You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2022/02/17 20:55:00 UTC
[GitHub] [superset] dmosruby opened a new issue #18797: TLS with Config Store Postgres
dmosruby opened a new issue #18797:
URL: https://github.com/apache/superset/issues/18797
**Is your feature request related to a problem? Please describe.**
We would like to be able to bring our own postgres for Superset config store but the helm chart doesn't support TLS parameters. and neither does the superset CLI.
**Describe the solution you'd like**
Support TLS configuration for the postgres config connection. Specifically:
* The init job will need its own set of admin certs since it creates the users/roles/table structures with an elevated user.
* The superset deployment will need to take in certs to be able to connect to the config store with its own user.
**Describe alternatives you've considered**
In order to use our own postgres with superset, we would need to downgrade the TLS for the rest of our ecosystem which isn't ideal.
Today, instead we just let superset bring its own postgres but that is a waste of resources that we would like to avoid.
**Additional context**
Postgres TLS Auth Type Certificate Authentication requires the common name to match the username you are using to log in with so this is why the Init Job & the normal running application will need separate certs to connect with. [Postgres Certificate Authentication](https://www.postgresql.org/docs/14/auth-cert.html)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] dmosruby edited a comment on issue #18797: TLS with Config Store Postgres
Posted by GitBox <gi...@apache.org>.
dmosruby edited a comment on issue #18797:
URL: https://github.com/apache/superset/issues/18797#issuecomment-1043440631
Also, if it is too much work to make TLS a first class support, exposing the ability to append to the SQL Alchemy connection string like you do with your Database connections for Postgres today would be sufficient.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] dmosruby commented on issue #18797: TLS with Config Store Postgres
Posted by GitBox <gi...@apache.org>.
dmosruby commented on issue #18797:
URL: https://github.com/apache/superset/issues/18797#issuecomment-1043440631
Also, if it is too much work to make TLS a first class support, exposing the ability to append to the SQL Alchemy connection string like you do with your Database connections for Postgres today would also be sufficient.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org