Skip to content

Add External Browser Auth#2

Merged
jairus-m merged 7 commits into
mainfrom
feat/external-browser-auth
Jun 5, 2025
Merged

Add External Browser Auth#2
jairus-m merged 7 commits into
mainfrom
feat/external-browser-auth

Conversation

@jairus-m

@jairus-m jairus-m commented Jun 4, 2025

Copy link
Copy Markdown
Contributor

Summary

Adding a config in the Dockerfile to allow for automatic opening of user's default browser for external authentication.

Details

@foundinblank:

i’m having Snowflake external browser authentication problems. VSCode doesn’t open the browser automatically, and when i do the link manually it hangs. i don’t have this in my other dbt-core projects so maybe the dev container is having a hard time accessing the more global browser context or something like that

Current Behaviour

Terminal output when using externalbrowser: x in profiles.yml:

Screenshot 2025-06-04 at 3 19 50 PM

Note: Manually clicking the external URL for me works even though it doesn't automatically open.

Approach:

Add xdg-utils for external browser authentication

  • https://www.freedesktop.org/wiki/Software/xdg-utils/
  • xdg-utils is needed to enable automatic browser opening for Snowflake or any other external browser authentication. The package has xdg-open which is the command that is used to launch the authentication URL in your default browser.

@jairus-m jairus-m requested a review from foundinblank June 4, 2025 22:24
@jairus-m jairus-m changed the title Feat/external browser auth Add External Browser Auth Jun 4, 2025
@foundinblank

Copy link
Copy Markdown
Contributor

I want to test it but I think it needs a tag for me to specify building the container from this branch. Per ChatGPT:

To use a specific branch of a Docker image from a GitHub Container Registry (like ghcr.io), you need to ensure that the image you’re referring to has been tagged with that branch name when it was built and pushed.

Unfortunately, you can’t just specify a Git branch name like you would in a git URL. Docker images are tagged by the publisher, not dynamically tied to git branches.

✅ What You Can Do:

If the image for the branch has been pushed to the registry with a specific tag (e.g. feature-x or main), you can update your devcontainer.json like this:

"image": "ghcr.io/brooklyn-data/dbt-fusion-devcontainer/dbt-fusion:feature-x"

Replace feature-x with the appropriate tag (which should correspond to the branch you want).

@jairus-m

jairus-m commented Jun 5, 2025

Copy link
Copy Markdown
Contributor Author

@foundinblank

Great point! I didn't have a good way to test the image easily other than:

  1. Running the test locally in tests/dbt-fusion/tests.sh to confirm the Docker build
  2. Manually copying and pasting the .devcontainers config files to a dbt test project and then testing

This is also why I haven't put together a CONTRIBUTING.md file since I had no process here.

Now that you shared that tagging is a solid option to actually test these builds, there is now a CI step that:

1. Builds and pushes the dev container base image to GitHub with the following tags:
- "staging"
- "pr-<#>"

2. The base image is usable via the staging or pr tag in any test dbt project's devcontainer.json file:

 {
   "image": "ghcr.io/brooklyn-data/dbt-fusion-devcontainer/dbt-fusion:staging"
}

or

 {
   "image": "ghcr.io/brooklyn-data/dbt-fusion-devcontainer/dbt-fusion:pr-<#>"
}

3. Post-merge cleanup
- Staging/PR dev container base images are deleted once the new image is successfully published

Let me know if this works for you!

@foundinblank

Copy link
Copy Markdown
Contributor

Ok, I was able to build the container with the :staging suffix. THANKS! dbtf works fine. I still can't use externalbrowser authentication but Copilot says "The externalbrowser method is designed for interactive environments where a browser can be opened, which doesn't work well in dev containers" which makes sense! So I think I'll just need to use a diff auth method to continue experimenting with dbtf in the dev container (or wait for the community to update dbt-duckdb!)

@foundinblank foundinblank left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jairus-m

jairus-m commented Jun 5, 2025

Copy link
Copy Markdown
Contributor Author

@foundinblank

Awwhh mannn. It's so weird thought that the automatic external browser auth does work for me (but I'm using Cursor which may handle container-host UX better?). I'll test it out with VS Code!

In the meantime, I use a Snowflake PAT to circumvent the need for external browser authentication.

Such that my profile.yml looks like:

dbt_project:
  target: default
  outputs:
    default:
      type: snowflake
      account: <sf_account_name>
      user: <sf_user_name>
      password: <sf_personal_access_token> # Snowflake PAT goes here instead of user password
      database: <sf_dev_db>
      warehouse: <sf_dev_wh>
      schema: <dbt_dev_schema>

@foundinblank

Copy link
Copy Markdown
Contributor

Ahh - that worked! I didn't know Snowflake had PATs. So handy. My setup is now totally working 🎉

@jairus-m jairus-m merged commit 071e2d5 into main Jun 5, 2025
3 checks passed
@jecolvin jecolvin deleted the feat/external-browser-auth branch June 10, 2025 17:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants