XD-DENG commented on a change in pull request #4875: [AIRFLOW-4031] Allow for
key pair auth in snowflake hook
URL: https://github.com/apache/airflow/pull/4875#discussion_r263653773
##########
File path: airflow/contrib/hooks/snowflake_hook.py
##########
@@ -64,6 +66,33 @@ def _get_conn_params(self):
"region": self.region or region or '',
"role": self.role or role or '',
}
+
+ """
+ If private_key_file is specified in the extra json, load the contents
of the file as a private
+ key and specify that in the connection configuration. The connection
password then becomes the
+ passphrase for the private key. If your private key file is not
encrypted (not recommended), then
+ leave the password empty.
+ """
+ private_key_file = conn.extra_dejson.get('private_key_file', None)
+ if private_key_file is not None:
+ with open(private_key_file, "rb") as key:
+ passphrase = None
+ if conn.password is not None and conn.password.strip() != '':
+ passphrase = conn.password.strip().encode()
+
+ p_key = serialization.load_pem_private_key(
+ key.read(),
+ password=passphrase,
+ backend=default_backend()
+ )
+
+ pkb = p_key.private_bytes(encoding=serialization.Encoding.DER,
+ format=serialization.PrivateFormat.PKCS8,
+
encryption_algorithm=serialization.NoEncryption())
+
+ conn_config['private_key'] = pkb
+ conn_config.pop('password', None)
Review comment:
Curious why we pop out `password` here?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
