-
Notifications
You must be signed in to change notification settings - Fork 4.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change: encrypt data source options. 🔓 #2970
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
"""add_encrypted_options_to_data_sources | ||
|
||
Revision ID: 98af61feea92 | ||
Revises: 73beceabb948 | ||
Create Date: 2019-01-31 09:21:31.517265 | ||
|
||
""" | ||
from alembic import op | ||
import sqlalchemy as sa | ||
from sqlalchemy.dialects import postgresql | ||
from sqlalchemy.sql import table | ||
from sqlalchemy_utils.types.encrypted.encrypted_type import FernetEngine | ||
|
||
from redash import settings | ||
from redash.utils.configuration import ConfigurationContainer | ||
from redash.models.types import EncryptedConfiguration, Configuration, MutableDict, MutableList, PseudoJSON | ||
|
||
# revision identifiers, used by Alembic. | ||
revision = '98af61feea92' | ||
down_revision = '73beceabb948' | ||
branch_labels = None | ||
depends_on = None | ||
|
||
|
||
def upgrade(): | ||
op.add_column('data_sources', sa.Column('encrypted_options', postgresql.BYTEA(), nullable=True)) | ||
|
||
# copy values | ||
data_sources = table( | ||
'data_sources', | ||
sa.Column('id', sa.Integer, primary_key=True), | ||
sa.Column('encrypted_options', ConfigurationContainer.as_mutable(EncryptedConfiguration(sa.Text, settings.SECRET_KEY, FernetEngine))), | ||
sa.Column('options', ConfigurationContainer.as_mutable(Configuration))) | ||
|
||
conn = op.get_bind() | ||
for ds in conn.execute(data_sources.select()): | ||
conn.execute( | ||
data_sources | ||
.update() | ||
.where(data_sources.c.id == ds.id) | ||
.values(encrypted_options=ds.options)) | ||
|
||
op.drop_column('data_sources', 'options') | ||
op.alter_column('data_sources', 'encrypted_options', | ||
nullable=False) | ||
|
||
|
||
def downgrade(): | ||
pass |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -15,6 +15,7 @@ def all_settings(): | |
|
||
return settings | ||
|
||
|
||
REDIS_URL = os.environ.get('REDASH_REDIS_URL', os.environ.get('REDIS_URL', "redis://localhost:6379/0")) | ||
PROXIES_COUNT = int(os.environ.get('REDASH_PROXIES_COUNT', "1")) | ||
|
||
|
@@ -107,6 +108,7 @@ def all_settings(): | |
JOB_EXPIRY_TIME = int(os.environ.get("REDASH_JOB_EXPIRY_TIME", 3600 * 12)) | ||
COOKIE_SECRET = os.environ.get("REDASH_COOKIE_SECRET", "c292a0a3aa32397cdb050e233733900f") | ||
SESSION_COOKIE_SECURE = parse_boolean(os.environ.get("REDASH_SESSION_COOKIE_SECURE") or str(ENFORCE_HTTPS)) | ||
SECRET_KEY = os.environ.get('REDASH_SECRET_KEY', COOKIE_SECRET) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I would take the opportunity to make sure that this is a non empty value since this is a critical setting in Flask. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Good idea. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I realized that this is 1) beyond the scope of the PR; 2) I don't have the time to implement it :-(. To avoid having this PR lingering any longer, went ahead without it. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Makes sense. |
||
|
||
LOG_LEVEL = os.environ.get("REDASH_LOG_LEVEL", "INFO") | ||
LOG_STDOUT = parse_boolean(os.environ.get('REDASH_LOG_STDOUT', 'false')) | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Line too long (144 > 120 characters)