Skip to content

Deprecate and Remove the dbt Plugin from Backend Components #8970

Description

@klesh

Title: Deprecate and Remove the dbt Plugin from Backend Components

Description

Following an internal review of the project's attack surface and current deployment guidelines (per our Authentication and Security Model Documentation), we are identifying legacy or high-risk components that do not align with baseline security hardening expectations.

Specifically, the architecture of the dbt plugin relies on handling external user-supplied configurations (such as repository targets and execution parameters) and passing them to external command-line interfaces (git and dbt). While the system is explicitly designed for trusted, single-operator deployments, this design exposes the server to unexpected Server-Side Request Forgery (SSRF) and external CLI argument manipulation.

Rather than maintaining complex input-filtering rules and input validation for a changing command-line surface area, we are opting to completely deprecate and remove the dbt plugin from the backend codebase.

Scope of Work

  • Remove Plugin Package: Delete the dbt plugin source code and task registrations from the backend plugin engine.
  • Clean Task Definitions: Strip out any references to DbtOptions or related structs across pipeline and blueprint configurations.
  • Database Schema Cleanup: Provide a migration script to safely clean up or migrate legacy configuration tables associated with the plugin.
  • UI/Documentation Updates: Remove options for configuring dbt tasks from the config-ui interface and remove corresponding guides from user manuals.

Acceptance Criteria

  • The backend builds successfully without compiling or referencing the dbt package.
  • Any existing blueprints referencing dbt components fail safely or skip the step with a proper deprecation notice.
  • No regressions are introduced to other core backend plugins or connection management APIs.

Metadata

Metadata

Assignees

No one assigned

    Labels

    type/refactorThis issue is to refactor existing code

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions