Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Drill ODBC/JDBC Impersonation feature #17353

Merged
merged 7 commits into from
Nov 10, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions docs/src/resources/openapi.json
Original file line number Diff line number Diff line change
Expand Up @@ -2722,7 +2722,7 @@
"type": "string"
},
"impersonate_user": {
"description": "If Presto, all the queries in SQL Lab are going to be executed as the currently logged on user who must have permission to run them.<br/>If Hive and hive.server2.enable.doAs is enabled, will run the queries as service account, but impersonate the currently logged on user via hive.server2.proxy.user property.",
"description": "If Presto, Trino or Drill all the queries in SQL Lab are going to be executed as the currently logged on user who must have permission to run them.<br/>If Hive and hive.server2.enable.doAs is enabled, will run the queries as service account, but impersonate the currently logged on user via hive.server2.proxy.user property.",
"type": "boolean"
},
"parameters": {
Expand Down Expand Up @@ -2816,7 +2816,7 @@
"type": "string"
},
"impersonate_user": {
"description": "If Presto, all the queries in SQL Lab are going to be executed as the currently logged on user who must have permission to run them.<br/>If Hive and hive.server2.enable.doAs is enabled, will run the queries as service account, but impersonate the currently logged on user via hive.server2.proxy.user property.",
"description": "If Presto, Trino or Drill all the queries in SQL Lab are going to be executed as the currently logged on user who must have permission to run them.<br/>If Hive and hive.server2.enable.doAs is enabled, will run the queries as service account, but impersonate the currently logged on user via hive.server2.proxy.user property.",
"type": "boolean"
},
"parameters": {
Expand Down Expand Up @@ -2866,7 +2866,7 @@
"type": "string"
},
"impersonate_user": {
"description": "If Presto, all the queries in SQL Lab are going to be executed as the currently logged on user who must have permission to run them.<br/>If Hive and hive.server2.enable.doAs is enabled, will run the queries as service account, but impersonate the currently logged on user via hive.server2.proxy.user property.",
"description": "If Presto, Trino or Drill all the queries in SQL Lab are going to be executed as the currently logged on user who must have permission to run them.<br/>If Hive and hive.server2.enable.doAs is enabled, will run the queries as service account, but impersonate the currently logged on user via hive.server2.proxy.user property.",
"type": "boolean"
},
"parameters": {
Expand Down Expand Up @@ -2914,7 +2914,7 @@
"type": "string"
},
"impersonate_user": {
"description": "If Presto, all the queries in SQL Lab are going to be executed as the currently logged on user who must have permission to run them.<br/>If Hive and hive.server2.enable.doAs is enabled, will run the queries as service account, but impersonate the currently logged on user via hive.server2.proxy.user property.",
"description": "If Presto, Trino or Drill all the queries in SQL Lab are going to be executed as the currently logged on user who must have permission to run them.<br/>If Hive and hive.server2.enable.doAs is enabled, will run the queries as service account, but impersonate the currently logged on user via hive.server2.proxy.user property.",
"type": "boolean"
},
"parameters": {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -393,7 +393,7 @@ const ExtraOptions = ({
checked={!!db?.impersonate_user}
onChange={onInputChange}
labelText={t(
'Impersonate logged in user (Presto, Trino, Hive, and GSheets)',
'Impersonate logged in user (Presto, Trino, Drill, Hive, and GSheets)',
)}
/>
<InfoTooltip
Expand Down
18 changes: 18 additions & 0 deletions superset/db_engine_specs/drill.py
Original file line number Diff line number Diff line change
Expand Up @@ -68,3 +68,21 @@ def convert_dttm(cls, target_type: str, dttm: datetime) -> Optional[str]:
def adjust_database_uri(cls, uri: URL, selected_schema: Optional[str]) -> None:
if selected_schema:
uri.database = parse.quote(selected_schema, safe="")

