You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2022/11/18 20:57:32 UTC
[GitHub] [superset] john-bodley commented on a diff in pull request #20898: feat: fallback to external password store for sqlalchemy connections
john-bodley commented on code in PR #20898:
URL: https://github.com/apache/superset/pull/20898#discussion_r1026869963
##########
superset/models/core.py:
##########
@@ -340,9 +340,14 @@ def get_password_masked_url(cls, masked_url: URL) -> URL:
def set_sqlalchemy_uri(self, uri: str) -> None:
conn = make_url_safe(uri.strip())
- if conn.password != PASSWORD_MASK and not custom_password_store:
- # do not over-write the password with the password mask
- self.password = conn.password
+ input_password = conn.password
Review Comment:
It seems like this logic could be simplified, i.e.,
```python
if (
custom_password_store
and custom_password_store(conn) is None
or not custom_password_store
and conn.password != PASSWORD_MASK
):
self.password = conn.password
```
##########
superset/models/core.py:
##########
@@ -739,7 +744,11 @@ def sqlalchemy_uri_decrypted(self) -> str:
# (so users see 500 less often)
return "dialect://invalid_uri"
if custom_password_store:
- conn = conn.set(password=custom_password_store(conn))
+ password_to_check = custom_password_store(conn)
Review Comment:
Similarly,
```python
conn = conn.set(password=custom_password_store(conn) or self.password)
```
##########
tests/integration_tests/core_tests.py:
##########
@@ -597,6 +597,22 @@ def custom_password_store(uri):
# Disable for password store for later tests
models.custom_password_store = None
+ def test_custom_password_store_fallback(self):
+ database = superset.utils.database.get_example_database()
+ conn_pre = sqla.engine.url.make_url(database.sqlalchemy_uri_decrypted)
+
+ def custom_password_store(uri):
+ return None
+
+ models.custom_password_store = custom_password_store
+ conn = sqla.engine.url.make_url(database.sqlalchemy_uri_decrypted)
+ database.set_sqlalchemy_uri(database.sqlalchemy_uri_decrypted)
+ if conn_pre.password:
Review Comment:
If this is false then the assertions would never execute making the test superfluous. Is this check required?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org