joaoferrao opened a new pull request, #30081: URL: https://github.com/apache/superset/pull/30081
### SUMMARY Under https://github.com/apache/superset/pull/27631 under https://github.com/apache/superset/issues/20300 It also fixes an issue not totally resolved here https://github.com/apache/superset/pull/29981, which is required for OAuth2 to work for trino. ### BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF https://github.com/user-attachments/assets/af59ff3f-a38c-4225-a51c-7347f1b42971 ### TESTING INSTRUCTIONS 1. I created a Keycloak client for trino and added this configuration in `superset_docker_config.py`: ```python DATABASE_OAUTH2_REDIRECT_URI = "http://localhost:8088/api/v1/database/oauth2/"; DATABASE_OAUTH2_CLIENTS = { 'Trino': { 'id': 'trino', 'secret': ''<some-secret>', 'scope': 'openid email offline_access roles profile', 'redirect_uri': 'http://localhost:8088/api/v1/database/oauth2/', 'authorization_request_uri': 'https://<the url of keycloak deploy>/realms/master/protocol/openid-connect/auth', 'token_request_uri': 'https://<the url of keycloak deploy>/realms/master/protocol/openid-connect/token', 'request_content_type': 'data' # keycloak doesn't accept application/json body. } } ``` 2. Database configured via UI: with following settings: ```json trino://<trino_url>:443/tpcds {"connect_args":{"http_scheme":"https"}} Impersonate: true ``` ### ADDITIONAL INFORMATION <!--- Check any relevant boxes with "x" --> <!--- HINT: Include "Fixes #nnn" if you are fixing an existing issue --> - [ ] Has associated issue: https://github.com/apache/superset/issues/20300 - [ ] Required feature flags: - [ ] Changes UI - [ ] Includes DB Migration (follow approval process in [SIP-59](https://github.com/apache/superset/issues/13351)) - [ ] Migration is atomic, supports rollback & is backwards-compatible - [ ] Confirm DB migration upgrade and downgrade tested - [ ] Runtime estimates and downtime expectations provided - [ ] Introduces new feature or API - [ ] Removes existing feature or API ### Need feedback with: We still need to trigger this OAuth2 dance in, at least, 2 contexts (I don't know much about superset, possibility there are more): - Automatic attempt to list schemas and tables - Testing Connection when adding the database: **temp**: previous OAuth2 features implemented and already merged don't include a way to trigger this flow when adding a connection via UI. For this reason, I had to hack the test_connection.py so I'm allowed to -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
