Connection impersonation (#30714)
* initial prototype w/out statement count parameter * new approach * default-database-role driver method * migration for connection_impersonations table * conn impersonation model, API and tests * impersonation fetch and deletion endpoints * switch test to t2 with-temp * read conn impersonation settings from DB * fix merge issue * add impersonated key to data perms graph and treat it the same as full self-service access * include impersonated key in returned permissions graph * make sure impersonated graph passes StrictDataPerms validation * fix boolean logic * make sure impersonated keyword doesnt cause error when deleting gtaps * clear impersonations as necessary when perms graphs changes * add impersonation support for postgres * fix typo * make sure impersonation updates are a non-lazy seq * add impersonated-user? fn * fix impersonation api tests * fix snippet tests * fix build & exclude connection impersonations from serialization * switch a test to use t2.with-temp * add with-impersonations helper and util tests * move macro and add a connection impersonation driver-level test for postgres * fix rebase issue * more tests and code reorganization * add snowflake test * clarify comment * fix lint errors * fix final kondo error * reorganization * fix one test * fix lint errors * revert change to sql_jdbc.execute from bad merge * make sure perms for all users gets reset after conn impersonation tests * ignore exceptions when restoring perms * fix postgres test * refactor to address bryan's comment * add note about new methods to database changelog * driver method refactor
Showing
- docs/developers-guide/driver-changelog.md 5 additions, 0 deletionsdocs/developers-guide/driver-changelog.md
- enterprise/backend/src/metabase_enterprise/advanced_permissions/api/impersonation.clj 28 additions, 0 deletions...ase_enterprise/advanced_permissions/api/impersonation.clj
- enterprise/backend/src/metabase_enterprise/advanced_permissions/api/routes.clj 6 additions, 2 deletions...c/metabase_enterprise/advanced_permissions/api/routes.clj
- enterprise/backend/src/metabase_enterprise/advanced_permissions/api/util.clj 25 additions, 0 deletions...src/metabase_enterprise/advanced_permissions/api/util.clj
- enterprise/backend/src/metabase_enterprise/advanced_permissions/driver/impersonation.clj 54 additions, 0 deletions..._enterprise/advanced_permissions/driver/impersonation.clj
- enterprise/backend/src/metabase_enterprise/advanced_permissions/models/connection_impersonation.clj 72 additions, 0 deletions.../advanced_permissions/models/connection_impersonation.clj
- enterprise/backend/src/metabase_enterprise/enhancements/models/native_query_snippet/permissions.clj 7 additions, 6 deletions.../enhancements/models/native_query_snippet/permissions.clj
- enterprise/backend/src/metabase_enterprise/sandbox/api/util.clj 1 addition, 1 deletion...rise/backend/src/metabase_enterprise/sandbox/api/util.clj
- enterprise/backend/src/metabase_enterprise/sandbox/models/permissions/delete_sandboxes.clj 1 addition, 1 deletion...nterprise/sandbox/models/permissions/delete_sandboxes.clj
- enterprise/backend/test/metabase_enterprise/advanced_permissions/api/impersonation_test.clj 97 additions, 0 deletions...nterprise/advanced_permissions/api/impersonation_test.clj
- enterprise/backend/test/metabase_enterprise/advanced_permissions/api/util_test.clj 86 additions, 0 deletions...etabase_enterprise/advanced_permissions/api/util_test.clj
- enterprise/backend/test/metabase_enterprise/advanced_permissions/driver/impersonation_test.clj 94 additions, 0 deletions...rprise/advanced_permissions/driver/impersonation_test.clj
- enterprise/backend/test/metabase_enterprise/models/entity_id_test.clj 2 additions, 1 deletion...ackend/test/metabase_enterprise/models/entity_id_test.clj
- enterprise/backend/test/metabase_enterprise/sandbox/api/gtap_test.clj 1 addition, 1 deletion...ackend/test/metabase_enterprise/sandbox/api/gtap_test.clj
- enterprise/backend/test/metabase_enterprise/sandbox/api/util_test.clj 1 addition, 1 deletion...ackend/test/metabase_enterprise/sandbox/api/util_test.clj
- enterprise/backend/test/metabase_enterprise/sandbox/pulse_test.clj 4 additions, 4 deletions...e/backend/test/metabase_enterprise/sandbox/pulse_test.clj
- modules/drivers/snowflake/src/metabase/driver/snowflake.clj 20 additions, 4 deletionsmodules/drivers/snowflake/src/metabase/driver/snowflake.clj
- resources/migrations/000_migrations.yaml 41 additions, 0 deletionsresources/migrations/000_migrations.yaml
- src/metabase/api/permission_graph.clj 2 additions, 2 deletionssrc/metabase/api/permission_graph.clj
- src/metabase/api/permissions.clj 18 additions, 5 deletionssrc/metabase/api/permissions.clj
Loading
Please register or sign in to comment