This project is mirrored from https://github.com/metabase/metabase.
Pull mirroring updated .
- Jul 28, 2023
-
-
Aleksandr Lesnenko authored
* Fix h2 setup tests * Add a fix for the deprecated db * remove h2 * skip setup * flaky * 46: fix `metabase.cmd.load-from-h2-test/load-from-h2-test` * Revert "46: fix `metabase.cmd.load-from-h2-test/load-from-h2-test`" This reverts commit cf21dbe14ed9b947b1c1297701953038c5fc1941. * prettier * Run E2E tests using Electron --------- Co-authored-by: Alexander Polyankin <alexander.polyankin@metabase.com> Co-authored-by: Cam Saul <github@camsaul.com> Co-authored-by: Nemanja <31325167+nemanjaglumac@users.noreply.github.com>
-
dpsutton authored
-
Cam Saul authored
-
dpsutton authored
-
- Jan 27, 2023
-
-
Noah Moss authored
* move recipient filtering to API-level * Update translations --------- Co-authored-by: Nemanja <31325167+nemanjaglumac@users.noreply.github.com>
-
- Oct 17, 2022
-
-
Noah Moss authored
* validate dashcard-id in addition to card-id when running a query for a dashcard * basic test * update tests with dan's suggestion * correctness fix and dashcard series tests
-
- Oct 10, 2022
- Oct 03, 2022
-
-
Alexander Polyankin authored
-
- Sep 13, 2022
-
-
Bryan Maass authored
* H2 disallow `INIT=...` option using connection string (#25369) * trim the init option in h2 connection string - it can be lower or mixed-case, so `(dissoc-by str/lower-case ...)` will lowercase the map's keys and the dissoc-keys, and dissoc them when they are equal. * refactor * users may only send non-ddl native sql to h2 (#25220) * users may only send non-ddl native sql to h2 * tests for diasllowing h2 ddl * improve error message on throw * fix linter + cleanup the-exploit example. * refix linter * handle garbage input by failing to classify it. If it h2 can't parse it, then that input cannot trigger a vulnerability. Our parser simply chews through erroneous sql, and classifies statements that it is able to parse. * When h2 is running in client-side mode, do not parse sql - SessionRemote indicates that we are currently client side * refactor so that building parser is easier * remove unused import SessionRemote * Revert "refactor so that building parser is easier" This reverts commit a41800131696de00d98e4eb7124d4d4b1b1cb33c. * check client-side conns => import SessionRemote * replace truncate function via inlining * fix drop arg order * linter fix
-
- Aug 11, 2022
-
-
Reza Lotun authored
-
- Aug 08, 2022
-
-
Reza Lotun authored
* bump apache hive 3.1.3 (#24542) * Bump jetty-server to 9.4.48.v20220622 (#24482) Co-authored-by: dpsutton <dan@dpsutton.com>
-
- Aug 03, 2022
-
-
Ngoc Khuat authored
* parse parameters and parameter_mapppings on card * add a comment Co-authored-by: Aleksandr Lesnenko <alxnddr@gmail.com>
-
metabase-bot[bot] authored
* add dummy workflow clones to make originals required * review Co-authored-by: Aleksandr Lesnenko <alxnddr@users.noreply.github.com>
-
- Jul 29, 2022
-
-
dpsutton authored
* Bump ssh to 2.9 for 43.x release * Stop testing against Java 8 in CI Co-authored-by: Cam Saul <github@camsaul.com>
-
dpsutton authored
* Ensure uploaded secrets are stable (#24325) * Ensure uploaded secrets are stable Fixes: https://github.com/metabase/metabase/issues/23034 Background: Uploaded secrets are stored as bytes in our application db since cloud doesn't have a filesystem. To make db connections we stuff them into temporary files and use those files. We also are constantly watching for db detail changes so we can recompose the connection pool. Each time you call `db->pooled-connection-spec` we check if the hash of the connection spec has changed and recompose the pool if it has. Problem: These uploaded files have temporary files and we make new temp files each time we call `db->pooled-connection-spec`. So the hashes always appear different: ```clojure connection=> (= x y) true connection=> (take 2 (clojure.data/diff (connection-details->spec :postgres (:details x)) (connection-details->spec :postgres (:details y)))) ({:sslkey #object[java.io.File 0x141b0f09 "/var/folders/1d/3ns5s1gs7xjgb09bh1yb6wpc0000gn/T/metabase-secret_1388256635324085910.tmp"], :sslrootcert #object[java.io.File 0x6f443fac "/var/folders/1d/3ns5s1gs7xjgb09bh1yb6wpc0000gn/T/metabase-secret_9248342447139746747.tmp"], :sslcert #object[java.io.File 0xbb13300 "/var/folders/1d/3ns5s1gs7xjgb09bh1yb6wpc0000gn/T/metabase-secret_17076432929457451876.tmp"]} {:sslkey #object[java.io.File 0x6fbb3b7b "/var/folders/1d/3ns5s1gs7xjgb09bh1yb6wpc0000gn/T/metabase-secret_18336254363340056265.tmp"], :sslrootcert #object[java.io.File 0x6ba4c390 "/var/folders/1d/3ns5s1gs7xjgb09bh1yb6wpc0000gn/T/metabase-secret_11775804023700307206.tmp"], :sslcert #object[java.io.File 0x320184a0 "/var/folders/1d/3ns5s1gs7xjgb09bh1yb6wpc0000gn/T/metabase-secret_10098480793225259237.tmp"]}) ``` And this is quite a problem: each time we get a db connection we are making a new file, putting the contents of the secret in it, and then considering the pool stale, recomposing it, starting our query. And if you are on a dashboard, each card will kill the pool of the previously running cards. This behavior does not happen with the local-file path because the secret is actually the filepath and we load that. So the file returned is always the same. It's only for the uploaded bits that we dump into a temp file (each time). Solution: Let's memoize the temp file created by the secret. We cannot use the secret as the key though because the secret can (always?) includes a byte array: ```clojure connection-test=> (hash {:x (.getBytes "hi")}) 1771366777 connection-test=> (hash {:x (.getBytes "hi")}) -709002180 ``` So we need to come up with a stable key. I'm using `value->string` here, falling back to `(gensym)` because `value->string` doesn't always return a value due to its cond. ```clojure (defn value->string "Returns the value of the given `secret` as a String. `secret` can be a Secret model object, or a secret-map (i.e. return value from `db-details-prop->secret-map`)." {:added "0.42.0"} ^String [{:keys [value] :as _secret}] (cond (string? value) value (bytes? value) (String. ^bytes value StandardCharsets/UTF_8))) ``` Why did this bug come up recently? [pull/21604](https://github.com/metabase/metabase/pull/21604) gives some light. That changed `(hash details)` -> `(hash (connection-details->spec driver details))` with the message > also made some tweaks so the SQL JDBC driver connection pool cache is > invalidated when the (unpooled) JDBC spec returned by > connection-details->spec changes, rather than when the details map > itself changes. This means that changes to other things outside of > connection details that affect the JDBC connection parameters, for > example the report-timezone or start-of-week Settings will now properly > result in the connection pool cache being flushed So we want to continue to hash the db spec but ensure that the spec is stable. * typehint the memoized var with ^java.io.File * Switch memoization key from String to vector of bytes Copying comment from Github: When you upload a sequence of bytes as a secret, we want to put them in a file once and only once and always reuse that temporary file. We will eventually hash the whole connection spec but I don't care about collisions there. It's only given the same sequence of bytes, you should always get back the exact same temporary file that has been created. So i'm making a function `f: Secret -> file` that given the same Secret always returns the exact same file. This was not the case before this. Each uploaded secret would return a new temporary file with the contents of the secret each time you got its value. So you would end up with 35 temporary files each with the same key in it. An easy way to get this guarantee is to memoize the function. But the secret itself isn't a good key to memoize against because it contains a byte array. If the memoization key is the byte-array itself, this will fail because arrays have reference identity: ```clojure user=> (= (.getBytes "hi") (.getBytes "hi")) false ``` So each time we load the same secret from the database we get a new byte array, ask for its temp file and get a different temp file each time. This means that memoization cannot be driven off of the byte array. But one way to gain this back quickly is just stuff those bytes into a string, because strings compare on value not identity. This is what is currently in the PR (before this change). I was banking on the assumption that Strings are just opaque sequences of bytes that will compare byte by byte, regardless of whether those bytes make sense. But you've pointed out a good point that maybe that is flirting with undefined behavior. If we use the hash of the contents of the byte array as the memoization key with (j.u.Arrays/hashCode array), then we open ourselves up the (albeit rare) case that two distinct secret values hash to the same value. This sounds really bad. Two distinct secrets (think two ssh keys) but both would map to only one file containing a single ssh key. An easy way to have the value semantics we want for the memoization is just to call (vec array) on the byte array and use this sequence of bytes as the memoization key. Clojure vectors compare by value not reference. So two secrets would return the same file if and only if the sequence of bytes are identical, in which case we would expect the files to be identical. This gives me the same guarantee that I was wanting from the String behavior I used initially without entwining this with charsets, utf8, etc. * empty commit to trigger CI
-
Jeff Bruemmer authored
* update api doc code * update api docs
-
- Jul 28, 2022
-
-
Diogo Mendes authored
Bump to 6 seconds. Worried 3 might be a bit too quick Set a timeout for `isValidTimeout` When using ssh with db connections: Our theory is that the db connection has no idea that it sits on top of an ssh connection. And if the ssh connection dies (ie, `show full processlist` and then `kill <id>` from that list in mysql) the db connection has no idea it is dead. "It" is valid but its ssh transport is dead. > It is possible to customize how c3p0's DefaultConnectionTester tests > when no preferredTestQuery or automaticTestTable are available. Please > see Configuring DefaultConnectionTester.isValidTimeout and Configuring > DefaultConnectionTester.QuerylessTestRunner. from https://www.mchange.com/projects/c3p0/#automaticTestTable > Configuring DefaultConnectionTester.isValidTimeout > Under circumstances when the JDBC 4+ isValid(...) test will be used by > c3p0's built in DefaultConnectionTester (see below), by default the test > will never time out. If you would the test to timeout and fail, set the > following key > com.mchange.v2.c3p0.impl.DefaultConnectionTester.isValidTimeout > to the desired timeout, in seconds. https://www.mchange.com/projects/c3p0/#configuring_dctivt Co-authored-by: dan sutton <dan@dpsutton.com>
-
metabase-bot[bot] authored
Co-authored-by: Jeff Bruemmer <jeff.bruemmer@gmail.com>
-
- Jul 13, 2022
-
-
github-actions[bot] authored
Repro #23689: Sandboxed group managers can't see other users in the People tab #23689 (#23710) (#23729) Co-authored-by: Nemanja Glumac <31325167+nemanjaglumac@users.noreply.github.com>
-
- Jul 12, 2022
-
-
github-actions[bot] authored
-
- Jul 08, 2022
-
-
github-actions[bot] authored
Co-authored-by: Luiz Arakaki <luiz.arakaki@metabase.com>
-
- Jul 07, 2022
-
-
github-actions[bot] authored
Co-authored-by: Aleksandr Lesnenko <alxnddr@users.noreply.github.com>
-
- Jul 04, 2022
-
-
github-actions[bot] authored
-
- Jun 30, 2022
-
-
github-actions[bot] authored
Co-authored-by: Nemanja Glumac <31325167+nemanjaglumac@users.noreply.github.com>
-
Nemanja Glumac authored
* Unskip repro for #18021 and consolidate `recently-viewed` spec (#23615) * Unskip repro for #18021 * Simplify "recently viewed" test by visiting the table directly * Do not hard code IDs * Merge repro for #18021 with the related spec * Adjust test for v43
-
github-actions[bot] authored
Co-authored-by: Nemanja Glumac <31325167+nemanjaglumac@users.noreply.github.com>
-
github-actions[bot] authored
Co-authored-by: Ariya Hidayat <ariya@metabase.com>
-
- Jun 29, 2022
-
-
github-actions[bot] authored
Co-authored-by: Nemanja Glumac <31325167+nemanjaglumac@users.noreply.github.com>
-
github-actions[bot] authored
-
github-actions[bot] authored
Co-authored-by: Nemanja Glumac <31325167+nemanjaglumac@users.noreply.github.com>
-
- Jun 27, 2022
-
-
Nemanja Glumac authored
* Remove all remaining E2E and frontend bits from CCI (#23553) * Run the remaining E2E groups using GitHub Actions * Remove Snowplow from CCI * Remove waiting for databases from CCI * Remove Cypress jobs from CCI * Remove `fe-deps` from CCI * Remove `tester` executor from CCI * Remove all frontend-related from CCI * Remove static viz bundle from CCI * Remove E2E checksum from CCI * Remove frontend checksum from CCI * Bring back `static-viz` to CircleCI (#23567) * Remove Mongo SSL certificates * Bust cache for sanity check [ci nocache]
-
Nemanja Glumac authored
-
Nemanja Glumac authored
* Repro #23421: `visualization_settings` can break UI (#23562) * Adapt `openQuestionActions` helper for the release branch
-
Nemanja Glumac authored
-
- Jun 26, 2022
-
-
Nemanja Glumac authored
* Run Percy inside E2E main workflow (#23480) * Add Percy to the main E2E workflow * Ignore unit tests * Delete Percy workflow * Do not run Percy tests on Cypress changes only * Check whether visual regression tests should run at all * Remove diff logic from Percy job on `master` (#23551) * Ignore all unit tests in E2E workflows (#23550) * [E2E] Remove filters and onboarding checks from CCI (#23517) Co-authored-by: Diogo Mendes <diogo@metabase.com>
-
dpsutton authored
* Join slack channels with slack-id Fixes https://github.com/metabase/metabase/issues/23229 We upload images to a channel and then send messages to the desired channel referencing those images from the channel we uploaded. But the slack bot must be in the channel to upload images. We handle this in `slack/upload-image!` where we watch the error message and join the channel if we recognize that is our issue. This special upload channel is set in the admin section when setting up, typed in by a human. Slack now requires us to use the internal id of the channel when joining. IE we used to use "metabase_files" but now we need to use something like "C87LQNL0Y23". But we do not have this information and we don't want humans to have to look this up. SOLUTION: change our cache. We currently just get a list of channels and users ``` ["#general" "@dan" ...] ``` Change this to ``` {:version 2, :channels [{:display-name "#random", :name "random", :id "CT2FNGZSRPL", :type "channel"} {:display-name "#general", :name "general", :id "C87LQNL0Y23", :type "channel"} {:display-name "@dan", :type "user", :name "dan", :id "UR65C4ZJVIW"} ...]} ``` Now we have slack internal ids present. When we attempt to join the slack channel, look for this id and attempt to use that. This has some knock-on effects. The UI still lists the channels in a channel picker when sending pulses. The list sent over the wire still mimics the previous shape (a flat list) and the choice is still the human readable name. In the future we should switch over to using the stable ids rather than solely channel names. Channel names can be renamed. I didn't go down this route because of the files channel. It is set at setup before we have a channel list. We could do some kind of run time migration but it is difficult because it would change the type of `slack-files-channel` from string to :json to handle the more complex type. Or perhaps we could make another setting to hold the json form and set that when we can positively identify things. In either case, these changes were not required yet to fix our slack issue. We just upgrade the information we have about slack channels, downgrade it when it hits the wire so the UI needs no changes, and use the extra information in the one spot where we need it. The cache is populated at startup and every four hours after that. So we do not need to worry about the old cache shape. If the new code is running, its the new cache. * Send #channel and @user forms over wire We store `{"channel": "#slack-pulses"}` in the pulse_channel.details column so we should keep those types of values around. We use the bare portion ("slack-pulses") rather than with the hash on it so we seem to be mixing usernames and channels. But these sets are distinct and you cannot create a channel with the same name as a user. Also, channel names are lowercase while channel-ids are uppercase so those are also non-overlapping sets. * Put slack token so slack reports as configured * Errant tap> * Alignment and docstring fixes * Remove slack-cache version information remove the `:version 2` from the cache. We are always in charge of the cache, and we compute it on startup so there's little risk of other data shapes being present.
-
github-actions[bot] authored
Co-authored-by: Jeff Bruemmer <jeff.bruemmer@gmail.com>
-
- Jun 24, 2022
-
-
github-actions[bot] authored
-
github-actions[bot] authored
* fix tooltip overflow * explicit default for preventOverflow * check ci Co-authored-by: Aleksandr Lesnenko <alxnddr@users.noreply.github.com>
-