SNOW-1435508: Adding support for auth through SSH Agent

[sfc-gh-thardie]

Please answer these questions before submitting your pull requests. Thanks!

1. What GitHub issue is this PR addressing? Make sure that there is an accompanying issue to your PR.

   Fixes SNOW-1435508

2. Fill out the following pre-review checklist:

   • I am adding a new automated test(s) to verify correctness of my new code
   • I am adding new logging messages
   • I am adding a new telemetry message
   • I am modifying authorization mechanisms
   • I am adding new credentials
   • I am modifying OCSP code
   • I am adding a new dependency

3. Please describe how your code solves the related issue.

This adds support to be able to authenticate to a Snowflake deployment using a key stored in an SSH Agent. This means you can use local SSH Keys, a Yubikey with a non-exportable private key, or 1Password as your SSH Agent. On the Snowflake side, you need top convert the SSH Public key to a PKCS#1 public key and load that into the user as a RSA_PUBLIC_KEY.

To convert an SSH public key to a PKCS#1 public key, use the following command (assuming the ssh public key is in a file called pubkey): ssh-keygen -f pubkey -e -m pem | openssl rsa -RSAPublicKey_in -pubout

This also adds a dependency on paramiko to talk to the local ssh agent

[github-actions]

Thank you for your submission, we really appreciate it. Like many open-source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution. You can sign the CLA by just posting a Pull Request Comment same as the below format.

---

I have read the CLA Document and I hereby sign the CLA

---

_{You can retrigger this bot by commenting recheck in this Pull Request. Posted by the CLA Assistant Lite bot.}

[sfc-gh-thardie]

I can't figure out the linting problems. Running the git command mentioned works fine from the command line.

When I try to run it locally, I get

[INFO] Initializing environment for https://github.com/pre-commit/pre-commit-hooks.
An unexpected error has occurred: CalledProcessError: command: ('/usr/bin/git', 'fetch', 'origin', '--tags')
return code: 128
stdout: (none)
stderr:
    [email protected]: Permission denied (publickey).
    fatal: Could not read from remote repository.

    Please make sure you have the correct access rights
    and the repository exists.
Check the log at /Users/thardie/.cache/pre-commit/pre-commit.log
fix_lint: exit 3 (1.44 seconds) /Users/thardie/git/snowflake-connector-python> pre-commit run --all-files pid=44128
  fix_lint: FAIL code 3 (1.45=setup[0.00]+cmd[1.44] seconds)
  evaluation failed :( (1.63 seconds)```

[sfc-gh-yixie]

Please add test code.
This is worth python connector documentation change. We should create a JIRA for the document team.

[sfc-gh-thardie]

As I mentioned above, I cannot get the test framework to go. I don't see how to fix the problem I mentioned, so I'm unable to get any tests to work.

Could I get some help in fixing this, so I can get the test framework working?

[sfc-gh-yixie]

@sfc-gh-jfan We added a new dependency to python connector. Does it need to be reviewed by your team, or a tool has checked it?

[sfc-gh-thardie]

NOTE: DO NOT MERGE until this has gone through a security review

[sfc-gh-jdu]

I can't figure out the linting problems. Running the git command mentioned works fine from the command line.

When I try to run it locally, I get

[INFO] Initializing environment for https://github.com/pre-commit/pre-commit-hooks.
An unexpected error has occurred: CalledProcessError: command: ('/usr/bin/git', 'fetch', 'origin', '--tags')
return code: 128
stdout: (none)
stderr:
    [email protected]: Permission denied (publickey).
    fatal: Could not read from remote repository.

    Please make sure you have the correct access rights
    and the repository exists.
Check the log at /Users/thardie/.cache/pre-commit/pre-commit.log
fix_lint: exit 3 (1.44 seconds) /Users/thardie/git/snowflake-connector-python> pre-commit run --all-files pid=44128
  fix_lint: FAIL code 3 (1.45=setup[0.00]+cmd[1.44] seconds)
  evaluation failed :( (1.63 seconds)```

You may try tox -e fix_lint

[sfc-gh-thardie]

tox -e fix_lint

That's the command that give me the above error...

[sfc-gh-thardie]

I can't figure out the linting problems. Running the git command mentioned works fine from the command line.
When I try to run it locally, I get

[INFO] Initializing environment for https://github.com/pre-commit/pre-commit-hooks.
An unexpected error has occurred: CalledProcessError: command: ('/usr/bin/git', 'fetch', 'origin', '--tags')
return code: 128
stdout: (none)
stderr:
    [email protected]: Permission denied (publickey).
    fatal: Could not read from remote repository.

    Please make sure you have the correct access rights
    and the repository exists.
Check the log at /Users/thardie/.cache/pre-commit/pre-commit.log
fix_lint: exit 3 (1.44 seconds) /Users/thardie/git/snowflake-connector-python> pre-commit run --all-files pid=44128
  fix_lint: FAIL code 3 (1.45=setup[0.00]+cmd[1.44] seconds)
  evaluation failed :( (1.63 seconds)```

You may try tox -e fix_lint

I ran this command and was able to get it working: pre-commit run --all-files

There is something tox is doing to mess up the environment and it doesn't honor any of the environment settings for SSH Agent or .ssh/config settings.