feat: Row Level Security rules for guest tokens #17836

suddjian · 2021-12-21T00:54:42Z

SUMMARY

Note: This PR is against a feature branch, not the master branch. #17530

Note 2: this is blocked by merging #17757, and will display that PR's changes until it is merged and this is rebased.

This adds RLS rules for embed tokens (#17187). RLS rules are specified at token creation by the service account, and apply to all queries made against an analytics database by the guest user authenticated with that token.

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

before:

after with rls rule publisher = 'Nintendo':

TESTING INSTRUCTIONS

ADDITIONAL INFORMATION

Has associated issue:
Required feature flags:
Changes UI
Includes DB Migration (follow approval process in SIP-59)
- Migration is atomic, supports rollback & is backwards-compatible
- Confirm DB migration upgrade and downgrade tested
- Runtime estimates and downtime expectations provided
Introduces new feature or API
Removes existing feature or API

codecov · 2022-01-05T00:37:14Z

Codecov Report

Merging #17836 (f4734b1) into embedded (7b804f3) will decrease coverage by 0.15%.
The diff coverage is 95.65%.

❗ Current head f4734b1 differs from pull request most recent head ff3e034. Consider uploading reports for the commit ff3e034 to get more accurate results

@@             Coverage Diff              @@
##           embedded   #17836      +/-   ##
============================================
- Coverage     66.38%   66.23%   -0.16%     
============================================
  Files          1574     1574              
  Lines         61961    61994      +33     
  Branches       6253     6253              
============================================
- Hits          41135    41059      -76     
- Misses        19226    19335     +109     
  Partials       1600     1600

Flag	Coverage Δ
hive	`?`
mysql	`82.15% <95.65%> (+0.01%)`	⬆️
postgres	`82.20% <95.65%> (+0.01%)`	⬆️
presto	`?`
python	`82.29% <95.65%> (-0.35%)`	⬇️
sqlite	`81.89% <95.65%> (+0.01%)`	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
superset/security/manager.py	`92.25% <77.77%> (-0.32%)`	⬇️
superset/connectors/sqla/models.py	`86.98% <100.00%> (-1.33%)`	⬇️
superset/security/api.py	`96.49% <100.00%> (+1.03%)`	⬆️
superset/security/guest_token.py	`97.50% <100.00%> (+0.27%)`	⬆️
superset/db_engines/hive.py	`0.00% <0.00%> (-85.19%)`	⬇️
superset/db_engine_specs/hive.py	`70.27% <0.00%> (-15.45%)`	⬇️
superset/db_engine_specs/presto.py	`83.47% <0.00%> (-5.65%)`	⬇️
superset/db_engine_specs/base.py	`88.05% <0.00%> (-0.38%)`	⬇️
superset/models/core.py	`88.80% <0.00%> (-0.25%)`	⬇️
... and 1 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 7b804f3...ff3e034. Read the comment docs.

dpgaspar · 2022-01-21T16:15:25Z

tests/integration_tests/security/row_level_security_tests.py

+        session = db.session
+
+        # Create roles
+        security_manager.add_role(NAME_AB_ROLE)


nit: self.role_ab = security_manager.add_role(NAME_AB_ROLE) would avoid doing a find_role next

dpgaspar · 2022-01-21T16:17:34Z

tests/integration_tests/security/row_level_security_tests.py

+        db.session.commit()
+
+    def tearDown(self):
+        session = db.session


nit: consider making this a fixture also, the setUp and tearDown

# Conflicts: # superset/security/api.py # superset/security/guest_token.py # superset/security/manager.py # tests/integration_tests/security/row_level_security_tests.py

