From 83f72ec440426d3554f968d2bb74479187cb2b95 Mon Sep 17 00:00:00 2001
From: Don Bowman <don@agilicus.com>
Date: Fri, 1 Feb 2019 16:16:31 -0500
Subject: [PATCH] Encrypt broker password in database

Signed-off-by: Don Bowman <don@agilicus.com>
---
 superset/connectors/druid/models.py                |  3 ++-
 ..._py.py => e553e78e90c5_add_druid_auth_py_py.py} | 14 +++++++++-----
 2 files changed, 11 insertions(+), 6 deletions(-)
 rename superset/migrations/versions/{b94b03d92795_add_druid_auth_py.py => e553e78e90c5_add_druid_auth_py_py.py} (82%)

diff --git a/superset/connectors/druid/models.py b/superset/connectors/druid/models.py
index aeee119dad5a8..4d708fa324368 100644
--- a/superset/connectors/druid/models.py
+++ b/superset/connectors/druid/models.py
@@ -45,6 +45,7 @@
     Boolean, Column, DateTime, ForeignKey, Integer, String, Table, Text, UniqueConstraint,
 )
 from sqlalchemy.orm import backref, relationship
+from sqlalchemy_utils import EncryptedType
 
 from superset import conf, db, security_manager
 from superset.connectors.base.models import BaseColumn, BaseDatasource, BaseMetric
@@ -103,7 +104,7 @@ class DruidCluster(Model, AuditMixinNullable, ImportMixin):
     metadata_last_refreshed = Column(DateTime)
     cache_timeout = Column(Integer)
     broker_user = Column(String(255))
-    broker_pass = Column(String(255))
+    broker_pass = Column(EncryptedType(String(255), conf.get('SECRET_KEY')))
 
     export_fields = ('cluster_name', 'broker_host', 'broker_port',
                      'broker_endpoint', 'cache_timeout', 'broker_user',
diff --git a/superset/migrations/versions/b94b03d92795_add_druid_auth_py.py b/superset/migrations/versions/e553e78e90c5_add_druid_auth_py_py.py
similarity index 82%
rename from superset/migrations/versions/b94b03d92795_add_druid_auth_py.py
rename to superset/migrations/versions/e553e78e90c5_add_druid_auth_py_py.py
index 0d501743c5c2d..bb17479cf1287 100644
--- a/superset/migrations/versions/b94b03d92795_add_druid_auth_py.py
+++ b/superset/migrations/versions/e553e78e90c5_add_druid_auth_py_py.py
@@ -14,26 +14,30 @@
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
-"""add_druid_auth.py
+"""add_druid_auth_py.py
 
-Revision ID: b94b03d92795
+Revision ID: e553e78e90c5
 Revises: 18dc26817ad2
-Create Date: 2019-01-31 15:09:54.944703
+Create Date: 2019-02-01 16:07:04.268023
 
 """
 
 # revision identifiers, used by Alembic.
-revision = 'b94b03d92795'
+revision = 'e553e78e90c5'
 down_revision = '18dc26817ad2'
 
 from alembic import op
 import sqlalchemy as sa
+from sqlalchemy_utils  import EncryptedType
+
 
 
 def upgrade():
     # ### commands auto generated by Alembic - please adjust! ###
-    op.add_column('clusters', sa.Column('broker_pass', sa.String(length=255), nullable=True))
+    op.add_column('clusters', sa.Column('broker_pass', EncryptedType(), nullable=True))
     op.add_column('clusters', sa.Column('broker_user', sa.String(length=255), nullable=True))
+    # ### end Alembic commands ###
+
 
 def downgrade():
     # ### commands auto generated by Alembic - please adjust! ###