yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-08-29 03:16:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix: Remove bot configuration with SSO service account (#10847)

Browse Source 
* Add deprecation warning for SSO config for bots

* Fix logging
This commit is contained in:
Nahuel 2023-03-30 19:37:45 +02:00 committed by GitHub
parent f7f5040008
commit 6fa6b95f74
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 31 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
ingestion/src/metadata/ingestion/ometa/provider_registry.py
View File

@ -44,6 +44,18 @@ from metadata.ingestion.ometa.auth_provider import (
OpenMetadataJWTClientConfig, OpenMetadataJWTClientConfig,
) )
from metadata.utils.dispatch import enum_register from metadata.utils.dispatch import enum_register
from metadata.utils.logger import ometa_logger
logger = ometa_logger()
def warn_auth_deprecation(auth_provider: AuthProvider) -> None:
logger.warning(
"Please, configure the ingestion-bot with the 'OpenMetadata JWT' configuration.\n"
f"The '{auth_provider.value}' configuration is deprecated and will be removed in future releases.\n"
f"Visit https://docs.open-metadata.org/deployment/security/enable-jwt-tokens to learn how to "
f"configure the 'OpenMetadata JWT'."
)
class InvalidAuthProviderException(Exception): class InvalidAuthProviderException(Exception):
@ -63,26 +75,31 @@ def no_auth_init(config: OpenMetadataConnection) -> AuthenticationProvider:
@auth_provider_registry.add(AuthProvider.google.value) @auth_provider_registry.add(AuthProvider.google.value)
def google_auth_init(config: OpenMetadataConnection) -> AuthenticationProvider: def google_auth_init(config: OpenMetadataConnection) -> AuthenticationProvider:
warn_auth_deprecation(config.authProvider)
return GoogleAuthenticationProvider.create(config) return GoogleAuthenticationProvider.create(config)
@auth_provider_registry.add(AuthProvider.okta.value) @auth_provider_registry.add(AuthProvider.okta.value)
def okta_auth_init(config: OpenMetadataConnection) -> AuthenticationProvider: def okta_auth_init(config: OpenMetadataConnection) -> AuthenticationProvider:
warn_auth_deprecation(config.authProvider)
return OktaAuthenticationProvider.create(config) return OktaAuthenticationProvider.create(config)
@auth_provider_registry.add(AuthProvider.auth0.value) @auth_provider_registry.add(AuthProvider.auth0.value)
def auth0_auth_init(config: OpenMetadataConnection) -> AuthenticationProvider: def auth0_auth_init(config: OpenMetadataConnection) -> AuthenticationProvider:
warn_auth_deprecation(config.authProvider)
return Auth0AuthenticationProvider.create(config) return Auth0AuthenticationProvider.create(config)
@auth_provider_registry.add(AuthProvider.azure.value) @auth_provider_registry.add(AuthProvider.azure.value)
def azure_auth_init(config: OpenMetadataConnection) -> AuthenticationProvider: def azure_auth_init(config: OpenMetadataConnection) -> AuthenticationProvider:
warn_auth_deprecation(config.authProvider)
return AzureAuthenticationProvider.create(config) return AzureAuthenticationProvider.create(config)
@auth_provider_registry.add(AuthProvider.custom_oidc.value) @auth_provider_registry.add(AuthProvider.custom_oidc.value)
def custom_oidc_auth_init(config: OpenMetadataConnection) -> AuthenticationProvider: def custom_oidc_auth_init(config: OpenMetadataConnection) -> AuthenticationProvider:
warn_auth_deprecation(config.authProvider)
return CustomOIDCAuthenticationProvider.create(config) return CustomOIDCAuthenticationProvider.create(config)

4
openmetadata-service/src/main/java/org/openmetadata/service/OpenMetadataApplication.java
View File

@ -295,6 +295,10 @@ public class OpenMetadataApplication extends Application<OpenMetadataApplication
"'botPrincipals' configuration is deprecated. Please remove it from " "'botPrincipals' configuration is deprecated. Please remove it from "
+ "'openmetadata.yaml and restart the server"); + "'openmetadata.yaml and restart the server");
} }
if (catalogConfig.getPipelineServiceClientConfiguration().getAuthConfig() != null) {
LOG.warn(
"'authProvider' and 'authConfig' from the 'pipelineServiceClientConfiguration' option are deprecated and will be removed in future releases.");
}
} }
private void registerAuthorizer(OpenMetadataApplicationConfig catalogConfig, Environment environment) private void registerAuthorizer(OpenMetadataApplicationConfig catalogConfig, Environment environment)

8
openmetadata-ui/src/main/resources/ui/src/components/BotDetails/AuthMechanismForm.tsx
View File

