Support Private Key for Snowflake

[lovincyrus]

This PR restructures the Snowflake connector form to provide clearer authentication options and adds proper support for private key (JWT) authentication.

Checklist:

• Covered by tests
• Ran it and it works as intended
• Reviewed the diff before requesting a review
• Checked for unhandled edge cases
• Linked the issues it closes
• Checked if the docs need to be updated. If so, create a separate Linear DOCS issue
• Intend to cherry-pick into the release branch
• I'm proud of this work!

[royendo]

dsn not clearing.

also, can we keep this as a normal tab? its weird that only snowflake has radio for connection_string
try [User/Password] [User/PrivateKey][Connection String]

[royendo]

see above

[ericpgreen2]

1. Consolidate file upload encoding with schema definitions

The current implementation checks file extensions to decide encoding:

if (fileName.endsWith(".pem") || fileName.endsWith(".p8")) {
  return btoa(content);
}

This creates implicit coupling between x-accept in the schema and hardcoded logic in AddDataFormManager. If a future connector adds new file types to x-accept, someone must remember to update the encoding logic separately—they will likely forget.

Introduce a x-file-* namespace to make encoding declarative:

Property	Purpose
x-file-accept	Allowed extensions (rename from x-accept)
x-file-encoding	Content encoding (base64, json, raw) — required for file fields
x-file-extract	Extract values from parsed content into form fields

Snowflake schema:

privateKey: {
  "x-display": "file",
  "x-file-accept": ".pem,.p8",
  "x-file-encoding": "base64",
  "x-secret": true,
}

BigQuery schema (replaces hardcoded project_id extraction):

google_application_credentials: {
  "x-display": "file",
  "x-file-accept": ".json",
  "x-file-encoding": "json",
  "x-file-extract": { "project_id": "project_id" },
  "x-secret": true,
}

To support this, pass the field key through the component chain so handleFileUpload(file, fieldKey) can look up the schema property and use the declarative config. Create a processFileContent(content, field) utility that handles encoding based on schema.

2. btoa() can fail on non-Latin-1 characters

PEM files should be ASCII, but if a file has unexpected encoding (BOM, UTF-8 characters in comments), btoa() throws an uncaught exception. The JSON path has try/catch; the PEM path doesn't.

3. Verify field visibility when DSN is selected

The account, user, database, etc. fields have no x-visible-if condition. Confirm they're hidden when DSN is selected via x-grouped-fields rendering logic.

---

Developed in collaboration with Claude Code

[lovincyrus]

1. Consolidate file upload encoding with schema definitions

The current implementation checks file extensions to decide encoding:

if (fileName.endsWith(".pem") || fileName.endsWith(".p8")) {
  return btoa(content);
}

This creates implicit coupling between x-accept in the schema and hardcoded logic in AddDataFormManager. If a future connector adds new file types to x-accept, someone must remember to update the encoding logic separately—they will likely forget.

Introduce a x-file-* namespace to make encoding declarative:

Property Purpose
x-file-accept Allowed extensions (rename from x-accept)
x-file-encoding Content encoding (base64, json, raw) — required for file fields
x-file-extract Extract values from parsed content into form fields
Snowflake schema:

privateKey: {
  "x-display": "file",
  "x-file-accept": ".pem,.p8",
  "x-file-encoding": "base64",
  "x-secret": true,
}

BigQuery schema (replaces hardcoded project_id extraction):

google_application_credentials: {
  "x-display": "file",
  "x-file-accept": ".json",
  "x-file-encoding": "json",
  "x-file-extract": { "project_id": "project_id" },
  "x-secret": true,
}

To support this, pass the field key through the component chain so handleFileUpload(file, fieldKey) can look up the schema property and use the declarative config. Create a processFileContent(content, field) utility that handles encoding based on schema.

2. btoa() can fail on non-Latin-1 characters

PEM files should be ASCII, but if a file has unexpected encoding (BOM, UTF-8 characters in comments), btoa() throws an uncaught exception. The JSON path has try/catch; the PEM path doesn't.

3. Verify field visibility when DSN is selected

The account, user, database, etc. fields have no x-visible-if condition. Confirm they're hidden when DSN is selected via x-grouped-fields rendering logic.

Developed in collaboration with Claude Code

Addressed

resolved

[royendo]

@ericokuma how do you feel about the layout?

I feel the scroll to find privatekey is a bit hidden. This bleeds into another task but none of these forms should have scroll. I was originally thinking

[ User/Pass ] [ User/PrivateKey] [ Connection String] but there isnt a lot of width to support that.
Another option is redesigning the radios all together but that can be done in a later PR.

[ericokuma]

@ericokuma how do you feel about the layout?

I feel the scroll to find privatekey is a bit hidden. This bleeds into another task but none of these forms should have scroll. I was originally thinking

[ User/Pass ] [ User/PrivateKey] [ Connection String] but there isnt a lot of width to support that. Another option is redesigning the radios all together but that can be done in a later PR.

I think the best solution here is to group the radios together or put the options into a dropdown selector.

[ericokuma]

Small design NIT:
https://www.loom.com/share/8586619cc1cf4284abd5e052b8acba24

[ericpgreen2]

1. Remove the legacy file-handling fallback in AddDataFormManager.ts

Lines 496-513 contain a legacy code path that handles .pem/.p8 files with a hardcoded btoa() call, and BigQuery JSON parsing with a hardcoded project_id extraction. Now that all file-upload fields use the new x-file-encoding/x-file-extract annotations (BigQuery, GCS, and Snowflake), this code is unreachable for any current schema. Keeping it around risks divergence — if someone adds a new connector, they might follow the old pattern instead of the new one. I'd remove it entirely and let the schema annotations be the single mechanism.

2. Dead config: privateKey in connection_mode.x-tab-group.parameters

snowflake.ts:48 — privateKey appears in the connection_mode tab group's parameters list, but it has x-visible-if: { auth_method: "private_key" }, so it's always filtered out when connection_mode is visible (which requires auth_method: "password"). It's functionally harmless but confusing to read — worth removing from that array.

3. Design: auth method selection

Radio buttons are the wrong form element for a choice that reveals different sub-forms. Both options remain fully visible after selection, which adds noise and doesn't communicate that you're choosing between two distinct setup paths. A tabs or dropdown pattern would better match the interaction — both fully hide the non-selected content.

4. Design: field ordering

The field ordering doesn't match how Snowflake users think: Account → Auth → Compute → Data → Permissions. Consider reordering to: Account Identifier → Authentication → Warehouse → Database → Schema (optional) → Role (optional). This reduces backtracking when copy/pasting from the Snowflake UI.

5. Design: account identifier affordances

Account Identifier is the #1 failure point for Snowflake connections. An inline hint like abc12345.us-east-1 vs abc12345 with "Don't include https://" would prevent common mistakes.

6. Test coverage

file-encoding.ts is pure logic with clear edge cases (non-Latin-1 content, invalid JSON, missing extract keys, raw pass-through) — it would be a good candidate for unit tests.

---

Developed in collaboration with Claude Code

resolved

[royendo]

UI wise, this looks good.

I dont have a key atm to test Snowflake so if you can confirm the new upload works, then good to go.