You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2022/11/22 15:11:52 UTC

[GitHub] [superset] fbalicchia commented on a diff in pull request #20898: feat: fallback to external password store for sqlalchemy connections

fbalicchia commented on code in PR #20898:
URL: https://github.com/apache/superset/pull/20898#discussion_r1029182850


##########
tests/integration_tests/core_tests.py:
##########
@@ -597,6 +597,22 @@ def custom_password_store(uri):
         # Disable for password store for later tests
         models.custom_password_store = None
 
+    def test_custom_password_store_fallback(self):
+        database = superset.utils.database.get_example_database()
+        conn_pre = sqla.engine.url.make_url(database.sqlalchemy_uri_decrypted)
+
+        def custom_password_store(uri):
+            return None
+
+        models.custom_password_store = custom_password_store
+        conn = sqla.engine.url.make_url(database.sqlalchemy_uri_decrypted)
+        database.set_sqlalchemy_uri(database.sqlalchemy_uri_decrypted)
+        if conn_pre.password:

Review Comment:
   The scope of None is to say to the system to use an input password instead of a connection password 
   



##########
superset/models/core.py:
##########
@@ -340,9 +340,14 @@ def get_password_masked_url(cls, masked_url: URL) -> URL:
 
     def set_sqlalchemy_uri(self, uri: str) -> None:
         conn = make_url_safe(uri.strip())
-        if conn.password != PASSWORD_MASK and not custom_password_store:
-            # do not over-write the password with the password mask
-            self.password = conn.password
+        input_password = conn.password

Review Comment:
   Hi, first of all, thanks. I agree with you that can be necessary to make the logic more simple the logic and clear the code, 
   the first and the second have two different purposes cause if the external function return None
   system needs to use an input password and not `conn.password` but probably I'm missing something from you tips



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org