-
Notifications
You must be signed in to change notification settings - Fork 170
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added plugin for dbt CLI #328
base: main
Are you sure you want to change the base?
Added plugin for dbt CLI #328
Conversation
Hello! Don't forget to also write an accompanying blog post on Hashnode with the tags 1Password and BuildWith1Password (not just putting #1Password in the text - but use the Hashnode tags in the CMS. :) The full instructions are here. |
@techcraver & @arunsathiya Thank you for promptly assigning reviewers and correct tags. I have updated the plugin to expand from Redshift to almost all major data platforms for password auth by DBT by making few fields optional. I use Redshift version of this for my daily workflow. Regardless of hackathon, I hope you are fine with this contribution going to prod? I have only tested in Redshift, but verified via docs that it can expand to other sources as well. Are there any plans to support dynamically choosing 1password item say based on arguments from CLI in shell plugin? I currently create multiple empty folders say for dev and prod connections to achieve this. In the dbt CLI, one can pass profile and target as args for selecting connection. Combining this with allowing multiple connection templates for a single plugin will make the plugin usage very elegant. Happy to contribute PRs if something similar is on our roadmap. |
Love it!
Very much, thank you for this valuable contribution @guru-pochineni! We'll review this work soon, but please be informed that given that the functionality of the plugin has increased, it may take some time to review it in detail.
Could you share some examples here? What arguments are different between the platforms (Redshift and others)? And, how do you envision the 1Password item selection to happen -- at the time of command usage or something else? At this time though, what's possible is |
This is so cool @guru-pochineni ! I come from the data world and I know all my dbt using friends are going to LOOVE this. |
hey @guru-pochineni - one note for your Overview section. The branding/capitalization on dbt. It's never DBT - always 'dbt'. :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One question, for now 😄 Thank you for the contribution!
var defaultEnvVarMapping = map[string]sdk.FieldName{ | ||
"DBT_HOST": fieldname.Host, | ||
"DBT_PORT": fieldname.Port, | ||
"DBT_USER": fieldname.User, | ||
"DBT_PASSWORD": fieldname.Password, | ||
"DBT_DB": fieldname.Database, | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From what I gather from the documentation, these environment variables are only used to be referenced in a configuration file, is that correct?
With these provisioned, a config file such as the one documented here: https://docs.getdbt.com/reference/dbt-jinja-functions/profiles-yml-context
is still necessary for the plugin to work. Is there some documentation that I have missed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see that this is indeed what you are documenting in the PR description as well.
Rather than creating an additional requirement for the user to write their own config file, I would prefer if we were to provision a configuration file directly, using provision.TempFile
, as in plugins such as mysql
or akamai
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for the suggestion. Users would still need to configure profiles.yml
file as lot of other attributes can be tweaked in it. I will add changes to incorporate provision.TempFile
and keep env variables as it is.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see, thank you for the clarification.
@libutcher do you know of any other plugins that have a similar behaviour? Asking you since you tested/documented their vast majority, I wonder if there is already any occurrence of a plugin that requires additional setup on top of the 1Password CLI-related stuff.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Following up here, it doesn't look like there are any plugins with that behaviour. @guru-pochineni, are you still planning to add changes to incorporate provision.TempFile?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Haven't got the chance to make changes. Let me take a look into this next weekend.
Overview
Added support for using 1Password to supply credentials when connecting to Redshift and other sources via dbt CLI.
dbt Redshift prefers password-based authentication with passwords stored in plain text file in project root folder or in
~/.dbt/profiles.yml
file. This plugin removes the need for storing DB passwords in plain text and injects them via env variables as and when required. This also works with other data sources in dbt that allow auth via password.Type of change
Related Issue(s)
NA
Description
dbt is a popular data transformation tool. It allows you to connect to multiple data sources (data warehouses and data lakes) to run SQL queries for analytics. Since it can connect to multiple sources, connection setting varies for each source, and it is encapsulated in profiles.yml file.
We cannot use a single shell plugin to serve all sources as connection schema varies by source. This plugin attempts to provide a way to authenticate to AWS Redshift and other sources that support password-based authentication.
How To Test (Redshift)
Pre-requisites
op init dbt
and use the item created in step 3.profiles.yml
file.Run log
Testing this plugin is an involved process as we need to have DB, some data in it along with dbt project setup to fully run it.
Supported Data Sources via dbt
We cover password based auth for all [data platforms supported by dbt except BigQuery via this extension. Naming may be little different for few sources, like in Databricks we configure token in password field.
References
PS: Sharing this plugin via GitHub for hackathon as I use this some form of this daily for work. Not endorsing dbt, AWS Redshift or my employer with these changes.
Additional information
Accompanied blog post: Running dbt cli with 1Password 🚀