dpgaspar commented on code in PR #35621:
URL: https://github.com/apache/superset/pull/35621#discussion_r2556151476
##########
superset/key_value/utils.py:
##########
@@ -66,10 +68,31 @@ def decode_permalink_id(key: str, salt: str) -> int:
raise KeyValueParseKeyError(_("Invalid permalink key"))
-def get_uuid_namespace(seed: str) -> UUID:
- md5_obj = md5() # noqa: S324
- md5_obj.update(seed.encode("utf-8"))
- return UUID(md5_obj.hexdigest())
+def get_uuid_namespace(seed: str, app: Any = None) -> UUID:
+ """
+ Generate a UUID namespace from a seed string using configured hash
algorithm.
+
+ Args:
+ seed: Seed string for namespace generation
+ app: Flask app instance (optional, uses current_app if not provided)
+
+ Returns:
+ UUID namespace
+ """
+ app = app or current_app
+
+ algorithm = app.config["HASH_ALGORITHM"]
+
+ if algorithm == "sha256":
+ sha256_obj = hashlib.sha256()
+ sha256_obj.update(seed.encode("utf-8"))
+ # Use first 16 bytes of SHA-256 digest for UUID
+ return UUID(bytes=sha256_obj.digest()[:16])
+ else:
+ # Legacy MD5 path for backward compatibility
+ md5_obj = md5() # noqa: S324
+ md5_obj.update(seed.encode("utf-8"))
+ return UUID(md5_obj.hexdigest())
Review Comment:
@villebro @michael-s-molina I've added fallback logic using a new config
named `HASH_ALGORITHM_FALLBACKS` for lazy migration. We can't migrate existing
keys on the key value store, but we can guarantee that all new keys will use
the new configured algorithm and existing keys (for permalinks) are still
discovereble
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
