feat: add replace option to hive csv upload

[etr2460]

CATEGORY

Choose one

• Bug Fix
• Enhancement (new features, refinement)
• Refactor
• Add tests
• Build / Development Environment
• Documentation

SUMMARY

Thanks to @villebro for helping start this PR.

Adds the replace option to hive csv uploads

TEST PLAN

CI

• upload to a non existent table successfully with fail or replace selected
• upload with append selected and see correct error message
• upload to an existing table with fail selected and see correct error message
• upload to an existing table with replace selected and see the table be replaced

ADDITIONAL INFORMATION

• Has associated issue: CSV upload to Hive fails when the table already exists #9617
• Changes UI
• Requires DB Migration.
• Confirm DB Migration upgrade and downgrade tested.
• Introduces new feature or API
• Removes existing feature or API

REVIEWERS

to: @villebro @john-bodley @serenajiang

[etr2460]

this looks ripe for sql injection, but honestly, the existing lines below are as well. This is blocked on enabling the csv upload feature to a datasource, so that security might be ok for now?

[villebro]

There's a few ways around this, but for now I think we can leave these as-is. Perhaps add a TODO here so we can sweep them all up in one go later?

[willbarrett]

Yeah, this is scary. Let's see if we can explore some of the possible solutions for this to get around adding another instance of SQL injection vulnerability.

[etr2460]

Looks like this might not be possible as per https://stackoverflow.com/a/43879809?

[codecov-io]

Codecov Report

Merging #9764 into master will decrease coverage by 0.01%.
The diff coverage is 11.11%.

@@            Coverage Diff             @@
##           master    #9764      +/-   ##
==========================================
- Coverage   70.81%   70.79%   -0.02%     
==========================================
  Files         586      586              
  Lines       30445    30453       +8     
  Branches     3121     3121              
==========================================
+ Hits        21559    21560       +1     
- Misses       8772     8779       +7     
  Partials      114      114              

Flag	Coverage Δ
#cypress	53.71% <ø> (-0.01%)	⬇️
#javascript	59.06% <ø> (ø)
#python	70.91% <11.11%> (-0.03%)	⬇️

Impacted Files	Coverage Δ
superset/db_engine_specs/hive.py	45.00% <11.11%> (-1.13%)	⬇️
superset-frontend/src/SqlLab/actions/sqlLab.js	66.81% <0.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5b430ea...269fb1b. Read the comment docs.

[willbarrett]

It would be great to add some tests for this. We see a lot of bugs crop up in db_engine_spec.

[codecov-commenter]

Codecov Report

Merging #9764 into master will decrease coverage by 0.00%.
The diff coverage is 44.44%.

@@            Coverage Diff             @@
##           master    #9764      +/-   ##
==========================================
- Coverage   70.41%   70.41%   -0.01%     
==========================================
  Files         585      585              
  Lines       31056    31066      +10     
  Branches     3277     3277              
==========================================
+ Hits        21869    21875       +6     
- Misses       9076     9080       +4     
  Partials      111      111              

Flag	Coverage Δ
#cypress	53.93% <ø> (ø)
#javascript	59.36% <ø> (ø)
#python	69.99% <44.44%> (-0.01%)	⬇️

Impacted Files	Coverage Δ
superset/db_engine_specs/hive.py	48.48% <44.44%> (+0.05%)	⬆️
superset/viz.py	57.20% <0.00%> (+0.05%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 526ee3c...b0bca50. Read the comment docs.

[etr2460]

@john-bodley @villebro @willbarrett, this is working and ready for review now.

Unfortunately, it doesn't look like sqlalchemy supports params for structural components of sql (as noted in the stack overflow comment) so I don't think there's anything i can do about this. I've also added one small test to hive_tests, but since this is all untested already (and relies on an s3 url and a bunch of other stuff) I'm not sure how else to add tests here

[john-bodley]

Using Pandas seems a little heavy handed to simply check if the number of records is non-zero, though I guess it's fewer lines than having to use a cursor etc. and this code is probably rarely executed.

[villebro]

LGTM. Given that this feature is currently broken in many respects, I think this is a big improvement despite some shortcomings 👍