mirror of
https://github.com/open-metadata/OpenMetadata.git
synced 2025-10-28 09:13:58 +00:00
Remove configuration for APIs for auth or authorizer (#23001)
(cherry picked from commit d5dfc458fdea8535754ca1741a6cb5eefe2bf059)
This commit is contained in:
Mohit Yadav
OpenMetadata Release Bot
parent
1c4e750803
commit
33bba503bb
@ -31,6 +31,7 @@ import org.openmetadata.catalog.type.IdentityProviderConfig;
|
||||
import org.openmetadata.schema.api.configuration.LoginConfiguration;
|
||||
import org.openmetadata.schema.api.security.AuthenticationConfiguration;
|
||||
import org.openmetadata.schema.api.security.AuthorizerConfiguration;
|
||||
import org.openmetadata.schema.services.connections.metadata.AuthProvider;
|
||||
import org.openmetadata.schema.settings.SettingsType;
|
||||
import org.openmetadata.service.OpenMetadataApplicationConfig;
|
||||
import org.openmetadata.service.clients.pipeline.PipelineServiceAPIClientConfig;
|
||||
@ -79,25 +80,34 @@ public class ConfigResource {
|
||||
schema = @Schema(implementation = AuthenticationConfiguration.class)))
|
||||
})
|
||||
public AuthenticationConfiguration getAuthConfig() {
|
||||
AuthenticationConfiguration authenticationConfiguration = new AuthenticationConfiguration();
|
||||
AuthenticationConfiguration responseAuthConfig = new AuthenticationConfiguration();
|
||||
AuthenticationConfiguration yamlConfig =
|
||||
openMetadataApplicationConfig.getAuthenticationConfiguration();
|
||||
if (openMetadataApplicationConfig.getAuthenticationConfiguration() != null) {
|
||||
authenticationConfiguration = openMetadataApplicationConfig.getAuthenticationConfiguration();
|
||||
// Remove Ldap Configuration
|
||||
authenticationConfiguration.setLdapConfiguration(null);
|
||||
|
||||
if (authenticationConfiguration.getSamlConfiguration() != null) {
|
||||
responseAuthConfig.setProvider(yamlConfig.getProvider());
|
||||
responseAuthConfig.setProviderName(yamlConfig.getProviderName());
|
||||
responseAuthConfig.setClientType(yamlConfig.getClientType());
|
||||
responseAuthConfig.setEnableSelfSignup(yamlConfig.getEnableSelfSignup());
|
||||
responseAuthConfig.setJwtPrincipalClaims(yamlConfig.getJwtPrincipalClaims());
|
||||
responseAuthConfig.setJwtPrincipalClaimsMapping(yamlConfig.getJwtPrincipalClaimsMapping());
|
||||
responseAuthConfig.setClientId(yamlConfig.getClientId());
|
||||
responseAuthConfig.setAuthority(yamlConfig.getAuthority());
|
||||
responseAuthConfig.setCallbackUrl(yamlConfig.getCallbackUrl());
|
||||
if (responseAuthConfig.getProvider().equals(AuthProvider.SAML)
|
||||
&& yamlConfig.getSamlConfiguration() != null) {
|
||||
// Remove Saml Fields
|
||||
SamlSSOClientConfig ssoClientConfig = new SamlSSOClientConfig();
|
||||
ssoClientConfig.setIdp(
|
||||
new IdentityProviderConfig()
|
||||
.withAuthorityUrl(
|
||||
authenticationConfiguration.getSamlConfiguration().getIdp().getAuthorityUrl()));
|
||||
authenticationConfiguration.setSamlConfiguration(ssoClientConfig);
|
||||
.withAuthorityUrl(yamlConfig.getSamlConfiguration().getIdp().getAuthorityUrl()));
|
||||
responseAuthConfig.setSamlConfiguration(ssoClientConfig);
|
||||
} else {
|
||||
responseAuthConfig.setSamlConfiguration(null);
|
||||
}
|
||||
|
||||
authenticationConfiguration.setOidcConfiguration(null);
|
||||
responseAuthConfig.setLdapConfiguration(null);
|
||||
responseAuthConfig.setOidcConfiguration(null);
|
||||
}
|
||||
return authenticationConfiguration;
|
||||
return responseAuthConfig;
|
||||
}
|
||||
|
||||
@GET
|
||||
@ -134,11 +144,12 @@ public class ConfigResource {
|
||||
schema = @Schema(implementation = AuthorizerConfiguration.class)))
|
||||
})
|
||||
public AuthorizerConfiguration getAuthorizerConfig() {
|
||||
AuthorizerConfiguration authorizerConfiguration = new AuthorizerConfiguration();
|
||||
if (openMetadataApplicationConfig.getAuthorizerConfiguration() != null) {
|
||||
authorizerConfiguration = openMetadataApplicationConfig.getAuthorizerConfiguration();
|
||||
AuthorizerConfiguration responseAuthorizerConfig = new AuthorizerConfiguration();
|
||||
AuthorizerConfiguration yamlConfig = openMetadataApplicationConfig.getAuthorizerConfiguration();
|
||||
if (yamlConfig != null) {
|
||||
responseAuthorizerConfig.setPrincipalDomain(yamlConfig.getPrincipalDomain());
|
||||
}
|
||||
return authorizerConfiguration;
|
||||
return responseAuthorizerConfig;
|
||||
}
|
||||
|
||||
@GET
|
||||
|
||||
@ -15,6 +15,8 @@ package org.openmetadata.service.resources.system;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||
