Allow requiring SSL connections for Redshift

[olivermeyer]

Describe the feature

Many enterprise customers (and their customers) require that connections to databases be encrypted with SSL, and it would be great if dbt supported this.

This issue is a blatant copy-paste of #2152 as the PR merged in that issue only addressed Postgres and not Redshift.

The change should probably be very, very similar to #2154 as the functionality is essentially the same.

Describe alternatives you've considered

Additional context

This feature is relevant for all databases but this issue is about enabling it specifically for Redshift.

Who will this benefit?

Teams that value security.

Are you interested in contributing this feature?

I can give it a try when I have a bit of time. Also happy if someone else takes this over :-)

[jtcohen6]

@olivermeyer Good news! The introduction of sslmode to the Postgres connection keys, in #2154, means you can also use this on Redshift, too. The dbt-redshift adapter plugin directly inherits its connection mechanism from dbt-postgres:

https://github.com/dbt-labs/dbt/blob/e10d1b0f8687152d78d926d9e0337383c4ecdff5/plugins/redshift/dbt/adapters/redshift/connections.py#L38-L65

You should be able to set sslmode to verify-ca/require, and have that take effect for your Redshift connection.

If there's any change needed here, it should be documenting that the Redshift profile has access to all connection parameters available to the Postgres profile, too.

In the meantime, I'm going to close this issue.

[olivermeyer]

My bad @jtcohen6, I didn't dig very deep :-) I'm really trying to enforce SSL from dbt Cloud, which I thought would be doable from the UI after fixing this issue, but apparently not. I'll move this to Slack.

[jtcohen6]

@olivermeyer Understood! I'd recommend reaching out to dbt Cloud support, and indicating that this is an option you'd like to have for Redshift connections, having confirmed that the dbt-redshift plugin already supports it.

[olivermeyer]

Will do, thanks!