Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix #3236: Add support for secure docker compose with an env file #3241

Merged
merged 2 commits into from Mar 8, 2022
Merged

Fix #3236: Add support for secure docker compose with an env file #3241

merged 2 commits into from Mar 8, 2022

Conversation

vivekratnavel
Copy link
Contributor

Describe your changes :

See #3236

To bring up a secure docker compose cluster, one can set up an env file like this and pass the env file path in command line:

AUTHORIZER_CLASS_NAME=org.openmetadata.catalog.security.DefaultAuthorizer
AUTHORIZER_REQUEST_FILTER=org.openmetadata.catalog.security.JwtFilter
AUTHORIZER_ADMIN_PRINCIPALS=admin
AUTHORIZER_INGESTION_PRINCIPAL=ingestion-bot
AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org
AUTHENTICATION_PROVIDER=google
AUTHENTICATION_PUBLIC_KEY=https://www.googleapis.com/oauth2/v3/certs
AUTHENTICATION_AUTHORITY=https://accounts.google.com
AUTHENTICATION_CLIENT_ID=709849217090-n7s8oc4cvpffubraoi5vbr1s0qfboqvv.apps.googleusercontent.com
AUTHENTICATION_CALLBACK_URL=http://localhost:8585/callback

metadata docker -env-file ~/env_open_metadata -f ~/docker-compose --start

Type of change :

  • Bug fix
  • Improvement
  • New feature
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation

Checklist:

  • I have read the CONTRIBUTING document.
  • I have performed a self-review of my own.
  • I have tagged my reviewers below.
  • I have commented on my code, particularly in hard-to-understand areas.
  • My changes generate no new warnings.
  • I have added tests that prove my fix is effective or that my feature works.
  • All new and existing tests passed.

Reviewers

@github-actions
Copy link

github-actions bot commented Mar 8, 2022

The Python checkstyle failed.

Please run make py_format in the root of your repository and commit the changes to this PR.
You can also use pre-commit to automate the Python code formatting.

You can install the pre-commit hooks with make install_test precommit_install.

@harshach
Copy link
Collaborator

harshach commented Mar 8, 2022

@vivekratnavel can you run the python checkstyle

harshach
harshach requested changes Mar 8, 2022
View reviewed changes
Copy link
Collaborator

@harshach harshach left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fix python checkstyle

@vivekratnavel
Copy link
Contributor Author

@harshach @akash-jain-10 Thanks for the review. One thing to note with this patch is that when security is enabled, the initial ingestion will fail because it will not have the secret to access the secure APIs. But, if the user tries to ingest with sample-data.json with the secret key config, it will succeed.

@sonarcloud
Copy link

sonarcloud bot commented Mar 8, 2022

[open-metadata-ingestion] Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 1 Code Smell

0.0% 0.0% Coverage
0.0% 0.0% Duplication

@vivekratnavel
Copy link
Contributor Author

I have created #3259 to add a flag to skip ingestion during startup. That should improve the user experience

@harshach harshach merged commit f0927ec into open-metadata:main Mar 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@harshach harshach harshach approved these changes

@akash-jain-10 akash-jain-10 akash-jain-10 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@vivekratnavel @harshach @akash-jain-10