@classmethod
def modify_url_for_impersonation(
cls, url: URL, impersonate_user: bool, username: Optional[str]
) -> None:
"""
Modify the SQL Alchemy URL object with the user to impersonate if applicable.
:param url: SQLAlchemy URL object
:param impersonate_user: Flag indicating if impersonation is enabled
:param username: Effective username
"""
if impersonate_user and username is not None:
if url.drivername == "drill+odbc":
url.query["DelegationUID"] = username
eschutho marked this conversation as resolved.
Show resolved Hide resolved
elif url.drivername == "drill+jdbc":
url.query["impersonation_target"] = username
else:
url.username = username
6 changes: 3 additions & 3 deletions superset/translations/de/LC_MESSAGES/messages.json
Original file line number Diff line number Diff line change
Expand Up @@ -853,7 +853,7 @@
"When allowing CREATE TABLE AS option in SQL Lab, this option forces the table to be created in this schema": [
""
],
"If Presto, all the queries in SQL Lab are going to be executed as the currently logged on user who must have permission to run them.<br/>If Hive and hive.server2.enable.doAs is enabled, will run the queries as service account, but impersonate the currently logged on user via hive.server2.proxy.user property.": [
"If Presto, Trino or Drill all the queries in SQL Lab are going to be executed as the currently logged on user who must have permission to run them.<br/>If Hive and hive.server2.enable.doAs is enabled, will run the queries as service account, but impersonate the currently logged on user via hive.server2.proxy.user property.": [
""
],
"Allow SQL Lab to fetch a list of all tables and all views across all database schemas. For large data warehouse with thousands of tables, this can be expensive and put strain on the system.": [
Expand Down Expand Up @@ -2001,8 +2001,8 @@
"Optional CA_BUNDLE contents to validate HTTPS requests. Only available on certain database engines.": [
""
],
"Impersonate Logged In User (Presto & Hive)": [""],
"If Presto, all the queries in SQL Lab are going to be executed as the currently logged on user who must have permission to run them. If Hive and hive.server2.enable.doAs is enabled, will run the queries as service account, but impersonate the currently logged on user via hive.server2.proxy.user property.": [
"Impersonate Logged In User (Presto, Trino, Drill & Hive)": [""],
"If Presto, Trino or Drill all the queries in SQL Lab are going to be executed as the currently logged on user who must have permission to run them. If Hive and hive.server2.enable.doAs is enabled, will run the queries as service account, but impersonate the currently logged on user via hive.server2.proxy.user property.": [
""
],
"Allow data upload": [""],
Expand Down
2 changes: 1 addition & 1 deletion superset/translations/de/LC_MESSAGES/messages.po
Original file line number Diff line number Diff line change
Expand Up @@ -7282,7 +7282,7 @@ msgid ""
msgstr ""

#: superset-frontend/src/views/CRUD/data/database/DatabaseModal.tsx:608
msgid "Impersonate Logged In User (Presto & Hive)"
msgid "Impersonate Logged In User (Presto, Trino, Drill & Hive)"
msgstr ""

#: superset-frontend/src/views/CRUD/data/database/DatabaseModal.tsx:610
Expand Down
6 changes: 3 additions & 3 deletions superset/translations/en/LC_MESSAGES/messages.json
Original file line number Diff line number Diff line change
Expand Up @@ -793,7 +793,7 @@
"When allowing CREATE TABLE AS option in SQL Lab, this option forces the table to be created in this schema": [
""
],
"If Presto, all the queries in SQL Lab are going to be executed as the currently logged on user who must have permission to run them.<br/>If Hive and hive.server2.enable.doAs is enabled, will run the queries as service account, but impersonate the currently logged on user via hive.server2.proxy.user property.": [
"If Presto, Trino or Drill all the queries in SQL Lab are going to be executed as the currently logged on user who must have permission to run them.<br/>If Hive and hive.server2.enable.doAs is enabled, will run the queries as service account, but impersonate the currently logged on user via hive.server2.proxy.user property.": [
""
],
"Allow SQL Lab to fetch a list of all tables and all views across all database schemas. For large data warehouse with thousands of tables, this can be expensive and put strain on the system.": [
Expand Down Expand Up @@ -1907,8 +1907,8 @@
"Optional CA_BUNDLE contents to validate HTTPS requests. Only available on certain database engines.": [
""
],
"Impersonate Logged In User (Presto & Hive)": [""],
"If Presto, all the queries in SQL Lab are going to be executed as the currently logged on user who must have permission to run them. If Hive and hive.server2.enable.doAs is enabled, will run the queries as service account, but impersonate the currently logged on user via hive.server2.proxy.user property.": [
"Impersonate Logged In User (Presto, Trino, Drill & Hive)": [""],
"If Presto, Trino or Drill all the queries in SQL Lab are going to be executed as the currently logged on user who must have permission to run them. If Hive and hive.server2.enable.doAs is enabled, will run the queries as service account, but impersonate the currently logged on user via hive.server2.proxy.user property.": [
""
],
"Allow data upload": [""],
Expand Down
2 changes: 1 addition & 1 deletion superset/translations/en/LC_MESSAGES/messages.po
Original file line number Diff line number Diff line change
Expand Up @@ -7281,7 +7281,7 @@ msgid ""
msgstr ""

#: superset-frontend/src/views/CRUD/data/database/DatabaseModal.tsx:608
msgid "Impersonate Logged In User (Presto & Hive)"
msgid "Impersonate Logged In User (Presto, Trino, Drill & Hive)"
msgstr ""

#: superset-frontend/src/views/CRUD/data/database/DatabaseModal.tsx:610
Expand Down
6 changes: 3 additions & 3 deletions superset/translations/es/LC_MESSAGES/messages.json
Original file line number Diff line number Diff line change
Expand Up @@ -936,7 +936,7 @@
"When allowing CREATE TABLE AS option in SQL Lab, this option forces the table to be created in this schema": [
"Cuando se permite la opción CREATE TABLE AS en el laboratorio SQL, esta opción hace que la tabla se cree en este esquema"
],
"If Presto, all the queries in SQL Lab are going to be executed as the currently logged on user who must have permission to run them.<br/>If Hive and hive.server2.enable.doAs is enabled, will run the queries as service account, but impersonate the currently logged on user via hive.server2.proxy.user property.": [
"If Presto, Trino or Drill all the queries in SQL Lab are going to be executed as the currently logged on user who must have permission to run them.<br/>If Hive and hive.server2.enable.doAs is enabled, will run the queries as service account, but impersonate the currently logged on user via hive.server2.proxy.user property.": [
""
],
"Allow SQL Lab to fetch a list of all tables and all views across all database schemas. For large data warehouse with thousands of tables, this can be expensive and put strain on the system.": [
Expand Down Expand Up @@ -2166,8 +2166,8 @@
"Optional CA_BUNDLE contents to validate HTTPS requests. Only available on certain database engines.": [
""
],
"Impersonate Logged In User (Presto & Hive)": [""],
"If Presto, all the queries in SQL Lab are going to be executed as the currently logged on user who must have permission to run them. If Hive and hive.server2.enable.doAs is enabled, will run the queries as service account, but impersonate the currently logged on user via hive.server2.proxy.user property.": [
"Impersonate Logged In User (Presto, Trino, Drill & Hive)": [""],
"If Presto, Trino or Drill all the queries in SQL Lab are going to be executed as the currently logged on user who must have permission to run them. If Hive and hive.server2.enable.doAs is enabled, will run the queries as service account, but impersonate the currently logged on user via hive.server2.proxy.user property.": [
""
],
"Allow data upload": [""],
Expand Down
2 changes: 1 addition & 1 deletion superset/translations/es/LC_MESSAGES/messages.po
Original file line number Diff line number Diff line change
Expand Up @@ -7369,7 +7369,7 @@ msgid ""
msgstr ""

#: superset-frontend/src/views/CRUD/data/database/DatabaseModal.tsx:608
msgid "Impersonate Logged In User (Presto & Hive)"
msgid "Impersonate Logged In User (Presto, Trino, Drill & Hive)"
msgstr ""

