Skip to content

Commit

Permalink
Fix #2807: Merge openmetadata.yaml and openmetadata-server.yaml (#2808)
Browse files Browse the repository at this point in the history 
Co-authored-by: darth-coder00 <aashit@getcollate.io>
  • Loading branch information
@harshach
harshach and darth-coder00 committed Feb 28, 2022
1 parent 262efd8 commit 97245a5
Show file tree
Hide file tree
Showing 8 changed files with 122 additions and 37 deletions.
9 changes: 3 additions & 6 deletions catalog-rest-service/src/main/java/org/openmetadata/catalog/CatalogApplication.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,6 @@
import org.openmetadata.catalog.security.AuthorizerConfiguration;
import org.openmetadata.catalog.security.NoopAuthorizer;
import org.openmetadata.catalog.security.NoopFilter;
import org.openmetadata.catalog.security.auth.CatalogSecurityContextRequestFilter;
import org.openmetadata.catalog.slack.SlackPublisherConfiguration;
import org.openmetadata.catalog.slack.SlackWebhookEventPublisher;

Expand Down Expand Up @@ -185,16 +184,14 @@ private void registerAuthorizer(CatalogApplicationConfig catalogConfig, Environm
authorizer.init(authorizerConf, jdbi);
String filterClazzName = authorizerConf.getContainerRequestFilter();
ContainerRequestFilter filter;
if (StringUtils.isEmpty(filterClazzName)) {
filter = new CatalogSecurityContextRequestFilter(); // default
} else {
if (!StringUtils.isEmpty(filterClazzName)) {
filter =
((Class<ContainerRequestFilter>) Class.forName(filterClazzName))
.getConstructor(AuthenticationConfiguration.class)
.newInstance(authenticationConfiguration);
LOG.info("Registering ContainerRequestFilter: {}", filter.getClass().getCanonicalName());
environment.jersey().register(filter);
}
LOG.info("Registering ContainerRequestFilter: {}", filter.getClass().getCanonicalName());
environment.jersey().register(filter);
} else {
LOG.info("Authorizer config not set, setting noop authorizer");
authorizer = NoopAuthorizer.class.getConstructor().newInstance();
Expand Down
2 changes: 2 additions & 0 deletions catalog-rest-service/src/main/java/org/openmetadata/catalog/security/NoopFilter.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,8 @@
public class NoopFilter implements ContainerRequestFilter {
@Context private UriInfo uriInfo;

public NoopFilter(AuthenticationConfiguration authenticationConfiguration) {}

public void filter(ContainerRequestContext containerRequestContext) {
CatalogPrincipal catalogPrincipal = new CatalogPrincipal("anonymous");
String scheme = containerRequestContext.getUriInfo().getRequestUri().getScheme();
Expand Down
6 changes: 6 additions & 0 deletions ...main/java/org/openmetadata/catalog/security/auth/CatalogSecurityContextRequestFilter.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
import javax.ws.rs.core.SecurityContext;
import javax.ws.rs.ext.Provider;
import lombok.extern.slf4j.Slf4j;
import org.openmetadata.catalog.security.AuthenticationConfiguration;
import org.openmetadata.catalog.security.AuthenticationException;

@Slf4j
Expand All @@ -29,6 +30,11 @@ public class CatalogSecurityContextRequestFilter implements ContainerRequestFilt

@Context private HttpServletRequest httpRequest;

@SuppressWarnings("unused")
private CatalogSecurityContextRequestFilter() {}

public CatalogSecurityContextRequestFilter(AuthenticationConfiguration authenticationConfiguration) {}

