yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-09-25 17:04:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

GEN-1492 - Decrypt JWT internally for system health check (#17864)

Browse Source
This commit is contained in:
Pere Miquel Brull 2024-09-18 19:24:10 +02:00 committed by GitHub
parent 7df05c3e57
commit 0f5746499a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 21 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/SystemRepository.java
View File

@ -18,6 +18,7 @@ import org.jdbi.v3.sqlobject.transaction.Transaction;
import org.openmetadata.api.configuration.UiThemePreference;
import org.openmetadata.schema.email.SmtpSettings;
import org.openmetadata.schema.entity.services.ingestionPipelines.PipelineServiceClientResponse;
import org.openmetadata.schema.security.client.OpenMetadataJWTClientConfig;
import org.openmetadata.schema.service.configuration.slackApp.SlackAppConfiguration;
import org.openmetadata.schema.services.connections.metadata.OpenMetadataConnection;
import org.openmetadata.schema.settings.Settings;
@ -35,6 +36,8 @@ import org.openmetadata.service.jdbi3.CollectionDAO.SystemDAO;
import org.openmetadata.service.migration.MigrationValidationClient;
import org.openmetadata.service.resources.settings.SettingsCache;
import org.openmetadata.service.search.SearchRepository;
import org.openmetadata.service.secrets.SecretsManager;
import org.openmetadata.service.secrets.SecretsManagerFactory;
import org.openmetadata.service.security.JwtFilter;
import org.openmetadata.service.util.JsonUtils;
import org.openmetadata.service.util.OpenMetadataConnectionBuilder;
@ -432,11 +435,13 @@ public class SystemRepository {
private StepValidation getJWKsValidation(
OpenMetadataApplicationConfig applicationConfig, JwtFilter jwtFilter) {
SecretsManager secretsManager = SecretsManagerFactory.getSecretsManager();
OpenMetadataConnection openMetadataServerConnection =
new OpenMetadataConnectionBuilder(applicationConfig).build();
OpenMetadataJWTClientConfig realJWTConfig =
secretsManager.decryptJWTConfig(openMetadataServerConnection.getSecurityConfig());
try {
jwtFilter.validateJwtAndGetClaims(
openMetadataServerConnection.getSecurityConfig().getJwtToken());
jwtFilter.validateJwtAndGetClaims(realJWTConfig.getJwtToken());
return new StepValidation()
.withDescription(ValidationStepDescription.JWT_TOKEN.key)
.withPassed(Boolean.TRUE)

14
openmetadata-service/src/main/java/org/openmetadata/service/secrets/SecretsManager.java
View File

@ -180,6 +180,20 @@ public abstract class SecretsManager {
return null;
}
public OpenMetadataJWTClientConfig decryptJWTConfig(OpenMetadataJWTClientConfig jwtConfig) {
if (jwtConfig != null) {
try {
OpenMetadataJWTClientConfig decrypted =
(OpenMetadataJWTClientConfig) decryptPasswordFields(jwtConfig);
return (OpenMetadataJWTClientConfig) getSecretFields(decrypted);
} catch (Exception e) {
throw new SecretsManagerException(
Response.Status.BAD_REQUEST, "Failed to decrypt JWT Client Config instance.");
}
}
return null;
}
public void encryptIngestionPipeline(IngestionPipeline ingestionPipeline) {
OpenMetadataConnection openMetadataConnection =
encryptOpenMetadataConnection(ingestionPipeline.getOpenMetadataServerConnection(), true);