#: superset-frontend/src/views/CRUD/data/database/DatabaseModal.tsx:610
Expand Down
6 changes: 3 additions & 3 deletions superset/translations/fr/LC_MESSAGES/messages.json
Original file line number Diff line number Diff line change
Expand Up @@ -994,7 +994,7 @@
"When allowing CREATE TABLE AS option in SQL Lab, this option forces the table to be created in this schema": [
"Quand l'option autoriser CREATE TABLE AS dans SQL Lab est cochée, force la table a être créée dans le schéma"
],
"If Presto, all the queries in SQL Lab are going to be executed as the currently logged on user who must have permission to run them.<br/>If Hive and hive.server2.enable.doAs is enabled, will run the queries as service account, but impersonate the currently logged on user via hive.server2.proxy.user property.": [
"If Presto, Trino or Drill all the queries in SQL Lab are going to be executed as the currently logged on user who must have permission to run them.<br/>If Hive and hive.server2.enable.doAs is enabled, will run the queries as service account, but impersonate the currently logged on user via hive.server2.proxy.user property.": [
"Si Presto, toutes les requêtes dans SQL Lab sont en cours d'exécution sous le compte de l'utilisateur actuellement connecté qui doit avoir les premissions requises.<br/>Si Hive et hive.server2.enable.doAs sont activés, les requêtes seront exécutées sous le compte du service, mais impersonnifiant l'utilisateur actuellement connecté via la propriété hive.server2.proxy.user."
],
"Allow SQL Lab to fetch a list of all tables and all views across all database schemas. For large data warehouse with thousands of tables, this can be expensive and put strain on the system.": [
Expand Down Expand Up @@ -2288,10 +2288,10 @@
"Optional CA_BUNDLE contents to validate HTTPS requests. Only available on certain database engines.": [
""
],
"Impersonate Logged In User (Presto & Hive)": [
"Impersonate Logged In User (Presto, Trino, Drill & Hive)": [
"Impersonnaliser la connexion de l'utilisateur"
],
"If Presto, all the queries in SQL Lab are going to be executed as the currently logged on user who must have permission to run them. If Hive and hive.server2.enable.doAs is enabled, will run the queries as service account, but impersonate the currently logged on user via hive.server2.proxy.user property.": [
"If Presto, Trino or Drill all the queries in SQL Lab are going to be executed as the currently logged on user who must have permission to run them. If Hive and hive.server2.enable.doAs is enabled, will run the queries as service account, but impersonate the currently logged on user via hive.server2.proxy.user property.": [
"Si Presto, toutes les requêtes dans SQL Lab sont en cours d'exécution sous le compte de l'utilisateur actuellement connecté qui doit avoir les premissions requises.<br/>Si Hive et hive.server2.enable.doAs sont activés, les requêtes seront exécutées sous le compte du service, mais impersonnifiant l'utilisateur actuellement connecté via la propriété hive.server2.proxy.user."
],
"Allow data upload": [""],
Expand Down
2 changes: 1 addition & 1 deletion superset/translations/fr/LC_MESSAGES/messages.po
Original file line number Diff line number Diff line change
Expand Up @@ -7456,7 +7456,7 @@ msgid ""
msgstr ""

#: superset-frontend/src/views/CRUD/data/database/DatabaseModal.tsx:608
msgid "Impersonate Logged In User (Presto & Hive)"
msgid "Impersonate Logged In User (Presto, Trino, Drill & Hive)"
msgstr "Impersonnaliser la connexion de l'utilisateur"