* feat(dashboard): embedded dashboard UI configuration (#17175) (#17450) * setup embedded provider * update ui configuration * fix test * feat: Guest token (for embedded dashboard auth) (#17517) * generate an embed token * improve existing tests * add some auth setup, and rename token * fix the stuff for compatibility with external request loaders * docs, standard jwt claims, tweaks * black * lint * tests, and safer token decoding * linting * type annotation * prettier * add feature flag * quiet pylint * apparently typing is a problem again * Make guest role name configurable * fake being a non-anonymous user * just one log entry * customizable algo * lint * lint again * 403 works now! * get guest token from header instead of cookie * Revert "403 works now!" This reverts commit df2f49a. * fix tests * Revert "Revert "403 works now!"" This reverts commit 883dff3. * rename method * correct import * feat: entry for embedded dashboard (#17529) * create entry for embedded dashboard in webpack * add cookies * lint * token message handshake * guestTokenHeaderName * use setupClient instead of calling configure * rename the webpack chunk * simplified handshake * embedded entrypoint: render a proper app * make the embedded page accept anonymous connections * format * lint * fix test # Conflicts: # superset-frontend/src/embedded/index.tsx # superset/views/core.py * lint * Update superset-frontend/src/embedded/index.tsx Co-authored-by: David Aaron Suddjian <1858430+suddjian@users.noreply.github.com> * comment out origins checks * move embedded for core to dashboard * pylint * isort Co-authored-by: David Aaron Suddjian <aasuddjian@gmail.com> Co-authored-by: David Aaron Suddjian <1858430+suddjian@users.noreply.github.com> * feat: Authorizing guest access to embedded dashboards (#17757) * helper methods and dashboard access * guest token dashboard authz * adjust csrf exempt list * eums don't work that way * Remove unnecessary import * move row level security tests to their own file * a bit of refactoring * add guest token security tests * refactor tests * clean imports * variable names can be too long apparently * missing argument to get_user_roles * don't redefine builtins * remove unused imports * fix test import * default to global user when getting roles * missing import * mock it * test get_user_roles * infer g.user for ease of tests * remove redundant check * tests for guest user security manager fns * use algo to get rid of warning messages * tweaking access checks * fix guest token security tests * missing imports * more tests * more testing and also some small refactoring * move validation out of parsing * fix dashboard access check again * add more test Co-authored-by: Lily Kuang <lily@preset.io> * feat: Row Level Security rules for guest tokens (#17836) * helper methods and dashboard access * guest token dashboard authz * adjust csrf exempt list * eums don't work that way * Remove unnecessary import * move row level security tests to their own file * a bit of refactoring * add guest token security tests * refactor tests * clean imports * variable names can be too long apparently * missing argument to get_user_roles * don't redefine builtins * remove unused imports * fix test import * default to global user when getting roles * missing import * mock it * test get_user_roles * infer g.user for ease of tests * remove redundant check * tests for guest user security manager fns * use algo to get rid of warning messages * tweaking access checks * fix guest token security tests * missing imports * more tests * more testing and also some small refactoring * move validation out of parsing * fix dashboard access check again * rls rules for guest tokens * test guest token rls rules * more flexible rls rules * lint * fix tests * fix test * defaults * fix some tests * fix some tests * lint Co-authored-by: Lily Kuang <lily@preset.io> * SupersetClient guest token test * Apply suggestions from code review Co-authored-by: Lily Kuang <lily@preset.io> Co-authored-by: Lily Kuang <lily@preset.io>

* feat(dashboard): embedded dashboard UI configuration (apache#17175) (apache#17450) * setup embedded provider * update ui configuration * fix test * feat: Guest token (for embedded dashboard auth) (apache#17517) * generate an embed token * improve existing tests * add some auth setup, and rename token * fix the stuff for compatibility with external request loaders * docs, standard jwt claims, tweaks * black * lint * tests, and safer token decoding * linting * type annotation * prettier * add feature flag * quiet pylint * apparently typing is a problem again * Make guest role name configurable * fake being a non-anonymous user * just one log entry * customizable algo * lint * lint again * 403 works now! * get guest token from header instead of cookie * Revert "403 works now!" This reverts commit df2f49a. * fix tests * Revert "Revert "403 works now!"" This reverts commit 883dff3. * rename method * correct import * feat: entry for embedded dashboard (apache#17529) * create entry for embedded dashboard in webpack * add cookies * lint * token message handshake * guestTokenHeaderName * use setupClient instead of calling configure * rename the webpack chunk * simplified handshake * embedded entrypoint: render a proper app * make the embedded page accept anonymous connections * format * lint * fix test # Conflicts: # superset-frontend/src/embedded/index.tsx # superset/views/core.py * lint * Update superset-frontend/src/embedded/index.tsx Co-authored-by: David Aaron Suddjian <1858430+suddjian@users.noreply.github.com> * comment out origins checks * move embedded for core to dashboard * pylint * isort Co-authored-by: David Aaron Suddjian <aasuddjian@gmail.com> Co-authored-by: David Aaron Suddjian <1858430+suddjian@users.noreply.github.com> * feat: Authorizing guest access to embedded dashboards (apache#17757) * helper methods and dashboard access * guest token dashboard authz * adjust csrf exempt list * eums don't work that way * Remove unnecessary import * move row level security tests to their own file * a bit of refactoring * add guest token security tests * refactor tests * clean imports * variable names can be too long apparently * missing argument to get_user_roles * don't redefine builtins * remove unused imports * fix test import * default to global user when getting roles * missing import * mock it * test get_user_roles * infer g.user for ease of tests * remove redundant check * tests for guest user security manager fns * use algo to get rid of warning messages * tweaking access checks * fix guest token security tests * missing imports * more tests * more testing and also some small refactoring * move validation out of parsing * fix dashboard access check again * add more test Co-authored-by: Lily Kuang <lily@preset.io> * feat: Row Level Security rules for guest tokens (apache#17836) * helper methods and dashboard access * guest token dashboard authz * adjust csrf exempt list * eums don't work that way * Remove unnecessary import * move row level security tests to their own file * a bit of refactoring * add guest token security tests * refactor tests * clean imports * variable names can be too long apparently * missing argument to get_user_roles * don't redefine builtins * remove unused imports * fix test import * default to global user when getting roles * missing import * mock it * test get_user_roles * infer g.user for ease of tests * remove redundant check * tests for guest user security manager fns * use algo to get rid of warning messages * tweaking access checks * fix guest token security tests * missing imports * more tests * more testing and also some small refactoring * move validation out of parsing * fix dashboard access check again * rls rules for guest tokens * test guest token rls rules * more flexible rls rules * lint * fix tests * fix test * defaults * fix some tests * fix some tests * lint Co-authored-by: Lily Kuang <lily@preset.io> * SupersetClient guest token test * Apply suggestions from code review Co-authored-by: Lily Kuang <lily@preset.io> Co-authored-by: Lily Kuang <lily@preset.io>

