mirror of
https://github.com/open-metadata/OpenMetadata.git
synced 2025-10-29 01:32:01 +00:00
Remove configuration for APIs for auth or authorizer (#23001)
(cherry picked from commit d5dfc458fdea8535754ca1741a6cb5eefe2bf059)
This commit is contained in:
Mohit Yadav
OpenMetadata Release Bot
parent
1c4e750803
commit
33bba503bb
@ -31,6 +31,7 @@ import org.openmetadata.catalog.type.IdentityProviderConfig;
|
|||||||
import org.openmetadata.schema.api.configuration.LoginConfiguration;
|
import org.openmetadata.schema.api.configuration.LoginConfiguration;
|
||||||
import org.openmetadata.schema.api.security.AuthenticationConfiguration;
|
import org.openmetadata.schema.api.security.AuthenticationConfiguration;
|
||||||
import org.openmetadata.schema.api.security.AuthorizerConfiguration;
|
import org.openmetadata.schema.api.security.AuthorizerConfiguration;
|
||||||
|
import org.openmetadata.schema.services.connections.metadata.AuthProvider;
|
||||||
import org.openmetadata.schema.settings.SettingsType;
|
import org.openmetadata.schema.settings.SettingsType;
|
||||||
import org.openmetadata.service.OpenMetadataApplicationConfig;
|
import org.openmetadata.service.OpenMetadataApplicationConfig;
|
||||||
import org.openmetadata.service.clients.pipeline.PipelineServiceAPIClientConfig;
|
import org.openmetadata.service.clients.pipeline.PipelineServiceAPIClientConfig;
|
||||||
@ -79,25 +80,34 @@ public class ConfigResource {
|
|||||||
schema = @Schema(implementation = AuthenticationConfiguration.class)))
|
schema = @Schema(implementation = AuthenticationConfiguration.class)))
|
||||||
})
|
})
|
||||||
public AuthenticationConfiguration getAuthConfig() {
|
public AuthenticationConfiguration getAuthConfig() {
|
||||||
AuthenticationConfiguration authenticationConfiguration = new AuthenticationConfiguration();
|
AuthenticationConfiguration responseAuthConfig = new AuthenticationConfiguration();
|
||||||
|
AuthenticationConfiguration yamlConfig =
|
||||||
|
openMetadataApplicationConfig.getAuthenticationConfiguration();
|
||||||
if (openMetadataApplicationConfig.getAuthenticationConfiguration() != null) {
|
if (openMetadataApplicationConfig.getAuthenticationConfiguration() != null) {
|
||||||
authenticationConfiguration = openMetadataApplicationConfig.getAuthenticationConfiguration();
|
responseAuthConfig.setProvider(yamlConfig.getProvider());
|
||||||
// Remove Ldap Configuration
|
responseAuthConfig.setProviderName(yamlConfig.getProviderName());
|
||||||
authenticationConfiguration.setLdapConfiguration(null);
|
responseAuthConfig.setClientType(yamlConfig.getClientType());
|
||||||
|
responseAuthConfig.setEnableSelfSignup(yamlConfig.getEnableSelfSignup());
|
||||||
if (authenticationConfiguration.getSamlConfiguration() != null) {
|
responseAuthConfig.setJwtPrincipalClaims(yamlConfig.getJwtPrincipalClaims());
|
||||||
|
responseAuthConfig.setJwtPrincipalClaimsMapping(yamlConfig.getJwtPrincipalClaimsMapping());
|
||||||
|
responseAuthConfig.setClientId(yamlConfig.getClientId());
|
||||||
|
responseAuthConfig.setAuthority(yamlConfig.getAuthority());
|
||||||
|
responseAuthConfig.setCallbackUrl(yamlConfig.getCallbackUrl());
|
||||||
|
if (responseAuthConfig.getProvider().equals(AuthProvider.SAML)
|
||||||
|
&& yamlConfig.getSamlConfiguration() != null) {
|
||||||
// Remove Saml Fields
|
// Remove Saml Fields
|
||||||
SamlSSOClientConfig ssoClientConfig = new SamlSSOClientConfig();
|
SamlSSOClientConfig ssoClientConfig = new SamlSSOClientConfig();
|
||||||
ssoClientConfig.setIdp(
|
ssoClientConfig.setIdp(
|
||||||
new IdentityProviderConfig()
|
new IdentityProviderConfig()
|
||||||
.withAuthorityUrl(
|
.withAuthorityUrl(yamlConfig.getSamlConfiguration().getIdp().getAuthorityUrl()));
|
||||||
