mirror of
https://github.com/open-metadata/OpenMetadata.git
synced 2025-08-28 02:46:09 +00:00
Fix: Remove bot configuration with SSO service account (#10847)
* Add deprecation warning for SSO config for bots * Fix logging
This commit is contained in:
Nahuel
GitHub
parent
f7f5040008
commit
6fa6b95f74
@ -44,6 +44,18 @@ from metadata.ingestion.ometa.auth_provider import (
|
||||
OpenMetadataJWTClientConfig,
|
||||
)
|
||||
from metadata.utils.dispatch import enum_register
|
||||
from metadata.utils.logger import ometa_logger
|
||||
|
||||
logger = ometa_logger()
|
||||
|
||||
|
||||
def warn_auth_deprecation(auth_provider: AuthProvider) -> None:
|
||||
logger.warning(
|
||||
"Please, configure the ingestion-bot with the 'OpenMetadata JWT' configuration.\n"
|
||||
f"The '{auth_provider.value}' configuration is deprecated and will be removed in future releases.\n"
|
||||
f"Visit https://docs.open-metadata.org/deployment/security/enable-jwt-tokens to learn how to "
|
||||
f"configure the 'OpenMetadata JWT'."
|
||||
)
|
||||
|
||||
|
||||
class InvalidAuthProviderException(Exception):
|
||||
@ -63,26 +75,31 @@ def no_auth_init(config: OpenMetadataConnection) -> AuthenticationProvider:
|
||||
|
||||
@auth_provider_registry.add(AuthProvider.google.value)
|
||||
def google_auth_init(config: OpenMetadataConnection) -> AuthenticationProvider:
|
||||
warn_auth_deprecation(config.authProvider)
|
||||
return GoogleAuthenticationProvider.create(config)
|
||||
|
||||
|
||||
@auth_provider_registry.add(AuthProvider.okta.value)
|
||||
def okta_auth_init(config: OpenMetadataConnection) -> AuthenticationProvider:
|
||||
warn_auth_deprecation(config.authProvider)
|
||||
return OktaAuthenticationProvider.create(config)
|
||||
|
||||
|
||||
@auth_provider_registry.add(AuthProvider.auth0.value)
|
||||
def auth0_auth_init(config: OpenMetadataConnection) -> AuthenticationProvider:
|
||||
warn_auth_deprecation(config.authProvider)
|
||||
return Auth0AuthenticationProvider.create(config)
|
||||
|
||||
|
||||
@auth_provider_registry.add(AuthProvider.azure.value)
|
||||
def azure_auth_init(config: OpenMetadataConnection) -> AuthenticationProvider:
|
||||
warn_auth_deprecation(config.authProvider)
|
||||
return AzureAuthenticationProvider.create(config)
|
||||
|
||||
|
||||
@auth_provider_registry.add(AuthProvider.custom_oidc.value)
|
||||
def custom_oidc_auth_init(config: OpenMetadataConnection) -> AuthenticationProvider:
|
||||
warn_auth_deprecation(config.authProvider)
|
||||
return CustomOIDCAuthenticationProvider.create(config)
|
||||
|
||||
|
||||
|
||||
@ -295,6 +295,10 @@ public class OpenMetadataApplication extends Application<OpenMetadataApplication
|
||||
"'botPrincipals' configuration is deprecated. Please remove it from "
|
||||
+ "'openmetadata.yaml and restart the server");
|
||||
}
|
||||
if (catalogConfig.getPipelineServiceClientConfiguration().getAuthConfig() != null) {
|
||||
LOG.warn(
|
||||
"'authProvider' and 'authConfig' from the 'pipelineServiceClientConfiguration' option are deprecated and will be removed in future releases.");
|
||||
}
|
||||
}
|
||||
|
||||
private void registerAuthorizer(OpenMetadataApplicationConfig catalogConfig, Environment environment)
|
||||
|
||||
@ -32,7 +32,7 @@ import {
|
||||
import { getNameFromEmail } from '../../utils/AuthProvider.util';
|
||||
import {
|
||||
getAuthMechanismFormInitialValues,
|
||||
getAuthMechanismTypeOptions,
|
||||
getJWTOption,
|
||||
getJWTTokenExpiryOptions,
|
||||
} from '../../utils/BotsUtils';
|
||||
import { showErrorToast } from '../../utils/ToastUtils';
|
||||
@ -81,6 +81,8 @@ const AuthMechanismForm: FC<Props> = ({
|
||||
|
||||
const [isLoading, setIsLoading] = useState(false);
|
||||
|
||||
const jwtOption = getJWTOption();
|
||||
|
||||
useEffect(() => {
|
||||
const authType = authenticationMechanism.authType;
|
||||
const authConfig = authenticationMechanism.config?.authConfig;
|
||||
@ -597,9 +599,7 @@ const AuthMechanismForm: FC<Props> = ({
|
||||
field: t('label.auth-mechanism'),