@ -32,7 +32,7 @@ import {
import { getNameFromEmail } from '../../utils/AuthProvider.util'; import { getNameFromEmail } from '../../utils/AuthProvider.util';
import { import {
getAuthMechanismFormInitialValues, getAuthMechanismFormInitialValues,
getAuthMechanismTypeOptions, getJWTOption,
getJWTTokenExpiryOptions, getJWTTokenExpiryOptions,
} from '../../utils/BotsUtils'; } from '../../utils/BotsUtils';
import { showErrorToast } from '../../utils/ToastUtils'; import { showErrorToast } from '../../utils/ToastUtils';
@ -81,6 +81,8 @@ const AuthMechanismForm: FC<Props> = ({
const [isLoading, setIsLoading] = useState(false); const [isLoading, setIsLoading] = useState(false);
const jwtOption = getJWTOption();
useEffect(() => { useEffect(() => {
const authType = authenticationMechanism.authType; const authType = authenticationMechanism.authType;
const authConfig = authenticationMechanism.config?.authConfig; const authConfig = authenticationMechanism.config?.authConfig;
@ -597,9 +599,7 @@ const AuthMechanismForm: FC<Props> = ({
field: t('label.auth-mechanism'), field: t('label.auth-mechanism'),
})} })}
onChange={(value) => setAuthMechanism(value)}> onChange={(value) => setAuthMechanism(value)}>
{getAuthMechanismTypeOptions(authConfig).map((option) => ( <Option key={jwtOption.value}>{jwtOption.label}</Option>
<Option key={option.value}>{option.label}</Option>
))}
</Select> </Select>
</Form.Item> </Form.Item>

8
openmetadata-ui/src/main/resources/ui/src/components/CreateUser/CreateUser.component.tsx
View File

@ -51,7 +51,7 @@ import {
} from '../../generated/entity/teams/user'; } from '../../generated/entity/teams/user';
import jsonData from '../../jsons/en'; import jsonData from '../../jsons/en';
import { import {
getAuthMechanismTypeOptions, getJWTOption,
getJWTTokenExpiryOptions, getJWTTokenExpiryOptions,
} from '../../utils/BotsUtils'; } from '../../utils/BotsUtils';
import SVGIcons, { Icons } from '../../utils/SvgUtils'; import SVGIcons, { Icons } from '../../utils/SvgUtils';
@ -130,6 +130,8 @@ const CreateUser = ({
[forceBot] [forceBot]
); );
const jwtOption = getJWTOption();
/** /**
* Handle on change event * Handle on change event
* @param event * @param event
@ -787,9 +789,7 @@ const CreateUser = ({
field: t('label.auth-mechanism'), field: t('label.auth-mechanism'),
})} })}
onChange={(value) => setAuthMechanism(value)}> onChange={(value) => setAuthMechanism(value)}>
{getAuthMechanismTypeOptions(authConfig).map((option) => ( <Option key={jwtOption.value}>{jwtOption.label}</Option>
<Option key={option.value}>{option.label}</Option>
))}
</Select> </Select>
</Form.Item> </Form.Item>
{authMechanism === AuthType.Jwt && ( {authMechanism === AuthType.Jwt && (

76
openmetadata-ui/src/main/resources/ui/src/utils/BotsUtils.ts
View File

@ -12,10 +12,7 @@
*/ */
import { t } from 'i18next'; import { t } from 'i18next';
import { isUndefined } from 'lodash';
import { AuthTypes } from '../enums/signin.enum';
import { AuthenticationMechanism } from '../generated/api/teams/createUser'; import { AuthenticationMechanism } from '../generated/api/teams/createUser';
import { SsoServiceType } from '../generated/auth/ssoAuth';
import { AuthType, JWTTokenExpiry, User } from '../generated/entity/teams/user'; import { AuthType, JWTTokenExpiry, User } from '../generated/entity/teams/user';
import { getExpiryDateTimeFromTimeStamp } from './TimeUtils'; import { getExpiryDateTimeFromTimeStamp } from './TimeUtils';
@ -32,80 +29,11 @@ export const getJWTTokenExpiryOptions = () => {
}); });
}; };
export const getAuthMechanismTypeOptions = ( export const getJWTOption = () => {
authConfig: Record<string, string | boolean> | undefined return {
) => {
const JWTOption = {
label: `${t('label.open-metadata')} ${t('label.jwt-uppercase')}`, label: `${t('label.open-metadata')} ${t('label.jwt-uppercase')}`,
value: AuthType.Jwt, value: AuthType.Jwt,
}; };
/**
* If no auth is setup return the JWT option only
*/
if (isUndefined(authConfig)) {
return [JWTOption];
} else {
/**
* If there is provider then return JWT and SSO options
* Else return JWT option only
*/
switch (authConfig?.provider) {
case SsoServiceType.Google: {
const GoogleSSOOption = {
label: t('label.service-sso', {
serviceType: t('label.google'),
}),
value: AuthType.Sso,
};
return [JWTOption, GoogleSSOOption];
}
case SsoServiceType.Auth0: {
const Auth0SSOOption = {
label: t('label.service-sso', {
serviceType: t('label.auth0'),
}),
value: AuthType.Sso,
};
return [JWTOption, Auth0SSOOption];
}
case SsoServiceType.Azure: {
const AzureSSOOption = {
label: t('label.service-sso', {
serviceType: t('label.azure'),
}),
value: AuthType.Sso,
};
return [JWTOption, AzureSSOOption];
}
case SsoServiceType.Okta: {
const OktaSSOOption = {
label: t('label.service-sso', {
serviceType: t('label.okta'),
}),
value: AuthType.Sso,
};
return [JWTOption, OktaSSOOption];
}
case SsoServiceType.CustomOidc: {
const CustomOidcSSOOption = {
label: t('label.service-sso', {
serviceType: t('label.custom-oidc'),
}),
value: AuthType.Sso,
};
return [JWTOption, CustomOidcSSOOption];
}
case AuthTypes.BASIC:
default:
return [JWTOption];
}
}
}; };
/** /**