R JDBC snowflake connection using ssh key auth - r

I have a Rstudio setup with no browser and only terminal access to internet.
Having issues following the guides for snowflake connections with Rstudio and dplyr library using ssh keys for auth, can confirm access to the tenant via browser outside of terminal. I also tried the jdbcDriver jar directly and connection to no avail.
Any pointers would be helpful
Examples below, tried with and without region
install.packages(c("rJava"))
install.packages(c("RJDBC", "DBI", "dplyr"))
install.packages("devtools")
devtools::install_github("snowflakedb/dplyr-snowflakedb")
library(RJDBC)
library(dplyr)
library(dplyr.snowflakedb)
options(dplyr.jdbc.classpath = "/opt/snowflake-jdbc-3.9.2.jar")
snowflake_con <- src_snowflakedb(user = "myusername#domain.comm", password = "mypassword", private_key_file = "/home/ssh-keys/rsa_key.p8", private_key_file_pwd="myfilepassword", host = "myhost.eastus2.snowflakecomputing.com", opts = list(warehouse = "WAREHSE", db = "DB", schema = "CB", authenticator="externalbrowser"))
jdbcConnection <- dbConnect(jdbcDriver, "jdbc:snowflake://<account><.region_id>.snowflakecomputing.com", "<username>","<password>")
jdbcConnection <- dbConnect(jdbcDriver, "jdbc:myhost.eastus2.snowflakecomputing.com", private_key_file = "/home/ssh-keys/rsa_key.p8", private_key_file_pwd="myfilepassword")
tried following snowflakes guide here but this just uses username and password which requires the auth verified.
https://community.snowflake.com/s/article/connecting-r-to-snowflake-using-the-jdbc-driver-mac-os-x
https://snowflakecommunity.force.com/s/article/How-TO

You will either need a user configured with password authentication or Key Pair Authentication. SSO authentication will not work for you in the absence of a browser. After creating the keys, you will need to assign the key to the Snowflake user. Finally, here is how to configure JDBC configuration to use key pair authentication

Related

User authentication and password storage in R Shiny using sodium

I am implementing a log in page to a ShinyApp (I cannot use any paid features of Shiny Server Pro or anything like that) and came accross some sample code to do so on the following website:
https://www.listendata.com/2019/06/how-to-add-login-page-in-shiny-r.html
It uses the sodium package which is build on sodium to store and check passwords. The relevant code is
credentials = data.frame(
username_id = c("myuser", "myuser1"),
passod = sapply(c("mypass", "mypass1"), sodium::password_store),
permission = c("basic", "advanced"),
stringsAsFactors = FALSE,
)
The use inputs a username and password through a text box and then the shinyapp checks for a match using the function sodium::password_verify
The first thing I noticed is that the passwords get stored as rownames:
> credentials
username_id
mypass myuser
mypass1 myuser1
passod
mypass $7$C6..../....etc..
mypass1 $7$C6..../....etc..
permission
mypass basic
mypass1 advanced
Is this a mistake? Surely this defeats the point of storing the passwords as hashes.
Once I've added row.names = NULL to the dataframe, is this a reasonably secure method to store log in details? Are there other methods/packages or other free services to manage user accounts and authentication to Shiny?

Error when signing into R Studio on Google Cloud VM: Unable to connect to service

I want to run Rstudio on a VM through Google Cloud Platform. Everything seems to work except when I sign in to RStudio I receive an 'RStudio Initialization Error': "Unable to connect to service". My username and password are correct as if they're wrong it tells me so.
I created the instance using RStudio on my laptop. I've tried adding a rule in Google Cloud Platform to allow all access to the IP address but that did not work.
#My Code
library(googleComputeEngineR)
#Setup ------------
project <- "r-bench"
zone <- "europe-west1-b"
account_key <- "gcs-key.json"
Sys.setenv(GCE_AUTH_FILE = account_key,
GCE_DEFAULT_PROJECT_ID = project,
GCE_DEFAULT_ZONE = zone)
gce_auth()
#Set our default global project
gce_global_project(project)
gce_global_zone(zone)
default_project <- gce_get_project("r-bench")
default_project$name
#Deploy instance
vm <- gce_vm(template = "rstudio",
name = "rstudio-demo",
username = "rstudio",
password = "xxxxxxxx",
predefined_type = "n1-standard-1")
I expect to sign in and use RStudio as normal. Instead, I receive the error I mentioned previously.
If I am not mistaken using rstudio is a reserved name and as a username is not allowed.

Authenticating google sheets on AWS Ubuntu without browser

I'm running R Studio on an AWS "Ubuntu Server 12.04.2" and accessing R Studio via my browser.
When I try to authenticate google auth API using the package googlesheets with the code:
gs_auth(token = NULL, new_user = FALSE,
key = getOption("googlesheets.client_id"),
secret = getOption("googlesheets.client_secret"),
cache = getOption("googlesheets.httr_oauth_cache"), verbose = TRUE)
The problem here is that it redirects me to browser which is of local machine (windows based).
Even if I authorize it, it redirects to a URL like "http://localhost:1410/?state=blahblah&code=blahblah".
How do I authorize googlesheets in such case?
I have even tried transfering existing httr-oauth token from my windows machine to remove ubuntu server.
The simplest way to create a gs_auth token from a server is to set the httr_oob_default option to true, which will tell httr to use the out of band method for authenticating. You will be given a URL and expected to return an authorization code.
library(googlesheets)
options(httr_oob_default=TRUE)
gs_auth(new_user = TRUE)
gs_ls()
One thing httr does when you set the httr_oob_default option is to redefine the URI to urn:ietf:wg:oauth:2.0:oob as seen in the code for oauth-init.
Alternatively, you can create a .httr-oauth token manually using httr commands. Use the out of band authentication mode by setting use_oob=TRUE in the oauth2.0_token command.
library(googlesheets)
library(httr)
file.remove('.httr-oauth')
oauth2.0_token(
endpoint = oauth_endpoints("google"),
app = oauth_app(
"google",
key = getOption("googlesheets.client_id"),
secret = getOption("googlesheets.client_secret")
),
scope = c(
"https://spreadsheets.google.com/feeds",
"https://www.googleapis.com/auth/drive"),
use_oob = TRUE,
cache = TRUE
)
gs_ls()
Another, less elegant, solution is to create the .httr-oauth token on your desktop and then copying the file to a server.
After lot of head banging, I found that a package "httpuv" which supports HTTP handling and WebSocket requests from R was creating the problem. It was forcing R to open web browser.
Once I uninstalled this package, "googlesheets" gave me a link which I could paste in browser separately and then paste the auth code back in R server.

