search

snowflakedb / snowflake-connector-python

Snowflake Connector for Python
https://pypi.python.org/pypi/snowflake-connector-python/
Apache License 2.0
568 stars 456 forks source link

SNOW-1435508: Adding support for auth through SSH Agent #1947

Open sfc-gh-thardie opened 1 month ago

sfc-gh-thardie commented 1 month ago

Please answer these questions before submitting your pull requests. Thanks!

  1. What GitHub issue is this PR addressing? Make sure that there is an accompanying issue to your PR.

    Fixes SNOW-1435508

  2. Fill out the following pre-review checklist:

    • [ ] I am adding a new automated test(s) to verify correctness of my new code
    • [ ] I am adding new logging messages
    • [ ] I am adding a new telemetry message
    • [x] I am modifying authorization mechanisms
    • [ ] I am adding new credentials
    • [ ] I am modifying OCSP code
    • [x] I am adding a new dependency

  3. Please describe how your code solves the related issue.

This adds support to be able to authenticate to a Snowflake deployment using a key stored in an SSH Agent. This means you can use local SSH Keys, a Yubikey with a non-exportable private key, or 1Password as your SSH Agent. On the Snowflake side, you need top convert the SSH Public key to a PKCS#1 public key and load that into the user as a RSA_PUBLIC_KEY.

To convert an SSH public key to a PKCS#1 public key, use the following command (assuming the ssh public key is in a file called pubkey): ssh-keygen -f pubkey -e -m pem | openssl rsa -RSAPublicKey_in -pubout

This also adds a dependency on paramiko to talk to the local ssh agent

github-actions[bot] commented 1 month ago


Thank you for your submission, we really appreciate it. Like many open-source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution. You can sign the CLA by just posting a Pull Request Comment same as the below format.

I have read the CLA Document and I hereby sign the CLA

You can retrigger this bot by commenting recheck in this Pull Request. Posted by the CLA Assistant Lite bot.

sfc-gh-thardie commented 1 month ago

I can't figure out the linting problems. Running the git command mentioned works fine from the command line.

When I try to run it locally, I get


[INFO] Initializing environment for https://github.com/pre-commit/pre-commit-hooks.
An unexpected error has occurred: CalledProcessError: command: ('/usr/bin/git', 'fetch', 'origin', '--tags')
return code: 128
stdout: (none)
stderr:
    git@github.com: Permission denied (publickey).
    fatal: Could not read from remote repository.

    Please make sure you have the correct access rights
    and the repository exists.
Check the log at /Users/thardie/.cache/pre-commit/pre-commit.log
fix_lint: exit 3 (1.44 seconds) /Users/thardie/git/snowflake-connector-python> pre-commit run --all-files pid=44128
  fix_lint: FAIL code 3 (1.45=setup[0.00]+cmd[1.44] seconds)
  evaluation failed :( (1.63 seconds)```
sfc-gh-yixie commented 1 month ago

Please add test code. This is worth python connector documentation change. We should create a JIRA for the document team.

sfc-gh-thardie commented 1 month ago

As I mentioned above, I cannot get the test framework to go. I don't see how to fix the problem I mentioned, so I'm unable to get any tests to work.

Could I get some help in fixing this, so I can get the test framework working?

sfc-gh-thardie commented 1 month ago

NOTE: DO NOT MERGE until this has gone through a security review

sfc-gh-jdu commented 1 month ago

I can't figure out the linting problems. Running the git command mentioned works fine from the command line.

When I try to run it locally, I get

[INFO] Initializing environment for https://github.com/pre-commit/pre-commit-hooks.
An unexpected error has occurred: CalledProcessError: command: ('/usr/bin/git', 'fetch', 'origin', '--tags')
return code: 128
stdout: (none)
stderr:
    git@github.com: Permission denied (publickey).
    fatal: Could not read from remote repository.

    Please make sure you have the correct access rights
    and the repository exists.
Check the log at /Users/thardie/.cache/pre-commit/pre-commit.log
fix_lint: exit 3 (1.44 seconds) /Users/thardie/git/snowflake-connector-python> pre-commit run --all-files pid=44128
  fix_lint: FAIL code 3 (1.45=setup[0.00]+cmd[1.44] seconds)
  evaluation failed :( (1.63 seconds)```

You may try tox -e fix_lint

sfc-gh-thardie commented 1 month ago

tox -e fix_lint

That's the command that give me the above error...

sfc-gh-thardie commented 1 month ago

I can't figure out the linting problems. Running the git command mentioned works fine from the command line. When I try to run it locally, I get

[INFO] Initializing environment for https://github.com/pre-commit/pre-commit-hooks.
An unexpected error has occurred: CalledProcessError: command: ('/usr/bin/git', 'fetch', 'origin', '--tags')
return code: 128
stdout: (none)
stderr:
    git@github.com: Permission denied (publickey).
    fatal: Could not read from remote repository.

    Please make sure you have the correct access rights
    and the repository exists.
Check the log at /Users/thardie/.cache/pre-commit/pre-commit.log
fix_lint: exit 3 (1.44 seconds) /Users/thardie/git/snowflake-connector-python> pre-commit run --all-files pid=44128
  fix_lint: FAIL code 3 (1.45=setup[0.00]+cmd[1.44] seconds)
  evaluation failed :( (1.63 seconds)```

You may try tox -e fix_lint

I ran this command and was able to get it working: pre-commit run --all-files

There is something tox is doing to mess up the environment and it doesn't honor any of the environment settings for SSH Agent or .ssh/config settings.