From 6fa6b95f74b3b424c7dcb966d93fd8be90e87ea3 Mon Sep 17 00:00:00 2001
From: Nahuel <nahuel@getcollate.io>
Date: Thu, 30 Mar 2023 19:37:45 +0200
Subject: [PATCH] Fix: Remove bot configuration with SSO service account
 (#10847)

* Add deprecation warning for SSO config for bots

* Fix logging
---
 .../ingestion/ometa/provider_registry.py      | 17 +++++
 .../service/OpenMetadataApplication.java      |  4 +
 .../BotDetails/AuthMechanismForm.tsx          |  8 +-
 .../CreateUser/CreateUser.component.tsx       |  8 +-
 .../main/resources/ui/src/utils/BotsUtils.ts  | 76 +------------------
 5 files changed, 31 insertions(+), 82 deletions(-)

diff --git a/ingestion/src/metadata/ingestion/ometa/provider_registry.py b/ingestion/src/metadata/ingestion/ometa/provider_registry.py
index 2710f3356be..175f4b42dc8 100644
--- a/ingestion/src/metadata/ingestion/ometa/provider_registry.py
+++ b/ingestion/src/metadata/ingestion/ometa/provider_registry.py
@@ -44,6 +44,18 @@ from metadata.ingestion.ometa.auth_provider import (
     OpenMetadataJWTClientConfig,
 )
 from metadata.utils.dispatch import enum_register
+from metadata.utils.logger import ometa_logger
+
+logger = ometa_logger()
+
+
+def warn_auth_deprecation(auth_provider: AuthProvider) -> None:
+    logger.warning(
+        "Please, configure the ingestion-bot with the 'OpenMetadata JWT' configuration.\n"
+        f"The '{auth_provider.value}' configuration is deprecated and will be removed in future releases.\n"
+        f"Visit https://docs.open-metadata.org/deployment/security/enable-jwt-tokens to learn how to "
+        f"configure the 'OpenMetadata JWT'."
+    )
 
 
 class InvalidAuthProviderException(Exception):
@@ -63,26 +75,31 @@ def no_auth_init(config: OpenMetadataConnection) -> AuthenticationProvider:
 
 @auth_provider_registry.add(AuthProvider.google.value)
 def google_auth_init(config: OpenMetadataConnection) -> AuthenticationProvider:
+    warn_auth_deprecation(config.authProvider)
     return GoogleAuthenticationProvider.create(config)
 
 
 @auth_provider_registry.add(AuthProvider.okta.value)
 def okta_auth_init(config: OpenMetadataConnection) -> AuthenticationProvider:
+    warn_auth_deprecation(config.authProvider)
     return OktaAuthenticationProvider.create(config)
 
 
 @auth_provider_registry.add(AuthProvider.auth0.value)
 def auth0_auth_init(config: OpenMetadataConnection) -> AuthenticationProvider:
+    warn_auth_deprecation(config.authProvider)
     return Auth0AuthenticationProvider.create(config)
 
 
 @auth_provider_registry.add(AuthProvider.azure.value)
 def azure_auth_init(config: OpenMetadataConnection) -> AuthenticationProvider:
+    warn_auth_deprecation(config.authProvider)
     return AzureAuthenticationProvider.create(config)
 
 
 @auth_provider_registry.add(AuthProvider.custom_oidc.value)
 def custom_oidc_auth_init(config: OpenMetadataConnection) -> AuthenticationProvider:
+    warn_auth_deprecation(config.authProvider)
     return CustomOIDCAuthenticationProvider.create(config)
 
 
diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/OpenMetadataApplication.java b/openmetadata-service/src/main/java/org/openmetadata/service/OpenMetadataApplication.java
index 297116d0600..42a2f1e2686 100644
--- a/openmetadata-service/src/main/java/org/openmetadata/service/OpenMetadataApplication.java
+++ b/openmetadata-service/src/main/java/org/openmetadata/service/OpenMetadataApplication.java
@@ -295,6 +295,10 @@ public class OpenMetadataApplication extends Application<OpenMetadataApplication
           "'botPrincipals' configuration is deprecated. Please remove it from "
               + "'openmetadata.yaml and restart the server");
     }
+    if (catalogConfig.getPipelineServiceClientConfiguration().getAuthConfig() != null) {
+      LOG.warn(
+          "'authProvider' and 'authConfig' from the 'pipelineServiceClientConfiguration' option are deprecated and will be removed in future releases.");
+    }
   }
 
   private void registerAuthorizer(OpenMetadataApplicationConfig catalogConfig, Environment environment)
diff --git a/openmetadata-ui/src/main/resources/ui/src/components/BotDetails/AuthMechanismForm.tsx b/openmetadata-ui/src/main/resources/ui/src/components/BotDetails/AuthMechanismForm.tsx
index 6af568cf467..ad3b953513c 100644
--- a/openmetadata-ui/src/main/resources/ui/src/components/BotDetails/AuthMechanismForm.tsx
+++ b/openmetadata-ui/src/main/resources/ui/src/components/BotDetails/AuthMechanismForm.tsx
@@ -32,7 +32,7 @@ import {
 import { getNameFromEmail } from '../../utils/AuthProvider.util';
 import {
   getAuthMechanismFormInitialValues,
-  getAuthMechanismTypeOptions,
+  getJWTOption,
   getJWTTokenExpiryOptions,
 } from '../../utils/BotsUtils';
 import { showErrorToast } from '../../utils/ToastUtils';
@@ -81,6 +81,8 @@ const AuthMechanismForm: FC<Props> = ({
 
   const [isLoading, setIsLoading] = useState(false);
 
