-pair service login instead and register a - // generated public key for it. + // what the empty/default login type maps to. These tests never connect to the workspace directly (data + // is loaded server-side via the Storage API), so create it without any login. if ($stagingType === StagingType::WorkspaceSnowflake) { - $keyPair = (new SnowflakeKeypairGenerator(new PemKeyCertificateGenerator()))->generateKeyPair(); - $options['loginType'] = WorkspaceLoginType::SNOWFLAKE_SERVICE_KEYPAIR; - $options['publicKey'] = $keyPair->publicKey; + $options['loginType'] = WorkspaceLoginType::NONE; } $workspace = $workspaces->createWorkspace($options, true); diff --git a/libs/query-service-api-client/tests/Functional/BaseFunctionalTestCase.php b/libs/query-service-api-client/tests/Functional/BaseFunctionalTestCase.php index 740b30387..4ffd96d5d 100644 --- a/libs/query-service-api-client/tests/Functional/BaseFunctionalTestCase.php +++ b/libs/query-service-api-client/tests/Functional/BaseFunctionalTestCase.php @@ -101,37 +101,18 @@ private function createTestWorkspace(): void // Create a workspace for testing queries $workspaces = new Workspaces($this->branchAwareStorageClient); // Snowflake no longer allows creating workspace users with the legacy service account type (the - // empty/default login type). Create the workspace with a key-pair service login so a usable service - // user is provisioned; the generated public key is registered with the workspace. + // empty/default login type). The Query Service executes SQL against the workspace on the server side, + // so the test never connects with workspace credentials and the workspace needs no login of its own. $workspaceData = $workspaces->createWorkspace([ 'name' => sprintf('query-test-workspace-%d', random_int(1000, 9999)), 'backend' => 'snowflake', - 'loginType' => WorkspaceLoginType::SNOWFLAKE_SERVICE_KEYPAIR, - 'publicKey' => self::generateWorkspacePublicKey(), + 'loginType' => WorkspaceLoginType::NONE, ], true); /** @var array{id: int|string} $workspaceData */ $this->testWorkspaceId = (string) $workspaceData['id']; } - private static function generateWorkspacePublicKey(): string - { - $key = openssl_pkey_new([ - 'private_key_bits' => 2048, - 'private_key_type' => OPENSSL_KEYTYPE_RSA, - ]); - if ($key === false) { - throw new RuntimeException('Failed to generate a workspace key pair'); - } - - $details = openssl_pkey_get_details($key); - if ($details === false || !isset($details['key']) || !is_string($details['key'])) { - throw new RuntimeException('Failed to extract the workspace public key'); - } - - return $details['key']; - } - protected function getTestBranchId(): string { return $this->testBranchId; diff --git a/libs/staging-provider/tests/Workspace/WorkspaceProviderFunctionalTest.php b/libs/staging-provider/tests/Workspace/WorkspaceProviderFunctionalTest.php index e7738e662..d411900a5 100644 --- a/libs/staging-provider/tests/Workspace/WorkspaceProviderFunctionalTest.php +++ b/libs/staging-provider/tests/Workspace/WorkspaceProviderFunctionalTest.php @@ -93,12 +93,11 @@ protected function tearDown(): void private function createWorkspace(array $options): array { // Snowflake no longer allows creating workspace users with the legacy service account type (the - // empty/default login type). Default Snowflake workspaces to a key-pair service login so a usable - // service user is created; callers that need a specific login type still set it explicitly. + // empty/default login type). The tests using this helper only inspect workspace metadata and never + // connect to it, so default Snowflake workspaces to no login; callers that need a specific login type + // (e.g. the key-pair credential-reset test) still set it explicitly. if (($options['backend'] ?? null) === 'snowflake' && !isset($options['loginType'])) { - $keyPair = (new SnowflakeKeypairGenerator(new PemKeyCertificateGenerator()))->generateKeyPair(); - $options['loginType'] = WorkspaceLoginType::SNOWFLAKE_SERVICE_KEYPAIR; - $options['publicKey'] = $keyPair->publicKey; + $options['loginType'] = WorkspaceLoginType::NONE; } $workspaceData = $this->workspacesApiClient->createWorkspace($options, async: true);