[I] `import_database` does not work on AWS RDS databases. Because Superset tries to add permissions to all catalogs in RDS database, rather than just one catalog [superset]

Mon, 10 Feb 2025 23:43:06 -0800 


Oskar-Bonde opened a new issue, #32214:
URL: https://github.com/apache/superset/issues/32214

   ### Bug description
   
   This issue is regarding `import_database` in 
`superset/commands/database/importers/v1/utils.py`. 
   
   When importing dashboard assets using `superset import_directory` cli 
command the `import_database` function is called. This function tries to 
connect to and add permissions to **all catalogs** in a database, rather than 
the specific catalog specified in the `sqlalchemy_uri` in `database.yaml`. 
   
   Why is this an issue? If you use an AWS RDS database there is a catalog 
called `rdsadmin`. This catalog should only be access by AWS to manage 
automatic backups. When Superset tries run 
`security_manager.add_permission_view_menu` on all schemas in `rdsadmin` it 
fails, because it doesn't have access. This also breaks the least privileges 
principle. 
   
   We solved this issue using `catalog_names.discard("rdsadmin")`, but there 
should be a proper solution on master. 
   
   My suggestion is that superset only runs `add_permissions` on the catalog 
specified in the `database.yaml`.
   
   ### Screenshots/recordings
   
   _No response_
   
   ### Superset version
   
   master / latest-dev
   
   ### Python version
   
   I don't know
   
   ### Node version
   
   Not applicable
   
   ### Browser
   
   Not applicable
   
   ### Additional context
   
   _No response_
   
   ### Checklist
   
   - [x] I have searched Superset docs and Slack and didn't find a solution to 
my problem.
   - [x] I have searched the GitHub issue tracker and didn't find a similar bug 
report.
   - [x] I have checked Superset's logs for errors and if I found a relevant 
Python stacktrace, I included it here as text in the "additional context" 
section.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to