+  const jwtOption = getJWTOption();
+
   useEffect(() => {
     const authType = authenticationMechanism.authType;
     const authConfig = authenticationMechanism.config?.authConfig;
@@ -597,9 +599,7 @@ const AuthMechanismForm: FC<Props> = ({
               field: t('label.auth-mechanism'),
             })}
             onChange={(value) => setAuthMechanism(value)}>
-            {getAuthMechanismTypeOptions(authConfig).map((option) => (
-              <Option key={option.value}>{option.label}</Option>
-            ))}
+            <Option key={jwtOption.value}>{jwtOption.label}</Option>
           </Select>
         </Form.Item>
 
diff --git a/openmetadata-ui/src/main/resources/ui/src/components/CreateUser/CreateUser.component.tsx b/openmetadata-ui/src/main/resources/ui/src/components/CreateUser/CreateUser.component.tsx
index 03d131b7c33..b16d9bb022b 100644
--- a/openmetadata-ui/src/main/resources/ui/src/components/CreateUser/CreateUser.component.tsx
+++ b/openmetadata-ui/src/main/resources/ui/src/components/CreateUser/CreateUser.component.tsx
@@ -51,7 +51,7 @@ import {
 } from '../../generated/entity/teams/user';
 import jsonData from '../../jsons/en';
 import {
-  getAuthMechanismTypeOptions,
+  getJWTOption,
   getJWTTokenExpiryOptions,
 } from '../../utils/BotsUtils';
 import SVGIcons, { Icons } from '../../utils/SvgUtils';
@@ -130,6 +130,8 @@ const CreateUser = ({
     [forceBot]
   );
 
+  const jwtOption = getJWTOption();
+
   /**
    * Handle on change event
    * @param event
@@ -787,9 +789,7 @@ const CreateUser = ({
                     field: t('label.auth-mechanism'),
                   })}
                   onChange={(value) => setAuthMechanism(value)}>
-                  {getAuthMechanismTypeOptions(authConfig).map((option) => (
-                    <Option key={option.value}>{option.label}</Option>
-                  ))}
+                  <Option key={jwtOption.value}>{jwtOption.label}</Option>
                 </Select>
               </Form.Item>
               {authMechanism === AuthType.Jwt && (
diff --git a/openmetadata-ui/src/main/resources/ui/src/utils/BotsUtils.ts b/openmetadata-ui/src/main/resources/ui/src/utils/BotsUtils.ts
index f3d5f5420af..99060fec740 100644
--- a/openmetadata-ui/src/main/resources/ui/src/utils/BotsUtils.ts
+++ b/openmetadata-ui/src/main/resources/ui/src/utils/BotsUtils.ts
@@ -12,10 +12,7 @@
  */
 
 import { t } from 'i18next';
-import { isUndefined } from 'lodash';
-import { AuthTypes } from '../enums/signin.enum';
 import { AuthenticationMechanism } from '../generated/api/teams/createUser';
-import { SsoServiceType } from '../generated/auth/ssoAuth';
 
 import { AuthType, JWTTokenExpiry, User } from '../generated/entity/teams/user';
 import { getExpiryDateTimeFromTimeStamp } from './TimeUtils';
@@ -32,80 +29,11 @@ export const getJWTTokenExpiryOptions = () => {
   });
 };
 
-export const getAuthMechanismTypeOptions = (
-  authConfig: Record<string, string | boolean> | undefined
-) => {
-  const JWTOption = {
+export const getJWTOption = () => {
+  return {
     label: `${t('label.open-metadata')} ${t('label.jwt-uppercase')}`,
     value: AuthType.Jwt,
   };
-  /**
-   * If no auth is setup return the JWT option only
-   */
-  if (isUndefined(authConfig)) {
-    return [JWTOption];
-  } else {
-    /**
-     * If there is provider then return JWT and SSO options
-     * Else return JWT option only
-     */
-    switch (authConfig?.provider) {
-      case SsoServiceType.Google: {
-        const GoogleSSOOption = {
-          label: t('label.service-sso', {
-            serviceType: t('label.google'),
-          }),
-          value: AuthType.Sso,
-        };
-
-        return [JWTOption, GoogleSSOOption];
-      }
-      case SsoServiceType.Auth0: {
-        const Auth0SSOOption = {
-          label: t('label.service-sso', {
-            serviceType: t('label.auth0'),
-          }),
-          value: AuthType.Sso,
-        };
-
-        return [JWTOption, Auth0SSOOption];
-      }
-      case SsoServiceType.Azure: {
-        const AzureSSOOption = {
-          label: t('label.service-sso', {
-            serviceType: t('label.azure'),
-          }),
-          value: AuthType.Sso,
-        };
-
-        return [JWTOption, AzureSSOOption];
-      }
-      case SsoServiceType.Okta: {
-        const OktaSSOOption = {
-          label: t('label.service-sso', {
-            serviceType: t('label.okta'),
-          }),
-          value: AuthType.Sso,
-        };
-
-        return [JWTOption, OktaSSOOption];
-      }
-      case SsoServiceType.CustomOidc: {
-        const CustomOidcSSOOption = {
-          label: t('label.service-sso', {
-            serviceType: t('label.custom-oidc'),
-          }),
-          value: AuthType.Sso,
-        };
-
-        return [JWTOption, CustomOidcSSOOption];
-      }
-
-      case AuthTypes.BASIC:
-      default:
-        return [JWTOption];
-    }
-  }
 };
 
 /**