Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Publish SSL-only version of Postgres Destination #6496

Merged
merged 7 commits into from
Sep 30, 2021
Merged

Publish SSL-only version of Postgres Destination #6496

merged 7 commits into from
Sep 30, 2021

Conversation

cgardens
Copy link
Contributor

@cgardens cgardens commented Sep 28, 2021
edited

Relates to #6332

What

  • We want to publish versions of database connectors that only allow SSL connections.

How

Recommended reading order

  1. transform.py
  2. PostgresDestinationStrictEncrypt.java

Pre-merge Checklist

  • - get normalization published (blocked on github actions outage)
  • - get new destination published (blocked on github actions outage)

@cgardens
Copy link
Contributor Author

/publish connector=bases/base-normalization

@github-actions github-actions bot added area/connectors Connector related issues area/worker Related to worker normalization labels Sep 28, 2021
@cgardens cgardens temporarily deployed to more-secrets September 28, 2021 01:35 Inactive
@jrhizor jrhizor temporarily deployed to more-secrets September 28, 2021 01:37 Inactive
@cgardens
Copy link
Contributor Author

/publish connector=bases/base-normalization

@jrhizor jrhizor temporarily deployed to more-secrets September 28, 2021 02:23 Inactive
cgardens
cgardens commented Sep 28, 2021
View reviewed changes
airbyte-integrations/bases/base-normalization/normalization/transform_config/transform.py
@@ -174,6 +174,10 @@ def transform_postgres(config: Dict[str, Any]):
"threads": 32,
}

# if unset, we assume true.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hopefully this is all that is needed in normalization. still running tests.

@cgardens cgardens changed the title try to publish new normalization version Publish SSL-only version of Postgres Destination Sep 28, 2021
@cgardens cgardens temporarily deployed to more-secrets September 28, 2021 02:46 Inactive
@cgardens cgardens marked this pull request as ready for review September 28, 2021 02:48
@cgardens cgardens temporarily deployed to more-secrets September 28, 2021 03:06 Inactive
@cgardens
Copy link
Contributor Author

cgardens commented Sep 28, 2021
edited by github-actions bot

/publish connector=bases/base-normalization

🕑 bases/base-normalization https://github.com/airbytehq/airbyte/actions/runs/1280910626
❌ bases/base-normalization https://github.com/airbytehq/airbyte/actions/runs/1280910626

@jrhizor jrhizor temporarily deployed to more-secrets September 28, 2021 03:10 Inactive
ChristopheDuong
ChristopheDuong reviewed Sep 28, 2021
View reviewed changes
airbyte-integrations/bases/base-normalization/normalization/transform_config/transform.py
Comment on lines +177 to +179
# if unset, we assume true.
if config.get("ssl", True):
config["sslmode"] = "require"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From DBT docs:
https://docs.getdbt.com/reference/warehouse-profiles/postgres-profile#sslmode

When unset, dbt will connect to databases using the Postgres default, prefer, as the sslmode.

Shouldn't we explicitly set it to "require" if it is unset in the destination config then?

Suggested change
# if unset, we assume true.
if config.get("ssl", True):
config["sslmode"] = "require"
if "ssl" not in config or config.get("ssl", True):
config["sslmode"] = "require"

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just ran /test commands and they work now!

We're just waiting for an answer from this question before publishing then

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

discussed offline. decided the original syntax is okay. if "config" is not set then get will default to true.

ChristopheDuong
ChristopheDuong reviewed Sep 28, 2021
View reviewed changes
...irbyte/integrations/destination/postgres/PostgresDestinationStrictEncryptAcceptanceTest.java
Comment on lines +127 to +129
db = new PostgreSQLContainer<>(DockerImageName.parse("marcosmarxm/postgres-ssl:dev").asCompatibleSubstituteFor("postgres"))
.withCommand("postgres -c ssl=on -c ssl_cert_file=/var/lib/postgresql/server.crt -c ssl_key_file=/var/lib/postgresql/server.key");
db.start();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A Postgres database container is started for normalization here:

airbyte/airbyte-integrations/bases/base-normalization/integration_tests/dbt_integration_test.py

Line 38 in 3369237

print("Starting localhost postgres container for tests")

I am guessing, it should be started with SSL using the same image there too?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I pushed this change into normalization integration test on your branch

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thank you!

@ChristopheDuong
Copy link
Contributor

ChristopheDuong commented Sep 28, 2021
edited by github-actions bot

/test connector=bases/base-normalization

🕑 bases/base-normalization https://github.com/airbytehq/airbyte/actions/runs/1282058287
❌ bases/base-normalization https://github.com/airbytehq/airbyte/actions/runs/1282058287
🐛 https://gradle.com/s/lvc2eqylvce7e

@jrhizor jrhizor temporarily deployed to more-secrets September 28, 2021 10:02 Inactive
@ChristopheDuong
Copy link
Contributor

ChristopheDuong commented Sep 28, 2021
edited by github-actions bot

/test connector=bases/base-normalization

🕑 bases/base-normalization https://github.com/airbytehq/airbyte/actions/runs/1282145097
✅ bases/base-normalization https://github.com/airbytehq/airbyte/actions/runs/1282145097
Python tests coverage:

	 ---------- coverage: platform linux, python 3.8.10-final-0 -----------
	 Name                                                              Stmts   Miss  Cover
	 -------------------------------------------------------------------------------------
	 main_dev_transform_catalog.py                                         3      3     0%
	 main_dev_transform_config.py                                          3      3     0%
	 normalization/__init__.py                                             4      0   100%
	 normalization/destination_type.py                                    11      0   100%
	 normalization/transform_catalog/__init__.py                           2      0   100%
	 normalization/transform_catalog/catalog_processor.py                143     77    46%
	 normalization/transform_catalog/destination_name_transformer.py     117      6    95%
	 normalization/transform_catalog/reserved_keywords.py                 10      0   100%
	 normalization/transform_catalog/stream_processor.py                 349    199    43%
	 normalization/transform_catalog/table_name_registry.py              174     34    80%
	 normalization/transform_catalog/transform.py                         45     26    42%
	 normalization/transform_catalog/utils.py                             33      7    79%
	 normalization/transform_config/__init__.py                            2      0   100%
	 normalization/transform_config/transform.py                         141     35    75%
	 -------------------------------------------------------------------------------------
	 TOTAL                                                              1037    390    62%
	 ---------- coverage: platform linux, python 3.8.10-final-0 -----------
	 Name                                       Stmts   Miss  Cover
	 --------------------------------------------------------------
	 base_python/__init__.py                       13      0   100%
	 base_python/catalog_helpers.py                10      6    40%
	 base_python/cdk/__init__.py                    0      0   100%
	 base_python/cdk/abstract_source.py            83     59    29%
	 base_python/cdk/streams/__init__.py            0      0   100%
	 base_python/cdk/streams/auth/__init__.py       0      0   100%
	 base_python/cdk/streams/auth/core.py           8      1    88%
	 base_python/cdk/streams/auth/jwt.py            5      5     0%
	 base_python/cdk/streams/auth/oauth.py         37     26    30%
	 base_python/cdk/streams/auth/token.py          9      4    56%
	 base_python/cdk/streams/core.py               63     32    49%
	 base_python/cdk/streams/exceptions.py         10      2    80%
	 base_python/cdk/streams/http.py               67     33    51%
	 base_python/cdk/streams/rate_limiting.py      30     14    53%
	 base_python/cdk/utils/__init__.py              0      0   100%
	 base_python/cdk/utils/casing.py                4      0   100%
	 base_python/client.py                         56     33    41%
	 base_python/entrypoint.py                     70     56    20%
	 base_python/integration.py                    52     25    52%
	 base_python/logger.py                         33     19    42%
	 base_python/schema_helpers.py                 56     41    27%
	 base_python/source.py                         51     34    33%
	 main_dev.py                                    3      3     0%
	 --------------------------------------------------------------
	 TOTAL                                        660    393    40%
	 ---------- coverage: platform linux, python 3.8.10-final-0 -----------
	 Name                                                 Stmts   Miss  Cover
	 ------------------------------------------------------------------------
	 source_acceptance_test/__init__.py                       2      0   100%
	 source_acceptance_test/base.py                          10      4    60%
	 source_acceptance_test/config.py                        74      8    89%
	 source_acceptance_test/conftest.py                     108    108     0%
	 source_acceptance_test/plugin.py                        47     47     0%
	 source_acceptance_test/tests/__init__.py                 4      0   100%
	 source_acceptance_test/tests/test_core.py              158    109    31%
	 source_acceptance_test/tests/test_full_refresh.py       18     11    39%
	 source_acceptance_test/tests/test_incremental.py        69     38    45%
	 source_acceptance_test/utils/__init__.py                 6      0   100%
	 source_acceptance_test/utils/asserts.py                 37      2    95%
	 source_acceptance_test/utils/common.py                  41     25    39%
	 source_acceptance_test/utils/compare.py                 47     20    57%
	 source_acceptance_test/utils/connector_runner.py        82     49    40%
	 source_acceptance_test/utils/json_schema_helper.py      75     11    85%
	 ------------------------------------------------------------------------
	 TOTAL                                                  778    432    44%
	 ---------- coverage: platform linux, python 3.8.10-final-0 -----------
	 Name                                                              Stmts   Miss  Cover
	 -------------------------------------------------------------------------------------
	 main_dev_transform_catalog.py                                         3      3     0%
	 main_dev_transform_config.py                                          3      3     0%
	 normalization/__init__.py                                             4      0   100%
	 normalization/destination_type.py                                    11      0   100%
	 normalization/transform_catalog/__init__.py                           2      0   100%
	 normalization/transform_catalog/catalog_processor.py                143     77    46%
	 normalization/transform_catalog/destination_name_transformer.py     117      6    95%
	 normalization/transform_catalog/reserved_keywords.py                 10      0   100%
	 normalization/transform_catalog/stream_processor.py                 349    199    43%
	 normalization/transform_catalog/table_name_registry.py              174     34    80%
	 normalization/transform_catalog/transform.py                         45     26    42%
	 normalization/transform_catalog/utils.py                             33      7    79%
	 normalization/transform_config/__init__.py                            2      0   100%
	 normalization/transform_config/transform.py                         141     35    75%
	 -------------------------------------------------------------------------------------
	 TOTAL                                                              1037    390    62%
	 ---------- coverage: platform linux, python 3.8.10-final-0 -----------
	 Name                                                              Stmts   Miss  Cover
	 -------------------------------------------------------------------------------------
	 main_dev_transform_catalog.py                                         3      3     0%
	 main_dev_transform_config.py                                          3      3     0%
	 normalization/__init__.py                                             4      0   100%
	 normalization/destination_type.py                                    11      0   100%
	 normalization/transform_catalog/__init__.py                           2      0   100%
	 normalization/transform_catalog/catalog_processor.py                143     12    92%
	 normalization/transform_catalog/destination_name_transformer.py     117      4    97%
	 normalization/transform_catalog/reserved_keywords.py                 10      0   100%
	 normalization/transform_catalog/stream_processor.py                 349     32    91%
	 normalization/transform_catalog/table_name_registry.py              174     51    71%
	 normalization/transform_catalog/transform.py                         45     30    33%
	 normalization/transform_catalog/utils.py                             33      0   100%
	 normalization/transform_config/__init__.py                            2      0   100%
	 normalization/transform_config/transform.py                         141     46    67%
	 -------------------------------------------------------------------------------------
	 TOTAL                                                              1037    181    83%

@ChristopheDuong ChristopheDuong temporarily deployed to more-secrets September 28, 2021 10:25 Inactive
@jrhizor jrhizor temporarily deployed to more-secrets September 28, 2021 10:26 Inactive
@cgardens
Copy link
Contributor Author

cgardens commented Sep 28, 2021
edited by github-actions bot

/publish connector=bases/base-normalization

🕑 bases/base-normalization https://github.com/airbytehq/airbyte/actions/runs/1283447591
❌ bases/base-normalization https://github.com/airbytehq/airbyte/actions/runs/1283447591

@jrhizor jrhizor temporarily deployed to more-secrets September 28, 2021 16:26 Inactive
@cgardens
Copy link
Contributor Author

cgardens commented Sep 28, 2021
edited by github-actions bot

/publish connector=bases/base-normalization

🕑 bases/base-normalization https://github.com/airbytehq/airbyte/actions/runs/1283614430
✅ bases/base-normalization https://github.com/airbytehq/airbyte/actions/runs/1283614430

@cgardens cgardens temporarily deployed to more-secrets September 28, 2021 17:19 Inactive
@jrhizor jrhizor temporarily deployed to more-secrets September 28, 2021 17:20 Inactive
@cgardens cgardens temporarily deployed to more-secrets September 28, 2021 17:22 Inactive
@Phlair Phlair mentioned this pull request Sep 30, 2021
Merged
@ChristopheDuong ChristopheDuong merged commit 5e75016 into master Sep 30, 2021
@ChristopheDuong ChristopheDuong deleted the cgardens/postgres_destination_encrypt branch September 30, 2021 10:55
@ChristopheDuong
Copy link
Contributor

ChristopheDuong commented Sep 30, 2021
edited

I am merging this for now so it's not blocking others that need to bump version of normalization since the docker image has already been published

I think we still need to publish the postgres strict connector too? @cgardens

@jrhizor jrhizor mentioned this pull request Sep 30, 2021
Merged
@cgardens
Copy link
Contributor Author

cgardens commented Sep 30, 2021
edited

thanks. yeah.

This was referenced Oct 5, 2021
Closed
Closed
@etsybaev etsybaev mentioned this pull request Oct 6, 2021
Merged
33 tasks
@alexandr-shegeda alexandr-shegeda mentioned this pull request Oct 6, 2021
Closed
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sherifnada sherifnada sherifnada approved these changes

@ChristopheDuong ChristopheDuong ChristopheDuong approved these changes

Assignees
No one assigned
Labels
area/connectors Connector related issues area/worker Related to worker normalization
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@cgardens @ChristopheDuong @sherifnada @jrhizor