IAM authentication method for redshift adapter

[danielchalef]

Per #757 :
A method value is now required in a profile using the redshift adapter.

• The database method supports username / password as database auth credentials.
• The iam method support IAM authentication using boto3's get_cluster_credentials. See AWS docs Using IAM Authentication to Generate Database User Credentials for required setup.

[drewbanin]

This is super cool, thanks for opening this PR @danielchalef! I dropped some comments in here, happy to discuss!

[drewbanin]

I think this should be optional, and the default should be database. It would be good to preserve backwards compatibility here

[danielchalef]

Roger that. It would be great to require a password if the method keyword is missing or the database method is selected. Similarly, for cluster_id if the iam method is used. How do I go about doing so with voluptuous?

[drewbanin]

We're in the process of ripping out voluptuous and replacing it with json schemas as a part of building out dbt's API. I think you can just leave the voluptuous code here and we'll convert it to the new style contract along with everything else

[danielchalef]

Got it.

[drewbanin]

can you slide the logic in this else branch into a different function? I think get_redshift_credentials should return a dict that looks like

{
  "dbname": "...",
  "user": "...",
  "pass": "...",
  "port": "..."
}

regardless of if the auth method is credentials or IAM

[danielchalef]

Done.

[drewbanin]

the suggestion above about get_redshift_credentials should clean up the if/else logic here I believe!

[danielchalef]

Done.

[drewbanin]

hey @danielchalef - thanks for your patience here. We changed some aspects of dbt's API since you opened this PR. Do you mind if I branch off of here and get it up-to-date with development?

[danielchalef]

@drewbanin No worries. Go for it. Thanks.

[drewbanin]

Closing this in favor of #818, which integrates development and adds an iam_duration_seconds parameter