superset/commands/database/create.py - superset - Git at Google

 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 import logging
 from typing import Any, Optional

 from flask import current_app
 from flask_appbuilder.models.sqla import Model
 from marshmallow import ValidationError

 from superset import is_feature_enabled
 from superset.commands.base import BaseCommand
 from superset.commands.database.exceptions import (
     DatabaseConnectionFailedError,
     DatabaseCreateFailedError,
     DatabaseExistsValidationError,
     DatabaseInvalidError,
     DatabaseRequiredFieldValidationError,
 )
 from superset.commands.database.ssh_tunnel.create import CreateSSHTunnelCommand
 from superset.commands.database.ssh_tunnel.exceptions import (
     SSHTunnelCreateFailedError,
     SSHTunnelDatabasePortError,
     SSHTunnelingNotEnabledError,
     SSHTunnelInvalidError,
 )
 from superset.commands.database.test_connection import TestConnectionDatabaseCommand
 from superset.daos.database import DatabaseDAO
 from superset.daos.exceptions import DAOCreateFailedError
 from superset.databases.ssh_tunnel.models import SSHTunnel
 from superset.exceptions import SupersetErrorsException
 from superset.extensions import db, event_logger, security_manager
 from superset.models.core import Database

 logger = logging.getLogger(__name__)
 stats_logger = current_app.config["STATS_LOGGER"]


 class CreateDatabaseCommand(BaseCommand):
     def __init__(self, data: dict[str, Any]):
         self._properties = data.copy()

     def run(self) -> Model:
         self.validate()

         try:
             # Test connection before starting create transaction
             TestConnectionDatabaseCommand(self._properties).run()
         except (
             SupersetErrorsException,
             SSHTunnelingNotEnabledError,
             SSHTunnelDatabasePortError,
         ) as ex:
             event_logger.log_with_context(
                 action=f"db_creation_failed.{ex.__class__.__name__}",
                 engine=self._properties.get("sqlalchemy_uri", "").split(":")[0],
             )
             # So we can show the original message
             raise
         except Exception as ex:
             event_logger.log_with_context(
                 action=f"db_creation_failed.{ex.__class__.__name__}",
                 engine=self._properties.get("sqlalchemy_uri", "").split(":")[0],
             )
             raise DatabaseConnectionFailedError() from ex

         # when creating a new database we don't need to unmask encrypted extra
         self._properties["encrypted_extra"] = self._properties.pop(
             "masked_encrypted_extra",
             "{}",
         )

         ssh_tunnel: Optional[SSHTunnel] = None

         try:
             database = self._create_database()

             if ssh_tunnel_properties := self._properties.get("ssh_tunnel"):
                 if not is_feature_enabled("SSH_TUNNELING"):
                     raise SSHTunnelingNotEnabledError()

                 ssh_tunnel = CreateSSHTunnelCommand(
                     database, ssh_tunnel_properties
                 ).run()

             db.session.commit()

             # add catalog/schema permissions
             if database.db_engine_spec.supports_catalog:
                 catalogs = database.get_all_catalog_names(
                     cache=False,
                     ssh_tunnel=ssh_tunnel,
                 )
                 for catalog in catalogs:
                     security_manager.add_permission_view_menu(
                         "catalog_access",
                         security_manager.get_catalog_perm(
                             database.database_name, catalog
                         ),
                     )
             else:
                 # add a dummy catalog for DBs that don't support them
                 catalogs = [None]

             for catalog in catalogs:
                 try:
                     self.add_schema_permissions(database, catalog, ssh_tunnel)
                 except Exception:  # pylint: disable=broad-except
                     logger.warning("Error processing catalog '%s'", catalog)
                     continue

         except (
             SSHTunnelInvalidError,
             SSHTunnelCreateFailedError,
             SSHTunnelingNotEnabledError,
             SSHTunnelDatabasePortError,
         ) as ex:
             db.session.rollback()
             event_logger.log_with_context(
                 action=f"db_creation_failed.{ex.__class__.__name__}.ssh_tunnel",
                 engine=self._properties.get("sqlalchemy_uri", "").split(":")[0],
             )
             # So we can show the original message
             raise
         except (
             DAOCreateFailedError,
             DatabaseInvalidError,
             Exception,
         ) as ex:
             db.session.rollback()
             event_logger.log_with_context(
                 action=f"db_creation_failed.{ex.__class__.__name__}",
                 engine=database.db_engine_spec.__name__,
             )
             raise DatabaseCreateFailedError() from ex

         if ssh_tunnel:
             stats_logger.incr("db_creation_success.ssh_tunnel")

         return database

     def add_schema_permissions(
         self,
         database: Database,
         catalog: str,
         ssh_tunnel: Optional[SSHTunnel],
     ) -> None:
         for schema in database.get_all_schema_names(
             catalog=catalog,
             cache=False,
             ssh_tunnel=ssh_tunnel,
         ):
             security_manager.add_permission_view_menu(
                 "schema_access",
                 security_manager.get_schema_perm(
                     database.database_name,
                     catalog,
                     schema,
                 ),
             )

     def validate(self) -> None:
         exceptions: list[ValidationError] = []
         sqlalchemy_uri: Optional[str] = self._properties.get("sqlalchemy_uri")
         database_name: Optional[str] = self._properties.get("database_name")
         if not sqlalchemy_uri:
             exceptions.append(DatabaseRequiredFieldValidationError("sqlalchemy_uri"))
         if not database_name:
             exceptions.append(DatabaseRequiredFieldValidationError("database_name"))
         else:
             # Check database_name uniqueness
             if not DatabaseDAO.validate_uniqueness(database_name):
                 exceptions.append(DatabaseExistsValidationError())

         if exceptions:
             exception = DatabaseInvalidError()
             exception.extend(exceptions)
             event_logger.log_with_context(
                 # pylint: disable=consider-using-f-string
                 action="db_connection_failed.{}.{}".format(
                     exception.__class__.__name__,
                     ".".join(exception.get_list_classnames()),
                 )
             )
             raise exception

     def _create_database(self) -> Database:
         database = DatabaseDAO.create(attributes=self._properties, commit=False)
         database.set_sqlalchemy_uri(database.sqlalchemy_uri)
         return database
	# Licensed to the Apache Software Foundation (ASF) under one
	# or more contributor license agreements. See the NOTICE file
	# distributed with this work for additional information
	# regarding copyright ownership. The ASF licenses this file
	# to you under the Apache License, Version 2.0 (the
	# "License"); you may not use this file except in compliance
	# with the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing,
	# software distributed under the License is distributed on an
	# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	# KIND, either express or implied. See the License for the
	# specific language governing permissions and limitations
	# under the License.
	import logging
	from typing import Any, Optional

	from flask import current_app
	from flask_appbuilder.models.sqla import Model
	from marshmallow import ValidationError

	from superset import is_feature_enabled
	from superset.commands.base import BaseCommand
	from superset.commands.database.exceptions import (
	DatabaseConnectionFailedError,
	DatabaseCreateFailedError,
	DatabaseExistsValidationError,
	DatabaseInvalidError,
	DatabaseRequiredFieldValidationError,
	)
	from superset.commands.database.ssh_tunnel.create import CreateSSHTunnelCommand
	from superset.commands.database.ssh_tunnel.exceptions import (
	SSHTunnelCreateFailedError,
	SSHTunnelDatabasePortError,
	SSHTunnelingNotEnabledError,
	SSHTunnelInvalidError,
	)
	from superset.commands.database.test_connection import TestConnectionDatabaseCommand
	from superset.daos.database import DatabaseDAO
	from superset.daos.exceptions import DAOCreateFailedError
	from superset.databases.ssh_tunnel.models import SSHTunnel
	from superset.exceptions import SupersetErrorsException
	from superset.extensions import db, event_logger, security_manager
	from superset.models.core import Database

	logger = logging.getLogger(__name__)
	stats_logger = current_app.config["STATS_LOGGER"]


	class CreateDatabaseCommand(BaseCommand):
	def __init__(self, data: dict[str, Any]):
	self._properties = data.copy()

	def run(self) -> Model:
	self.validate()

	try:
	# Test connection before starting create transaction
	TestConnectionDatabaseCommand(self._properties).run()
	except (
	SupersetErrorsException,
	SSHTunnelingNotEnabledError,
	SSHTunnelDatabasePortError,
	) as ex:
	event_logger.log_with_context(
	action=f"db_creation_failed.{ex.__class__.__name__}",
	engine=self._properties.get("sqlalchemy_uri", "").split(":")[0],
	)
	# So we can show the original message
	raise
	except Exception as ex:
	event_logger.log_with_context(
	action=f"db_creation_failed.{ex.__class__.__name__}",
	engine=self._properties.get("sqlalchemy_uri", "").split(":")[0],
	)
	raise DatabaseConnectionFailedError() from ex