@Override
public void filter(ContainerRequestContext requestContext) {
Principal principal = httpRequest.getUserPrincipal();
Expand Down
3 changes: 2 additions & 1 deletion ...og-rest-service/src/main/java/org/openmetadata/catalog/util/ElasticSearchClientUtils.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,8 @@ private static SSLContext createSSLContext(ElasticSearchConfiguration elasticSea
throws KeyStoreException {

if (elasticSearchConfiguration.getScheme().equals("https")) {
if (elasticSearchConfiguration.getTruststorePath() != null) {
if (elasticSearchConfiguration.getTruststorePath() != null
&& !elasticSearchConfiguration.getTruststorePath().isEmpty()) {
Path trustStorePath = Paths.get(elasticSearchConfiguration.getTruststorePath());
KeyStore truststore = KeyStore.getInstance("jks");
try (InputStream is = Files.newInputStream(trustStorePath)) {
Expand Down
24 changes: 24 additions & 0 deletions conf/openmetadata.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,10 +113,34 @@ database:
migrationConfiguration:
path: "./bootstrap/sql/mysql"

# Authorizer Configuration
authorizerConfiguration:
className: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.catalog.security.NoopAuthorizer}
containerRequestFilter: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.catalog.security.NoopFilter}
adminPrincipals:
- ${AUTHORIZER_ADMIN_PRINCIPALS:-admin}
botPrincipals:
- ${AUTHORIZER_INGESTION_PRINCIPAL:-ingestion-bot]}
principalDomain: ${AUTHORIZER_PRINCIPAL_DOMAIN:-""}

authenticationConfiguration:
provider: ${AUTHENTICATION_PROVIDER:-no-auth}
publicKey: ${AUTHENTICATION_PUBLIC_KEY:-https://www.googleapis.com/oauth2/v3/certs}
authority: ${AUTHENTICATION_AUTHORITY:-https://accounts.google.com}
clientId: ${AUTHENTICATION_CLIENT_ID:-""}
callbackUrl: ${AUTHENTICATION_CALLBACK_URL:-""}

elasticsearch:
host: ${ELASTICSEARCH_HOST:-localhost}
port: ${ELASTICSEARCH_PORT:-9200}
scheme: ${ELASTICSEARCH_SCHEME:-http}
username: ${ELASTICSEARCH_USER:-""}
password: ${ELASTICSEARCH_PASSWORD:-""}
truststorePath: ${ELASTICSEARCH_TRUST_STORE_PATH:-""}
truststorePassword: ${ELASTICSEARCH_TRUST_STORE_PASSWORD:-""}
connectionTimeoutSecs: ${ELASTICSEARCH_CONNECTION_TIMEOUT_SECS:-5}
socketTimeoutSecs: ${ELASTICSEARCH_SOCKET_TIMEOUT_SECS:-60}
batchSize: ${ELASTICSEARCH_BATCH_SIZE:-10}

eventHandlerConfiguration:
eventHandlerClassNames:
Expand Down
93 changes: 64 additions & 29 deletions openmetadata-ui/src/main/resources/ui/src/auth-provider/AuthProvider.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
* limitations under the License.
*/

import { AxiosResponse } from 'axios';
import { AxiosError, AxiosResponse } from 'axios';
import { CookieStorage } from 'cookie-storage';
import { isEmpty, isNil } from 'lodash';
import { observer } from 'mobx-react';
Expand All @@ -34,6 +34,7 @@ import {
import appState from '../AppState';
import axiosClient from '../axiosAPIs';
import {
fetchAuthenticationConfig,
fetchAuthorizerConfig,
getLoggedInUserPermissions,
} from '../axiosAPIs/miscAPI';
Expand All @@ -44,6 +45,7 @@ import {
} from '../axiosAPIs/userAPI';
import Loader from '../components/Loader/Loader';
import { COOKIE_VERSION } from '../components/Modals/WhatsNewModal/whatsNewData';
import { NOOP_FILTER, NO_AUTH } from '../constants/auth.constants';
import { isAdminUpdated, oidcTokenKey, ROUTES } from '../constants/constants';
import { ClientErrors } from '../enums/axios.enum';
import { User } from '../generated/entity/teams/user';
Expand Down Expand Up @@ -204,37 +206,70 @@ const AuthProvider: FunctionComponent<AuthProviderProps> = ({
};

