betodealmeida opened a new pull request, #29943: URL: https://github.com/apache/superset/pull/29943
<!--- Please write the PR title following the conventions at https://www.conventionalcommits.org/en/v1.0.0/ Example: fix(dashboard): load charts correctly --> ### SUMMARY <!--- Describe the change below, including rationale and design decisions --> When the user edits a database, the password in the SQLAlchemy URI is masked (replaced with `XXXXXXXXXX`), so that the sensitive information is not transmitted down the wire unneedlessly. If the user saves the database edit, the mask is replaced with the original password, unless it has been changed. The `encrypted_extra` field in a database may also contain sensitive fields. Instead of masking the whole field, in https://github.com/apache/superset/pull/21248 we introduced logic to mask only selected fields, so we can provide a better editing experience for users. For BigQuery, eg, the credentials look like this: ```json { "type": "service_account", "project_id": "your project id", "private_key_id": "your private key id", "private_key": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----\n", ... } ``` When editing, it will show in database modal as: ```json { "type": "service_account", "project_id": "your project id", "private_key_id": "your private key id", "private_key": "XXXXXXXXXX", ... } ``` The user can then selectively change some of the fields, and when the database is edited the `private_key` will be replaced with the old value if it's equal to `XXXXXXXXXX`. Currently this functionality is only imlemented for BigQuery and GSheets, but it should be implemented in all databases that store sensitive information under `encrypted_extra`. To simplify the process and remove duplicate code, in this PR I updated the methods in the base class to work with JSON paths. For BigQuery, for example, all that is needed is: ```python encrypted_extra_sensitive_fields = ["$.credentials_info.private_key"] ``` ### BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF <!--- Skip this if not applicable --> N/A ### TESTING INSTRUCTIONS <!--- Required! What steps can be taken to manually verify the changes? --> Confirmed existing tests work, added a few more tests. ### ADDITIONAL INFORMATION <!--- Check any relevant boxes with "x" --> <!--- HINT: Include "Fixes #nnn" if you are fixing an existing issue --> - [ ] Has associated issue: - [ ] Required feature flags: - [ ] Changes UI - [ ] Includes DB Migration (follow approval process in [SIP-59](https://github.com/apache/superset/issues/13351)) - [ ] Migration is atomic, supports rollback & is backwards-compatible - [ ] Confirm DB migration upgrade and downgrade tested - [ ] Runtime estimates and downtime expectations provided - [ ] Introduces new feature or API - [ ] Removes existing feature or API -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
