NO-SNOW: Remove requirement for WIF experimental flag (#2275)

sfc-gh-rkowalski · web-flow · commit 5e69a93ef56e · 2025-08-06T12:00:55.000+02:00
diff --git a/ci/container/test_authentication.sh b/ci/container/test_authentication.sh
@@ -9,8 +9,6 @@ MVNW_EXE=$SOURCE_ROOT/mvnw
 AUTH_PARAMETER_FILE=./.github/workflows/parameters_aws_auth_tests.json
 eval $(jq -r '.authtestparams | to_entries | map("export \(.key)=\(.value|tostring)")|.[]' $AUTH_PARAMETER_FILE)
 
-export SF_ENABLE_EXPERIMENTAL_AUTHENTICATION=true
-
 $MVNW_EXE -DjenkinsIT \
     -Dnet.snowflake.jdbc.temporaryCredentialCacheDir=/mnt/workspace/abc \
     -Dnet.snowflake.jdbc.ocspResponseCacheDir=/mnt/workspace/abc \
diff --git a/ci/container/test_component.sh b/ci/container/test_component.sh
@@ -76,8 +76,6 @@ cd $SOURCE_ROOT
 # Avoid connection timeout on plugin dependency fetch or fail-fast when dependency cannot be fetched
 $MVNW_EXE --batch-mode --show-version dependency:go-offline
 
-export SF_ENABLE_EXPERIMENTAL_AUTHENTICATION=true
-
 if [[ "$is_old_driver" == "true" ]]; then
     pushd TestOnly >& /dev/null
         JDBC_VERSION=$($MVNW_EXE org.apache.maven.plugins:maven-help-plugin:2.1.1:evaluate -Dexpression=project.version --batch-mode | grep -v "[INFO]")
diff --git a/ci/test_windows.bat b/ci/test_windows.bat
@@ -111,8 +111,6 @@ echo "MAVEN OPTIONS %MAVEN_OPTS%"
 REM Avoid connection timeout on plugin dependency fetch or fail-fast when dependency cannot be fetched
 cmd /c %MVNW_EXE% --batch-mode --show-version dependency:go-offline
 
-set SF_ENABLE_EXPERIMENTAL_AUTHENTICATION=true
-
 if "%JDBC_TEST_SUITES%"=="FipsTestSuite" (
     pushd FIPS
     echo "[INFO] Run Fips tests"
diff --git a/src/main/java/net/snowflake/client/core/SessionUtil.java b/src/main/java/net/snowflake/client/core/SessionUtil.java
@@ -3,7 +3,6 @@
 import static net.snowflake.client.core.SFTrustManager.resetOCSPResponseCacherServerURL;
 import static net.snowflake.client.core.SFTrustManager.setOCSPResponseCacheServerURL;
 import static net.snowflake.client.jdbc.SnowflakeUtil.isNullOrEmpty;
-import static net.snowflake.client.jdbc.SnowflakeUtil.systemGetEnv;
 import static net.snowflake.client.jdbc.SnowflakeUtil.systemGetProperty;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
@@ -300,7 +299,6 @@ static SFLoginOutput openSession(
         loginInput.getLoginTimeout() >= 0, "negative login timeout for opening session");
 
     final AuthenticatorType authenticator = getAuthenticator(loginInput);
-    checkIfExperimentalAuthnEnabled(authenticator);
 
     if (isTokenOrPasswordRequired(authenticator)) {
       AssertUtil.assertTrue(
@@ -402,16 +400,6 @@ private static WorkloadIdentityAttestation getWorkloadIdentityAttestation(SFLogi
     return attestationProvider.getAttestation(loginInput.getWorkloadIdentityProvider());
   }
 
