Moving the custom_password_store out of Database class (#4182)

2026-04-20 00:24:38 +00:00 · 2018-01-09 16:14:20 -05:00
parent 22bdd9e324
commit 23c98294bd
2 changed files with 8 additions and 5 deletions
--- a/superset/models/core.py
+++ b/superset/models/core.py
@@ -41,6 +41,7 @@ install_aliases()
 from urllib import parse  # noqa

 config = app.config
+custom_password_store = config.get('SQLALCHEMY_CUSTOM_PASSWORD_STORE')
 stats_logger = config.get('STATS_LOGGER')
 metadata = Model.metadata  # pylint: disable=no-member

@@ -567,7 +568,7 @@ class Database(Model, AuditMixinNullable, ImportMixin):
    }
    """))
    perm = Column(String(1000))
-    custom_password_store = config.get('SQLALCHEMY_CUSTOM_PASSWORD_STORE')
+
    impersonate_user = Column(Boolean, default=False)
    export_fields = ('database_name', 'sqlalchemy_uri', 'cache_timeout',
                     'expose_in_sqllab', 'allow_run_sync', 'allow_run_async',
@@ -611,7 +612,7 @@ class Database(Model, AuditMixinNullable, ImportMixin):

    def set_sqlalchemy_uri(self, uri):
        conn = sqla.engine.url.make_url(uri.strip())
-        if conn.password != PASSWORD_MASK and not self.custom_password_store:
+        if conn.password != PASSWORD_MASK and not custom_password_store:
            # do not over-write the password with the password mask
            self.password = conn.password
        conn.password = PASSWORD_MASK if conn.password else None
@@ -803,8 +804,8 @@ class Database(Model, AuditMixinNullable, ImportMixin):
    @property
    def sqlalchemy_uri_decrypted(self):
        conn = sqla.engine.url.make_url(self.sqlalchemy_uri)
-        if self.custom_password_store:
-            conn.password = self.custom_password_store(conn)
+        if custom_password_store:
+            conn.password = custom_password_store(conn)
        else:
            conn.password = self.password
        return str(conn)
--- a/tests/core_tests.py
+++ b/tests/core_tests.py
@@ -315,11 +315,13 @@ class CoreTests(SupersetTestCase):
        def custom_password_store(uri):
            return 'password_store_test'

-        database.custom_password_store = custom_password_store
+        models.custom_password_store = custom_password_store
        conn = sqla.engine.url.make_url(database.sqlalchemy_uri_decrypted)
        if conn_pre.password:
            assert conn.password == 'password_store_test'
            assert conn.password != conn_pre.password
+        # Disable for password store for later tests
+        models.custom_password_store = None

    def test_databaseview_edit(self, username='admin'):
        # validate that sending a password-masked uri does not over-write the decrypted