Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • improve-alert-memory-management
  • rspack-profile
  • SEM-156-column-sorting
  • flake-jail-2
  • rebase-reality-on-download-widget-names
  • release-x.54.x
  • ss/db-routing-ui-feedback-pt-1
  • backport-54-b6e957c05b155b660fa888a2060780280bbd3c8c
  • admin-metadata-table-view
  • fix-formatter-col-field-id-or-name-support
  • customizable-template
  • randomize-db-minutes
  • fix-version-alert-api-changelog
  • quartz-job-context
  • expression-type-check
  • backport-54-67b4bf4cdb79ccea380d9121a842f6a07fd077e6
  • backport-54-b42e24382add5d8c68caae366b8897ae6cdec792
  • prevent-wrapping-from-applying-to-links
  • static-table-new-viz-setting-support
  • v0.54.0.1-beta
  • v0.54.0.x
  • v0.54.x
  • v0.53.8.4
  • v0.53.8.x
  • v0.53.x
  • v0.53.8.3
  • v0.53.8.2
  • embedding-sdk-54-stable
  • embedding-sdk-0.54.4-nightly
  • v0.53.8.1
  • latest-ee
  • latest-oss
  • v0.53.8
  • beta-ee
  • beta-oss
  • v0.54.0-beta
  • v0.53.7.6
  • v0.53.7.x
  • v0.53.7.5
40 results
Compare
user avatar
Omit database details from H2 dump when is_attached_dwh (#50036)
Dennis Schridde authored 
== Goal ==

Hide attached DWH database details from anyone incl. admins:
* Do not show them in the UI
* Do not permit to change them
* Do not serialize them
  - This is what we're adding for H2 snapshots (dumps) with this PR.

The aim is that customers cannot gain access to (parts of) credentials,
and they cannot break a feature they are paying for by changing
connection details.

== Implementation ==

In 592360c9 I wrongly understood that
database details would be omitted when dumping to H2, but this is only
true for dumping H2 databases.

Fix this by omitting database details also when dumping databases with
`is_attached_dwh` set.

== How to test ==

To prepare, download a H2 JAR matching the H2 version used by Metabase:
```
wget https://repo1.maven.org/maven2/com/h2database/h2/2.1.214/h2-2.1.214.jar
```

If the H2 version does not match, you will get an error when trying to
open the H2 shell:
```
Exception in thread "main" org.h2.jdbc.JdbcSQLNonTransientConnectionException: Unsupported database file version or invalid file header in file "[REDACTED]" [90048-232]
```

=== New behaviour ===

Setting the `is_attached_dwh` field hides the database details from H2 dumps:

1. Configure a database as described in https://www.metabase.com/docs/latest/configuring-metabase/config-file#databases.
   - In addition to the fields you would normally set, also set
     `is_attached_dwh: true`.
   - This also works when adding this flag to a database that previously
     did not have this flag set.
2. Start your Metabase instance.
3. Run `${metabase} dump-to-h2 ./dump-file-h2` to create the H2 snapshot file.
4. Run `java -cp h2-2.1.214.jar org.h2.tools.Shell -url "jdbc:h2:file:./dump-file-h2;ifexists=true"` to open a H2 shell.
5. Verify that `SELECT name,details FROM metabase_database;` shows `{}` for the database you added in step 1

=== Original behaviour ===

Behaviour without setting the `is_attached_dwh` field is unchanged:

1. Configure a database as described in https://www.metabase.com/docs/latest/configuring-metabase/config-file#databases.
   - Only set the fields you would normally set.  Do not set
     `is_attached_dwh` (or set it to `false`).
2. Start your Metabase instance.
3. Run `${metabase} dump-to-h2 ./dump-file-h2` to create the H2 snapshot file.
4. Run `java -cp h2-2.1.214.jar org.h2.tools.Shell -url "jdbc:h2:file:./dump-file-h2;ifexists=true"` to open a H2 shell.
5. Verify that `SELECT name,details FROM metabase_database;` shows a non-empty object (i.e. not `{}`) for the database you added in step 1

Fixes: 592360c9
Closes: https://github.com/metabase/harbormaster/issues/5526
13eb9ae2
History
user avatar 13eb9ae2
History
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
Name Last commit Last update
..
metabase