|
||||
})}
|
||||
onChange={(value) => setAuthMechanism(value)}>
|
||||
{getAuthMechanismTypeOptions(authConfig).map((option) => (
|
||||
<Option key={option.value}>{option.label}</Option>
|
||||
))}
|
||||
<Option key={jwtOption.value}>{jwtOption.label}</Option>
|
||||
</Select>
|
||||
</Form.Item>
|
||||
|
||||
|
||||
@ -51,7 +51,7 @@ import {
|
||||
} from '../../generated/entity/teams/user';
|
||||
import jsonData from '../../jsons/en';
|
||||
import {
|
||||
getAuthMechanismTypeOptions,
|
||||
getJWTOption,
|
||||
getJWTTokenExpiryOptions,
|
||||
} from '../../utils/BotsUtils';
|
||||
import SVGIcons, { Icons } from '../../utils/SvgUtils';
|
||||
@ -130,6 +130,8 @@ const CreateUser = ({
|
||||
[forceBot]
|
||||
);
|
||||
|
||||
const jwtOption = getJWTOption();
|
||||
|
||||
/**
|
||||
* Handle on change event
|
||||
* @param event
|
||||
@ -787,9 +789,7 @@ const CreateUser = ({
|
||||
field: t('label.auth-mechanism'),
|
||||
})}
|
||||
onChange={(value) => setAuthMechanism(value)}>
|
||||
{getAuthMechanismTypeOptions(authConfig).map((option) => (
|
||||
<Option key={option.value}>{option.label}</Option>
|
||||
))}
|
||||
<Option key={jwtOption.value}>{jwtOption.label}</Option>
|
||||
</Select>
|
||||
</Form.Item>
|
||||
{authMechanism === AuthType.Jwt && (
|
||||
|
||||
@ -12,10 +12,7 @@
|
||||
*/
|
||||
|
||||
import { t } from 'i18next';
|
||||
import { isUndefined } from 'lodash';
|
||||
import { AuthTypes } from '../enums/signin.enum';
|
||||
import { AuthenticationMechanism } from '../generated/api/teams/createUser';
|
||||
import { SsoServiceType } from '../generated/auth/ssoAuth';
|
||||
|
||||
import { AuthType, JWTTokenExpiry, User } from '../generated/entity/teams/user';
|
||||
import { getExpiryDateTimeFromTimeStamp } from './TimeUtils';
|
||||
@ -32,80 +29,11 @@ export const getJWTTokenExpiryOptions = () => {
|
||||
});
|
||||
};
|
||||
|
||||
export const getAuthMechanismTypeOptions = (
|
||||
authConfig: Record<string, string | boolean> | undefined
|
||||
) => {
|
||||
const JWTOption = {
|
||||
export const getJWTOption = () => {
|
||||
return {
|
||||
label: `${t('label.open-metadata')} ${t('label.jwt-uppercase')}`,
|
||||
value: AuthType.Jwt,
|
||||
};
|
||||
/**
|
||||
* If no auth is setup return the JWT option only
|
||||
*/
|
||||
if (isUndefined(authConfig)) {
|
||||
return [JWTOption];
|
||||
} else {
|
||||
/**
|
||||
* If there is provider then return JWT and SSO options
|
||||
* Else return JWT option only
|
||||
*/
|
||||
switch (authConfig?.provider) {
|
||||
case SsoServiceType.Google: {
|
||||
const GoogleSSOOption = {
|
||||
label: t('label.service-sso', {
|
||||
serviceType: t('label.google'),
|
||||
}),
|
||||
value: AuthType.Sso,
|
||||
};
|
||||
|
||||
return [JWTOption, GoogleSSOOption];
|
||||
}
|
||||
case SsoServiceType.Auth0: {
|
||||
const Auth0SSOOption = {
|
||||
label: t('label.service-sso', {
|
||||
serviceType: t('label.auth0'),
|
||||
}),
|
||||
value: AuthType.Sso,
|
||||
};
|
||||
|
||||
return [JWTOption, Auth0SSOOption];
|
||||
}
|
||||
case SsoServiceType.Azure: {
|
||||
const AzureSSOOption = {
|
||||
label: t('label.service-sso', {
|
||||
serviceType: t('label.azure'),
|
||||
}),
|
||||
value: AuthType.Sso,
|
||||
};
|
||||
|
||||
return [JWTOption, AzureSSOOption];
|
||||
}
|
||||
case SsoServiceType.Okta: {
|
||||
const OktaSSOOption = {
|
||||
label: t('label.service-sso', {
|
||||
serviceType: t('label.okta'),
|
||||
}),
|
||||
value: AuthType.Sso,
|
||||
};
|
||||
|
||||
return [JWTOption, OktaSSOOption];
|
||||
}
|
||||
case SsoServiceType.CustomOidc: {
|
||||
const CustomOidcSSOOption = {
|
||||
label: t('label.service-sso', {
|
||||
serviceType: t('label.custom-oidc'),
|
||||
}),
|
||||
value: AuthType.Sso,
|
||||
};
|
||||
|
||||
return [JWTOption, CustomOidcSSOOption];
|
||||
}
|
||||
|
||||
case AuthTypes.BASIC:
|
||||
default:
|
||||
return [JWTOption];
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
/**
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user