wugeer opened a new pull request, #29281: URL: https://github.com/apache/superset/pull/29281
This environment configuration setting hook allows administrators to alter different database connection parameters on the fly based on user information and hook strategy. This can be use for a variety of purposes: - rewire a subset of users to use different database user accounts,for example, integrating with ldap - pass user related information to the database for logging or QoS purposes - custom, per-database-engine, environment-specific impersonation <!--- Please write the PR title following the conventions at https://www.conventionalcommits.org/en/v1.0.0/ Example: fix(dashboard): load charts correctly --> ### SUMMARY <!--- Describe the change below, including rationale and design decisions --> Although there is already a DB_CONNECTION_MUTATOR hook available to inject database connection logic on the fly, if we do not modify the code in superset/models/core.py within the Database.get_sqla_engine method, this injection will affect all data source connections. Specifically, if different data sources require different injection logic, then we need to make different modifications to the code within superset/models/core.py to handle the different database types. Therefore, I have added a DB_CONNECTION_MODIFIER hook (clearly, DB_CONNECTION_MUTATOR would be a better name, but it is already in use, so I used a synonym instead), which allows for different data sources to implement different injection logic on the fly, as long as these database injection logic classes implement the run method of the ImpalaURLModifier class. This increases the flexibility of injecting database connection logic on the fly. ### BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF <!--- Skip this if not applicable --> ### TESTING INSTRUCTIONS <!--- Required! What steps can be taken to manually verify the changes? --> For example, when each user connects to the postgres data source, their use the current username to connect to the database, and the password is new_password_ str plus the username. Add a new class PostgresDBConnectModifier in file superset/utils/database_connect_modifier.py ```python class PostgresDBConnectModifier(BaseDBConnectModifier): # When connecting to a postgres data source, # replace the default connection username and password @classmethod def run(cls, sqlalchemy_url: URL, params: dict[str, Any], username: str, *args: Any, **kwargs: Any) -> (URL, dict[str, Any]): new_password = cls._get_new_password(username) sqlalchemy_url.username = username sqlalchemy_url.password = new_password return sqlalchemy_url, params @staticmethod def _get_new_password(username): # Implement password generation logic return 'new_password_' + username ``` superset/config.py中 ```python DB_CONNECTION_MODIFIER_ENABLED = True DB_CONNECTION_MODIFIER: dict[str, type[BaseDBConnectModifier]] = { "postgresql": PostgresDBConnectModifier, } ``` The user logs in to the superset page and queries the postgres database table in sqllab; or the underlying data table triggered by the chart page is the postgres data source. ### ADDITIONAL INFORMATION <!--- Check any relevant boxes with "x" --> <!--- HINT: Include "Fixes #nnn" if you are fixing an existing issue --> - [ ] Has associated issue: - [x] Required feature flags: - [ ] Changes UI - [ ] Includes DB Migration (follow approval process in [SIP-59](https://github.com/apache/superset/issues/13351)) - [ ] Migration is atomic, supports rollback & is backwards-compatible - [ ] Confirm DB migration upgrade and downgrade tested - [ ] Runtime estimates and downtime expectations provided - [x] Introduces new feature or API - [ ] Removes existing feature or API -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
