You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have searched the existing issues, and I could not find an existing issue for this feature
I am requesting a straightforward extension of existing dbt-redshift functionality, rather than a Big Idea better suited to a discussion
Describe the feature
Currently the password field in the credentials is defined as
password: Optional[str] =None# type: ignore
Which is because of the way the input data is validated against the class.
In dbt-core/pull/8187 I had the same issue and solved it by overloading the classmethod validate by overloading it with with a wrapper around the original validate method.
The overloaded validate method will
validate against itself as before
if no error is risen then check which authentication method is chosen
validate also against a extended Credentials dataclass for the specific method
This way password is still required for database authentication and at the same time is forbidden for IAM authentication.
Also instead of allowing all values for the method parameter, using a Literal we can only allow accepted values: "database", "iam"
Describe alternatives you've considered
Keep it as is.
Who will this benefit?
For all users it is more clear, which profile credentials can be used together. Also checking for a missing password method with database auth method is not required anymore.
Also the issue #332 and its pr #323 could benefit from this, as it would allow for specific credential sets for each auth method.
Are you interested in contributing this feature?
Yes, Please give me feedback on the Idea
Anything else?
No response
The text was updated successfully, but these errors were encountered:
github-actionsbot
changed the title
[Feature] Stronger credentials validation based on auth method
[ADAP-737] [Feature] Stronger credentials validation based on auth method
Jul 29, 2023
Actually after reviewing the connections.py and the change to redshift_connector, the different connection methods are obsolete and should rather be deleted. redshift_connector is handling this already. No need to complicate the code by this abstraction layer. I would rather pass the credentials straight to redshift_connector and let it handle the errors.
Is this your first time submitting a feature request?
Describe the feature
Currently the password field in the credentials is defined as
Which is because of the way the input data is validated against the class.
In dbt-core/pull/8187 I had the same issue and solved it by overloading the classmethod
validate
by overloading it with with a wrapper around the originalvalidate
method.The overloaded validate method will
Credentials
dataclass for the specific methodThis way password is still required for database authentication and at the same time is forbidden for IAM authentication.
Also instead of allowing all values for the method parameter, using a
Literal
we can only allow accepted values:"database"
,"iam"
Describe alternatives you've considered
Keep it as is.
Who will this benefit?
For all users it is more clear, which profile credentials can be used together. Also checking for a missing password method with database auth method is not required anymore.
Also the issue #332 and its pr #323 could benefit from this, as it would allow for specific credential sets for each auth method.
Are you interested in contributing this feature?
Yes, Please give me feedback on the Idea
Anything else?
No response
The text was updated successfully, but these errors were encountered: