Apache Superset —Thoughts on custom authentication, running as Docker, having public dashboards and behind Nginx

  • Having custom authentication layer for Superset
  • Running superset as docker and few helper scripts
  • Issues that I faced running Superset behind an NGINX reverse proxy
  • Exposing public dashboards and few tips on this area
  • Superset base url issue and patch fix

Custom Authentication — Problem statement

  • Superset is based on flask-appbuilder, which also provides the authentication layer. Flask appbuilder provides authentication methods
  • Sometimes none of the authentication methods suites our needs. This is where Flask appbuilder’s support for custom security and custom authentication comes handy
  • Let’s say we have a micro services architecture and Superset plays a role in visualizing the data. But there is another micro service which takes care of user management

Solution

  • Let’s implement a custom security and authentication layer
  • I am using superset docker image. But the core concept remains the same for superset run directly on the host system

Solution source code

Approach

  • Run superset docker with the following superset_config.py and security.py placed in a config directory
docker run --detach --name superset -p "8088:8088" -v $(pwd)/config:/etc/superset -v $(pwd)/data:/var/lib/superset amancevice/superset:0.25.6
custom supserset_config.py
  • Notice, in superset_config.py, we try to initialize CUSTOM_SECURITY_MANAGER with our own implemention.
  • A sample security manager is shown below
our security.py

Redirect users directly to target page (like a specific dashboard)

http://localhost:8088/login?username=admin&redirect=/superset/dashboard/world_health/#The above url will auto login as admin and take the user directly into the world_health dashboard

Next steps

  • The flow that we discussed is to demonstrate the possibility of a custom security layer and how to get it working.
  • If we pass username param in request it will bypass the login and take the user inside.
  • We need to make the authentication more stringent. On top of the above flow, based on the ecosystem, we could use a JWT token or other means in the CustomSecurity layer.

Superset users still remains in Superset

  • This approach doesn’t eradicate superset’s user management, authorization flow (roles) etc.,
  • It embraces flask appbuilder’s user management
  • When creating a user in our application, we need to call REST API exposed by flask to create equivalent user with same username in superset
  • Also assign the roles in superset with REST API programmatically.
  • This way superset manages it’s own internal flows as it is and other micro services can integrate easily with superset
  • This also give lot of flexibility on controlling which dashboards should be visible to which user etc., inline with superset’s way of role management

Overriding Superset html templates

  • In the above example, we override the navbar.html inside superset with our own content
  • the path to superset, while we used the above docker image, happened to be /usr/local/lib/python3.5/dist-package/superset/templates/... Ensure this is the path in your case.

Public dashboards

#superset_config.py
PUBLIC_ROLE_LIKE_GAMMA = True
> docker-compose exec superset superset-init
http://localhost:9000/superset/dashboard/world_health/?standalone=true

Problems running behind NGINX

  • Superset uses muliple static file references (/static/…/…js & css) without taking base url conventions
  • Superset will only work when it is loaded in a root path ( / )
  • Superset supports url_for way of configuring baseUrl. But this is implemented well only on the backend python layer. It is not well implemented on frontend (Javascript) layer. There are areas where they do things like the following which breaks:
// Builds a dataTable from a flask appbuilder api endpoint
let url = '/' + modelView.toLowerCase() + '/api/read';

CORS Issue

Superset base url issue

References

--

--

--

Software Architect ★ Data engineer ★ Committed to improve data science productivity

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Boilerplate Code for adding In-App-Purchases (Swift)

Forget Basecamp. How to implement Shape Up in Monday.com

How to Develop and Test Document Upload Rest API in Salesforce?

Working with list in Dart.

A Multisite Drastically Reduces the Technological Debt in an Organisation

How I’m trying to become a better communicator

Knowing basics — Data science with Python [Part 1]

What did you do this past week?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Sairam Krish

Sairam Krish

Software Architect ★ Data engineer ★ Committed to improve data science productivity

More from Medium

Installing Airflow locally on Windows with WSL and Astro CLI (quickest setup ever)

Using Environment Variables with Google Cloud Functions

Searching for a Better Cloud DB Managed Service

CSV file in S3 from a Trino Query