Open sfc-gh-vtimofeenko opened 1 week ago
Interesting, I can't replicate the behavior. After this change I'm getting TypeError: Password was not given but private key is encrypted
on my key. While it works fine without your change. FYI the implementation is based on snowsql --generate-jwt
Looks like the latest version produces the same error without my patch:
❯ pipx install git+https://github.com/snowflakedb/snowflake-cli.git
⚠️ Note: snow was already on your PATH at /Users/vtimofeenko/.nix-profile/bin/snow
installed package snowflake-cli 3.2.0.dev0, installed using Python 3.11.9
These apps are now globally available
- snow
done! ✨ 🌟 ✨
❯ ~/.local/bin/snow --version
Snowflake CLI version: 3.2.0.dev0
❯ ~/.local/bin/snow --config-file=./test.toml connection generate-jwt
...config_manager.py:351: UserWarning: Bad owner or permissions on test.toml.
* To change owner, run `chown $USER "test.toml"`.
* To restrict permissions, run `chmod 0600 "test.toml"`.
warn(f"Bad owner or permissions on {str(filep)}{chmod_message}")
Enter private key file password (Press enter if none) []:
An unexpected exception occurred. Use --debug option to see the traceback. Exception message:
Password was given but private key is not encrypted.
❯ cat test.toml
[connections.default]
account = "<REDACTED>"
user = "snowcli_key_test"
private_key_path = "<REDACTED>"
If using RC4:
❯ pipx install git+https://github.com/snowflakedb/snowflake-cli.git@v3.1.0-rc4
⚠️ Note: snow was already on your PATH at /Users/vtimofeenko/.nix-profile/bin/snow
installed package snowflake-cli 3.1.0rc4, installed using Python 3.11.9
These apps are now globally available
- snow
done! ✨ 🌟 ✨
❯ ~/.local/bin/snow --version
Snowflake CLI version: 3.1.0rc4
❯ ~/.local/bin/snow --config-file=./test.toml connection generate-jwt
# <same complaint about permissions>
Enter private key file password (Press enter if none) []:
An unexpected exception occurred. Use --debug option to see the traceback. Exception message:
Password was given but private key is not encrypted.
SnowCLI version
Snowflake CLI version: 3.2.0.dev0
Python version
Python 3.11.6
Platform
macOS-14.7-arm64-arm-64bit
What happened
For a key without passphrase, the passphrase is passed as empty string instead of
None
.Potential fixes
Use dynamic defaults for prompts
Move passphrase to arguments for
generate_jwt
function and use this click approach allows automating the "don't show prompt if envvar is set".Use value_proc in typer's prompt
Basically this will use a tiny value post-processor which turns empty string into None. Seems to work (all tests pass, jwt is generated); I'd be happy to submit a PR.
Console output
How to reproduce