Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[ADAP-737] [Feature] Stronger credentials validation based on auth method #558

Closed
3 tasks done
christopherscholz opened this issue Jul 29, 2023 · 1 comment
Closed
3 tasks done
Labels
enhancement New feature or request

Comments

@christopherscholz
Copy link

christopherscholz commented Jul 29, 2023

Is this your first time submitting a feature request?

  • I have read the expectations for open source contributors
  • I have searched the existing issues, and I could not find an existing issue for this feature
  • I am requesting a straightforward extension of existing dbt-redshift functionality, rather than a Big Idea better suited to a discussion

Describe the feature

Currently the password field in the credentials is defined as

password: Optional[str] = None  # type: ignore

Which is because of the way the input data is validated against the class.

In dbt-core/pull/8187 I had the same issue and solved it by overloading the classmethod validate by overloading it with with a wrapper around the original validate method.

The overloaded validate method will

  1. validate against itself as before
  2. if no error is risen then check which authentication method is chosen
  3. validate also against a extended Credentials dataclass for the specific method

This way password is still required for database authentication and at the same time is forbidden for IAM authentication.

Also instead of allowing all values for the method parameter, using a Literal we can only allow accepted values: "database", "iam"

Describe alternatives you've considered

Keep it as is.

Who will this benefit?

For all users it is more clear, which profile credentials can be used together. Also checking for a missing password method with database auth method is not required anymore.

Also the issue #332 and its pr #323 could benefit from this, as it would allow for specific credential sets for each auth method.

Are you interested in contributing this feature?

Yes, Please give me feedback on the Idea

Anything else?

No response

@christopherscholz christopherscholz added enhancement New feature or request triage labels Jul 29, 2023
@github-actions github-actions bot changed the title [Feature] Stronger credentials validation based on auth method [ADAP-737] [Feature] Stronger credentials validation based on auth method Jul 29, 2023
@christopherscholz
Copy link
Author

Actually after reviewing the connections.py and the change to redshift_connector, the different connection methods are obsolete and should rather be deleted. redshift_connector is handling this already. No need to complicate the code by this abstraction layer. I would rather pass the credentials straight to redshift_connector and let it handle the errors.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants