aminghadersohi commented on code in PR #37361:
URL: https://github.com/apache/superset/pull/37361#discussion_r2719731138
##########
superset/utils/cache_manager.py:
##########
@@ -27,8 +28,129 @@
CACHE_IMPORT_PATH =
"superset.extensions.metastore_cache.SupersetMetastoreCache"
+# Hash function lookup table matching superset.utils.hashing
+_HASH_METHODS: dict[str, Callable[..., Any]] = {
+ "sha256": hashlib.sha256,
+ "md5": hashlib.md5,
+}
+
+
+class ConfigurableHashMethod:
+ """
+ A callable that defers hash algorithm selection to runtime.
+
+ Flask-caching's memoize decorator evaluates hash_method at decoration time
+ (module import), but we need to read HASH_ALGORITHM config at function call
+ time when the app context is available.
+
+ This class acts like a hashlib function but looks up the configured
+ algorithm when called.
+ """
+
+ def __call__(self, data: bytes = b"") -> Any:
+ """
+ Create a hash object using the configured algorithm.
+
+ Args:
+ data: Optional initial data to hash
+
+ Returns:
+ A hashlib hash object (e.g., sha256 or md5)
+ """
+ algorithm = current_app.config["HASH_ALGORITHM"]
+ hash_func = _HASH_METHODS[algorithm]
+ return hash_func(data)
+
+
+# Singleton instance to use as default hash_method
+configurable_hash_method = ConfigurableHashMethod()
+
+
+class SupersetCache(Cache):
+ """
+ Cache subclass that uses the configured HASH_ALGORITHM instead of MD5.
+
+ Flask-caching uses MD5 by default for cache key generation, which fails
+ in FIPS mode where MD5 is disabled. This class overrides the default
+ hash method to use the algorithm specified by HASH_ALGORITHM config.
+
+ Note: Switching hash algorithms will invalidate existing cache keys,
+ causing a one-time cache miss on upgrade.
+ """
+
+ def memoize(
+ self,
+ timeout: int | None = None,
+ make_name: Callable[..., Any] | None = None,
+ unless: Callable[..., bool] | None = None,
+ forced_update: Callable[..., bool] | None = None,
+ response_filter: Callable[..., Any] | None = None,
+ hash_method: Callable[..., Any] = configurable_hash_method,
+ cache_none: bool = False,
+ source_check: bool | None = None,
+ args_to_ignore: Any | None = None,
+ ) -> Callable[..., Any]:
+ return super().memoize(
+ timeout=timeout,
+ make_name=make_name,
+ unless=unless,
+ forced_update=forced_update,
+ response_filter=response_filter,
+ hash_method=hash_method,
+ cache_none=cache_none,
+ source_check=source_check,
+ args_to_ignore=args_to_ignore,
+ )
+
+ def cached(
+ self,
+ timeout: int | None = None,
+ key_prefix: str = "view/%s",
+ unless: Callable[..., bool] | None = None,
+ forced_update: Callable[..., bool] | None = None,
+ response_filter: Callable[..., Any] | None = None,
+ query_string: bool = False,
+ hash_method: Callable[..., Any] = configurable_hash_method,
+ cache_none: bool = False,
+ make_cache_key: Callable[..., Any] | None = None,
+ source_check: bool | None = None,
+ response_hit_indication: bool | None = False,
+ ) -> Callable[..., Any]:
+ return super().cached(
+ timeout=timeout,
+ key_prefix=key_prefix,
+ unless=unless,
+ forced_update=forced_update,
+ response_filter=response_filter,
+ query_string=query_string,
+ hash_method=hash_method,
+ cache_none=cache_none,
+ make_cache_key=make_cache_key,
+ source_check=source_check,
+ response_hit_indication=response_hit_indication,
+ )
+
+ # pylint: disable=protected-access
+ def _memoize_make_cache_key(
+ self,
+ make_name: Callable[..., Any] | None = None,
+ timeout: Callable[..., Any] | None = None,
Review Comment:
The type for timeout looks incorrect — should this be int | None rather than
Callable[..., Any] | None? Same question for forced_update on the next line —
in flask-caching's signature this is typically Callable[..., bool] | None, not
bool. Since these just delegate to super(), the signatures should match
upstream exactly.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
