diff --git a/superset/models/core.py b/superset/models/core.py index f2ca42bb13a7c..413f85bf99c81 100644 --- a/superset/models/core.py +++ b/superset/models/core.py @@ -41,6 +41,7 @@ from urllib import parse # noqa config = app.config +custom_password_store = config.get('SQLALCHEMY_CUSTOM_PASSWORD_STORE') stats_logger = config.get('STATS_LOGGER') metadata = Model.metadata # pylint: disable=no-member @@ -567,7 +568,7 @@ class Database(Model, AuditMixinNullable, ImportMixin): } """)) perm = Column(String(1000)) - custom_password_store = config.get('SQLALCHEMY_CUSTOM_PASSWORD_STORE') + impersonate_user = Column(Boolean, default=False) export_fields = ('database_name', 'sqlalchemy_uri', 'cache_timeout', 'expose_in_sqllab', 'allow_run_sync', 'allow_run_async', @@ -611,7 +612,7 @@ def get_password_masked_url(cls, url): def set_sqlalchemy_uri(self, uri): conn = sqla.engine.url.make_url(uri.strip()) - if conn.password != PASSWORD_MASK and not self.custom_password_store: + if conn.password != PASSWORD_MASK and not custom_password_store: # do not over-write the password with the password mask self.password = conn.password conn.password = PASSWORD_MASK if conn.password else None @@ -803,8 +804,8 @@ def get_foreign_keys(self, table_name, schema=None): @property def sqlalchemy_uri_decrypted(self): conn = sqla.engine.url.make_url(self.sqlalchemy_uri) - if self.custom_password_store: - conn.password = self.custom_password_store(conn) + if custom_password_store: + conn.password = custom_password_store(conn) else: conn.password = self.password return str(conn) diff --git a/tests/core_tests.py b/tests/core_tests.py index 2d73cf79618df..8415465ae6d86 100644 --- a/tests/core_tests.py +++ b/tests/core_tests.py @@ -315,11 +315,13 @@ def test_custom_password_store(self): def custom_password_store(uri): return 'password_store_test' - database.custom_password_store = custom_password_store + models.custom_password_store = custom_password_store conn = sqla.engine.url.make_url(database.sqlalchemy_uri_decrypted) if conn_pre.password: assert conn.password == 'password_store_test' assert conn.password != conn_pre.password + # Disable for password store for later tests + models.custom_password_store = None def test_databaseview_edit(self, username='admin'): # validate that sending a password-masked uri does not over-write the decrypted