cruseakshay opened a new pull request, #62162:
URL: https://github.com/apache/airflow/pull/62162
## Problem
`SnowflakeSqlApiHook` (and by extension `SnowflakeSqlApiOperator`) had no
authentication path for Snowflake Programmatic Access Tokens (PATs).
This was reported in #62037, where users expected PAT auth to work
consistently across both `SnowflakeHook` (Python connector) and
`SnowflakeSqlApiHook` (REST API).
## Solution
Added a dedicated branch in `SnowflakeSqlApiHook.get_headers()` that:
- Detects `authenticator == "programmatic_access_token"` in the connection
config
- Uses the connection `password` field as a `PROGRAMMATIC_ACCESS_TOKEN`
bearer token
- Raises `AirflowException` with a clear message if the password field is
empty
The auth priority order is preserved: OAuth → PAT → Key Pair JWT.
```
## Connection setup for PAT
conn_type : snowflake
login : <username>
password : <PAT value>
extra : {"account": "...", "authenticator": "programmatic_access_token", ...}
```
## Testing
- Added unit tests for the happy path and the missing-password error case
- Validated end-to-end against a live Snowflake account: both `SnowflakeHook`
(Python connector, PAT as password) and `SnowflakeSqlApiHook` (SQL REST
API,
PAT bearer token) returned `state=success`
## Migration impact
No breaking changes. Existing Key Pair and OAuth connections are unaffected.
Fixes #62037
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
