feat: add SSL to new DB parameters

[betodealmeida]

SUMMARY

Expose an option to configure an encrypted connection when adding a new database with the new parameters flow.

In the new flow, users can just specify that they want SSL on, and we'll build a SQLAlchemy URI that enforces encryption. For Postgres, eg, this is done by adding sslmode=verify-ca to the query parameters.

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

N/A

TEST PLAN

Updated unit tests.

ADDITIONAL INFORMATION

• Has associated issue:
• Changes UI
• Includes DB Migration (follow approval process in SIP-59)
  • Migration is atomic, supports rollback & is backwards-compatible
  • Confirm DB migration upgrade and downgrade tested
  • Runtime estimates and downtime expectations provided
• Introduces new feature or API
• Removes existing feature or API

[hughhhh]

Could go with an enum approach to make sure the user is entering one of the 5 properly

https://www.postgresql.org/docs/9.1/libpq-ssl.html

[betodealmeida]

@hughhhh the user is not choosing one, with the new form they only choose between SSL on or off. If they choose "on" we set it to verify-ca, since it's the least restrictive one that still ensures an encrypted connection (note that require is identical to verify-ca).

If the user wants to use a different value (eg, verify-full) they need to edit the SQLAlchemy URI directly.

[hughhhh]

Can we put encryption under a enum to make sure users are entering the proper information

[eschutho]

do you feel that we will need to check/enforce that this is defined on the engine specs that use this mixin?

[betodealmeida]

Oh, good idea... maybe if the users passes encryption=True when configuring a database we should raise an exception if this is empty.

[codecov]

Codecov Report

Merging #14673 (6dad46d) into master (4f5c537) will increase coverage by 0.00%.
The diff coverage is 91.66%.

@@           Coverage Diff           @@
##           master   #14673   +/-   ##
=======================================
  Coverage   77.54%   77.55%           
=======================================
  Files         958      958           
  Lines       48541    48559   +18     
  Branches     5702     5702           
=======================================
+ Hits        37640    37658   +18     
  Misses      10700    10700           
  Partials      201      201           

Flag	Coverage Δ
hive	81.11% <91.66%> (+0.01%)	⬆️
mysql	81.38% <91.66%> (+0.01%)	⬆️
postgres	81.40% <91.66%> (+0.01%)	⬆️
presto	81.10% <91.66%> (+0.01%)	⬆️
python	81.93% <91.66%> (+0.01%)	⬆️
sqlite	81.03% <91.66%> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
superset/db_engine_specs/base.py	88.46% <90.90%> (+<0.01%)	⬆️
superset/db_engine_specs/postgres.py	96.96% <100.00%> (+0.03%)	⬆️
superset/databases/schemas.py	99.54% <0.00%> (ø)
superset/views/dynamic_plugins.py	100.00% <0.00%> (ø)
superset/app.py	81.59% <0.00%> (+0.28%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4f5c537...6dad46d. Read the comment docs.