Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Add ssl options for Cassandra data source #4665

Merged
merged 9 commits into from
Apr 3, 2020

Conversation

arihantsurana
Copy link
Contributor

@arihantsurana arihantsurana commented Feb 20, 2020

What type of PR is this? (check all applicable)

  • Feature

Description

Cassandra is regularly used in production with Encryption enabled, causing the Client to handle SSL options like protocol, and certificate. This PR adds the option to:

  • Enable/Disable SSL for the connection
  • Provide an SSL Protocol
  • Upload a certificate file

Related Tickets & Documents

https://discuss.redash.io/t/cassandra-does-not-support-ssl-with-certificates/5584

Mobile & Desktop Screenshots/Recordings (if there are UI changes)

Changes in the UI for Cassandra connection.
Before:
image

After:
image

image

@arihantsurana arihantsurana requested a review from arikfr February 20, 2020 02:39
Copy link
Member

@arikfr arikfr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! For a long time I wanted to have an example of similar usage of certs, it will be great to finally have one and start adding it to other data sources.

Please see comments.

redash/query_runner/cass.py Show resolved Hide resolved
@@ -22,6 +25,26 @@ def default(self, o):
return super(CassandraJSONEncoder, self).default(o)


def generate_cert_file(ssl_cert, host):
cert_dir = f"./tmp/cassandra_certificate/{host}"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it will be safer to use a random file name + clean up after use. Maybe use NamedTemporaryFile?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah cool, will use that.

@arihantsurana arihantsurana requested a review from arikfr March 5, 2020 04:27
@arihantsurana
Copy link
Contributor Author

hey @arikfr , did you get a chance to review the cahnges?

@arihantsurana
Copy link
Contributor Author

arihantsurana commented Apr 3, 2020

Hey @arikfr ... just wanted to drop in and see if you had any timelines for this feature to be released?

I have seen other PRs on this repo being rejected due to underlying refactor, do you think this PR might suffer the same fate?

Also, Is there some documentation around how you publish the docker images, so I can try and have an interim docker Image until the next release?

@arikfr arikfr merged commit f9e3ac7 into getredash:master Apr 3, 2020
@arikfr
Copy link
Member

arikfr commented Apr 3, 2020

Thanks, @arihantsurana ! This is now merged. When master branch builds it builds two images:

  1. redash/redash:preview this tag follows latest master.
  2. redash/preview:$VERSION.b$CIRCLE_BUILD_NUM - this is a versioned image that is specific to a build.

This is the build for master with this PR merged:
https://circleci.com/workflow-run/444e47d2-f0aa-4a67-95c5-d1ff87765bb0

@arihantsurana
Copy link
Contributor Author

Awesome this is great!!

@arihantsurana arihantsurana deleted the cassandra-ssl branch April 5, 2020 22:23
@SORC3r3r
Copy link

SORC3r3r commented Mar 8, 2021

@arihantsurana @arikfr
I am testing that beta release.
Do you have a hint how to format the certificate? 🤔
Plain .pem or .pfx?
How do I order the leaf and the chain in the certificate?

@arihantsurana
Copy link
Contributor Author

@arihantsurana @arikfr
I am testing that beta release.
Do you have a hint how to format the certificate? 🤔
Plain .pem or .pfx?
How do I order the leaf and the chain in the certificate?

IIRC I tested this with a .pem file.
The redash backend code uses the DataStax python driver for Cassandra, so you should be able to upload any Cert that fits the spec on that library. https://docs.datastax.com/en/developer/python-driver/3.20/security/#ssl

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants