superset-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From maximebeauche...@apache.org
Subject [incubator-superset] branch master updated: Expose hook to inject database connection logic on the fly (#4505)
Date Wed, 07 Mar 2018 06:35:50 GMT
This is an automated email from the ASF dual-hosted git repository.

maximebeauchemin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-superset.git


The following commit(s) were added to refs/heads/master by this push:
     new b63dc91  Expose hook to inject database connection logic on the fly (#4505)
b63dc91 is described below

commit b63dc91cd187de0fd503a205800c9e092db88d8e
Author: Maxime Beauchemin <maximebeauchemin@gmail.com>
AuthorDate: Tue Mar 6 22:35:46 2018 -0800

    Expose hook to inject database connection logic on the fly (#4505)
    
    * Expose hook to inject database connection logic on the fly
    
    This environment configuration setting hook allows administrators to
    alter the database connection parameters on the fly based on user
    information. This can be use for a variety of purposes:
    
    * rewire a subset of users to use different database user accounts
    * pass user related information to the database for logging or QoS
    purposes
    * ...
    
    * Fixes
---
 superset/config.py      | 16 ++++++++++++++++
 superset/models/core.py |  3 +++
 2 files changed, 19 insertions(+)

diff --git a/superset/config.py b/superset/config.py
index ae81cfc..c9b8607 100644
--- a/superset/config.py
+++ b/superset/config.py
@@ -377,6 +377,22 @@ HIVE_POLL_INTERVAL = 5
 # an XSS security vulnerability
 ENABLE_JAVASCRIPT_CONTROLS = False
 
+# A callable that allows altering the database conneciton URL and params
+# on the fly, at runtime. This allows for things like impersonation or
+# arbitrary logic. For instance you can wire different users to
+# use different connection parameters, or pass their email address as the
+# username. The function receives the connection uri object, connection
+# params, and user object, and returns the mutated uri and params objects.
+# Example:
+#   def DB_CONNECTION_MUTATOR(uri, params, user):
+#       if user and user.email:
+#           uri.username = user.email
+#       return uri, params
+#
+# Note that the returned uri and params are passed directly to sqlalchemy's
+# as such `create_engine(url, **params)`
+DB_CONNECTION_MUTATOR = None
+
 try:
     if CONFIG_PATH_ENV_VAR in os.environ:
         # Explicitly import config module that is not in pythonpath; useful
diff --git a/superset/models/core.py b/superset/models/core.py
index b4dbada..41d8742 100644
--- a/superset/models/core.py
+++ b/superset/models/core.py
@@ -675,6 +675,9 @@ class Database(Model, AuditMixinNullable, ImportMixin):
         if configuration:
             params['connect_args'] = {'configuration': configuration}
 
+        DB_CONNECTION_MUTATOR = config.get('DB_CONNECTION_MUTATOR')
+        if DB_CONNECTION_MUTATOR:
+            url, params = DB_CONNECTION_MUTATOR(url, params, g.user)
         return create_engine(url, **params)
 
     def get_reserved_words(self):

-- 
To stop receiving notification emails like this one, please contact
maximebeauchemin@apache.org.

Mime
View raw message