superset icon indicating copy to clipboard operation
superset copied to clipboard
Published 3 weeks ago verified publisher icon apache

Snowflake connector requires passphrase

Open mtucker502 opened this issue 2 years ago • 3 comments

The snowflake connector requires a passphrase.

How to reproduce the bug

  1. Configure new database connection with the URI snowflake://{user}:{password}@{account}.{region}/{database}
  2. Add security extra:
{
    "auth_method": "keypair",
    "auth_params": {
        "privatekey_path":"/certs/my_cert.p8"
    }
}
  1. Click Finish
  2. See error

Expected results

The connection should work successfully.

Actual results

Error An error occurred while creating databases: 'privatekey_pass' appears.

Environment

(please complete the following information):

  • Firefox 109.0.1 (64-bit)
  • superset version: Superset 0.0.0-dev (
  • python version: Python 3.8.16
  • any feature flags active:
FROM apache/superset:latest

USER root

RUN pip install snowflake-sqlalchemy

USER superset

Checklist

Make sure to follow these steps before submitting your issue - thank you!

  • [✅] I have checked the superset logs for python stacktraces and included it here as text if there are any.
  • [✅] I have reproduced the issue with at least the latest released version of superset.
  • [✅] I have checked the issue tracker for the same issue and I haven't found one similar.

Additional context

Here are other possible configurations and their errors:

{
    "auth_method": "keypair",
    "auth_params": {
        "privatekey_path":"/certs/my_cert.p8",
        "privatekey_pass": ""
    }
}

Error: An error occurred while creating databases: Password was given but private key is not encrypted.

{
    "auth_method": "keypair",
    "auth_params": {
        "privatekey_path":"/certs/my_cert.p8",
        "privatekey_pass": null
    }
}

Error: ERROR: 'NoneType' object has no attribute 'encode'

Solution(s)

Add logic to accept private key as is if no passphrase is provided.

mtucker502 avatar Mar 02 '23 15:03 mtucker502

Hi @betodealmeida , is there any update on this or a workaround to use a private key without password?

Issue is on line 373, since if password doesn't exists (null), it can't be encoded.

https://github.com/apache/superset/blob/ed14f36c558459c6dd231dcbcdf6fe52ca15998e/superset/db_engine_specs/snowflake.py#L371-L375

However serialization.load_pem_private_key accepts password null values (Optional[bytes])

https://github.com/pyca/cryptography/blob/75b002ae7fb1f263fdd4983d0c23493878e127fe/src/cryptography/hazmat/primitives/serialization/base.py#L16

def load_pem_private_key(
    data: bytes, password: typing.Optional[bytes], backend=None
) -> _PRIVATE_KEY_TYPES:
    backend = _get_backend(backend)
    return backend.load_pem_private_key(data, password)

tonofll avatar Oct 27 '23 17:10 tonofll

Any update on this issue?

mvdbosch avatar Dec 08 '23 11:12 mvdbosch

Tempted to close this as stale... and I swear this has been reported elsewhere, but giving a ping to @villebro as well, who might have run into this situation.

rusackas avatar Apr 23 '24 22:04 rusackas

I hit this same issue this morning

emattson avatar Jun 01 '24 17:06 emattson