Configuring Secured Trino with Superset

[sbbagal13]

A clear and concise description of what the bug is.

Expected results

Connection Successful

Actual results

[SupersetError(message="HTTPSConnectionPool(host='myhost', port=443): Max retries exceeded with url: /v1/statement (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1091)')))", error_type=<SupersetErrorType.GENERIC_DB_ENGINE_ERROR: 'GENERIC_DB_ENGINE_ERROR'>, level=<ErrorLevel.ERROR: 'error'>, extra={'engine_name': 'Trino', 'issue_codes': [{'code': 1002, 'message': 'Issue 1002 - The database returned an unexpected error.'}]})]
2021-08-04 21:58:19,406:WARNING:superset.views.base:[SupersetError(message="HTTPSConnectionPool(host='myhost', port=443): Max retries exceeded with url: /v1/statement (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1091)')))", error_type=<SupersetErrorType.GENERIC_DB_ENGINE_ERROR: 'GENERIC_DB_ENGINE_ERROR'>, level=<ErrorLevel.ERROR: 'error'>, extra={'engine_name': 'Trino', 'issue_codes': [{'code': 1002, 'message': 'Issue 1002 - The database returned an unexpected error.'}]})]
10.32.3.1 - - [04/Aug/2021:21:58:19 +0000] "POST /api/v1/database/test_connection HTTP/1.1" 422 499 "http://myhost/databaseview/list/?pageIndex=0&sortColumn=changed_on_delta_humanized&sortOrder=desc" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36 Edg/91.0.864.71"

Screenshots

If applicable, add screenshots to help explain your problem.

How to reproduce the bug

Try to connect to secured trino over https

Environment

Openshift kubernetes

Checklist

Make sure to follow these steps before submitting your issue - thank you!

• I have checked the superset logs for python stacktraces and included it here as text if there are any.
• I have reproduced the issue with at least the latest released version of superset.
• I have checked the issue tracker for the same issue and I haven't found one similar.

Additional context

How to add SSL related information and JKS truststore to authenticate trino from superset

[wengieeee]

hi,did you solve this problem? i wanna connect trino use https,but fail

[sbbagal13]

Hi @Yanwenjingcn , Yes I am able to resolve it. You need CA cert to be copy to superset Host and then provide the its path while making connection. Below is the connection String (Replace respective parameters are per your installation)

trino://{UserName}:{Password}@{trino url without https}:443/{catalog name}?verify={ca certificate path on superset host}
e.g. below
trino://sbagal:XXXXX@trino-dev.apps.co:443/my_catalog?verify=/etc/cert/mycert.ca

[wengieeee]

you are so great，It works! help me a lot!

[wengieeee]

so , can i put .ca file in any path？ or a specify path

[sbbagal13]

@Yanwenjingcn : You can put at any location. just put that path in connection string

[sbbagal13]

Working Solution: Use certificate in connection string
trino://{UserName}:{Password}@{trino url without https}:443/{catalog name}?verify={ca certificate path on superset host}
e.g. below
trino://sbagal:XXXXX@trino-dev.apps.co:443/my_catalog?verify=/etc/cert/mycert.ca

[musicmuthu]

it's work but it's worked as password based authentication not a certificate authentication
my trino version is 387-- trino cli work as certificate based
superset version is 2.0.0 and 2.0.1 tested in both but not working.