-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(drill): specify an SA URL parm of impersonation_target
for drill+sadrill
#19252
Conversation
…et". Sqlalchemy-drill is being updated to support impersonation with the drill+sadrill driver, where previously it did not. The way that callers should specify impersonation matches that for the drill+jdbc driver in that a SA URL parameter of impersonation_target should be set to the username of the user to be impersonated, while the stadard SA username and password should be those of the proxy user.
Codecov Report
@@ Coverage Diff @@
## master #19252 +/- ##
==========================================
- Coverage 66.76% 66.63% -0.13%
==========================================
Files 1670 1673 +3
Lines 64398 63977 -421
Branches 6499 6499
==========================================
- Hits 42993 42633 -360
+ Misses 19722 19661 -61
Partials 1683 1683
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
Bump? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for this enhancement! Left a few comments, LMKWYT
assert url.username == username | ||
assert url.query["impersonation_target"] == username |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: bonus points for adding impersonation tests for drill+odbc
, drill+jdbc
and drill+foobar
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The first two cases are already higher up in test_drill.py. I've now added the drill+foobar case.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Apologies, I stand corrected!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, one last nit
try: | ||
DrillEngineSpec.modify_url_for_impersonation(url, True, username) | ||
except Exception as e: | ||
exception_type = type(e) | ||
|
||
assert exception_type == SupersetDBAPIProgrammingError |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: this is how it's usually done with pytest
:
try: | |
DrillEngineSpec.modify_url_for_impersonation(url, True, username) | |
except Exception as e: | |
exception_type = type(e) | |
assert exception_type == SupersetDBAPIProgrammingError | |
with pytest.raises(SupersetDBAPIProgrammingError): | |
DrillEngineSpec.modify_url_for_impersonation(url, True, username) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! I'll push again and watch the CI output, it looks like there might be some problem with my use of the SupersetDBAPIProgrammingError type in this module.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh - you may need to move the exception import into the test function
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks for the additional iterations!
…l+sadrill (#19252) * Update drill+sadrill to specify an SA URL parm of "impersonation_target". Sqlalchemy-drill is being updated to support impersonation with the drill+sadrill driver, where previously it did not. The way that callers should specify impersonation matches that for the drill+jdbc driver in that a SA URL parameter of impersonation_target should be set to the username of the user to be impersonated, while the stadard SA username and password should be those of the proxy user. * Remove lint. * Address review comments. * Use idiomatic pytest to test for a raised exception. * Fix import statement order in drill.py. (cherry picked from commit 85e330e)
…l+sadrill (#19252) * Update drill+sadrill to specify an SA URL parm of "impersonation_target". Sqlalchemy-drill is being updated to support impersonation with the drill+sadrill driver, where previously it did not. The way that callers should specify impersonation matches that for the drill+jdbc driver in that a SA URL parameter of impersonation_target should be set to the username of the user to be impersonated, while the stadard SA username and password should be those of the proxy user. * Remove lint. * Address review comments. * Use idiomatic pytest to test for a raised exception. * Fix import statement order in drill.py. (cherry picked from commit 85e330e)
…l+sadrill (apache#19252) * Update drill+sadrill to specify an SA URL parm of "impersonation_target". Sqlalchemy-drill is being updated to support impersonation with the drill+sadrill driver, where previously it did not. The way that callers should specify impersonation matches that for the drill+jdbc driver in that a SA URL parameter of impersonation_target should be set to the username of the user to be impersonated, while the stadard SA username and password should be those of the proxy user. * Remove lint. * Address review comments. * Use idiomatic pytest to test for a raised exception. * Fix import statement order in drill.py.
SUMMARY
Sqlalchemy-drill has been updated to support impersonation with the
drill+sadrill driver, where previously it did not. The way that callers
should specify impersonation matches that for the drill+jdbc driver in that
a SA URL parameter of impersonation_target should be set to the username
of the user to be impersonated, while the standard SA username and password
should be those of the proxy user.
BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
N/A
TESTING INSTRUCTIONS
Configure a new Apache Drill connection using the drill+sadrill driver from
sqlalchemy-drill. Enable impersonation and trigger the execution of a Drill
query. In the Drill query profile history, confirm that the query was executed
as the impersonated user.
ADDITIONAL INFORMATION