	# when creating a new database we don't need to unmask encrypted extra
	self._properties["encrypted_extra"] = self._properties.pop(
	"masked_encrypted_extra",
	"{}",
	)

	ssh_tunnel: Optional[SSHTunnel] = None

	try:
	database = self._create_database()

	if ssh_tunnel_properties := self._properties.get("ssh_tunnel"):
	if not is_feature_enabled("SSH_TUNNELING"):
	raise SSHTunnelingNotEnabledError()

	ssh_tunnel = CreateSSHTunnelCommand(
	database, ssh_tunnel_properties
	).run()

	db.session.commit()

	# add catalog/schema permissions
	if database.db_engine_spec.supports_catalog:
	catalogs = database.get_all_catalog_names(
	cache=False,
	ssh_tunnel=ssh_tunnel,
	)
	for catalog in catalogs:
	security_manager.add_permission_view_menu(
	"catalog_access",
	security_manager.get_catalog_perm(
	database.database_name, catalog
	),
	)
	else:
	# add a dummy catalog for DBs that don't support them
	catalogs = [None]

	for catalog in catalogs:
	try:
	self.add_schema_permissions(database, catalog, ssh_tunnel)
	except Exception: # pylint: disable=broad-except
	logger.warning("Error processing catalog '%s'", catalog)
	continue

	except (
	SSHTunnelInvalidError,
	SSHTunnelCreateFailedError,
	SSHTunnelingNotEnabledError,
	SSHTunnelDatabasePortError,
	) as ex:
	db.session.rollback()
	event_logger.log_with_context(
	action=f"db_creation_failed.{ex.__class__.__name__}.ssh_tunnel",
	engine=self._properties.get("sqlalchemy_uri", "").split(":")[0],
	)
	# So we can show the original message
	raise
	except (
	DAOCreateFailedError,
	DatabaseInvalidError,
	Exception,
	) as ex:
	db.session.rollback()
	event_logger.log_with_context(
	action=f"db_creation_failed.{ex.__class__.__name__}",
	engine=database.db_engine_spec.__name__,
	)
	raise DatabaseCreateFailedError() from ex

	if ssh_tunnel:
	stats_logger.incr("db_creation_success.ssh_tunnel")

	return database

	def add_schema_permissions(
	self,
	database: Database,
	catalog: str,
	ssh_tunnel: Optional[SSHTunnel],
	) -> None:
	for schema in database.get_all_schema_names(
	catalog=catalog,
	cache=False,
	ssh_tunnel=ssh_tunnel,
	):
	security_manager.add_permission_view_menu(
	"schema_access",
	security_manager.get_schema_perm(
	database.database_name,
	catalog,
	schema,
	),
	)

	def validate(self) -> None:
	exceptions: list[ValidationError] = []
	sqlalchemy_uri: Optional[str] = self._properties.get("sqlalchemy_uri")
	database_name: Optional[str] = self._properties.get("database_name")
	if not sqlalchemy_uri:
	exceptions.append(DatabaseRequiredFieldValidationError("sqlalchemy_uri"))
	if not database_name:
	exceptions.append(DatabaseRequiredFieldValidationError("database_name"))
	else:
	# Check database_name uniqueness
	if not DatabaseDAO.validate_uniqueness(database_name):
	exceptions.append(DatabaseExistsValidationError())

	if exceptions:
	exception = DatabaseInvalidError()
	exception.extend(exceptions)
	event_logger.log_with_context(
	# pylint: disable=consider-using-f-string
	action="db_connection_failed.{}.{}".format(
	exception.__class__.__name__,
	".".join(exception.get_list_classnames()),
	)
	)
	raise exception

	def _create_database(self) -> Database:
	database = DatabaseDAO.create(attributes=self._properties, commit=False)
	database.set_sqlalchemy_uri(database.sqlalchemy_uri)
	return database