Disable deprecated druid connector by default (#8512)

* Disable deprecated druid connector by default

* Add a line in UPDATING.md for the configuration change

* Remove security tests related default-disabled feature

* More test updates

* black

UPDATING.md

@@ -23,6 +23,10 @@ assists people when migrating to a new version.
 
 ## 0.35.0
 
+* [8512](https://github.com/apache/incubator-superset/pull/8512): `DRUID_IS_ACTIVE` now
+defaults to False. To enable Druid-API-based functionality, override the
+`DRUID_IS_ACTIVE` configuration variable by setting it to `True` for your deployment.
+
 * [8450](https://github.com/apache/incubator-superset/pull/8450): The time ranger picker
 now uses UTC for the tooltips and default placeholder timestamps (sans timezone).
 

superset/config.py

@@ -170,10 +170,15 @@ LOGO_TARGET_PATH = None
 # [TimeZone List]
 # See: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
 # other tz can be overridden by providing a local_config
-DRUID_IS_ACTIVE = True
 DRUID_TZ = tz.tzutc()
 DRUID_ANALYSIS_TYPES = ["cardinality"]
 
+# Legacy Druid connector
+# Druid supports a SQL interface in its newer versions.
+# Setting this flag to True enables the deprecated, API-based Druid
+# connector. This feature may be removed at a future date.
+DRUID_IS_ACTIVE = False
+
 # ----------------------------------------------------
 # AUTHENTICATION CONFIG
 # ----------------------------------------------------

tests/druid_tests.py

@@ -21,6 +21,7 @@ from datetime import datetime
 from unittest.mock import Mock, patch
 
 from superset import db, security_manager
+from tests.test_app import app
 
 from .base_tests import SupersetTestCase
 
@@ -297,6 +298,7 @@ class DruidTests(SupersetTestCase):
     @unittest.skipUnless(
         SupersetTestCase.is_module_installed("pydruid"), "pydruid not installed"
     )
+    @unittest.skipUnless(app.config["DRUID_IS_ACTIVE"], "DRUID_IS_ACTIVE is false")
     def test_filter_druid_datasource(self):
         CLUSTER_NAME = "new_druid"
         cluster = self.get_or_create(

tests/security_tests.py

@@ -55,9 +55,6 @@ class RolePermissionTests(SupersetTestCase):
         self.assert_can_read(view_menu, permissions_set)
         self.assert_can_write(view_menu, permissions_set)
 
-    def assert_cannot_gamma(self, perm_set):
-        self.assert_cannot_write("DruidColumnInlineView", perm_set)
-
     def assert_can_gamma(self, perm_set):
         self.assert_can_read("DatabaseAsync", perm_set)
         self.assert_can_read("TableModelView", perm_set)
@@ -86,12 +83,8 @@ class RolePermissionTests(SupersetTestCase):
         self.assert_can_all("SqlMetricInlineView", perm_set)
         self.assert_can_all("TableColumnInlineView", perm_set)
         self.assert_can_all("TableModelView", perm_set)
-        self.assert_can_all("DruidColumnInlineView", perm_set)
-        self.assert_can_all("DruidDatasourceModelView", perm_set)
-        self.assert_can_all("DruidMetricInlineView", perm_set)
 
         self.assertIn(("all_datasource_access", "all_datasource_access"), perm_set)
-        self.assertIn(("muldelete", "DruidDatasourceModelView"), perm_set)
 
     def assert_cannot_alpha(self, perm_set):
         if app.config["ENABLE_ACCESS_REQUEST"]:
@@ -104,7 +97,6 @@ class RolePermissionTests(SupersetTestCase):
     def assert_can_admin(self, perm_set):
         self.assert_can_read("DatabaseAsync", perm_set)
         self.assert_can_all("DatabaseView", perm_set)
-        self.assert_can_all("DruidClusterModelView", perm_set)
         self.assert_can_all("RoleModelView", perm_set)
         self.assert_can_all("UserDBModelView", perm_set)
 
@@ -185,13 +177,6 @@ class RolePermissionTests(SupersetTestCase):
                 )
             )
         )
-        self.assertTrue(
-            security_manager._is_alpha_only(
-                security_manager.find_permission_view_menu(
-                    "can_delete", "DruidMetricInlineView"
-                )
-            )
-        )
         self.assertTrue(
             security_manager._is_alpha_only(
                 security_manager.find_permission_view_menu(
@@ -209,7 +194,6 @@ class RolePermissionTests(SupersetTestCase):
 
     def test_gamma_permissions_basic(self):
         self.assert_can_gamma(get_perm_tuples("Gamma"))
-        self.assert_cannot_gamma(get_perm_tuples("Gamma"))
         self.assert_cannot_alpha(get_perm_tuples("Alpha"))
 
     @unittest.skipUnless(
@@ -234,7 +218,6 @@ class RolePermissionTests(SupersetTestCase):
         self.assertIn(("can_csv", "Superset"), sql_lab_set)
         self.assertIn(("can_search_queries", "Superset"), sql_lab_set)
 
-        self.assert_cannot_gamma(sql_lab_set)
         self.assert_cannot_alpha(sql_lab_set)
 
     def test_granter_permissions(self):
@@ -242,7 +225,6 @@ class RolePermissionTests(SupersetTestCase):
         self.assertIn(("can_override_role_permissions", "Superset"), granter_set)
         self.assertIn(("can_approve", "Superset"), granter_set)
 
-        self.assert_cannot_gamma(granter_set)
         self.assert_cannot_alpha(granter_set)
 
     def test_gamma_permissions(self):
@@ -273,7 +255,6 @@ class RolePermissionTests(SupersetTestCase):
 
         # check read only perms
         assert_can_read("TableModelView")
-        assert_cannot_write("DruidColumnInlineView")
 
         # make sure that user can create slices and dashboards
         assert_can_all("SliceModelView")