Skip to content

Commit

Permalink
Merge pull request #32 from starburstdata/hovaesco/jwt
Browse files Browse the repository at this point in the history 
Add support for JWT authentication
  • Loading branch information
@hovaesco
hovaesco authored Jan 18, 2022
2 parents 3b0425c + 1df6a60 commit a28f666
Show file tree
Hide file tree
Showing 4 changed files with 40 additions and 16 deletions.
4 changes: 2 additions & 2 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,13 @@ dbt-trino-tests:
./docker/dbt/build.sh
./docker/init_trino.bash
pip install -r dev_requirements.txt
tox
tox || ./docker/remove_trino.bash
./docker/remove_trino.bash

dbt-starburst-tests:
docker network create dbt-net || true
./docker/dbt/build.sh
./docker/init_starburst.bash
pip install -r dev_requirements.txt
tox
tox || ./docker/remove_starburst.bash
./docker/remove_starburst.bash
38 changes: 24 additions & 14 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,20 +39,21 @@ $ pip install dbt-trino

A dbt profile can be configured to run against Trino using the following configuration:

| Option | Description | Required? | Example |
| ------------------ | ------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------- | -------------------------------- |
| method | The Trino authentication method to use | Optional (default is `none`) | `none` or `kerberos` |
| user | Username for authentication | Required | `commander` |
| password | Password for authentication | Optional (required if `method` is `ldap` or `kerberos`) | `none` or `abc123` |
| http_headers | HTTP Headers to send alongside requests to Trino, specified as a yaml dictionary of (header, value) pairs. | Optional | `X-Trino-Client-Info: dbt-trino` |
| http_scheme | The HTTP scheme to use for requests to Trino | Optional (default is `http`, or `https` for `method: kerberos` and `method: ldap`) | `https` or `http` |
| cert | The full path to a certificate file for authentication with trino | Optional | |
| session_properties | Sets Trino session properties used in the connection | Optional | `query_max_run_time: 5d` |
| database | Specify the database to build models into | Required | `analytics` |
| schema | Specify the schema to build models into. Note: it is not recommended to use upper or mixed case schema names | Required | `public` |
| host | The hostname to connect to | Required | `127.0.0.1` |
| port | The port to connect to the host on | Required | `8080` |
| threads | How many threads dbt should use | Optional (default is `1`) | `8` |
| Option | Description | Required? | Example |
|-------------------|---------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------|----------------------------------|
| method | The Trino authentication method to use | Optional (default is `none`, supported methods are `ldap`, `kerberos` or `jwt`) | `none` or `kerberos` |
| user | Username for authentication | Required | `commander` |
| password | Password for authentication | Optional (required if `method` is `ldap` or `kerberos`) | `none` or `abc123` |
| jwt_token | JWT token for authentication | Optional (required if `method` is `jwt`) | `none` or `abc123` |
| http_headers | HTTP Headers to send alongside requests to Trino, specified as a yaml dictionary of (header, value) pairs. | Optional | `X-Trino-Client-Info: dbt-trino` |
| http_scheme | The HTTP scheme to use for requests to Trino | Optional (default is `http`, or `https` for `method: kerberos`, `ldap` or `jwt`) | `https` or `http` |
| cert | The full path to a certificate file for authentication with trino | Optional | |
| session_properties | Sets Trino session properties used in the connection | Optional | `query_max_run_time: 5d` |
| database | Specify the database to build models into | Required | `analytics` |
| schema | Specify the schema to build models into. Note: it is not recommended to use upper or mixed case schema names | Required | `public` |
| host | The hostname to connect to | Required | `127.0.0.1` |
| port | The port to connect to the host on | Required | `8080` |
| threads | How many threads dbt should use | Optional (default is `1`) | `8` |

**Example profiles.yml entry:**

Expand Down Expand Up @@ -94,6 +95,15 @@ The following features of dbt are not implemented in `dbt-trino`:
Also, note that upper or mixed case schema names will cause catalog queries to fail.
Please only use lower case schema names with this adapter.

#### Supported authentication types

- none - No authentication
- [ldap](https://trino.io/docs/current/security/authentication-types.html) - Specify username in `user` and password in `password`
- [kerberos](https://trino.io/docs/current/security/kerberos.html) - Specify username in `user`
- [jwt](https://trino.io/docs/current/security/jwt.html) - Specify JWT token in `jwt_token`

See also: https://trino.io/docs/current/security/authentication-types.html

#### Required configuration

dbt fundamentally works by dropping and creating tables and views in databases.
Expand Down
12 changes: 12 additions & 0 deletions dbt/adapters/trino/connections.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ class TrinoCredentials(Credentials):
port: Port
user: str
password: Optional[str] = None
jwt_token: Optional[str] = None
method: Optional[str] = None
cert: Optional[str] = None
http_headers: Optional[Dict[str, str]] = None
Expand Down Expand Up @@ -178,6 +179,17 @@ def open(cls, connection):
"http_scheme must be set to 'https' for 'kerberos' method."
)
http_scheme = "https"
elif credentials.method == "jwt":
auth = trino.auth.JWTAuthentication(credentials.jwt_token)
if credentials.http_scheme and credentials.http_scheme != "https":
raise dbt.exceptions.RuntimeException(
"http_scheme must be set to 'https' for 'jwt' method."
)
if credentials.jwt_token is None:
raise dbt.exceptions.RuntimeException(
"jwt_token must be set for 'jwt' method."
)
http_scheme = "https"
else:
auth = trino.constants.DEFAULT_AUTH
http_scheme = credentials.http_scheme or "http"
Expand Down
2 changes: 2 additions & 0 deletions test/unit/test_adapter.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ def setUp(self):
"cert": "/path/to/cert",
"http_headers": {"X-Trino-Client-Info": "dbt-trino"},
"http_scheme": "http",
"jwt_token": "dummy-token",
"session_properties": {
"query_max_run_time": "5d",
"exchange_compression": True,
Expand Down Expand Up @@ -70,6 +71,7 @@ def test_connection_credentials(self):
connection.credentials.http_headers, {"X-Trino-Client-Info": "dbt-trino"}
)
self.assertEqual(connection.credentials.http_scheme, "http")
self.assertEqual(connection.credentials.jwt_token, "dummy-token")
self.assertEqual(connection.credentials.cert, "/path/to/cert")
self.assertEqual(
connection.credentials.session_properties,
Expand Down

0 comments on commit a28f666

Please sign in to comment.