Not able to disable Impersonate user flag when creating a new DB connection pointing to Google Sheets

[stefanocascavilla]

We are trying to create a Google Sheet DB connection by using the shillelag module and we are trying to disable the “Impersonate logged-in user” flag on a Google Sheet connection, which seems to be enabled by default.
We can't do that and each time we try, it seems Superset ignores it and keeps the flag enabled.

How to reproduce the bug

1. Edit the Google Sheet connection
2. Navigate to Advanced -> Security
3. Disable “Impersonate logged in user”
4. Click on “FINISH”

Expected results

We expect to have the flag disabled.

Actual results

The flag is still enabled.

Environment

(please complete the following information):

• superset version: Superset 1.5.0

Checklist

Make sure to follow these steps before submitting your issue - thank you!

• I have checked the superset logs for python stacktraces and included it here as text if there are any.
• I have reproduced the issue with at least the latest released version of superset.
• I have checked the issue tracker for the same issue and I haven't found one similar.

[rusackas]

@betodealmeida might have the best advice on this one. Not sure if user impersonation is supported here.

[rusackas]

Anyone still facing this? Maybe @dosu-bot has some ideas, but otherwise, I'll be closing this as stale before too long.

[dosubot]

Hey @rusackas! 👋 I'm here to help you with any bugs, questions, or contributions while you wait for a human maintainer. Let's squash those bugs together! 🐞

To disable the "Impersonate logged-in user" flag in a Google Sheet DB connection using the shillelagh module in Superset 1.5.0, ensure that the impersonate_user parameter is set to False when calling the get_url_for_impersonation method. Here is the relevant part of the code:

@classmethod
def get_url_for_impersonation(
    cls,
    url: URL,
    impersonate_user: bool,
    username: str | None,
    access_token: str | None,
) -> URL:
    if not impersonate_user:
        return url

    if username is not None:
        user = security_manager.find_user(username=username)
        if user and user.email:
            url = url.update_query_dict({"subject": user.email})

    if access_token:
        url = url.update_query_dict({"access_token": access_token})

    return url
}

Ensure that impersonate_user is set to False when this method is called. Additionally, verify the frontend settings in the Superset UI. Specifically, check the ExtraOptions component in superset-frontend/src/features/databases/DatabaseModal/ExtraOptions.tsx:

<StyledInputContainer>
  <div className="input-container">
    <IndeterminateCheckbox
      id="impersonate_user"
      indeterminate={false}
      checked={!!db?.impersonate_user}
      onChange={onInputChange}
      labelText={t(
        'Impersonate logged in user (Presto, Trino, Drill, Hive, and GSheets)',
      )}
    />
    <InfoTooltip
      tooltip={t(
        'If Presto or Trino, all the queries in SQL Lab are going to be executed as the ' +
          'currently logged on user who must have permission to run them. If Hive ' +
          'and hive.server2.enable.doAs is enabled, will run the queries as ' +
          'service account, but impersonate the currently logged on user via ' +
          'hive.server2.proxy.user property.',
      )}
    />
  </div>
</StyledInputContainer>

Ensure that the checkbox for "Impersonate logged in user" is unchecked in the database connection settings. This should reflect the impersonate_user parameter being set to False. If the flag remains enabled despite your attempts to disable it, you may need to check both the backend method call and the frontend settings to ensure consistency ^[1][2].

To continue talking to Dosu, mention @dosu.