authenticationConfiguration.getSamlConfiguration().getIdp().getAuthorityUrl()));
|
responseAuthConfig.setSamlConfiguration(ssoClientConfig);
|
||||||
authenticationConfiguration.setSamlConfiguration(ssoClientConfig);
|
} else {
|
||||||
|
responseAuthConfig.setSamlConfiguration(null);
|
||||||
}
|
}
|
||||||
|
responseAuthConfig.setLdapConfiguration(null);
|
||||||
authenticationConfiguration.setOidcConfiguration(null);
|
responseAuthConfig.setOidcConfiguration(null);
|
||||||
}
|
}
|
||||||
return authenticationConfiguration;
|
return responseAuthConfig;
|
||||||
}
|
}
|
||||||
|
|
||||||
@GET
|
@GET
|
||||||
@ -134,11 +144,12 @@ public class ConfigResource {
|
|||||||
schema = @Schema(implementation = AuthorizerConfiguration.class)))
|
schema = @Schema(implementation = AuthorizerConfiguration.class)))
|
||||||
})
|
})
|
||||||
public AuthorizerConfiguration getAuthorizerConfig() {
|
public AuthorizerConfiguration getAuthorizerConfig() {
|
||||||
AuthorizerConfiguration authorizerConfiguration = new AuthorizerConfiguration();
|
AuthorizerConfiguration responseAuthorizerConfig = new AuthorizerConfiguration();
|
||||||
if (openMetadataApplicationConfig.getAuthorizerConfiguration() != null) {
|
AuthorizerConfiguration yamlConfig = openMetadataApplicationConfig.getAuthorizerConfiguration();
|
||||||
authorizerConfiguration = openMetadataApplicationConfig.getAuthorizerConfiguration();
|
if (yamlConfig != null) {
|
||||||
|
responseAuthorizerConfig.setPrincipalDomain(yamlConfig.getPrincipalDomain());
|
||||||
}
|
}
|
||||||
return authorizerConfiguration;
|
return responseAuthorizerConfig;
|
||||||
}
|
}
|
||||||
|
|
||||||
@GET
|
@GET
|
||||||
|
|||||||
@ -15,6 +15,8 @@ package org.openmetadata.service.resources.system;
|
|||||||
|
|
||||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertNull;
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||||
import static org.openmetadata.service.util.TestUtils.TEST_AUTH_HEADERS;
|
import static org.openmetadata.service.util.TestUtils.TEST_AUTH_HEADERS;
|
||||||
|
|
||||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||||
@ -63,14 +65,41 @@ class ConfigResourceTest extends OpenMetadataApplicationTest {
|
|||||||
WebTarget target = getConfigResource("auth");
|
WebTarget target = getConfigResource("auth");
|
||||||
AuthenticationConfiguration auth =
|
AuthenticationConfiguration auth =
|
||||||
TestUtils.get(target, AuthenticationConfiguration.class, TEST_AUTH_HEADERS);
|
TestUtils.get(target, AuthenticationConfiguration.class, TEST_AUTH_HEADERS);
|
||||||
|
|
||||||
|
// Verify required fields are present
|
||||||
assertEquals(config.getAuthenticationConfiguration().getProvider(), auth.getProvider());
|
assertEquals(config.getAuthenticationConfiguration().getProvider(), auth.getProvider());
|
||||||
assertEquals(config.getAuthenticationConfiguration().getProviderName(), auth.getProviderName());
|
assertEquals(config.getAuthenticationConfiguration().getProviderName(), auth.getProviderName());
|
||||||
assertEquals(config.getAuthenticationConfiguration().getAuthority(), auth.getAuthority());
|
assertEquals(config.getAuthenticationConfiguration().getClientType(), auth.getClientType());
|
||||||
assertEquals(config.getAuthenticationConfiguration().getCallbackUrl(), auth.getCallbackUrl());
|
assertEquals(
|
||||||
|
config.getAuthenticationConfiguration().getEnableSelfSignup(), auth.getEnableSelfSignup());
|
||||||
assertEquals(
|
assertEquals(
|
||||||
config.getAuthenticationConfiguration().getJwtPrincipalClaims(),
|
config.getAuthenticationConfiguration().getJwtPrincipalClaims(),
|
||||||
auth.getJwtPrincipalClaims());
|
auth.getJwtPrincipalClaims());
|
||||||
|
assertEquals(
|
||||||
|
