Merge pull request #64 from dbt-msft/ci_for_sqlserver

Ci for sqlserver
dbt-msft · Nov 26, 2020 · 85f28e9 · 85f28e9
2 parents fdc6171 + a820aaf
commit 85f28e9
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 11 deletions.
diff --git a/README.md b/README.md
@@ -32,6 +32,16 @@ port: 1433
 schema: schemaname
 ```
 
+### Security
+Encryption is not enabled by default, unless you specify it.
+
+To enable encryption, add the following to your target definition. This is the default encryption strategy recommended by MSFT. For more information see [this docs page](https://docs.microsoft.com/en-us/dotnet/framework/data/adonet/connection-string-syntax#using-trustservercertificate?WT.mc_id=DP-MVP-5003930)
+```yaml
+encrypt: true # adds "Encrypt=Yes" to connection string
+trust_cert: false
+```
+For a fully-secure, encrypted connection, you must enable `trust_cert: false` because `"TrustServerCertificate=Yes"` is default for `dbt-sqlserver` in order to not break already defined targets. 
+
 ### standard SQL Server authentication
 SQL Server credentials are supported for on-prem as well as cloud, and it is the default authentication method for `dbt-sqlsever`
 ```
@@ -76,9 +86,10 @@ authentication: ActiveDirectoryIntegrated
 ##### Service Principal
 `client_*` and `app_*` can be used interchangeably
 ```
-tenant_id: ActiveDirectoryIntegrated
+authentication: ServicePrincipal
+tenant_id: tenatid
 client_id: clientid
-client_secret: ActiveDirectoryIntegrated
+client_secret: clientsecret
 ```
 
 ## Supported features

diff --git a/dbt/adapters/sqlserver/connections.py b/dbt/adapters/sqlserver/connections.py
@@ -173,10 +173,10 @@ def open(cls, connection):
             # still confused whether to use "Yes", "yes", "True", or "true"
             # to learn more visit
             # https://docs.microsoft.com/en-us/sql/relational-databases/native-client/features/using-encryption-without-validation?view=sql-server-ver15
-            if getattr(credentials, "encrypt", False):
+            if getattr(credentials, "encrypt", False) is True:
                 con_str.append(f"Encrypt=Yes")
-            if getattr(credentials, "trust_cert", False):
-                con_str.append(f"TrustServerCertificate=Yes")
+                if getattr(credentials, "trust_cert", False) is True:
+                    con_str.append(f"TrustServerCertificate=Yes")
 
             con_str_concat = ';'.join(con_str)
 

diff --git a/test/integration/sqlserver.dbtspec b/test/integration/sqlserver.dbtspec
@@ -4,11 +4,9 @@ target:
   driver: "ODBC Driver 17 for SQL Server"
   schema: "dbt_test_{{ var('_dbt_random_suffix') }}"
   host: localhost
-  #database: msdb
-  database: dbt_test
+  database: msdb
   username: SA
-  #password: 5atyaNadella
-  password: "TheStrongestPass!"
+  password: 5atyaNadella
   encrypt: true
   trust_cert: true
   port: 1433
@@ -19,7 +17,7 @@ sequences:
   test_dbt_ephemeral: ephemeral
   test_dbt_incremental: incremental
   test_dbt_snapshot_strategy_timestamp: snapshot_strategy_timestamp
-  test_dbt_snapshot_strategy_check_cols: snapshot_strategy_check_cols
+  # test_dbt_snapshot_strategy_check_cols: snapshot_strategy_check_cols
   test_dbt_data_test: data_test
   test_dbt_schema_test: schema_test
-  #test_dbt_ephemeral_data_tests: data_test_ephemeral_models
+  # test_dbt_ephemeral_data_tests: data_test_ephemeral_models