Snowflake connector requires passphrase

mtucker502 commented 1 year ago

The snowflake connector requires a passphrase.

How to reproduce the bug

Configure new database connection with the URI snowflake://{user}:{password}@{account}.{region}/{database}

Add security extra:

{
"auth_method": "keypair",
"auth_params": {
    "privatekey_path":"/certs/my_cert.p8"
}
}

Click Finish
See error

Expected results

The connection should work successfully.

Actual results

Error An error occurred while creating databases: 'privatekey_pass' appears.

Environment

(please complete the following information):

Firefox 109.0.1 (64-bit)
superset version: Superset 0.0.0-dev (
python version: Python 3.8.16
any feature flags active:

FROM apache/superset:latest

USER root

RUN pip install snowflake-sqlalchemy

USER superset

Checklist

Make sure to follow these steps before submitting your issue - thank you!

[✅] I have checked the superset logs for python stacktraces and included it here as text if there are any.
[✅] I have reproduced the issue with at least the latest released version of superset.
[✅] I have checked the issue tracker for the same issue and I haven't found one similar.

Additional context

Here are other possible configurations and their errors:

{
    "auth_method": "keypair",
    "auth_params": {
        "privatekey_path":"/certs/my_cert.p8",
        "privatekey_pass": ""
    }
}

Error: An error occurred while creating databases: Password was given but private key is not encrypted.

{
    "auth_method": "keypair",
    "auth_params": {
        "privatekey_path":"/certs/my_cert.p8",
        "privatekey_pass": null
    }
}

Error: ERROR: 'NoneType' object has no attribute 'encode'

Solution(s)

Add logic to accept private key as is if no passphrase is provided.

tonofll commented 10 months ago

Hi @betodealmeida , is there any update on this or a workaround to use a private key without password?

Issue is on line 373, since if password doesn't exists (null), it can't be encoded.

https://github.com/apache/superset/blob/ed14f36c558459c6dd231dcbcdf6fe52ca15998e/superset/db_engine_specs/snowflake.py#L371-L375

However serialization.load_pem_private_key accepts password null values (Optional[bytes])

https://github.com/pyca/cryptography/blob/75b002ae7fb1f263fdd4983d0c23493878e127fe/src/cryptography/hazmat/primitives/serialization/base.py#L16

def load_pem_private_key(
    data: bytes, password: typing.Optional[bytes], backend=None
) -> _PRIVATE_KEY_TYPES:
    backend = _get_backend(backend)
    return backend.load_pem_private_key(data, password)

mvdbosch commented 9 months ago

Any update on this issue?

rusackas commented 4 months ago

Tempted to close this as stale... and I swear this has been reported elsewhere, but giving a ping to @villebro as well, who might have run into this situation.

emattson commented 3 months ago

I hit this same issue this morning

apache / superset