import static org.junit.jupiter.api.Assertions.assertNull;
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
import static org.openmetadata.service.util.TestUtils.TEST_AUTH_HEADERS;
|
||||
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
@ -63,14 +65,41 @@ class ConfigResourceTest extends OpenMetadataApplicationTest {
|
||||
WebTarget target = getConfigResource("auth");
|
||||
AuthenticationConfiguration auth =
|
||||
TestUtils.get(target, AuthenticationConfiguration.class, TEST_AUTH_HEADERS);
|
||||
|
||||
// Verify required fields are present
|
||||
assertEquals(config.getAuthenticationConfiguration().getProvider(), auth.getProvider());
|
||||
assertEquals(config.getAuthenticationConfiguration().getProviderName(), auth.getProviderName());
|
||||
assertEquals(config.getAuthenticationConfiguration().getAuthority(), auth.getAuthority());
|
||||
assertEquals(config.getAuthenticationConfiguration().getCallbackUrl(), auth.getCallbackUrl());
|
||||
assertEquals(config.getAuthenticationConfiguration().getClientType(), auth.getClientType());
|
||||
assertEquals(
|
||||
config.getAuthenticationConfiguration().getEnableSelfSignup(), auth.getEnableSelfSignup());
|
||||
assertEquals(
|
||||
config.getAuthenticationConfiguration().getJwtPrincipalClaims(),
|
||||
auth.getJwtPrincipalClaims());
|
||||
assertEquals(
|
||||
config.getAuthenticationConfiguration().getJwtPrincipalClaimsMapping(),
|
||||
auth.getJwtPrincipalClaimsMapping());
|
||||
assertEquals(config.getAuthenticationConfiguration().getClientId(), auth.getClientId());
|
||||
assertEquals(config.getAuthenticationConfiguration().getAuthority(), auth.getAuthority());
|
||||
assertEquals(config.getAuthenticationConfiguration().getCallbackUrl(), auth.getCallbackUrl());
|
||||
|
||||
// For SAML, verify samlConfiguration is present but only contains authorityUrl
|
||||
if (auth.getProvider().name().equals("SAML")
|
||||
&& config.getAuthenticationConfiguration().getSamlConfiguration() != null) {
|
||||
assertNotNull(auth.getSamlConfiguration());
|
||||
assertNotNull(auth.getSamlConfiguration().getIdp());
|
||||
assertEquals(
|
||||
config.getAuthenticationConfiguration().getSamlConfiguration().getIdp().getAuthorityUrl(),
|
||||
auth.getSamlConfiguration().getIdp().getAuthorityUrl());
|
||||
}
|
||||
|
||||
// Verify sensitive/unused fields are excluded
|
||||
assertNull(auth.getLdapConfiguration());
|
||||
assertNull(auth.getOidcConfiguration());
|
||||
assertTrue(auth.getPublicKeyUrls().isEmpty());
|
||||
assertEquals(config.getAuthenticationConfiguration().getResponseType(), auth.getResponseType());
|
||||
assertEquals(
|
||||
config.getAuthenticationConfiguration().getTokenValidationAlgorithm(),
|
||||
auth.getTokenValidationAlgorithm());
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -78,20 +107,24 @@ class ConfigResourceTest extends OpenMetadataApplicationTest {
|
||||
WebTarget target = getConfigResource("authorizer");
|
||||
AuthorizerConfiguration auth =
|
||||
TestUtils.get(target, AuthorizerConfiguration.class, TEST_AUTH_HEADERS);
|
||||
assertEquals(config.getAuthorizerConfiguration().getClassName(), auth.getClassName());
|
||||
|
||||
// Verify only required field is present
|
||||
assertEquals(
|
||||
config.getAuthorizerConfiguration().getPrincipalDomain(), auth.getPrincipalDomain());
|
||||
|
||||
// Verify sensitive/unused fields are excluded
|
||||
assertNull(auth.getClassName());
|
||||
assertTrue(auth.getAdminPrincipals().isEmpty());
|
||||
assertNull(auth.getContainerRequestFilter());
|
||||
assertNull(auth.getEnableSecureSocketConnection());
|
||||
assertNull(auth.getEnforcePrincipalDomain());
|
||||
assertTrue(auth.getAllowedDomains().isEmpty());
|
||||
assertTrue(auth.getAllowedEmailRegistrationDomains().isEmpty());
|
||||
assertNull(auth.getBotPrincipals());
|
||||
assertTrue(auth.getTestPrincipals().isEmpty());
|
||||
assertEquals(
|
||||
config.getAuthorizerConfiguration().getAdminPrincipals(), auth.getAdminPrincipals());
|
||||
assertEquals(
|
||||
config.getAuthorizerConfiguration().getContainerRequestFilter(),
|
||||
auth.getContainerRequestFilter());
|
||||
assertEquals(
|
||||
config.getAuthorizerConfiguration().getEnableSecureSocketConnection(),
|
||||
auth.getEnableSecureSocketConnection());
|
||||
assertEquals(
|
||||
config.getAuthorizerConfiguration().getEnforcePrincipalDomain(),
|
||||
auth.getEnforcePrincipalDomain());
|
||||
config.getAuthorizerConfiguration().getUseRolesFromProvider(),
|
||||
auth.getUseRolesFromProvider());
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user