superset icon indicating copy to clipboard operation
superset copied to clipboard
Published 1 month ago verified publisher icon apache

feat(ssh-tunnelling): Setup SSH Tunneling Commands for Database Connections

Open hughhhh opened this issue 3 years ago • 7 comments

SUMMARY

Related to #21789

Creating table to store ssh tunnel credentials. This a starter ticket for allowing using to enable ssh tunneling when trying to connect to a database.

  • [x] DAO (https://github.com/apache/superset/pull/22120)
  • [x] Commands + exceptions
    • [x] DELETE (https://github.com/apache/superset/pull/22131)
    • [x] CREATE (https://github.com/apache/superset/pull/22148)
    • [x] UPDATE (https://github.com/apache/superset/pull/22132
  • [ ] Feature Flag to enable this feature (https://github.com/apache/superset/pull/22144)

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

TESTING INSTRUCTIONS

ADDITIONAL INFORMATION

  • [ ] Has associated issue:
  • [ ] Required feature flags:
  • [ ] Changes UI
  • [ ] Includes DB Migration (follow approval process in SIP-59)
    • [ ] Migration is atomic, supports rollback & is backwards-compatible
    • [ ] Confirm DB migration upgrade and downgrade tested
    • [ ] Runtime estimates and downtime expectations provided
  • [ ] Introduces new feature or API
  • [ ] Removes existing feature or API

hughhhh avatar Oct 21 '22 16:10 hughhhh

Codecov Report

Merging #21912 (9b09fc7) into master (a7a4561) will decrease coverage by 11.00%. The diff coverage is 72.78%.

@@             Coverage Diff             @@
##           master   #21912       +/-   ##
===========================================
- Coverage   66.91%   55.91%   -11.01%     
===========================================
  Files        1851     1859        +8     
  Lines       70709    71016      +307     
  Branches     7766     7764        -2     
===========================================
- Hits        47316    39709     -7607     
- Misses      21371    29285     +7914     
  Partials     2022     2022
Flag Coverage Δ
hive 52.46% <51.77%> (+<0.01%) :arrow_up:
mysql ?
postgres ?
presto 52.36% <51.77%> (+<0.01%) :arrow_up:
python 58.15% <72.78%> (-23.12%) :arrow_down:
sqlite ?
unit 51.46% <71.89%> (+0.27%) :arrow_up:

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
superset/constants.py 100.00% <ø> (ø)
superset/databases/commands/update.py 24.13% <20.00%> (-55.87%) :arrow_down:
superset/utils/ssh_tunnel.py 30.00% <30.00%> (ø)
superset/databases/commands/create.py 60.60% <35.71%> (-26.19%) :arrow_down:
superset/models/core.py 77.27% <51.06%> (-13.35%) :arrow_down:
superset/extensions/ssh.py 65.71% <65.71%> (ø)
superset/config.py 90.93% <66.66%> (-0.56%) :arrow_down:
superset/databases/api.py 53.63% <66.66%> (-39.91%) :arrow_down:
superset/databases/commands/test_connection.py 64.10% <75.00%> (-34.57%) :arrow_down:
superset/databases/ssh_tunnel/commands/create.py 87.75% <87.75%> (ø)
... and 314 more

:mega: We’re building smart automated test selection to slash your CI/CD build times. Learn more

codecov[bot] avatar Oct 24 '22 21:10 codecov[bot]

This looks great @hughhhh. If you wanted to write a test, one scenario that would be useful to see would be the test connection where you would create instances of the db and ssh_tunnel without saving them and be able to pull information out of both of the models.

eschutho avatar Oct 25 '22 23:10 eschutho

I think it might be better to just add this model into the PR you're planning down the road that adds the SSH handling. It's a little hard to grok what's going on out of context. Also, you almost ALWAYS end up making model tweaks as you implement a new feature, which will require another migration 😬

craig-rueda avatar Oct 27 '22 19:10 craig-rueda

I think it might be better to just add this model into the PR you're planning down the road that adds the SSH handling. It's a little hard to grok what's going on out of context. Also, you almost ALWAYS end up making model tweaks as you implement a new feature, which will require another migration 😬

IMHO the best approach is to write a single PR with logic + migration (to prevent the issues you raised), but then split it in two for review. Having self-contained migrations really helps with cherry-picking, because if you need to cherry-pick a PR that has a migration you have to also cherry-pick all previous PRs with migrations.

betodealmeida avatar Oct 27 '22 20:10 betodealmeida

Not sure if this has been discussed before, but have we considered just storing the ssh credentials in the existing encrypted_extra field? It's already been used for things like Google Sheets and BigQuery connections and I can't see why SSH tunnel credentials would be any different.

You can even update mask_encrypted_extra and unmask_encrypted_extra in BaseEngineSpec if more than 1 engine type need ssh tunnels.

ktmud avatar Oct 31 '22 05:10 ktmud

/testenv up

hughhhh avatar Nov 30 '22 15:11 hughhhh

@hughhhh Ephemeral environment spinning up at http://34.220.62.117:8080. Credentials are admin/admin. Please allow several minutes for bootstrapping and startup.

github-actions[bot] avatar Nov 30 '22 15:11 github-actions[bot]

Ephemeral environment shutdown and build artifacts deleted.

github-actions[bot] avatar Jan 03 '23 22:01 github-actions[bot]