gopidesupavan commented on code in PR #68107:
URL: https://github.com/apache/airflow/pull/68107#discussion_r3365983767
##########
providers/snowflake/src/airflow/providers/snowflake/hooks/snowflake.py:
##########
@@ -407,6 +412,13 @@ def _get_static_conn_params(self) -> dict[str, str | None]:
if client_store_temporary_credential:
conn_config["client_store_temporary_credential"] =
client_store_temporary_credential
+ # Workload Identity Federation (keyless auth): when the connection sets
+ # ``authenticator=WORKLOAD_IDENTITY``, the connector also needs to
know which
+ # cloud the workload runs on. One value (AWS, AZURE, GCP or OIDC)
covers all
+ # providers. See
https://docs.snowflake.com/en/user-guide/workload-identity-federation.
+ if workload_identity_provider:
Review Comment:
now that supports OIDC as a supported workload_identity_provider, but the
hook only forwards workload_identity_provider. Snowflake’s custom OIDC WIF
needs token aswell, example here:
https://docs.snowflake.com/en/user-guide/workload-identity-federation#label-wif-oidc-custom-configure-custom
may we should add token aswell here?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