suddjian and others added 5 commits December 14, 2021 20:37

helper methods and dashboard access

a21a417

guest token dashboard authz

ad3572e

adjust csrf exempt list

4fd8715

eums don't work that way

7353826

Remove unnecessary import

5c0a7f5

superset-github-bot bot added the preset-io label Dec 21, 2021

pull-request-size bot added the size/L label Dec 21, 2021

suddjian added 3 commits December 21, 2021 18:45

move row level security tests to their own file

2141f2d

a bit of refactoring

bfdbad5

add guest token security tests

36a1224

suddjian added 10 commits January 5, 2022 17:53

refactor tests

7181333

clean imports

27a2ec3

variable names can be too long apparently

09aed96

missing argument to get_user_roles

c7bfa96

don't redefine builtins

aa672b9

remove unused imports

091786d

fix test import

5e23ce9

default to global user when getting roles

a62b2f5

Merge branch 'embedded' into guest-token-authz

e9d50c2

Merge branch 'embedded' into guest-token-authz

67affe4

pull-request-size bot added size/XL and removed size/L labels Jan 13, 2022

suddjian added 7 commits January 13, 2022 15:35

missing import

4d5a691

mock it

13a2038

test get_user_roles

0be28da

infer g.user for ease of tests

c5bded9

remove redundant check

ebf9400

tests for guest user security manager fns

deceb33

use algo to get rid of warning messages

128f3a0

suddjian added 2 commits January 18, 2022 15:31

more tests

128b90c

more testing and also some small refactoring

b73a81f

suddjian force-pushed the guest-token-rls branch from 378709d to 7f224e3 Compare January 20, 2022 09:41

suddjian marked this pull request as ready for review January 20, 2022 09:44

pull-request-size bot added size/XXL and removed size/XL labels Jan 20, 2022

suddjian added 5 commits January 20, 2022 13:01

move validation out of parsing

eccec4d

fix dashboard access check again

e833ef5

rls rules for guest tokens

1527c41

test guest token rls rules

07debee

more flexible rls rules

f16ae10

suddjian force-pushed the guest-token-rls branch from 85ae006 to f16ae10 Compare January 20, 2022 23:16

suddjian added 4 commits January 20, 2022 16:53

lint

bfafc13

fix tests

bf302f4

fix test

bdd842b

defaults

28b69df

dpgaspar approved these changes Jan 21, 2022

View reviewed changes

Merge remote-tracking branch 'upstream/embedded' into guest-token-rls

f1d9b7c

# Conflicts: # superset/security/api.py # superset/security/guest_token.py # superset/security/manager.py # tests/integration_tests/security/row_level_security_tests.py

pull-request-size bot added size/L and removed size/XXL labels Jan 21, 2022

Lily Kuang added 3 commits January 21, 2022 15:22

fix some tests

1c41a74

fix some tests

0853ecc

lint

ff3e034

lilykuang merged commit ea92d57 into embedded Jan 22, 2022

suddjian mentioned this pull request Jan 22, 2022

feat: embedded dashboard core #17530

Merged

9 tasks

lilykuang deleted the guest-token-rls branch August 30, 2022 16:23

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: Row Level Security rules for guest tokens #17836

feat: Row Level Security rules for guest tokens #17836

suddjian commented Dec 21, 2021 •

edited

Loading

codecov bot commented Jan 5, 2022 •

edited

Loading

dpgaspar Jan 21, 2022

dpgaspar Jan 21, 2022

feat: Row Level Security rules for guest tokens #17836

feat: Row Level Security rules for guest tokens #17836

Conversation

suddjian commented Dec 21, 2021 • edited Loading

SUMMARY

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

TESTING INSTRUCTIONS

ADDITIONAL INFORMATION

codecov bot commented Jan 5, 2022 • edited Loading

Codecov Report

dpgaspar Jan 21, 2022

Choose a reason for hiding this comment

dpgaspar Jan 21, 2022

Choose a reason for hiding this comment

suddjian commented Dec 21, 2021 •

edited

Loading

codecov bot commented Jan 5, 2022 •

edited

Loading