You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2022/11/21 16:51:45 UTC
[GitHub] [superset] craig-rueda commented on a diff in pull request #21912: feat: Enable SSH Tunneling for Database Connections
craig-rueda commented on code in PR #21912:
URL: https://github.com/apache/superset/pull/21912#discussion_r1028278374
##########
setup.py:
##########
@@ -113,6 +113,7 @@ def get_git_sha() -> str:
"PyJWT>=2.4.0, <3.0",
"redis",
"selenium>=3.141.0",
+ "sshtunnel>=0.4.0",
Review Comment:
Should we put an upper limit to the version range here?
##########
superset/databases/ssh_tunnel/models.py:
##########
@@ -0,0 +1,86 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+from typing import Any, Dict
+
+import sqlalchemy as sa
+from flask_appbuilder import Model
+from sqlalchemy.orm import backref, relationship
+from sqlalchemy_utils import EncryptedType
+
+from superset import app
Review Comment:
Instead of referencing the app directly, pls use `current_app`.
```
from flask import current_app
app_config = current_app.config
```
##########
superset/databases/ssh_tunnel/models.py:
##########
@@ -0,0 +1,86 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+from typing import Any, Dict
+
+import sqlalchemy as sa
+from flask_appbuilder import Model
+from sqlalchemy.orm import backref, relationship
+from sqlalchemy_utils import EncryptedType
+
+from superset import app
+from superset.models.core import Database
+from superset.models.helpers import (
+ AuditMixinNullable,
+ ExtraJSONMixin,
+ ImportExportMixin,
+)
+
+app_config = app.config
+
+
+class SSHTunnel(Model, AuditMixinNullable, ExtraJSONMixin, ImportExportMixin):
+ """
+ A ssh tunnel configuration in a database.
+ """
+
+ __tablename__ = "ssh_tunnels"
+
+ id = sa.Column(sa.Integer, primary_key=True)
+ database_id = sa.Column(sa.Integer, sa.ForeignKey("dbs.id"), nullable=False)
+ database: Database = relationship(
+ "Database",
+ backref=backref("ssh_tunnels", cascade="all, delete-orphan"),
+ foreign_keys=[database_id],
+ )
+
+ server_address = sa.Column(EncryptedType(sa.String, app_config["SECRET_KEY"]))
+ server_port = sa.Column(EncryptedType(sa.Integer, app_config["SECRET_KEY"]))
+ username = sa.Column(EncryptedType(sa.String, app_config["SECRET_KEY"]))
+
+ # basic authentication
+ password = sa.Column(
+ EncryptedType(sa.String, app_config["SECRET_KEY"]), nullable=True
+ )
+
+ # password protected pkey authentication
+ private_key = sa.Column(
+ EncryptedType(sa.String, app_config["SECRET_KEY"]), nullable=True
+ )
+ private_key_password = sa.Column(
+ EncryptedType(sa.String, app_config["SECRET_KEY"]), nullable=True
+ )
+
+ bind_host = sa.Column(EncryptedType(sa.String, app_config["SECRET_KEY"]))
Review Comment:
Do we need to expose these fields? It was my understanding that we would be generating these dynamically. 🤔
##########
superset/models/core.py:
##########
@@ -368,14 +372,41 @@ def get_sqla_engine_with_context(
schema: Optional[str] = None,
nullpool: bool = True,
source: Optional[utils.QuerySource] = None,
+ ssh_tunnel: Optional["SSHTunnel"] = None,
) -> Engine:
- yield self._get_sqla_engine(schema=schema, nullpool=nullpool, source=source)
+ ssh_params = {}
+ if ssh_tunnel:
+ # build with override
+ url = make_url_safe(self.sqlalchemy_uri_decrypted)
+ ssh_tunnel.bind_host = url.host
Review Comment:
Shouldn't this be dynamic? Doesn't seem to me that this would work if you entered some arbitrary value in the UI for `bind_host`, for example.
##########
superset/databases/dao.py:
##########
@@ -124,3 +125,13 @@ def get_related_objects(cls, database_id: int) -> Dict[str, Any]:
return dict(
charts=charts, dashboards=dashboards, sqllab_tab_states=sqllab_tab_states
)
+
+ @classmethod
+ def get_ssh_tunnel(cls, database_id: int) -> Dict[str, Any]:
+ ssh_tunnel = (
+ db.session.query(SSHTunnel)
+ .filter(SSHTunnel.database_id == database_id)
+ .one_or_none()
+ )
+
+ return dict(ssh_tunnel=ssh_tunnel)
Review Comment:
Agree - just return the model :)
##########
superset/migrations/versions/2022-10-20_10-48_f3c2d8ec8595_create_ssh_tunnel_credentials_tbl.py:
##########
@@ -0,0 +1,80 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+"""create_ssh_tunnel_credentials_tbl
+
+Revision ID: f3c2d8ec8595
+Revises: deb4c9d4a4ef
+Create Date: 2022-10-20 10:48:08.722861
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = "f3c2d8ec8595"
+down_revision = "deb4c9d4a4ef"
+
+from uuid import uuid4
+
+import sqlalchemy as sa
+from alembic import op
+from sqlalchemy_utils import EncryptedType, UUIDType
+
+from superset import app
+
+app_config = app.config
+
+
+def upgrade():
Review Comment:
IMO, that pattern is hard to work with -- it's hard to make a single PR with migrations that are later depended upon by other code as the migrations tend to evolve as you work on the feature. Also, encapsulating related changes in a single PR makes more sense as the revert would remove the DB migrations along with the code that's depending on them :)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org