feat: add SSL certificate validation for Druid (#9396)

* feat: add SSL certificate feature * Address comments * don't mutate extras * Address comments and add polish * Add further polish
2026-04-20 00:24:38 +00:00 · 2020-03-27 19:07:07 +02:00
parent fd227888b6
commit 499f9c8fca
16 changed files with 274 additions and 19 deletions
--- a/superset/db_engine_specs/druid.py
+++ b/superset/db_engine_specs/druid.py
@@ -14,14 +14,20 @@
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
-from typing import TYPE_CHECKING
+import json
+import logging
+from typing import Any, Dict, TYPE_CHECKING

 from superset.db_engine_specs.base import BaseEngineSpec
+from superset.utils import core as utils

 if TYPE_CHECKING:
    from superset.connectors.sqla.models import (  # pylint: disable=unused-import
        TableColumn,
    )
+    from superset.models.core import Database  # pylint: disable=unused-import
+
+logger = logging.getLogger()


 class DruidEngineSpec(BaseEngineSpec):  # pylint: disable=abstract-method
@@ -47,3 +53,27 @@ class DruidEngineSpec(BaseEngineSpec):  # pylint: disable=abstract-method
    def alter_new_orm_column(cls, orm_col: "TableColumn") -> None:
        if orm_col.column_name == "__time":
            orm_col.is_dttm = True
+
+    @staticmethod
+    def get_extra_params(database: "Database") -> Dict[str, Any]:
+        """
+        For Druid, the path to a SSL certificate is placed in `connect_args`.
+
+        :param database: database instance from which to extract extras
+        :raises CertificateException: If certificate is not valid/unparseable
+        """
+        try:
+            extra = json.loads(database.extra or "{}")
+        except json.JSONDecodeError as e:
+            logger.error(e)
+            raise e
+
+        if database.server_cert:
+            engine_params = extra.get("engine_params", {})
+            connect_args = engine_params.get("connect_args", {})
+            connect_args["scheme"] = "https"
+            path = utils.create_ssl_cert_file(database.server_cert)
+            connect_args["ssl_verify_cert"] = path
+            engine_params["connect_args"] = connect_args
+            extra["engine_params"] = engine_params
+        return extra