Configuring listener_endpoint in httr when using Rstudio server

I;'m struggling to connect to Google Analytics with httr oauth2.0 function
oauth2.0_token(oauth_endpoints("google")
, oauth_app("google", client.id, client.secret)
, scope = "https://www.googleapis.com/auth/analytics.readonly")
It works perfectly in my local Rstudio, but it breaks in AWS-based Rstudio Server. The error appears when I agree to pass data in browser and Google redirects me to the page
http://localhost:1410/?state=codehere
When launching authentication in local Rstudio, browser responds with a message - Authentication complete. Please close this page and return to R, incase of Rstudio server it's just This webpage is not available
I suspect I need to change listener_endpoint configuration, but how? Should I put my Rstudio server address instead of default 127.0.0.1? Or is it flaw of httr+Rtudio server and I should not bother?
Your redirect URI is part of the problem. Httr's oauth2.0_token() function identify the correct one. When you set up your project, Google Analytics created two redirect URIs, one that can be used on your RStudio IDE (local) and one that can be used in the RStudio web-based environment for out-of-of band authentication: "urn:ietf:wg:oauth:2.0:oob"
Once you've authenticated, the following code should work.
library(httr)
ga_id <- YourProjectID
client_id <- YourClientID
redirect_uri <- 'urn:ietf:wg:oauth:2.0:oob'
scope <- YourScope
client_secret <- YourSecret
response_type <-'code'
auth1 <- oauth2.0_token(
endpoint = oauth_endpoints("google"),
app = oauth_app(
"google",
key = client_id,
secret = client_secret
),
scope,
use_oob = TRUE,
cache = TRUE
)
-- Ann
You could use out-of-band authentication -
options(httr_oob_default = TRUE)

Failed to authenticate credentials using Mongolite R

I use R and trying to use the very recent "Mongolite". However I cannot connect to MongoDB server.
The manual clearly states the following:
mongo(collection = "test", db = "test", url = "mongodb://localhost")
This is what I have tried without success, where I have a log token and the port of course.
mongodb://heroku:TOKEN#lennon.mongohq.com:PORT
and keep getting the following error:
Error in mongo_collection_new(url, db, collection) :
Failed to authenticate credentials.
It is tried and true that mongolite (v0.7 as of today) supports authenticated connection to a remote 3.2.x MongoDB (as opposed to localhost).
The example below jeroenooms provides himself worked:
library(mongolite)
mongo(collection = "mtcars", url = "mongodb://readwrite:test#ds043942.mongolab.com:43942/jeroen_test")
To explain:
mtcars is the name of the MongoDB "collection" (or "table" if you insist). It could be a name that does not exist yet.
readwrite is the user name of your mongodb
test is the password of the user "readwrite"
ds043942.mongolab.com is the remote host, which could be replaced by ip address, i.e. 23.20.234.21
43942 is the port number. By default in MongoDB, it is 27017
jeroen_test is the name of the database instance in use, which has to exist already
Running the commands above in R will print:
Mongo Message: SCRAM: authenticating "readwrite" (step 1)
Mongo Message: SCRAM: authenticating "readwrite" (step 2)
Mongo Message: SCRAM: authenticating "readwrite" (step 3)
Mongo Message: SCRAM: "readwrite" authenticated
...
I tried to replace it with my own remote host info. It didn't work in the beginning, which turned to be the user role issue rather than mongolite issue. After ensuring a user with correct readWrite roles, I connected to my remote 3.2.x MongoDB via mongolite package.
The following 2 sources were of great help to me in setting up users in MongoDB:
enable-authentication
Manage User and Roles
If you look into the source code of jeroenooms/mongolite you can see that it doesn't support authentication yet:
https://github.com/jeroenooms/mongolite/blob/master/R/mongo.R
mongo_collection_new <- function(uri = "mongodb://localhost", db = "test", collection = "test"){
stopifnot(is.character(uri))
stopifnot(is.character(db))
stopifnot(is.character(collection))
.Call(R_mongo_collection_new, uri, db, collection)
}
just change the order :
mongo( url = "mongodb://localhost",db = "test",collection = "test")
I found that the following command allowed me to connect to mongodb using mongolite and the legacy SCRAM-SHA-1 authentication mode.
library(mongolite)
mongoUrl <- "mongodb://a_username:a_password#localhost:27017/admin" #<-admin here is the mongodb database that stores the authentication info
# specify your collection
colname <- "a_collection"
# specify your database
dbname <- "a_database"
# create connection (con)
con <- mongo(collection = colname, url = mongoUrl, db=dbname)
# count how many records (fyi this is just a test)
con$count('{}')

Resources