Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: cache key with guest token rls #19110

Merged
merged 5 commits into from
Mar 10, 2022
Merged

fix: cache key with guest token rls #19110

merged 5 commits into from
Mar 10, 2022

Conversation

lilykuang
Copy link
Member

@lilykuang lilykuang commented Mar 10, 2022
edited
Loading

SUMMARY

issue:

  • cache key didn't capture the guest toke rls rules
  • guest rls rules don't apply to embedded dashboards unless the cache expire
  • query data is cached, embedded dashboards show the same data to different user even with rls rule

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

TESTING INSTRUCTIONS

ADDITIONAL INFORMATION

  • Has associated issue:
  • Required feature flags:
  • Changes UI
  • Includes DB Migration (follow approval process in SIP-59)
    • Migration is atomic, supports rollback & is backwards-compatible
    • Confirm DB migration upgrade and downgrade tested
    • Runtime estimates and downtime expectations provided
  • Introduces new feature or API
  • Removes existing feature or API

@codecov
Copy link

codecov bot commented Mar 10, 2022
edited
Loading

Codecov Report

Merging #19110 (c75d696) into master (a37a4ed) will decrease coverage by 0.03%.
The diff coverage is 100.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master   #19110      +/-   ##
==========================================
- Coverage   66.51%   66.48%   -0.04%     
==========================================
  Files        1645     1644       -1     
  Lines       63515    63503      -12     
  Branches     6464     6459       -5     
==========================================
- Hits        42250    42222      -28     
- Misses      19593    19611      +18     
+ Partials     1672     1670       -2
Flag Coverage Δ
hive 52.63% <92.30%> (+0.03%) ⬆️
mysql 81.83% <100.00%> (+<0.01%) ⬆️
postgres ?
presto 52.47% <92.30%> (+0.03%) ⬆️
python 82.26% <100.00%> (-0.04%) ⬇️
sqlite 81.63% <100.00%> (+0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
superset/common/query_context_processor.py 91.46% <100.00%> (+0.47%) ⬆️
superset/security/manager.py 94.72% <100.00%> (+0.31%) ⬆️
superset/viz.py 58.26% <100.00%> (ø)
superset/sql_validators/postgres.py 50.00% <0.00%> (-50.00%) ⬇️
...d/src/SqlLab/components/AceEditorWrapper/index.tsx 44.82% <0.00%> (-8.75%) ⬇️
...et-frontend/src/components/Chart/ChartRenderer.jsx 44.89% <0.00%> (-7.74%) ⬇️
superset/reports/commands/log_prune.py 85.71% <0.00%> (-3.58%) ⬇️
...veFilters/FilterBar/FilterControls/FilterValue.tsx 56.97% <0.00%> (-3.47%) ⬇️
superset/commands/importers/v1/utils.py 89.13% <0.00%> (-2.18%) ⬇️
superset/db_engine_specs/postgres.py 95.45% <0.00%> (-1.82%) ⬇️
... and 14 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a37a4ed...c75d696. Read the comment docs.

@pull-request-size pull-request-size bot added size/M and removed size/S labels Mar 10, 2022
@lilykuang
Copy link
Member Author

/testenv up

@github-actions
Copy link
Contributor

@lilykuang Ephemeral environment spinning up at http://34.219.27.109:8080. Credentials are admin/admin. Please allow several minutes for bootstrapping and startup.

suddjian
suddjian reviewed Mar 10, 2022
View reviewed changes
superset/security/manager.py
def get_guest_rls_filters_str(self, table: "BaseDatasource") -> List[str]:
return [f.get("clause", "") for f in self.get_guest_rls_filters(table)]

def get_rls_cache_key(self, datasource: "BaseDatasource") -> List[str]:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we need the get_rls_ids function anymore if we're using this instead.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's used for getting the ids on line 1234

suddjian
suddjian approved these changes Mar 10, 2022
View reviewed changes
Copy link
Member

@suddjian suddjian left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://media.giphy.com/media/POZulBhYwuOI2Dg7oX/giphy.gif

@lilykuang lilykuang merged commit 2726816 into apache:master Mar 10, 2022
@lilykuang lilykuang deleted the fix/guest-rls-cache-key branch March 10, 2022 21:49
@github-actions
Copy link
Contributor

Ephemeral environment shutdown and build artifacts deleted.

villebro pushed a commit that referenced this pull request Apr 3, 2022
@villebro
fix: cache key with guest token rls (#19110)
cb5d814 
* add guest rls clause to cache key

* lint

* pylint

* add app back

(cherry picked from commit 2726816)
@mistercrunch mistercrunch added 🍒 1.5.0 🍒 1.5.1 🍒 1.5.2 🍒 1.5.3 🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels 🚢 2.0.0 labels Mar 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@suddjian suddjian suddjian approved these changes

Assignees
No one assigned
Labels
🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels lts-v1 preset-io size/M 🍒 1.5.0 🍒 1.5.1 🍒 1.5.2 🍒 1.5.3 🚢 2.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@lilykuang @suddjian @mistercrunch @villebro