-
Notifications
You must be signed in to change notification settings - Fork 14.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: [alert] should run alert query from report account #17499
fix: [alert] should run alert query from report account #17499
Conversation
a411033
to
4cd7ac3
Compare
Codecov Report
@@ Coverage Diff @@
## master #17499 +/- ##
==========================================
+ Coverage 68.07% 68.13% +0.06%
==========================================
Files 1653 1653
Lines 66374 66375 +1
Branches 7121 7121
==========================================
+ Hits 45181 45224 +43
+ Misses 19296 19254 -42
Partials 1897 1897
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
ping @dpgaspar updated PR with new solution. |
e46376a
to
a057d1d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is great @graceguo-supercat. Left a comment, would be nice to add a unittest for get_df
to assert the new named parameter username override
superset/reports/commands/alert.py
Outdated
@@ -146,8 +146,13 @@ def _execute_query(self) -> pd.DataFrame: | |||
limited_rendered_sql = self._report_schedule.database.apply_limit_to_sql( | |||
rendered_sql, ALERT_SQL_LIMIT | |||
) | |||
query_username = security_manager.get_user_by_username( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
since get_df
accepts a str
and get_user_by_username
returns a User
this call is unnecessary.
99f6500
to
96b9eb4
Compare
96b9eb4
to
feeec0a
Compare
323f1b8
to
1e5523c
Compare
1e5523c
to
83b712e
Compare
@dpgaspar Thanks for code review. I fixed your comment and added an integration test. |
* fix: [alert] should run alert query from report account * add solution2: override username for get_df * add integration test
* fix: [alert] should run alert query from report account * add solution2: override username for get_df * add integration test
SUMMARY
When user setup an alert with query and condition, we found that the query was run by
root
user. It will cause permission issue, since we giveTHUMBNAIL_SELENIUM_USER
account extra data access, whileroot
does not.Note, after alert query, the screenshot was taken from
THUMBNAIL_SELENIUM_USER
config correctly.Proposed solution: set correct username for the alert query.
TESTING INSTRUCTIONS
CI