From b63dc91cd187de0fd503a205800c9e092db88d8e Mon Sep 17 00:00:00 2001 From: Maxime Beauchemin Date: Tue, 6 Mar 2018 22:35:46 -0800 Subject: [PATCH] Expose hook to inject database connection logic on the fly (#4505) * Expose hook to inject database connection logic on the fly This environment configuration setting hook allows administrators to alter the database connection parameters on the fly based on user information. This can be use for a variety of purposes: * rewire a subset of users to use different database user accounts * pass user related information to the database for logging or QoS purposes * ... * Fixes --- superset/config.py | 16 ++++++++++++++++ superset/models/core.py | 3 +++ 2 files changed, 19 insertions(+) diff --git a/superset/config.py b/superset/config.py index ae81cfcb6e402..c9b8607e3e6ff 100644 --- a/superset/config.py +++ b/superset/config.py @@ -377,6 +377,22 @@ class CeleryConfig(object): # an XSS security vulnerability ENABLE_JAVASCRIPT_CONTROLS = False +# A callable that allows altering the database conneciton URL and params +# on the fly, at runtime. This allows for things like impersonation or +# arbitrary logic. For instance you can wire different users to +# use different connection parameters, or pass their email address as the +# username. The function receives the connection uri object, connection +# params, and user object, and returns the mutated uri and params objects. +# Example: +# def DB_CONNECTION_MUTATOR(uri, params, user): +# if user and user.email: +# uri.username = user.email +# return uri, params +# +# Note that the returned uri and params are passed directly to sqlalchemy's +# as such `create_engine(url, **params)` +DB_CONNECTION_MUTATOR = None + try: if CONFIG_PATH_ENV_VAR in os.environ: # Explicitly import config module that is not in pythonpath; useful diff --git a/superset/models/core.py b/superset/models/core.py index b4dbada947f4e..41d8742b65b7c 100644 --- a/superset/models/core.py +++ b/superset/models/core.py @@ -675,6 +675,9 @@ def get_sqla_engine(self, schema=None, nullpool=True, user_name=None): if configuration: params['connect_args'] = {'configuration': configuration} + DB_CONNECTION_MUTATOR = config.get('DB_CONNECTION_MUTATOR') + if DB_CONNECTION_MUTATOR: + url, params = DB_CONNECTION_MUTATOR(url, params, g.user) return create_engine(url, **params) def get_reserved_words(self):