docs: Trino Authentications

Signed-off-by: Đặng Minh Dũng <dungdm93@live.com>
apache · Jan 15, 2022 · ee3446f · ee3446f
1 parent 19ead29
commit ee3446f
Show file tree

Hide file tree

Showing 4 changed files with 91 additions and 13 deletions.
diff --git a/docs/src/pages/docs/Connecting to Databases/trino.mdx b/docs/src/pages/docs/Connecting to Databases/trino.mdx
@@ -8,20 +8,95 @@ version: 1
 
 ## Trino
 
-Supported trino version 352 and higher
-
-The [sqlalchemy-trino](https://pypi.org/project/sqlalchemy-trino/) library is the recommended way to connect to Trino through SQLAlchemy.
-
-The expected connection string is formatted as follows:
+Superset supports Trino >=352 via SQLAlchemy by using the [sqlalchemy-trino](https://pypi.org/project/sqlalchemy-trino/) library.
 
+### Connection String
+The connection string format is as follows:
 ```
 trino://{username}:{password}@{hostname}:{port}/{catalog}
 ```
-If you are running trino with docker on local machine please use the following connection URL
 
+If you are running Trino with docker on local machine, please use the following connection URL
 ```
 trino://trino@host.docker.internal:8080
 ```
 
-Reference:
-[Trino-Superset-Podcast](https://trino.io/episodes/12.html)
+### Authentications
+#### 1. Basic Authentication
+You can provide `username`/`password` in the connection string or in the `Secure Extra` field at `Advanced / Security`
+* In Connection String
+    ```
+    trino://{username}:{password}@{hostname}:{port}/{catalog}
+    ```
+
+* In `Secure Extra` field
+    ```json
+    {
+        "auth_method": "basic",
+        "auth_params": {
+            "username": "<username>",
+            "password": "<password>"
+        }
+    }
+    ```
+
+NOTE: if both are provided, `Secure Extra` always takes higher priority.
+
+#### 2. Kerberos Authentication
+In `Secure Extra` field, config as following example:
+```json
+{
+    "auth_method": "kerberos",
+    "auth_params": {
+        "service_name": "superset",
+        "config": "/path/to/krb5.config",
+        ...
+    }
+}
+```
+
+All fields in `auth_params` are passed directly to the [`KerberosAuthentication`](https://github.com/trinodb/trino-python-client/blob/0.306.0/trino/auth.py#L40) class.
+
+#### 3. JWT Authentication
+Config `auth_method` and provide token in `Secure Extra` field
+```json
+{
+    "auth_method": "jwt",
+    "auth_params": {
+        "token": "<your-jwt-token>"
+    }
+}
+```
+
+#### 4. Custom Authentication
+To use custom authentication, first you need to add it into
+`ALLOWED_EXTRA_AUTHENTICATIONS` allow list in Superset config file:
+```python
+from your.module import AuthClass
+from another.extra import auth_method
+
+ALLOWED_EXTRA_AUTHENTICATIONS: Dict[str, Dict[str, Callable[..., Any]]] = {
+    "trino": {
+        "custom_auth": AuthClass,
+        "another_auth_method": auth_method,
+    },
+}
+```
+
+Then in `Secure Extra` field:
+```json
+{
+    "auth_method": "custom_auth",
+    "auth_params": {
+        ...
+    }
+}
+```
+
+You can also use custom authentication by providing reference to your `trino.auth.Authentication` class
+or factory function (which returns an `Authentication` instance) to `auth_method`.
+
+All fields in `auth_params` are passed directly to your class/function.
+
+**Reference**:
+* [Trino-Superset-Podcast](https://trino.io/episodes/12.html)
diff --git a/requirements/base.txt b/requirements/base.txt
@@ -283,6 +283,8 @@ werkzeug==1.0.1
     # via
     #   flask
     #   flask-jwt-extended
+wrapt==1.12.1
+    # via -r requirements/base.in
 wtforms==2.3.3
     # via
     #   flask-appbuilder

diff --git a/requirements/testing.in b/requirements/testing.in
@@ -38,3 +38,4 @@ statsd
 pytest-mock
 # DB dependencies
 -e file:.[bigquery]
+-e file:.[trino]
diff --git a/requirements/testing.txt b/requirements/testing.txt
@@ -1,4 +1,4 @@
-# SHA1:9658361c2ab00a6b27c5875b7b3557c2999854ba
+# SHA1:7a8e256097b4758bdeda2529d3d4d31e421e1a3c
 #
 # This file is autogenerated by pip-compile-multi
 # To update, run:
@@ -11,8 +11,6 @@
     # via
     #   -r requirements/base.in
     #   -r requirements/testing.in
-appnope==0.1.2
-    # via ipython
 astroid==2.6.6
     # via pylint
 backcall==0.2.0
@@ -166,20 +164,22 @@ requests-oauthlib==1.3.0
     # via google-auth-oauthlib
 rsa==4.7.2
     # via google-auth
+sqlalchemy-trino==0.4.1
+    # via apache-superset
 statsd==3.3.0
     # via -r requirements/testing.in
 traitlets==5.0.5
     # via
     #   ipython
     #   matplotlib-inline
+trino==0.306
+    # via sqlalchemy-trino
 typing-inspect==0.7.1
     # via libcst
 wcwidth==0.2.5
     # via prompt-toolkit
 websocket-client==1.2.0
     # via docker
-wrapt==1.12.1
-    # via astroid
 
 # The following packages are considered to be unsafe in a requirements file:
 # pip