From c0ac9c53f504def0fb09e9525c7ace195f9e3772 Mon Sep 17 00:00:00 2001 From: Maxime Beauchemin Date: Wed, 28 Feb 2018 17:30:14 -0800 Subject: [PATCH 1/2] Expose hook to inject database connection logic on the fly This environment configuration setting hook allows administrators to alter the database connection parameters on the fly based on user information. This can be use for a variety of purposes: * rewire a subset of users to use different database user accounts * pass user related information to the database for logging or QoS purposes * ... --- superset/config.py | 16 ++++++++++++++++ superset/models/core.py | 2 ++ 2 files changed, 18 insertions(+) diff --git a/superset/config.py b/superset/config.py index ae81cfcb6e402..397c66bbdf6c7 100644 --- a/superset/config.py +++ b/superset/config.py @@ -377,6 +377,22 @@ class CeleryConfig(object): # an XSS security vulnerability ENABLE_JAVASCRIPT_CONTROLS = False +# A callable that allows altering the database conneciton URL and params +# on the fly, at runtime. This allows for things like impersonation or +# arbitrary logic. For instance you could wired different users to +# use different connection parameters, or pass their email address as the +# username. The function receives the connection uri object, connection +# params, and user object, and returns the mutated uri and params objects. +# Example: +# def DB_CONNECTION_MUTATOR(uri, params, user): +# if user and user.email: +# uri.username = user.email +# return uri, params +# +# Note that the returned uri and params are passed directly to sqlalchemy's +# as such `create_engine(url, **params)` +DB_CONNECTION_MUTATOR = None + try: if CONFIG_PATH_ENV_VAR in os.environ: # Explicitly import config module that is not in pythonpath; useful diff --git a/superset/models/core.py b/superset/models/core.py index b4dbada947f4e..eb71897dbabfe 100644 --- a/superset/models/core.py +++ b/superset/models/core.py @@ -675,6 +675,8 @@ def get_sqla_engine(self, schema=None, nullpool=True, user_name=None): if configuration: params['connect_args'] = {'configuration': configuration} + if config.DB_CONNECTION_MUTATOR: + url, params = config.DB_CONNECTION_MUTATOR(url, params, g.user) return create_engine(url, **params) def get_reserved_words(self): From ee755ef2fa7e94d26b737367da7801e77802c72e Mon Sep 17 00:00:00 2001 From: Maxime Beauchemin Date: Mon, 5 Mar 2018 11:48:54 -0800 Subject: [PATCH 2/2] Fixes --- superset/config.py | 2 +- superset/models/core.py | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/superset/config.py b/superset/config.py index 397c66bbdf6c7..c9b8607e3e6ff 100644 --- a/superset/config.py +++ b/superset/config.py @@ -379,7 +379,7 @@ class CeleryConfig(object): # A callable that allows altering the database conneciton URL and params # on the fly, at runtime. This allows for things like impersonation or -# arbitrary logic. For instance you could wired different users to +# arbitrary logic. For instance you can wire different users to # use different connection parameters, or pass their email address as the # username. The function receives the connection uri object, connection # params, and user object, and returns the mutated uri and params objects. diff --git a/superset/models/core.py b/superset/models/core.py index eb71897dbabfe..41d8742b65b7c 100644 --- a/superset/models/core.py +++ b/superset/models/core.py @@ -675,8 +675,9 @@ def get_sqla_engine(self, schema=None, nullpool=True, user_name=None): if configuration: params['connect_args'] = {'configuration': configuration} - if config.DB_CONNECTION_MUTATOR: - url, params = config.DB_CONNECTION_MUTATOR(url, params, g.user) + DB_CONNECTION_MUTATOR = config.get('DB_CONNECTION_MUTATOR') + if DB_CONNECTION_MUTATOR: + url, params = DB_CONNECTION_MUTATOR(url, params, g.user) return create_engine(url, **params) def get_reserved_words(self):