From 3a01db13c44c16fd3464aea1f1ed846ff9c437c5 Mon Sep 17 00:00:00 2001
From: katebygrace <kate.ruh@gmail.com>
Date: Wed, 8 May 2024 17:19:06 -0400
Subject: [PATCH] chore: snowflake expire jobs secretsmanager

JIRA:CLOUDSEC-12
---
 .../analytics/SnowflakeExpirePasswords.groovy  |  2 --
 .../snowflake-expire-individual-password.sh    | 18 +++++++++++++-----
 .../resources/snowflake-expire-passwords.sh    | 15 +++++++++++----
 3 files changed, 24 insertions(+), 11 deletions(-)

diff --git a/dataeng/jobs/analytics/SnowflakeExpirePasswords.groovy b/dataeng/jobs/analytics/SnowflakeExpirePasswords.groovy
index 7b92f44be..4abccb39d 100644
--- a/dataeng/jobs/analytics/SnowflakeExpirePasswords.groovy
+++ b/dataeng/jobs/analytics/SnowflakeExpirePasswords.groovy
@@ -41,8 +41,6 @@ class SnowflakeExpirePasswords {
                     }
                 }
                 environmentVariables {
-                    env('KEY_PATH', allVars.get('KEY_PATH'))
-                    env('PASSPHRASE_PATH', allVars.get('PASSPHRASE_PATH'))
                     env('USER', allVars.get('USER'))
                     env('ACCOUNT', allVars.get('ACCOUNT'))
                 }
diff --git a/dataeng/resources/snowflake-expire-individual-password.sh b/dataeng/resources/snowflake-expire-individual-password.sh
index 1b9859cfc..55dd54eca 100644
--- a/dataeng/resources/snowflake-expire-individual-password.sh
+++ b/dataeng/resources/snowflake-expire-individual-password.sh
@@ -10,9 +10,17 @@ source "${PYTHON_VENV}/bin/activate"
 cd $WORKSPACE/analytics-tools/snowflake
 make requirements
 
+
+python3 secrets-manager.py -w -n analytics-secure/snowflake/rsa_key_snowflake_task_automation_user.p8 -v rsa_key_snowflake_task_automation_user
+python3 secrets-manager.py -w -n analytics-secure/snowflake/rsa_key_passphrase_snowflake_task_automation_user -v rsa_key_passphrase_snowflake_task_automation_user
+
 python expire_user_passwords.py \
-    --key_path $KEY_PATH \
-    --passphrase_path $PASSPHRASE_PATH \
-    --automation_user $USER \
-    --account $ACCOUNT \
-    --user_to_expire $USER_TO_EXPIRE
+    --automation_user 'SNOWFLAKE_TASK_AUTOMATION_USER' \
+    --account 'edx.us-east-1' \
+    --user_to_expire $USER_TO_EXPIRE \
+    --key_file "$(cat "rsa_key_snowflake_task_automation_user")" \
+    --pass_file  "$(cat "rsa_key_passphrase_snowflake_task_automation_user")"
+
+
+rm rsa_key_snowflake_task_automation_user
+rm rsa_key_passphrase_snowflake_task_automation_user
diff --git a/dataeng/resources/snowflake-expire-passwords.sh b/dataeng/resources/snowflake-expire-passwords.sh
index 293fb0c10..a5726b745 100644
--- a/dataeng/resources/snowflake-expire-passwords.sh
+++ b/dataeng/resources/snowflake-expire-passwords.sh
@@ -10,8 +10,15 @@ source "${PYTHON_VENV}/bin/activate"
 cd $WORKSPACE/analytics-tools/snowflake
 make requirements
 
+
+python3 secrets-manager.py -w -n analytics-secure/snowflake/rsa_key_snowflake_task_automation_user.p8 -v rsa_key_snowflake_task_automation_user
+python3 secrets-manager.py -w -n analytics-secure/snowflake/rsa_key_passphrase_snowflake_task_automation_user -v rsa_key_passphrase_snowflake_task_automation_user
+
 python expire_user_passwords.py \
-    --key_path $KEY_PATH \
-    --passphrase_path $PASSPHRASE_PATH \
-    --automation_user $USER \
-    --account $ACCOUNT
+    --automation_user 'SNOWFLAKE_TASK_AUTOMATION_USER' \
+    --account 'edx.us-east-1' \
+    --key_file "$(cat "rsa_key_snowflake_task_automation_user")" \
+    --pass_file  "$(cat "rsa_key_passphrase_snowflake_task_automation_user")"
+
+rm rsa_key_snowflake_task_automation_user
+rm rsa_key_passphrase_snowflake_task_automation_user