yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-11-10 07:53:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix #14130: Add support for azure auth in trino (#16117)

Browse Source
This commit is contained in:
Mayur Singal 2024-05-03 15:17:25 +05:30 committed by GitHub
parent f1004e7960
commit 215a274bd0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 122 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
ingestion/src/metadata/ingestion/source/database/trino/connection.py
View File

@ -18,6 +18,7 @@ from urllib.parse import quote_plus
from requests import Session from requests import Session
from sqlalchemy.engine import Engine from sqlalchemy.engine import Engine
from metadata.clients.azure_client import AzureClient
from metadata.generated.schema.entity.automations.workflow import ( from metadata.generated.schema.entity.automations.workflow import (
Workflow as AutomationWorkflow, Workflow as AutomationWorkflow,
) )
@ -98,6 +99,18 @@ def get_connection(connection: TrinoConnection) -> Engine:
connection.connectionArguments.__root__["verify"] = { connection.connectionArguments.__root__["verify"] = {
"verify": connection.verify "verify": connection.verify
} }
if hasattr(connection.authType, "azureConfig"):
azure_client = AzureClient(connection.authType.azureConfig).create_client()
if not connection.authType.azureConfig.scopes:
raise ValueError(
"Azure Scopes are missing, please refer https://learn.microsoft.com/en-gb/azure/mysql/flexible-server/how-to-azure-ad#2---retrieve-microsoft-entra-access-token and fetch the resource associated with it, for e.g. https://ossrdbms-aad.database.windows.net/.default"
)
access_token_obj = azure_client.get_token(
*connection.authType.azureConfig.scopes.split(",")
)
if not connection.connectionOptions:
connection.connectionOptions = init_empty_connection_options()
connection.connectionOptions.__root__["access_token"] = access_token_obj.token
return create_generic_db_connection( return create_generic_db_connection(
connection=connection, connection=connection,
get_connection_url_fn=get_connection_url, get_connection_url_fn=get_connection_url,

25
openmetadata-docs/content/v1.4.x-SNAPSHOT/connectors/database/trino/index.md
View File

@ -57,6 +57,31 @@ Executing the profiler workflow or data quality tests, will require the user to
- **Password**: Password to connect to Trino. - **Password**: Password to connect to Trino.
- **JWT Auth Config**: - **JWT Auth Config**:
- **JWT**: JWT can be used to authenticate with trino. Follow the steps in the [official trino](https://trino.io/docs/current/security/jwt.html) documentation to setup trino with jwt. - **JWT**: JWT can be used to authenticate with trino. Follow the steps in the [official trino](https://trino.io/docs/current/security/jwt.html) documentation to setup trino with jwt.
- **Azure**:
- **Client ID**: To get the Client ID (also known as application ID), follow these steps:
1. Log into [Microsoft Azure](https://ms.portal.azure.com/#allservices).
2. Search for `App registrations` and select the `App registrations link`.
3. Select the `Azure AD` app you're using for Trino.
4. From the Overview section, copy the `Application (client) ID`.
- **Client Secret**: To get the client secret, follow these steps:
1. Log into [Microsoft Azure](https://ms.portal.azure.com/#allservices).
2. Search for `App registrations` and select the `App registrations link`.
3. Select the `Azure AD` app you're using for Trino.
4. Under `Manage`, select `Certificates & secrets`.
5. Under `Client secrets`, select `New client secret`.
6. In the `Add a client secret` pop-up window, provide a description for your application secret. Choose when the application should expire, and select `Add`.
7. From the `Client secrets` section, copy the string in the `Value` column of the newly created application secret.
- **Tenant ID**: To get the tenant ID, follow these steps:
1. Log into [Microsoft Azure](https://ms.portal.azure.com/#allservices).
2. Search for `App registrations` and select the `App registrations link`.
3. Select the `Azure AD` app you're using for Trino.
4. From the `Overview` section, copy the `Directory (tenant) ID`.
- **Scopes**: To let OM use the Trino Auth APIs using your Azure AD app, you'll need to add the scope
1. Log into [Microsoft Azure](https://ms.portal.azure.com/#allservices).
2. Search for `App registrations` and select the `App registrations link`.
3. Select the `Azure AD` app you're using for Trino.
4. From the `Expose an API` section, copy the `Application ID URI`
5. Make sure the URI ends with `/.default` in case it does not, you can append the same manually
- **Host and Port**: Enter the fully qualified hostname and port number for your Trino deployment in the Host and Port field. - **Host and Port**: Enter the fully qualified hostname and port number for your Trino deployment in the Host and Port field.
- **Catalog**: Trino offers a catalog feature where all the databases are stored. - **Catalog**: Trino offers a catalog feature where all the databases are stored.
- **DatabaseSchema**: DatabaseSchema of the data source. This is optional parameter, if you would like to restrict the metadata reading to a single databaseSchema. When left blank, OpenMetadata Ingestion attempts to scan all the databaseSchema. - **DatabaseSchema**: DatabaseSchema of the data source. This is optional parameter, if you would like to restrict the metadata reading to a single databaseSchema. When left blank, OpenMetadata Ingestion attempts to scan all the databaseSchema.