config.getAuthenticationConfiguration().getJwtPrincipalClaimsMapping(),
|
||||||
|
auth.getJwtPrincipalClaimsMapping());
|
||||||
assertEquals(config.getAuthenticationConfiguration().getClientId(), auth.getClientId());
|
assertEquals(config.getAuthenticationConfiguration().getClientId(), auth.getClientId());
|
||||||
|
assertEquals(config.getAuthenticationConfiguration().getAuthority(), auth.getAuthority());
|
||||||
|
assertEquals(config.getAuthenticationConfiguration().getCallbackUrl(), auth.getCallbackUrl());
|
||||||
|
|
||||||
|
// For SAML, verify samlConfiguration is present but only contains authorityUrl
|
||||||
|
if (auth.getProvider().name().equals("SAML")
|
||||||
|
&& config.getAuthenticationConfiguration().getSamlConfiguration() != null) {
|
||||||
|
assertNotNull(auth.getSamlConfiguration());
|
||||||
|
assertNotNull(auth.getSamlConfiguration().getIdp());
|
||||||
|
assertEquals(
|
||||||
|
config.getAuthenticationConfiguration().getSamlConfiguration().getIdp().getAuthorityUrl(),
|
||||||
|
auth.getSamlConfiguration().getIdp().getAuthorityUrl());
|
||||||
|
}
|
||||||
|
|
||||||
|
// Verify sensitive/unused fields are excluded
|
||||||
|
assertNull(auth.getLdapConfiguration());
|
||||||
|
assertNull(auth.getOidcConfiguration());
|
||||||
|
assertTrue(auth.getPublicKeyUrls().isEmpty());
|
||||||
|
assertEquals(config.getAuthenticationConfiguration().getResponseType(), auth.getResponseType());
|
||||||
|
assertEquals(
|
||||||
|
config.getAuthenticationConfiguration().getTokenValidationAlgorithm(),
|
||||||
|
auth.getTokenValidationAlgorithm());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@ -78,20 +107,24 @@ class ConfigResourceTest extends OpenMetadataApplicationTest {
|
|||||||
WebTarget target = getConfigResource("authorizer");
|
WebTarget target = getConfigResource("authorizer");
|
||||||
AuthorizerConfiguration auth =
|
AuthorizerConfiguration auth =
|
||||||
TestUtils.get(target, AuthorizerConfiguration.class, TEST_AUTH_HEADERS);
|
TestUtils.get(target, AuthorizerConfiguration.class, TEST_AUTH_HEADERS);
|
||||||
assertEquals(config.getAuthorizerConfiguration().getClassName(), auth.getClassName());
|
|
||||||
|
// Verify only required field is present
|
||||||
assertEquals(
|
assertEquals(
|
||||||
config.getAuthorizerConfiguration().getPrincipalDomain(), auth.getPrincipalDomain());
|
config.getAuthorizerConfiguration().getPrincipalDomain(), auth.getPrincipalDomain());
|
||||||
|
|
||||||
|
// Verify sensitive/unused fields are excluded
|
||||||
|
assertNull(auth.getClassName());
|
||||||
|
assertTrue(auth.getAdminPrincipals().isEmpty());
|
||||||
|
assertNull(auth.getContainerRequestFilter());
|
||||||
|
assertNull(auth.getEnableSecureSocketConnection());
|
||||||
|
assertNull(auth.getEnforcePrincipalDomain());
|
||||||
|
assertTrue(auth.getAllowedDomains().isEmpty());
|
||||||
|
assertTrue(auth.getAllowedEmailRegistrationDomains().isEmpty());
|
||||||
|
assertNull(auth.getBotPrincipals());
|
||||||
|
assertTrue(auth.getTestPrincipals().isEmpty());
|
||||||
assertEquals(
|
assertEquals(
|
||||||
config.getAuthorizerConfiguration().getAdminPrincipals(), auth.getAdminPrincipals());
|
config.getAuthorizerConfiguration().getUseRolesFromProvider(),
|
||||||
assertEquals(
|
auth.getUseRolesFromProvider());
|
||||||
config.getAuthorizerConfiguration().getContainerRequestFilter(),
|
|
||||||
auth.getContainerRequestFilter());
|
|
||||||
assertEquals(
|
|
||||||
config.getAuthorizerConfiguration().getEnableSecureSocketConnection(),
|
|
||||||
auth.getEnableSecureSocketConnection());
|
|
||||||
assertEquals(
|
|
||||||
config.getAuthorizerConfiguration().getEnforcePrincipalDomain(),
|
|
||||||
auth.getEnforcePrincipalDomain());
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user