#: superset-frontend/src/views/CRUD/data/database/DatabaseModal.tsx:610
Expand Down
6 changes: 3 additions & 3 deletions superset/translations/it/LC_MESSAGES/messages.json
Original file line number Diff line number Diff line change
Expand Up @@ -860,7 +860,7 @@
"When allowing CREATE TABLE AS option in SQL Lab, this option forces the table to be created in this schema": [
"Se si abilita l'opzione CREATE TABLE AS in SQL Lab, verrà forzata la creazione della tabella con questo schema"
],
"If Presto, all the queries in SQL Lab are going to be executed as the currently logged on user who must have permission to run them.<br/>If Hive and hive.server2.enable.doAs is enabled, will run the queries as service account, but impersonate the currently logged on user via hive.server2.proxy.user property.": [
"If Presto, Trino or Drill all the queries in SQL Lab are going to be executed as the currently logged on user who must have permission to run them.<br/>If Hive and hive.server2.enable.doAs is enabled, will run the queries as service account, but impersonate the currently logged on user via hive.server2.proxy.user property.": [
""
],
"Allow SQL Lab to fetch a list of all tables and all views across all database schemas. For large data warehouse with thousands of tables, this can be expensive and put strain on the system.": [
Expand Down Expand Up @@ -2038,8 +2038,8 @@
"Optional CA_BUNDLE contents to validate HTTPS requests. Only available on certain database engines.": [
""
],
"Impersonate Logged In User (Presto & Hive)": [""],
"If Presto, all the queries in SQL Lab are going to be executed as the currently logged on user who must have permission to run them. If Hive and hive.server2.enable.doAs is enabled, will run the queries as service account, but impersonate the currently logged on user via hive.server2.proxy.user property.": [
"Impersonate Logged In User (Presto, Trino, Drill & Hive)": [""],
"If Presto, Trino or Drill all the queries in SQL Lab are going to be executed as the currently logged on user who must have permission to run them. If Hive and hive.server2.enable.doAs is enabled, will run the queries as service account, but impersonate the currently logged on user via hive.server2.proxy.user property.": [
""
],
"Allow data upload": [""],
Expand Down
2 changes: 1 addition & 1 deletion superset/translations/it/LC_MESSAGES/messages.po
Original file line number Diff line number Diff line change
Expand Up @@ -7330,7 +7330,7 @@ msgid ""
msgstr ""

#: superset-frontend/src/views/CRUD/data/database/DatabaseModal.tsx:608
msgid "Impersonate Logged In User (Presto & Hive)"
msgid "Impersonate Logged In User (Presto, Trino, Drill & Hive)"
msgstr ""

#: superset-frontend/src/views/CRUD/data/database/DatabaseModal.tsx:610
Expand Down
6 changes: 3 additions & 3 deletions superset/translations/ja/LC_MESSAGES/messages.json
Original file line number Diff line number Diff line change
Expand Up @@ -1094,7 +1094,7 @@
"When allowing CREATE TABLE AS option in SQL Lab, this option forces the table to be created in this schema": [
""
],
"If Presto, all the queries in SQL Lab are going to be executed as the currently logged on user who must have permission to run them.<br/>If Hive and hive.server2.enable.doAs is enabled, will run the queries as service account, but impersonate the currently logged on user via hive.server2.proxy.user property.": [
"If Presto, Trino or Drill all the queries in SQL Lab are going to be executed as the currently logged on user who must have permission to run them.<br/>If Hive and hive.server2.enable.doAs is enabled, will run the queries as service account, but impersonate the currently logged on user via hive.server2.proxy.user property.": [
""
],
"Allow SQL Lab to fetch a list of all tables and all views across all database schemas. For large data warehouse with thousands of tables, this can be expensive and put strain on the system.": [
Expand Down Expand Up @@ -2396,8 +2396,8 @@
"Optional CA_BUNDLE contents to validate HTTPS requests. Only available on certain database engines.": [
""
],
"Impersonate Logged In User (Presto & Hive)": [""],
"If Presto, all the queries in SQL Lab are going to be executed as the currently logged on user who must have permission to run them. If Hive and hive.server2.enable.doAs is enabled, will run the queries as service account, but impersonate the currently logged on user via hive.server2.proxy.user property.": [
"Impersonate Logged In User (Presto, Trino, Drill & Hive)": [""],
"If Presto, Trino or Drill all the queries in SQL Lab are going to be executed as the currently logged on user who must have permission to run them. If Hive and hive.server2.enable.doAs is enabled, will run the queries as service account, but impersonate the currently logged on user via hive.server2.proxy.user property.": [
""
],
"Allow data upload": [""],
Expand Down
2 changes: 1 addition & 1 deletion superset/translations/ja/LC_MESSAGES/messages.po
Original file line number Diff line number Diff line change
Expand Up @@ -8008,7 +8008,7 @@ msgid ""
msgstr ""

#: superset-frontend/src/views/CRUD/data/database/DatabaseModal.tsx:570
msgid "Impersonate Logged In User (Presto & Hive)"
msgid "Impersonate Logged In User (Presto, Trino, Drill & Hive)"
msgstr ""

#: superset-frontend/src/views/CRUD/data/database/DatabaseModal.tsx:573
Expand Down
Loading