Authentication: Enable user impersonation for Superset to HiveServer2 using hive.server2.proxy.user (a.fernandez) #3652
Conversation
afernandez
changed the title
|
Need to fix unit tests |
superset/db_engine_specs.py
Outdated
There was a problem hiding this comment.
Base class has methods for how to modify a URI and URL object for impersonation
superset/db_engine_specs.py
Outdated
There was a problem hiding this comment.
Python Engine Spec overrides the methods for how to modify a URI and URL object for impersonation
superset/models/core.py
Outdated
There was a problem hiding this comment.
Moved this to its own method
superset/models/core.py
Outdated
There was a problem hiding this comment.
Renamed uri to url since it was of type SQLAlchemy.URL
superset/models/core.py
Outdated
There was a problem hiding this comment.
Important to mask the URL while logging since it may contain a password
superset/sql_lab.py
Outdated
There was a problem hiding this comment.
In some code paths, conn was not defined
superset/views/core.py
Outdated
There was a problem hiding this comment.
Important to mask the URL while logging since it may contain a password
tests/core_tests.py
Outdated
There was a problem hiding this comment.
Unit test is failing since g.user.username is missing. Will fix soon.
afernandez
left a comment
afernandez
left a comment
There was a problem hiding this comment.
Initial annotations
afernandez
force-pushed
the
afernandez_impersonate
branch
from
eee12f1 to
4e9263e
Compare
|
Unit tests passed, |
|
Coverage increased (+0.08%) to 70.191% when pulling 4e9263e804d4297a94edf81aaeaf1b1f39cfd04d on afernandez:afernandez_impersonate into 52a9f27 on apache:master. |
mistercrunch
left a comment
mistercrunch
left a comment
There was a problem hiding this comment.
Highlighted a few minor things but LGTM otherwise. Please lint according to our .pylinrc. We used to have automation with Landscape.io but switched it off since we move the repo to Apache...
superset/db_engine_specs.py
Outdated
There was a problem hiding this comment.
NIT: I'd go without the is not None as None evals to False
superset/db_engine_specs.py
Outdated
There was a problem hiding this comment.
Some very long lines here. PEP8 says 80, our pylint say 90. If you want to lint your PR only you can git diff master... | flake8 --diff thought that's flake8 not pylint. There's also git-lint which can lint your diff as well.
superset/db_engine_specs.py
Outdated
…veServer2 using hive.server2.proxy.user (a.fernandez)
afernandez
force-pushed
the
afernandez_impersonate
branch
from
4e9263e to
f310817
Compare
|
@mistercrunch would you be able to re-review these changes? Does the decrease in coveralls mean I need to add unit tests? |
|
Thanks for reviewing. I figured out how to do it without needing changes to PyHive. Will submit another PR soon. |
…veServer2 using hive.server2.proxy.user (a.fernandez) (apache#3652)
mistercrunch
added
🏷️ bot
3 participants
Superset today has a config for impersonation when creating/editing a datasource.
When used with Presto, it actually creates a connection on behalf of the logged on user.
For Hive, we instead want to connect as the superuser (superset service account) but use the hive.server2.proxy.user property in the URI to enable impersonation.
Unit Tests passed.
cc @timifasubaa @mistercrunch