-
Notifications
You must be signed in to change notification settings - Fork 14.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add feature flags to control query sharing, KV exposure #9120
Add feature flags to control query sharing, KV exposure #9120
Conversation
@@ -45,9 +47,19 @@ class ShareSqlLabQuery extends React.Component { | |||
shortUrl: t('Loading ...'), | |||
}; | |||
this.getCopyUrl = this.getCopyUrl.bind(this); | |||
this.getCopyUrlForSavedQuery = this.getCopyUrlForSavedQuery.bind(this); | |||
this.getCopyUrlForKvStore = this.getCopyUrlForKvStore.bind(this); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
.bind(this)
is only necessary when you are going to be passing this.getCopyUrlForKvStore
around as a separate variable. If it's only called via this.getCopyUrlForKvStore()
then this
will be bound correctly and these lines are unnecessary.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll try removing them - I had to add them at one point to get things functioning.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good - very minor clarity nit
This seems like a pretty major product/functionality change as far as completely removing the concept of one-off query sharing (i'm pretty sure the kv endpoints are also used for one-off chart sharing too). What tradeoffs were considered when thinking about this feature removal? I personally make use of the query and chart sharing features all the time. cc @sylvia-tomiyama for her take too |
@etr2460 the unsecured/unvalidated/unowned |
Could you expand a bit on the insecure nature of the |
@etr2460 I'll expand directly with you in Slack. I don't wish to have a detailed security-related conversation publicly. |
The summary of the conversation was to add some documentation about how to reenable the feature if desired and update the UPDATING.md file |
@etr2460 let me know if that entry in UPDATING.md fits your needs or if there's somewhere else you'd like me to drop a note as well. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
a couple requests, looks good otherwise
@@ -497,6 +504,9 @@ def test_shortner(self): | |||
resp = self.client.post("/r/shortner/", data=dict(data=data)) | |||
assert re.search(r"\/r\/[0-9]+", resp.data.decode("utf-8")) | |||
|
|||
@skipUnless( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These should always be run in our test environment whether the flag is enabled or disabled. Can you set the feature flag to on before running them?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@etr2460 I spent an hour banging my head against it, and was unable to find an approach to modify feature flags after they were initialized without breaking the whole suite. I'm very open to recommendations.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could enabling this feature on just for the tests be a viable approach? superset_test_config.py
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In this case it would be, since the feature flag only removes functionality and doesn't add anything different. that said, I think we should be able to test both sides of the feature flag here, do you know how to do this @dpgaspar ?
Maybe mocking the feature flag checking function?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The issue in this case is that the application is booted once for the test suite and the feature flag changes the nature of the instantiation. This is a boot-time flag, not a run-time check. For this PR I'll go ahead and enable it for tests.
Codecov Report
@@ Coverage Diff @@
## master #9120 +/- ##
=========================================
Coverage ? 59.08%
=========================================
Files ? 372
Lines ? 11933
Branches ? 2921
=========================================
Hits ? 7051
Misses ? 4700
Partials ? 182
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, currently has conflicts with master
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm, thanks for the documentation!
CATEGORY
Choose one
SUMMARY
Preset would like query sharing to abide by the rules of query visibility used in the rest of the project. To accomplish this, we have updated the
Share Query
button to leverage the saved query functionality rather than theKV
model, with a feature flag should other organizations want to maintain the current functionality. We have also added a feature flag to disable the/kv
endpoints entirely. They appear to be used only for query sharing inside of the Superset project, but we do not know how these are leveraged in other systems.Note that following the link to the saved query will open the saved query in SQLLab, rather than the current behavior, which is to open a copy of the saved query in SQLLab.
BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
"Save Query" toast after the change:
With an unsaved query:
With a saved query:
TEST PLAN
ADDITIONAL INFORMATION
REVIEWERS
@robdiciuccio @etr2460 @suddjian @dpgaspar