chore: Improve Snowflake security auth in CI #305
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #305 +/- ##
=======================================
Coverage 91.28% 91.28%
=======================================
Files 18 18
Lines 2066 2066
=======================================
Hits 1886 1886
Misses 180 180 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
@kklein I'm surprised it worked almost out of the box! |
There was a problem hiding this comment.
Pull request overview
This PR migrates Snowflake authentication from password-based to key pair authentication for CI environments, addressing Snowflake's upcoming requirement for MFA on regular user accounts which is not feasible for automated CI workflows.
Key Changes:
- Implemented private key authentication using cryptography library to load and serialize PEM keys
- Updated connection string to remove password parameter and added connect_args for private key
- Replaced SNOWFLAKE_PASSWORD with SNOWFLAKE_PRIVATE_KEY secret in CI workflow
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| tests/integration/conftest.py | Added private key loading and serialization logic, removed password authentication, and updated connection creation to use key pair auth |
| .github/workflows/ci.yaml | Updated environment variable from SNOWFLAKE_PASSWORD to SNOWFLAKE_PRIVATE_KEY |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
|
@ivergara Would you mind rerunning the pre-commit hooks? |
Snowflake is changing the auth flow. Until now, we were using a regular user account, however, those account types will require MFA which is not feasible for CI work.
The alternative I'm using here is to use a key pair.