bugraoz93 commented on code in PR #62378:
URL: https://github.com/apache/airflow/pull/62378#discussion_r2843233868
##########
providers/snowflake/src/airflow/providers/snowflake/hooks/snowflake.py:
##########
@@ -411,7 +411,17 @@ def _get_static_conn_params(self) -> dict[str, str | None]:
raise ValueError("The private_key_file size is too big. Please
keep it less than 4 KB.")
private_key_pem = Path(private_key_file_path).read_bytes()
elif private_key_content:
- private_key_pem = base64.b64decode(private_key_content)
+ if any(
Review Comment:
How about something like this rather than string-searching static constants?
This way you can also verify the content is loadable using `cryptography` which
is coming from Snowflake connector and used within this file :)
https://cryptography.io/en/latest/hazmat/primitives/asymmetric/serialization/#cryptography.hazmat.primitives.serialization.load_pem_private_key
``` Python
from cryptography.hazmat.primitives.serialization import load_pem_private_key
def __is_loadable_pem(self, content: str):
try:
load_pem_private_key(content, password=password)
return True
except (ValueError, TypeError):
return False
```
``` Python
if self.__is_loadable_pem(private_key_content):
private_key_pem = private_key_content.encode()
else:
private_key_pem = base64.b64decode(private_key_content)
```
Maybe rather than return false, we can also handle exceptions from
exceptions in base64 decoding and exceptions in pem file validation, then
convert accordingly. It could be too much for the PR. We can follow up as an
improvement too
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
