XD-DENG commented on a change in pull request #4875: [AIRFLOW-4031] Allow for key pair auth in snowflake hook URL: https://github.com/apache/airflow/pull/4875#discussion_r263653773
########## File path: airflow/contrib/hooks/snowflake_hook.py ########## @@ -64,6 +66,33 @@ def _get_conn_params(self): "region": self.region or region or '', "role": self.role or role or '', } + + """ + If private_key_file is specified in the extra json, load the contents of the file as a private + key and specify that in the connection configuration. The connection password then becomes the + passphrase for the private key. If your private key file is not encrypted (not recommended), then + leave the password empty. + """ + private_key_file = conn.extra_dejson.get('private_key_file', None) + if private_key_file is not None: + with open(private_key_file, "rb") as key: + passphrase = None + if conn.password is not None and conn.password.strip() != '': + passphrase = conn.password.strip().encode() + + p_key = serialization.load_pem_private_key( + key.read(), + password=passphrase, + backend=default_backend() + ) + + pkb = p_key.private_bytes(encoding=serialization.Encoding.DER, + format=serialization.PrivateFormat.PKCS8, + encryption_algorithm=serialization.NoEncryption()) + + conn_config['private_key'] = pkb + conn_config.pop('password', None) Review comment: Curious why we pop out `password` here? ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services