yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-11-15 02:13:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

On init the auth provider 'openmetadata' must generate a JWT token if not present on config (#8815)

Browse Source 
* On init the auth provider 'openmetadata' must generate a JWT token if not present on config

* Address PR comments
This commit is contained in:
Nahuel 2022-11-16 16:53:01 +01:00 committed by GitHub
parent b92149fb4d
commit 1bde821e9a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
openmetadata-service/src/main/java/org/openmetadata/service/security/DefaultAuthorizer.java
View File

@ -13,6 +13,7 @@
package org.openmetadata.service.security; package org.openmetadata.service.security;
import static org.openmetadata.common.utils.CommonUtil.nullOrEmpty;
import static org.openmetadata.schema.auth.SSOAuthMechanism.SsoServiceType.AUTH_0; import static org.openmetadata.schema.auth.SSOAuthMechanism.SsoServiceType.AUTH_0;
import static org.openmetadata.schema.auth.SSOAuthMechanism.SsoServiceType.AZURE; import static org.openmetadata.schema.auth.SSOAuthMechanism.SsoServiceType.AZURE;
import static org.openmetadata.schema.auth.SSOAuthMechanism.SsoServiceType.CUSTOM_OIDC; import static org.openmetadata.schema.auth.SSOAuthMechanism.SsoServiceType.CUSTOM_OIDC;
@ -31,6 +32,7 @@ import java.util.HashMap;
import java.util.HashSet; import java.util.HashSet;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Objects;
import java.util.Set; import java.util.Set;
import java.util.UUID; import java.util.UUID;
import javax.ws.rs.core.SecurityContext; import javax.ws.rs.core.SecurityContext;
@ -283,12 +285,7 @@ public class DefaultAuthorizer implements Authorizer {
// if the auth provider is "openmetadata" in the configuration set JWT as auth mechanism // if the auth provider is "openmetadata" in the configuration set JWT as auth mechanism
if ("openmetadata".equals(airflowConfig.getAuthProvider()) && !"basic".equals(authConfig.getProvider())) { if ("openmetadata".equals(airflowConfig.getAuthProvider()) && !"basic".equals(authConfig.getProvider())) {
OpenMetadataJWTClientConfig jwtClientConfig = airflowConfig.getAuthConfig().getOpenmetadata(); OpenMetadataJWTClientConfig jwtClientConfig = airflowConfig.getAuthConfig().getOpenmetadata();
authMechanism = authMechanism = buildAuthMechanism(JWT, buildJWTAuthMechanism(jwtClientConfig, user));
buildAuthMechanism(
JWT,
new JWTAuthMechanism()
.withJWTToken(jwtClientConfig.getJwtToken())
.withJWTTokenExpiry(JWTTokenExpiry.Unlimited));
} else { } else {
// Otherwise, set auth mechanism from airflow configuration // Otherwise, set auth mechanism from airflow configuration
// TODO: https://github.com/open-metadata/OpenMetadata/issues/7712 // TODO: https://github.com/open-metadata/OpenMetadata/issues/7712
@ -323,8 +320,7 @@ public class DefaultAuthorizer implements Authorizer {
"Unexpected auth provider [%s] for bot [%s]", authConfig.getProvider(), user.getName())); "Unexpected auth provider [%s] for bot [%s]", authConfig.getProvider(), user.getName()));
} }
} else if ("basic".equals(authConfig.getProvider())) { } else if ("basic".equals(authConfig.getProvider())) {
authMechanism = authMechanism = buildAuthMechanism(JWT, buildJWTAuthMechanism(null, user));
buildAuthMechanism(JWT, JWTTokenGenerator.getInstance().generateJWTToken(user, JWTTokenExpiry.Unlimited));
} }
} }
} }
@ -334,6 +330,14 @@ public class DefaultAuthorizer implements Authorizer {
return addOrUpdateUser(user); return addOrUpdateUser(user);
} }
private static JWTAuthMechanism buildJWTAuthMechanism(OpenMetadataJWTClientConfig jwtClientConfig, User user) {
return Objects.isNull(jwtClientConfig) || nullOrEmpty(jwtClientConfig.getJwtToken())
? JWTTokenGenerator.getInstance().generateJWTToken(user, JWTTokenExpiry.Unlimited)
: new JWTAuthMechanism()
.withJWTToken(jwtClientConfig.getJwtToken())
.withJWTTokenExpiry(JWTTokenExpiry.Unlimited);
}
private static SSOAuthMechanism buildAuthMechanismConfig( private static SSOAuthMechanism buildAuthMechanismConfig(
SSOAuthMechanism.SsoServiceType ssoServiceType, Object config) { SSOAuthMechanism.SsoServiceType ssoServiceType, Object config) {
return new SSOAuthMechanism().withSsoServiceType(ssoServiceType).withAuthConfig(config); return new SSOAuthMechanism().withSsoServiceType(ssoServiceType).withAuthConfig(config);