31
openmetadata-docs/content/v1.4.x-SNAPSHOT/connectors/database/trino/yaml.md
View File

@ -74,6 +74,32 @@ This is a sample config for Trino:
- **password**: Password to connect to Trino. - **password**: Password to connect to Trino.
- **JWT Auth Config**: - **JWT Auth Config**:
- **jwt**: JWT can be used to authenticate with trino. Follow the steps in the [official trino](https://trino.io/docs/current/security/jwt.html) documentation to setup trino with jwt. - **jwt**: JWT can be used to authenticate with trino. Follow the steps in the [official trino](https://trino.io/docs/current/security/jwt.html) documentation to setup trino with jwt.
- **Azure**:
- **clientId**: To get the Client ID (also known as application ID), follow these steps:
1. Log into [Microsoft Azure](https://ms.portal.azure.com/#allservices).
2. Search for `App registrations` and select the `App registrations link`.
3. Select the `Azure AD` app you're using for Trino.
4. From the Overview section, copy the `Application (client) ID`.
- **clientSecret**: To get the client secret, follow these steps:
1. Log into [Microsoft Azure](https://ms.portal.azure.com/#allservices).
2. Search for `App registrations` and select the `App registrations link`.
3. Select the `Azure AD` app you're using for Trino.
4. Under `Manage`, select `Certificates & secrets`.
5. Under `Client secrets`, select `New client secret`.
6. In the `Add a client secret` pop-up window, provide a description for your application secret. Choose when the application should expire, and select `Add`.
7. From the `Client secrets` section, copy the string in the `Value` column of the newly created application secret.
- **tenantId**: To get the tenant ID, follow these steps:
1. Log into [Microsoft Azure](https://ms.portal.azure.com/#allservices).
2. Search for `App registrations` and select the `App registrations link`.
3. Select the `Azure AD` app you're using for Trino.
4. From the `Overview` section, copy the `Directory (tenant) ID`.
- **scopes**: To let OM use the Trino Auth APIs using your Azure AD app, you'll need to add the scope
1. Log into [Microsoft Azure](https://ms.portal.azure.com/#allservices).
2. Search for `App registrations` and select the `App registrations link`.
3. Select the `Azure AD` app you're using for Trino.
4. From the `Expose an API` section, copy the `Application ID URI`
5. Make sure the URI ends with `/.default` in case it does not, you can append the same manually
{% /codeInfo %} {% /codeInfo %}
@ -150,6 +176,11 @@ source:
password: password password: password
# # For JWT auth # # For JWT auth
# jwt: jwt_token # jwt: jwt_token
# azureConfig:
# clientId: your-client-id
# clientSecret: your-client-secret
# tenantId: your-tenant-id
# scopes: https://your-scope/.default
``` ```
```yaml {% srNumber=4 %} ```yaml {% srNumber=4 %}
catalog: <catalog> catalog: <catalog>

3
openmetadata-spec/src/main/resources/json/schema/entity/services/connections/database/trinoConnection.json
View File

@ -46,6 +46,9 @@
}, },
{ {
"$ref": "./common/jwtAuth.json" "$ref": "./common/jwtAuth.json"
},
{
"$ref": "./common/azureConfig.json"
} }
] ]
}, },

50
openmetadata-ui/src/main/resources/ui/public/locales/en-US/Database/Trino.md
View File

@ -53,6 +53,56 @@ Follow the steps in the [official trino](https://trino.io/docs/current/security/
$$ $$
## Azure
$$section
### Client ID $(id="clientId")
To get the Client ID (also known as application ID), follow these steps:
1. Log into [Microsoft Azure](https://ms.portal.azure.com/#allservices).
2. Search for `App registrations` and select the `App registrations link`.
3. Select the `Azure AD` app you're using for Trino.
4. From the Overview section, copy the `Application (client) ID`.
$$
$$section
### Client Secret $(id="clientSecret")
To get the client secret, follow these steps:
1. Log into [Microsoft Azure](https://ms.portal.azure.com/#allservices).
2. Search for `App registrations` and select the `App registrations link`.
3. Select the `Azure AD` app you're using for Trino.
4. Under `Manage`, select `Certificates & secrets`.
5. Under `Client secrets`, select `New client secret`.
6. In the `Add a client secret` pop-up window, provide a description for your application secret. Choose when the application should expire, and select `Add`.
7. From the `Client secrets` section, copy the string in the `Value` column of the newly created application secret.
$$
$$section
### Tenant ID $(id="tenantId")
To get the tenant ID, follow these steps:
1. Log into [Microsoft Azure](https://ms.portal.azure.com/#allservices).
2. Search for `App registrations` and select the `App registrations link`.
3. Select the `Azure AD` app you're using for Trino.
4. From the `Overview` section, copy the `Directory (tenant) ID`.
$$
$$section
### Scopes $(id="Scopes")
To let OM use the Trino Auth APIs using your Azure AD app, you'll need to add the scope
1. Log into [Microsoft Azure](https://ms.portal.azure.com/#allservices).
2. Search for `App registrations` and select the `App registrations link`.
3. Select the `Azure AD` app you're using for Trino.
4. From the `Expose an API` section, copy the `Application ID URI`
5. Make sure the URI ends with `/.default` in case it does not, you can append the same manually
$$
$$section $$section
### Host Port $(id="hostPort") ### Host Port $(id="hostPort")
This parameter specifies the host and port of the Trino instance. This should be specified as a string in the format `hostname:port`. For example, you might set the hostPort parameter to `localhost:8080`. This parameter specifies the host and port of the Trino instance. This should be specified as a string in the format `hostname:port`. For example, you might set the hostPort parameter to `localhost:8080`.