-  static void checkIfExperimentalAuthnEnabled(AuthenticatorType authenticator) throws SFException {
-    if (authenticator.equals(AuthenticatorType.WORKLOAD_IDENTITY)) {
-      boolean experimentalAuthenticationMethodsEnabled =
-          Boolean.parseBoolean(systemGetEnv("SF_ENABLE_EXPERIMENTAL_AUTHENTICATION"));
-      AssertUtil.assertTrue(
-          experimentalAuthenticationMethodsEnabled,
-          "Following authentication method not yet supported: " + authenticator);
-    }
-  }
-
   private static boolean isEligibleForTokenCaching(AuthenticatorType authenticator) {
     return authenticator.equals(AuthenticatorType.EXTERNALBROWSER)
         || authenticator.equals(AuthenticatorType.OAUTH_AUTHORIZATION_CODE)
diff --git a/src/test/java/net/snowflake/client/core/SessionUtilTest.java b/src/test/java/net/snowflake/client/core/SessionUtilTest.java
@@ -1,13 +1,10 @@
 package net.snowflake.client.core;
 
 import static org.hamcrest.MatcherAssert.assertThat;
-import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertFalse;
-import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 import static org.junit.jupiter.api.Assertions.fail;
-import static org.mockito.Mockito.mockStatic;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.node.BooleanNode;
@@ -18,15 +15,12 @@
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-import net.snowflake.client.core.auth.AuthenticatorType;
 import net.snowflake.client.jdbc.MockConnectionTest;
-import net.snowflake.client.jdbc.SnowflakeUtil;
 import org.apache.http.client.methods.HttpPost;
 import org.apache.http.client.utils.URIBuilder;
 import org.junit.jupiter.api.AfterAll;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Test;
-import org.mockito.MockedStatic;
 
 public class SessionUtilTest {
   private static String originalUrlValue;
@@ -250,48 +244,6 @@ public void testGetCommonParams() throws Exception {
     assertEquals("value", result.get("TIMEZONE"));
   }
 
-  @Test
-  public void shouldProperlyCheckIfExperimentalAuthEnabled() {
-    try (MockedStatic<SnowflakeUtil> snowflakeUtilMockedStatic = mockStatic(SnowflakeUtil.class)) {
-      snowflakeUtilMockedStatic
-          .when(() -> SnowflakeUtil.systemGetEnv("SF_ENABLE_EXPERIMENTAL_AUTHENTICATION"))
-          .thenReturn(null);
-      assertDoesNotThrow(
-          () ->
-              SessionUtil.checkIfExperimentalAuthnEnabled(
-                  AuthenticatorType.OAUTH_AUTHORIZATION_CODE));
-      assertDoesNotThrow(
-          () ->
-              SessionUtil.checkIfExperimentalAuthnEnabled(
-                  AuthenticatorType.OAUTH_CLIENT_CREDENTIALS));
-      assertDoesNotThrow(
-          () ->
-              SessionUtil.checkIfExperimentalAuthnEnabled(
-                  AuthenticatorType.PROGRAMMATIC_ACCESS_TOKEN));
-      assertThrows(
-          SFException.class,
-          () -> SessionUtil.checkIfExperimentalAuthnEnabled(AuthenticatorType.WORKLOAD_IDENTITY));
-
-      snowflakeUtilMockedStatic
-          .when(() -> SnowflakeUtil.systemGetEnv("SF_ENABLE_EXPERIMENTAL_AUTHENTICATION"))
-          .thenReturn("true");
-      assertDoesNotThrow(
-          () ->
-              SessionUtil.checkIfExperimentalAuthnEnabled(
-                  AuthenticatorType.OAUTH_AUTHORIZATION_CODE));
-      assertDoesNotThrow(
-          () ->
-              SessionUtil.checkIfExperimentalAuthnEnabled(
-                  AuthenticatorType.OAUTH_CLIENT_CREDENTIALS));
-      assertDoesNotThrow(
-          () ->
-              SessionUtil.checkIfExperimentalAuthnEnabled(
-                  AuthenticatorType.PROGRAMMATIC_ACCESS_TOKEN));
-      assertDoesNotThrow(
-          () -> SessionUtil.checkIfExperimentalAuthnEnabled(AuthenticatorType.WORKLOAD_IDENTITY));
-    }
-  }
-
   private void resetOcspConfiguration() {
     SFTrustManager.SF_OCSP_RESPONSE_CACHE_SERVER_URL_VALUE = null;
     SFTrustManager.SF_OCSP_RESPONSE_CACHE_SERVER_RETRY_URL_PATTERN = null;