const fetchAuthConfig = (): void => {
fetchAuthorizerConfig()
.then((res: AxiosResponse) => {
const isSecureMode =
!isNil(res.data) &&
Object.values(res.data).filter((item) => isNil(item)).length === 0;
if (isSecureMode) {
const { provider, authority, clientId, callbackUrl } = res.data;
const userConfig = getUserManagerConfig({
authority,
clientId,
callbackUrl,
});
setUserManagerConfig(userConfig);
setUserManager(makeUserManager(userConfig));
if (!oidcUserToken) {
clearOidcUserData(userConfig);
setLoading(false);
const promises = [fetchAuthenticationConfig(), fetchAuthorizerConfig()];
Promise.allSettled(promises)
.then(
([
authenticationConfig,
authorizerConfig,
]: PromiseSettledResult<AxiosResponse>[]) => {
let authRes = {} as AxiosResponse;
if (authenticationConfig.status === 'fulfilled') {
authRes = authenticationConfig.value;
const authorizerRes =
authorizerConfig.status === 'fulfilled'
? authorizerConfig.value
: ({} as AxiosResponse);
const isSecureMode =
!isNil(authRes.data) &&
authorizerRes?.data?.containerRequestFilter &&
authRes.data.provider !== NO_AUTH &&
authorizerRes.data.containerRequestFilter !== NOOP_FILTER &&
Object.values(authRes.data).filter((item) => isNil(item))
.length === 0;
if (isSecureMode) {
const { provider, authority, clientId, callbackUrl } =
authRes.data;
const userConfig = getUserManagerConfig({
authority,
clientId,
callbackUrl,
});
setUserManagerConfig(userConfig);
setUserManager(makeUserManager(userConfig));
if (!oidcUserToken) {
clearOidcUserData(userConfig);
setLoading(false);
} else {
getLoggedInUserDetails();
}
appState.updateAuthProvide({
authority,
provider,
// eslint-disable-next-line @typescript-eslint/camelcase
client_id: clientId,
});
appState.updateAuthState(false);
} else {
appState.updateAuthState(true);
setLoading(false);
}
} else {
getLoggedInUserDetails();
authenticationConfig.reason as AxiosError;
showToast({
variant: 'error',
body:
(authenticationConfig.reason as AxiosError).response?.data
.message || 'Error occured while fetching auth config',
});
}
appState.updateAuthProvide({
authority,
provider,
// eslint-disable-next-line @typescript-eslint/camelcase
client_id: clientId,
});
appState.updateAuthState(false);
} else {
appState.updateAuthState(true);
setLoading(false);
}
)
.catch(() => {
showToast({
variant: 'error',
body: 'Error occured while fetching auth config',
});
})
.finally(() => {
if (oidcUserToken || appState.authDisabled) {
Expand Down
7 changes: 6 additions & 1 deletion openmetadata-ui/src/main/resources/ui/src/axiosAPIs/miscAPI.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,8 +50,13 @@ export const getOwnershipCount: Function = (
);
};

export const fetchAuthenticationConfig: Function =
(): Promise<AxiosResponse> => {
return APIClient.get('/config/auth');
};

export const fetchAuthorizerConfig: Function = (): Promise<AxiosResponse> => {
return APIClient.get('/config/auth');
return APIClient.get('/config/authorizer');
};

export const getSuggestions: Function = (
Expand Down
15 changes: 15 additions & 0 deletions openmetadata-ui/src/main/resources/ui/src/constants/auth.constants.ts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
/*
* Copyright 2021 Collate
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

export const NO_AUTH = 'no-auth';
export const NOOP_FILTER = 'org.openmetadata.catalog.security.NoopFilter';

0 comments on commit 97245a5

Please sign in to comment.