Skip to content

feat: prevent Postgres connection to Redshift#38693

Merged
betodealmeida merged 6 commits into
masterfrom
redshift-check
Mar 24, 2026
Merged

feat: prevent Postgres connection to Redshift#38693
betodealmeida merged 6 commits into
masterfrom
redshift-check

Conversation

@betodealmeida

@betodealmeida betodealmeida commented Mar 17, 2026

Copy link
Copy Markdown
Member

User description

SUMMARY

While it's technically possible to connect to Amazon Redshift using postgresql://, it makes Superset use the Postgres sqlglot dialect instead of the Redshift one, resulting in incorrectly formatted queries when we need to apply RLS or manipulate the query somehow.

This PR introduces 2 checks to prevent users from connecting to Amazon Redshift with the Postgres SQLAlchemy dialect/DB engine spec:

  1. A cheap one, checking the hostname.
  2. A more expensive one, looking for the string "redshift" in the result from VERSION().

The checks run only during the "test connection" phase, when adding or editing a DB.

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

Screenshot 2026-03-17 at 11 15 08 AM

TESTING INSTRUCTIONS

Added unit tests.

ADDITIONAL INFORMATION

  • Has associated issue:
  • Required feature flags:
  • Changes UI
  • Includes DB Migration (follow approval process in SIP-59)
    • Migration is atomic, supports rollback & is backwards-compatible
    • Confirm DB migration upgrade and downgrade tested
    • Runtime estimates and downtime expectations provided
  • Introduces new feature or API
  • Removes existing feature or API

CodeAnt-AI Description

Prevent connecting to Amazon Redshift using the PostgreSQL driver during DB connection tests

What Changed

  • When running a database "test connection", Superset now runs SELECT version() to detect Amazon Redshift and rejects connections that report Redshift, prompting users to use the redshift+psycopg2:// driver
  • The Redshift check runs only during the connection test flow (a flag is set for that operation) and is not performed during normal runtime connections
  • Added unit tests covering Redshift detection, allowed PostgreSQL connections, error-tolerant behavior when version() fails, and injection of the connection check into test-time parameters

Impact

✅ Clearer Redshift connection errors during DB setup
✅ Fewer incorrectly transpiled queries caused by using the wrong driver
✅ Shorter debug time when configuring Redshift databases

💡 Usage Guide

Checking Your Pull Request

Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.

Talking to CodeAnt AI

Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:

@codeant-ai ask: Your question here

This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.

Example

@codeant-ai ask: Can you suggest a safer alternative to storing this secret?

Preserve Org Learnings with CodeAnt

You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:

@codeant-ai: Your feedback here

This helps CodeAnt AI learn and adapt to your team's coding style and standards.

Example

@codeant-ai: Do not flag unused imports.

Retrigger review

Ask CodeAnt AI to review the PR again, by typing:

@codeant-ai: review

Check Your Repository Health

To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.

@betodealmeida betodealmeida marked this pull request as ready for review March 17, 2026 15:50
@netlify

netlify Bot commented Mar 17, 2026

Copy link
Copy Markdown

Deploy Preview for superset-docs-preview ready!

Name Link
🔨 Latest commit 1493c94
🔍 Latest deploy log https://app.netlify.com/projects/superset-docs-preview/deploys/69bab72fc39dfc00080af1dc
😎 Deploy Preview https://deploy-preview-38693--superset-docs-preview.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@bito-code-review bito-code-review Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review Agent Run #74544c

Actionable Suggestions - 1
  • superset/db_engine_specs/postgres.py - 1
    • Blind exception catch without specific type · Line 118-120
Review Details
  • Files reviewed - 2 · Commit Range: 40376db..40376db
    • superset/db_engine_specs/postgres.py
    • tests/unit_tests/db_engine_specs/test_postgres.py
  • Files skipped - 0
  • Tools
    • Whispers (Secret Scanner) - ✔︎ Successful
    • Detect-secrets (Secret Scanner) - ✔︎ Successful
    • MyPy (Static Code Analysis) - ✔︎ Successful
    • Astral Ruff (Static Code Analysis) - ✔︎ Successful

Bito Usage Guide

Commands

Type the following command in the pull request comment and save the comment.

