feat(snowflake): support oauth authentication

[shekhar-rudder]

Description

This PR adds support for oauth authentication is snowflake.

• For backward compatibility, the default value of Authenticator is AuthTypeSnowflake. If the client provides its value, it will be overridden
• Added Host and Token fields in snowflake config

Linear Ticket

< Replace_with_Linear_Link >

Security

• The code changed/added as part of this pull request won't create any security issues with how the software is being used.

[codecov]

Codecov Report

Attention: Patch coverage is 57.14286% with 3 lines in your changes missing coverage. Please review.

Project coverage is 85.56%. Comparing base (c9a6308) to head (9f90552).
Report is 3 commits behind head on main.

Files with missing lines	Patch %	Lines
sqlconnect/internal/snowflake/config.go	57.14%	2 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #236      +/-   ##
==========================================
- Coverage   85.62%   85.56%   -0.07%     
==========================================
  Files          88       88              
  Lines        4571     4579       +8     
==========================================
+ Hits         3914     3918       +4     
- Misses        499      502       +3     
- Partials      158      159       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[nishantsharma]

Remove commented logs.

[atzoum]

This is what I would expect to see

package snowflake

import (
	"crypto/rsa"
	"encoding/json"
	"encoding/pem"
	"errors"
	"fmt"
	"strings"
	"time"

	"github.com/snowflakedb/gosnowflake"
	"github.com/youmark/pkcs8"
)

type Config struct {
	Account   string `json:"account"`
	Warehouse string `json:"warehouse"`
	DBName    string `json:"dbname"`
	User      string `json:"user"`
	Schema    string `json:"schema"`
	Role      string `json:"role"`
	Region    string `json:"region"`

	Protocol string `json:"protocol"` // http or https (optional)
	Host     string `json:"host"`     // hostname (optional)
	Port     int    `json:"port"`     // port (optional)

	Password string `json:"password"`

	UseKeyPairAuth       bool   `json:"useKeyPairAuth"`
	PrivateKey           string `json:"privateKey"`
	PrivateKeyPassphrase string `json:"privateKeyPassphrase"`

	UseOAuth   bool   `json:"useOAuth"`
	OAuthToken string `json:"oauthToken"`

	Application string `json:"application"`

	LoginTimeout time.Duration `json:"loginTimeout"` // default: 5m

	KeepSessionAlive  bool   `json:"keepSessionAlive"`
	UseLegacyMappings bool   `json:"useLegacyMappings"`
	QueryTag          string `json:"queryTag"`
}

func (c Config) ConnectionString() (dsn string, err error) {
	sc := gosnowflake.Config{
		Authenticator: gosnowflake.AuthTypeSnowflake,
		User:          c.User,
		Password:      c.Password,
		Account:       c.Account,
		Database:      c.DBName,
		Warehouse:     c.Warehouse,
		Schema:        c.Schema,
		Role:          c.Role,
		Region:        c.Region,
		Protocol:      c.Protocol,
		Host:          c.Host,
		Port:          c.Port,
		Application:   c.Application,
		LoginTimeout:  c.LoginTimeout,
		Params:        make(map[string]*string),
	}

	if c.UseKeyPairAuth {
		sc.Authenticator = gosnowflake.AuthTypeJwt
		privateKey, err := c.ParsePrivateKey()
		if err != nil {
			return "", fmt.Errorf("parsing private key: %w", err)
		}
		sc.PrivateKey = privateKey
	} else if c.UseOAuth {
		sc.Authenticator = gosnowflake.AuthTypeOAuth
		sc.Token = c.OAuthToken
	}

	if c.KeepSessionAlive {
		valueTrue := "true"
		sc.Params["client_session_keep_alive"] = &valueTrue
	}

	if c.QueryTag != "" {
		sc.Params["query_tag"] = &c.QueryTag
	}

	dsn, err = gosnowflake.DSN(&sc)
	if err != nil {
		err = fmt.Errorf("creating dsn: %v", err)
	}
	return
}

func (c *Config) Parse(configJSON json.RawMessage) error {
	return json.Unmarshal(configJSON, c)
}

func (c *Config) ParsePrivateKey() (*rsa.PrivateKey, error) {
	block, _ := pem.Decode([]byte(normalisePem(c.PrivateKey)))
	if block == nil {
		return nil, errors.New("decoding private key failed")
	}

	var opts [][]byte
	if len(c.PrivateKeyPassphrase) > 0 {
		opts = append(opts, []byte(c.PrivateKeyPassphrase))
	}

	rsaPrivateKey, err := pkcs8.ParsePKCS8PrivateKeyRSA(block.Bytes, opts...)
	if err != nil {
		return nil, fmt.Errorf("parsing private key: %w", err)
	}
	return rsaPrivateKey, nil
}

// normalisePem formats the content of certificates and keys by adding necessary newlines around specific markers.
func normalisePem(content string) string {
	// Remove all existing newline characters and replace them with a space
	formattedContent := strings.ReplaceAll(content, "\n", " ")

	// Add a newline after specific BEGIN markers
	formattedContent = strings.Replace(formattedContent, "-----BEGIN CERTIFICATE-----", "-----BEGIN CERTIFICATE-----\n", 1)
	formattedContent = strings.Replace(formattedContent, "-----BEGIN RSA PRIVATE KEY-----", "-----BEGIN RSA PRIVATE KEY-----\n", 1)
	formattedContent = strings.Replace(formattedContent, "-----BEGIN ENCRYPTED PRIVATE KEY-----", "-----BEGIN ENCRYPTED PRIVATE KEY-----\n", 1)
	formattedContent = strings.Replace(formattedContent, "-----BEGIN PRIVATE KEY-----", "-----BEGIN PRIVATE KEY-----\n", 1)

	// Add a newline before and after specific END markers
	formattedContent = strings.Replace(formattedContent, "-----END CERTIFICATE-----", "\n-----END CERTIFICATE-----\n", 1)
	formattedContent = strings.Replace(formattedContent, "-----END RSA PRIVATE KEY-----", "\n-----END RSA PRIVATE KEY-----\n", 1)
	formattedContent = strings.Replace(formattedContent, "-----END ENCRYPTED PRIVATE KEY-----", "\n-----END ENCRYPTED PRIVATE KEY-----\n", 1)
	formattedContent = strings.Replace(formattedContent, "-----END PRIVATE KEY-----", "\n-----END PRIVATE KEY-----\n", 1)

	return formattedContent
}