astronomer.providers.snowflake.hooks.sql_api_generate_jwt

Attributes

logger

ISSUER

EXPIRE_TIME

ISSUE_TIME

SUBJECT

Classes

JWTGenerator

Creates and signs a JWT with the specified private key file, username, and account identifier.

Module Contents

astronomer.providers.snowflake.hooks.sql_api_generate_jwt.logger
astronomer.providers.snowflake.hooks.sql_api_generate_jwt.ISSUER = 'iss'
astronomer.providers.snowflake.hooks.sql_api_generate_jwt.EXPIRE_TIME = 'exp'
astronomer.providers.snowflake.hooks.sql_api_generate_jwt.ISSUE_TIME = 'iat'
astronomer.providers.snowflake.hooks.sql_api_generate_jwt.SUBJECT = 'sub'
class astronomer.providers.snowflake.hooks.sql_api_generate_jwt.JWTGenerator(account, user, private_key, lifetime=LIFETIME, renewal_delay=RENEWAL_DELTA)[source]

Creates and signs a JWT with the specified private key file, username, and account identifier. The JWTGenerator keeps the generated token and only regenerates the token if a specified period of time has passed.

Creates an object that generates JWTs for the specified user, account identifier, and private key

Parameters:
  • account (str) – Your Snowflake account identifier. See https://docs.snowflake.com/en/user-guide/admin-account-identifier.html. Note that if you are using the account locator, exclude any region information from the account locator.

  • user (str) – The Snowflake username.

  • private_key (Any) – Private key from the file path for signing the JWTs.

  • lifetime (datetime.timedelta) – The number of minutes (as a timedelta) during which the key will be valid.

  • renewal_delay (datetime.timedelta) – The number of minutes (as a timedelta) from now after which the JWT generator should renew the JWT.

LIFETIME
RENEWAL_DELTA
ALGORITHM = 'RS256'
account
user
qualified_username
lifetime
renewal_delay
private_key
renew_time
token: str | None = None
prepare_account_name_for_jwt(raw_account)[source]

Prepare the account identifier for use in the JWT. For the JWT, the account identifier must not include the subdomain or any region or cloud provider information.

Parameters:

raw_account (str) – The specified account identifier.

get_token()[source]

Generates a new JWT. If a JWT has been already been generated earlier, return the previously generated token unless the specified renewal time has passed.

calculate_public_key_fingerprint(private_key)[source]

Given a private key in PEM format, return the public key fingerprint.

Parameters:

private_key (Any) – private key