superset icon indicating copy to clipboard operation
superset copied to clipboard
verified publisher icon apache

feat: fallback to external password store for sqlalchemy connections

Open fbalicchia opened this issue 3 years ago • 2 comments

SUMMARY

Superset can be configured to use an external store for database passwords. This is useful if you a running a custom secret distribution framework and do not wish to store secrets in Superset’s meta database. This useful capability can be extended by providing Superset’s meta database as a fallback in the case the administration doesn't want to use an external store for a particular database

TESTING INSTRUCTIONS

Set SQLALCHEMY_CUSTOM_PASSWORD_STORE to point to an external lookup function. and the user does not have to check where her password is saved. Current tests must continue to work

ADDITIONAL INFORMATION

  • [ ] Has associated issue:
  • [ ] Required feature flags:
  • [ ] Changes UI
  • [ ] Includes DB Migration (follow approval process in SIP-59)
    • [ ] Migration is atomic, supports rollback & is backwards-compatible
    • [ ] Confirm DB migration upgrade and downgrade tested
    • [ ] Runtime estimates and downtime expectations provided
  • [ ] Introduces new feature or API
  • [ ] Removes existing feature or API

fbalicchia avatar Jul 28 '22 09:07 fbalicchia

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Comparison is base (a7a4561) 66.91% compared to head (b55c740) 72.21%. Report is 1910 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #20898      +/-   ##
==========================================
+ Coverage   66.91%   72.21%   +5.29%     
==========================================
  Files        1851     2025     +174     
  Lines       70709    92111   +21402     
  Branches     7766     7766              
==========================================
+ Hits        47316    66515   +19199     
- Misses      21371    23574    +2203     
  Partials     2022     2022
Flag Coverage Δ
hive 54.35% <84.61%> (+1.88%) :arrow_up:
mysql 80.79% <100.00%> (+2.83%) :arrow_up:
postgres 80.87% <100.00%> (+2.84%) :arrow_up:
presto 54.33% <84.61%> (+1.97%) :arrow_up:
python 84.55% <100.00%> (+3.27%) :arrow_up:
sqlite 77.68% <90.90%> (+1.18%) :arrow_up:
unit 55.14% <84.61%> (+3.95%) :arrow_up:

Flags with carried forward coverage won't be shown. Click here to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

codecov[bot] avatar Jul 28 '22 09:07 codecov[bot]

Hi @hughhhh I'm sorry if I link directly but I saw that you have some commit on this piece of code. Could you please review this pr and if it has make sense to you

Thanks

fbalicchia avatar Nov 16 '22 16:11 fbalicchia

Sorry this slid under everyone's radar for so long. Adding @dpgaspar for a security perspective, and closing/reopening to reboot the CI process.

rusackas avatar Feb 06 '24 20:02 rusackas