You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2022/11/18 20:57:32 UTC

[GitHub] [superset] john-bodley commented on a diff in pull request #20898: feat: fallback to external password store for sqlalchemy connections

john-bodley commented on code in PR #20898:
URL: https://github.com/apache/superset/pull/20898#discussion_r1026869963


##########
superset/models/core.py:
##########
@@ -340,9 +340,14 @@ def get_password_masked_url(cls, masked_url: URL) -> URL:
 
     def set_sqlalchemy_uri(self, uri: str) -> None:
         conn = make_url_safe(uri.strip())
-        if conn.password != PASSWORD_MASK and not custom_password_store:
-            # do not over-write the password with the password mask
-            self.password = conn.password
+        input_password = conn.password

Review Comment:
   It seems like this logic could be simplified, i.e.,
   
   ```python
   if (
       custom_password_store
       and custom_password_store(conn) is None
       or not custom_password_store
       and conn.password != PASSWORD_MASK
   ):
       self.password = conn.password
   
   ```



##########
superset/models/core.py:
##########
@@ -739,7 +744,11 @@ def sqlalchemy_uri_decrypted(self) -> str:
             # (so users see 500 less often)
             return "dialect://invalid_uri"
         if custom_password_store:
-            conn = conn.set(password=custom_password_store(conn))
+            password_to_check = custom_password_store(conn)

Review Comment:
   Similarly, 
   
   ```python
   conn = conn.set(password=custom_password_store(conn) or self.password)
   ```



##########
tests/integration_tests/core_tests.py:
##########
@@ -597,6 +597,22 @@ def custom_password_store(uri):
         # Disable for password store for later tests
         models.custom_password_store = None
 
+    def test_custom_password_store_fallback(self):
+        database = superset.utils.database.get_example_database()
+        conn_pre = sqla.engine.url.make_url(database.sqlalchemy_uri_decrypted)
+
+        def custom_password_store(uri):
+            return None
+
+        models.custom_password_store = custom_password_store
+        conn = sqla.engine.url.make_url(database.sqlalchemy_uri_decrypted)
+        database.set_sqlalchemy_uri(database.sqlalchemy_uri_decrypted)
+        if conn_pre.password:

Review Comment:
   If this is false then the assertions would never execute making the test superfluous. Is this check required?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org