snowflake: add private key connection attributes (#933)

* snowflake: add private key connection attributes

* tests: update snaps

* Apply suggestions from code review

Co-authored-by: Aaron Jacobs <atheriel@users.noreply.github.com>

---------

Co-authored-by: Aaron Jacobs <atheriel@users.noreply.github.com>

Author: detule

R/odbc-connection.R

@@ -197,6 +197,16 @@ needs_quoting <- function(x) {
 #' * `azure_token`: This should be a string scalar; in particular Azure Active
 #'   Directory authentication token.  Only for use with Microsoft SQL Server and
 #'   with limited support away from the OEM Microsoft driver.
+#' * `sf_private_key`: This parameter is specific to establishing a connection
+#'   to `snowflake` and is understood by both OEM, as well as `Posit`
+#'   pro drivers.  Argument should be a string (scalar); in particular a
+#'   PEM-encoded private key.  Note,
+#'   if using private key authentication, the `authenticator` connection
+#'   string attribute must be set to `SNOWFLAKE_JWT`.
+#'   Using this *connection* attribute is an alternative to using the
+#'   `PRIV_KEY_FILE` connection string attribute.
+#' * `sf_private_key_password`: If key passed using `sf_private_key` is
+#'   encrypted, you can use this attribute to communicate the password.
 #' @rdname ConnectionAttributes
 #' @keywords internal
 #' @aliases ConnectionAttributes
@@ -209,9 +219,15 @@ needs_quoting <- function(x) {
 #'   dsn = "my_azure_mssql_db",
 #'   Encrypt = "yes",
 #'   attributes = list("azure_token" = .token)
-#' )
+#'
+#' conn <- dbConnect(
+#'  odbc::odbc(),
+#'  dsn = "snowflake",
+#'  attributes = list("sf_private_key" = paste(readLines("<path-to-private-key-file>"), collapse="\n"),
+#'                    "sf_private_key_password" = "<optional-private-key-encryption-password>"),
+#'  authenticator = "SNOWFLAKE_JWT")
 #' }
-SUPPORTED_CONNECTION_ATTRIBUTES <- c("azure_token")
+SUPPORTED_CONNECTION_ATTRIBUTES <- c("azure_token", "sf_private_key", "sf_private_key_password")
 
 #' Odbc Connection Methods
 #'

src/utils.cpp

@@ -5,6 +5,14 @@
 #if !defined(_WIN32) && !defined(_WIN64)
 #include <signal.h>
 #endif
+
+#ifndef SQL_DRIVER_CONN_ATTR_BASE
+    #define SQL_DRIVER_CONN_ATTR_BASE   0x00004000
+#endif
+#define SQL_SF_CONN_ATTR_BASE (SQL_DRIVER_CONN_ATTR_BASE + 0x53)
+#define SQL_SF_CONN_ATTR_PRIV_KEY (SQL_SF_CONN_ATTR_BASE + 1)
+#define SQL_SF_CONN_ATTR_PRIV_KEY_CONTENT (SQL_SF_CONN_ATTR_BASE + 3)
+#define SQL_SF_CONN_ATTR_PRIV_KEY_PASSWORD (SQL_SF_CONN_ATTR_BASE + 4)
 namespace odbc {
 namespace utils {
 
@@ -34,19 +42,42 @@ namespace utils {
       attributes.push_back(nanodbc::connection::attribute(
           SQL_ATTR_LOGIN_TIMEOUT, SQL_IS_UINTEGER, (void*)(std::intptr_t)timeout));
     }
-    std::shared_ptr< void > buffer;
     if ( r_attributes_.isNotNull() )
     {
       Rcpp::List r_attributes( r_attributes_ );
-      if ( r_attributes.containsElementNamed( "azure_token" ) &&
-          !Rf_isNull(r_attributes["azure_token"]) )
+      if (r_attributes.containsElementNamed( "azure_token" ) &&
+          !Rf_isNull(r_attributes["azure_token"]))
       {
         std::string azure_token =
           Rcpp::as<std::string>(r_attributes["azure_token"]);
         std::shared_ptr< void > buffer = serialize_azure_token( azure_token );
         attributes.push_back(nanodbc::connection::attribute(
               SQL_COPT_SS_ACCESS_TOKEN, SQL_IS_POINTER, buffer.get()));
-        buffer_context.push_back( buffer );
+        buffer_context.push_back(buffer);
+      }
+      if (r_attributes.containsElementNamed("sf_private_key") &&
+          !Rf_isNull(r_attributes["sf_private_key"]))
+      {
+        std::shared_ptr<std::string> priv_key =
+          std::make_shared<std::string>(Rcpp::as<std::string>(r_attributes["sf_private_key"]));
+        std::shared_ptr< void > buffer(malloc(priv_key->size()), std::free);
+        // Copy null terminator as well
+        std::memcpy(buffer.get(), priv_key->c_str(), priv_key->size() + 1);
+        attributes.push_back(nanodbc::connection::attribute(
+               SQL_SF_CONN_ATTR_PRIV_KEY_CONTENT, SQL_NTS, buffer.get()));
+        buffer_context.push_back(buffer);
+      }
+      if (r_attributes.containsElementNamed("sf_private_key_password") &&
+          !Rf_isNull(r_attributes["sf_private_key_password"]))
+      {
+        std::shared_ptr<std::string> key_pass =
+          std::make_shared<std::string>(Rcpp::as<std::string>(r_attributes["sf_private_key_password"]));
+        std::shared_ptr< void > buffer(malloc(key_pass->size()), std::free);
+        // Copy null terminator as well
+        std::memcpy(buffer.get(), key_pass->c_str(), key_pass->size() + 1);
+        attributes.push_back(nanodbc::connection::attribute(
+               SQL_SF_CONN_ATTR_PRIV_KEY_PASSWORD, SQL_NTS, buffer.get()));
+        buffer_context.push_back(buffer);
       }
     }
   }

tests/testthat/_snaps/utils.md

@@ -144,7 +144,7 @@
     Condition
       Error in `dbConnect()`:
       ! `attributes` does not support the connection attribute "boop".
-      i Allowed connection attribute is "azure_token".
+      i Allowed connection attributes are "azure_token", "sf_private_key", and "sf_private_key_password".
 
 ---
 
@@ -153,7 +153,7 @@
     Condition
       Error in `dbConnect()`:
       ! `attributes` does not support the connection attributes "boop" and "beep".
-      i Allowed connection attribute is "azure_token".
+      i Allowed connection attributes are "azure_token", "sf_private_key", and "sf_private_key_password".
 
 # configure_simba() errors informatively on failure to install unixODBC