  • /review - Manually triggers a full AI review.

  • /pause - Pauses automatic reviews on this pull request.

  • /resume - Resumes automatic reviews.

  • /resolve - Marks all Bito-posted review comments as resolved.

  • /abort - Cancels all in-progress reviews.

Refer to the documentation for additional commands.

Configuration

This repository uses Superset You can customize the agent settings here or contact your Bito workspace admin at evan@preset.io.

Documentation & Help

AI Code Review powered by Bito Logo

Comment thread superset/db_engine_specs/postgres.py
@codeant-ai-for-open-source codeant-ai-for-open-source Bot added the size:L This PR changes 100-499 lines, ignoring generated files label Mar 17, 2026
@codeant-ai-for-open-source

Copy link
Copy Markdown
Contributor

Sequence Diagram

This PR adds two guardrails to stop users from configuring Amazon Redshift with the PostgreSQL engine spec. Superset now performs a fast hostname validation and, during connection testing, a version-based detection before allowing the connection.

sequenceDiagram
    participant User
    participant Superset
    participant PostgresSpec
    participant DatabaseServer

    User->>Superset: Save or test Postgres database connection
    Superset->>PostgresSpec: Validate database URI host
    alt Host looks like Redshift endpoint
        PostgresSpec-->>User: Reject and require Redshift driver
    else Host not clearly Redshift
        Superset->>PostgresSpec: Mark connection test with Redshift check flag
        PostgresSpec->>DatabaseServer: On connect run version query
        DatabaseServer-->>PostgresSpec: Return database version text
        PostgresSpec-->>User: Reject if version indicates Redshift
    end
Loading

Generated by CodeAnt AI

Comment thread superset/db_engine_specs/postgres.py Outdated
@sadpandajoe sadpandajoe requested a review from eschutho March 17, 2026 17:38
@bito-code-review

bito-code-review Bot commented Mar 17, 2026

Copy link
Copy Markdown
Contributor

Code Review Agent Run #173124

Actionable Suggestions - 0
Review Details
  • Files reviewed - 2 · Commit Range: 40376db..7df78fe
    • superset/db_engine_specs/postgres.py
    • tests/unit_tests/db_engine_specs/test_postgres.py
  • Files skipped - 0
  • Tools
    • Whispers (Secret Scanner) - ✔︎ Successful
    • Detect-secrets (Secret Scanner) - ✔︎ Successful
    • MyPy (Static Code Analysis) - ✔︎ Successful
    • Astral Ruff (Static Code Analysis) - ✔︎ Successful

Bito Usage Guide

Commands

Type the following command in the pull request comment and save the comment.

  • /review - Manually triggers a full AI review.

  • /pause - Pauses automatic reviews on this pull request.

  • /resume - Resumes automatic reviews.

  • /resolve - Marks all Bito-posted review comments as resolved.

  • /abort - Cancels all in-progress reviews.

Refer to the documentation for additional commands.

Configuration

This repository uses Superset You can customize the agent settings here or contact your Bito workspace admin at evan@preset.io.

Documentation & Help

AI Code Review powered by Bito Logo

@codeant-ai-for-open-source codeant-ai-for-open-source Bot added size:L This PR changes 100-499 lines, ignoring generated files and removed size:L This PR changes 100-499 lines, ignoring generated files labels Mar 18, 2026
@betodealmeida betodealmeida merged commit 5d9f53f into master Mar 24, 2026
73 of 75 checks passed
@betodealmeida betodealmeida deleted the redshift-check branch March 24, 2026 14:44
qfcwell pushed a commit to qfcwell/superset that referenced this pull request May 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

preset-io size/L size:L This PR changes 100-499 lines, ignoring generated files

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants