Open rsaw4 opened 3 years ago
this solves it:
(patched on v336) --> presto-main\src\main\java\io\prestosql\server\HttpRequestSessionContext.java
private static Map<String, String> parseProperty(MultivaluedMap<String, String> headers, String headerName)
{
Map<String, String> properties = new HashMap<>();
for (String header : splitHttpHeader(headers, headerName)) {
List<String> nameValue = Splitter.on('=').trimResults().splitToList(header);
assertRequest(nameValue.size() == 2, "Invalid %s header", headerName);
try {
properties.put(nameValue.get(0), urlDecode(nameValue.get(1)));
}
catch (IllegalArgumentException e) {
throw badRequest(format("Invalid %s header: %s", headerName, e));
}
}
try {
if (headerName.equals(PRESTO_EXTRA_CREDENTIAL)) {
List<String> tempAuth = headers.get("Authorization");
if (tempAuth != null) {
String origHeader = String.valueOf(tempAuth);
String header = origHeader.substring(1,origHeader.length()-1);
int space = header.indexOf(' ');
String credentials = decodeCredentials(header.substring(space + 1).trim());
List<String> parts = Splitter.on(':').limit(2).splitToList(credentials);
String user = parts.get(0);
String password = parts.get(1);
if (password != null && user != null) {
properties.put("user", user);
properties.put("password", password);
}
}
}
} catch (Exception e) {
}
return properties;
}
private static String decodeCredentials(String credentials)
{
try {
return new String(Base64.getDecoder().decode(credentials), ISO_8859_1);
}
catch (IllegalArgumentException e) {
}
return null;
}
echo " connector.name=sqlserver connection-url=jdbc:sqlserver://somehost;databaseName=somedb;authenticationScheme=JavaKerberos;domain=NTADMIN;integratedSecurity=true;jaasConfigurationName=SQLJDBCDriver case-insensitive-name-matching=true user-credential-name=user password-credential-name=password unsupported-type-handling=IGNORE " > etc/catalog/coreuat.properties echo '-Djava.security.auth.login.config=/a/path/conf.jaas' >> etc/jvm.config echo 'SQLJDBCDriver { com.sun.security.auth.module.Krb5LoginModule required useTicketCache=false doNotPrompt=false; };' > /a/path/conf.jaas
hi @tooptoop4
I am able to pass in the user+pass from python (superset).
do you have an example of how I can do this in python?? (doesn't support extraCredentials).
here is my mutator function today in superset.... Think it is SOO close to being able push in the user/password if I can just supply it via the client.
def DB_CONNECTION_MUTATOR(uri, params, user_name, security_manager, source):
log_str(uri.__dict__)
if uri.drivername.lower() == "trino" and user_name is not None: # user_name is only set when user impersonation setting of the DB is ste to On
current_user = security_manager.find_user(username=user_name)
f = open("/usr/local/"+current_user+".txt",'r')
current_token = f.read()
f.close()
print(current_user)
print(current_token)
print(uri.drivername.lower())
#log_str(current_user)
print(uri.host)
#MAYBE, I can set the header here?? so that user/pass can make it through to trino/sql connection??
did u try:
X-Presto-Extra-Credential': 'password=password,user=awesome' or X-Trino-Extra-Credential': 'password=password,user=awesome'
but does your example get the password?
hi @tooptoop4 , i'm not setting any headers... but the ldap connection from the client is supplying the logged in user/pass (over riding the superset user and pass hardcoded in the connections).
Am looking for trino to use that (connection credentials)
instead of the connect-user in the .properties file
would love to set the .properties file to connection-user=PASSTHROUGH, connection-password=PASSTHROUGH.
And have the user's connecting to Trino use their credentials and have them pass through to the connection to fill in those PASSTHROUGH values
@tooptoop4 Setting the args in the DB_connection_mutator via: params['X-Trino-Extra-Credential'] = '{password=' + current_token + ',user=' + user_name+'}'
Unfortunately... looks like its an unsupported parameter from superset trino/pyalchemy.
ERROR: Invalid argument(s) 'X-Trino-Extra-Credential' sent to create_engine(), using configuration TrinoDialect/NullPool/Engine. Please check that the keyword arguments are appropriate for this combination of components.
Presto connecting to a SQLServer catalog (with end user creds) works when extraCredentials of user:password is passed in, but not all clients support extraCredentials. Would be great to have a catalog level property set in the properties file to do this ie passthroughAuth=true
Below is error without extraCredentials being passed: