redash icon indicating copy to clipboard operation
redash copied to clipboard

Published 20 hours ago verified publisher icon getredash

Use headers instead of URL params for ClickHouse credentials

Open martijnthe opened this issue 11 months ago • 4 comments

What type of PR is this?

  • [ ] Refactor
  • [ ] Feature
  • [ ] Bug Fix
  • [ ] New Query Runner (Data Source)
  • [ ] New Alert Destination
  • [x] Other (Security/Improvement)

Description

The ClickHouse driver was passing the credentials via URL query parameters. This not a good practice because URLs tend to get included in logs. This PR changes this to use the x-clickhouse-user and x-clickhouse-key headers instead.

How is this tested?

  • [x] Unit tests (pytest, jest)
  • [ ] E2E Tests (Cypress)
  • [x] Manually
  • [ ] N/A

Add a ClickHouse DB as datasource. Observe connecting and querying still works as before.

Related Tickets & Documents

N/A

Mobile & Desktop Screenshots/Recordings (if there are UI changes)

N/A

martijnthe avatar Dec 19 '24 08:12 martijnthe

@susodapop could you perhaps take a look?

martijnthe avatar Jan 21 '25 18:01 martijnthe

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 64.02%. Comparing base (d03a2c4) to head (8fb45a7).

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #7255   +/-   ##
=======================================
  Coverage   64.01%   64.02%           
=======================================
  Files         163      163           
  Lines       13410    13411    +1     
  Branches     1905     1905           
=======================================
+ Hits         8585     8586    +1     
  Misses       4490     4490           
  Partials      335      335
Files with missing lines Coverage Δ
redash/query_runner/clickhouse.py 61.06% <100.00%> (+0.29%) :arrow_up:

codecov[bot] avatar Jan 28 '25 14:01 codecov[bot]

Be sure to update the release notes to let Clickhouse users know about this change but I don't imagine this will be a breaking change for Clickhouse users.

@susodapop where should I update the release notes? The CHANGELOG file seems very outdated.

I did find release notes here, but I'm not sure if I'm supposed to edit that?

Can you merge this PR? I cannot, even though you approved it already.

martijnthe avatar Feb 01 '25 16:02 martijnthe

where should I update the release notes? The CHANGELOG file seems very outdated.

@arikfr could you perhaps provide guidance? Thank you very much!

martijnthe avatar Feb 03 '25 08:02 martijnthe