The snowflake connector requires a passphrase.
How to reproduce the bug
- Configure new database connection with the URI
snowflake://{user}:{password}@{account}.{region}/{database}
- Add security extra:
{
"auth_method": "keypair",
"auth_params": {
"privatekey_path":"/certs/my_cert.p8"
}
}
- Click Finish
- See error
Expected results
The connection should work successfully.
Actual results
Error An error occurred while creating databases: 'privatekey_pass'
appears.
Environment
(please complete the following information):
- Firefox 109.0.1 (64-bit)
- superset version:
Superset 0.0.0-dev
( - python version:
Python 3.8.16
- any feature flags active:
FROM apache/superset:latest
USER root
RUN pip install snowflake-sqlalchemy
USER superset
Checklist
Make sure to follow these steps before submitting your issue - thank you!
- [✅] I have checked the superset logs for python stacktraces and included it here as text if there are any.
- [✅] I have reproduced the issue with at least the latest released version of superset.
- [✅] I have checked the issue tracker for the same issue and I haven't found one similar.
Additional context
Here are other possible configurations and their errors:
{
"auth_method": "keypair",
"auth_params": {
"privatekey_path":"/certs/my_cert.p8",
"privatekey_pass": ""
}
}
Error: An error occurred while creating databases: Password was given but private key is not encrypted.
{
"auth_method": "keypair",
"auth_params": {
"privatekey_path":"/certs/my_cert.p8",
"privatekey_pass": null
}
}
Error: ERROR: 'NoneType' object has no attribute 'encode'
Solution(s)
Add logic to accept private key as is if no passphrase is provided.
Comment From: tonofll
Hi @betodealmeida , is there any update on this or a workaround to use a private key without password?
Issue is on line 373, since if password
doesn't exists (null
), it can't be encoded.
https://github.com/apache/superset/blob/ed14f36c558459c6dd231dcbcdf6fe52ca15998e/superset/db_engine_specs/snowflake.py#L371-L375
However serialization.load_pem_private_key
accepts password null values (Optional[bytes]
)
https://github.com/pyca/cryptography/blob/75b002ae7fb1f263fdd4983d0c23493878e127fe/src/cryptography/hazmat/primitives/serialization/base.py#L16
def load_pem_private_key(
data: bytes, password: typing.Optional[bytes], backend=None
) -> _PRIVATE_KEY_TYPES:
backend = _get_backend(backend)
return backend.load_pem_private_key(data, password)
Comment From: mvdbosch
Any update on this issue?
Comment From: rusackas
Tempted to close this as stale... and I swear this has been reported elsewhere, but giving a ping to @villebro as well, who might have run into this situation.
Comment From: emattson
I hit this same issue this morning
Comment From: rusackas
Can anyone validate if this is still an issue we're concerned with, and if it's in 4.1.1/5.0.0?
Comment From: junyoneyama
Can anyone validate if this is still an issue we're concerned with, and if it's in 4.1.1/5.0.0?
I met the same issue in 4.1.1.
Base Docker image: apache/superset:4.1.1
Additional dependency: snowflake-sqlalchemy==1.7.3
Comment From: stanislav-dombrovskiy-dp
I used this doc
snowflake://<Username>@<Account>/<Database>?role=<Role>&warehouse=<Warehouse>
{
"auth_method": "keypair",
"auth_params": {
"privatekey_body": "-----BEGIN ENCRYPTED PRIVATE KEY-----\n...\n...\n-----END ENCRYPTED PRIVATE KEY-----",
"privatekey_pass":"my_password"
}
}
And I get this error:
An error occurred while creating databases: Password was given but private key is not encrypted.
Comment From: JohnDietrich-Pepper
Yep same issue which is a problem since Snowflake is moving to MFA or requiring key pair
Comment From: JDietrich-Pepper
@rusackas @villebro Looking for updates because we are getting close if we want to redevelop in a different platform before the MFA cutover.