yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-12-12 15:57:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix #168: Azure SSO Kubernetes instructions seem outdated compared to 0.12.0 Helm chart (#7604)

Browse Source
This commit is contained in:
Sriharsha Chintalapani 2022-09-20 12:13:56 -07:00 committed by GitHub
parent 00a45782b9
commit 93e2a113ba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
28 changed files with 60 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
openmetadata-docs/content/deployment/configuration.md
View File

@ -9,7 +9,7 @@ This document describes OpenMetadata Server Configuration
```yaml
swagger:
resourcePackage: org.openmetadata.service.resources
resourcePackage: org.openmetadata.catalog.resources
server:
@ -26,7 +26,7 @@ server:
logging:
level: INFO
loggers:
org.openmetadata.service.common: DEBUG
org.openmetadata.catalog.common: DEBUG
io.swagger: ERROR
appenders:
- type: file
@ -54,7 +54,7 @@ elasticsearch:
eventHandlerConfiguration:
eventHandlerClassNames:
- "org.openmetadata.service.events.AuditEventHandler"
- "org.openmetadata.catalog.events.AuditEventHandler"
health:
delayedShutdownHandlerEnabled: true
@ -136,7 +136,7 @@ ElasticSearch running on the local machine. Please make sure you update it with
```yaml
eventHandlerConfiguration:
eventHandlerClassNames:
- "org.openmetadata.service.events.AuditEventHandler"
- "org.openmetadata.catalog.events.AuditEventHandler"
```
EventHandler configuration is optional. It will update the AuditLog in MySQL DB and also ElasticSearch indexes whenever

4
openmetadata-docs/content/deployment/kubernetes/values.md
View File

@ -20,8 +20,8 @@ This page list all the supported helm values for OpenMetadata Helm Charts.
| global.authentication.clientId | string | `Empty String` |
| global.authentication.callbackUrl | string | `Empty String` |
| global.authentication.jwtPrincipalClaims | list | `[email,preferred_username,sub]` |
| global.authorizer.className | string | `org.openmetadata.service.security.NoopAuthorizer` |
| global.authorizer.containerRequestFilter | string | `org.openmetadata.service.security.NoopFilter` |
| global.authorizer.className | string | `org.openmetadata.catalog.security.NoopAuthorizer` |
| global.authorizer.containerRequestFilter | string | `org.openmetadata.catalog.security.NoopFilter` |
| global.authorizer.enforcePrincipalDomain | bool | `false` |
| global.authorizer.enableSecureSocketConnection | bool | `false` |
| global.authorizer.initialAdmins | list | `[admin]` |

2
openmetadata-docs/content/deployment/secrets-manager/how-to-add-a-new-implementation/index.md
View File

@ -18,7 +18,7 @@ Create a new entry in the JSON schema definition of the Secrets Manager provider
"title": "Secrets Manager Provider",
"description": "OpenMetadata Secrets Manager Provider. Make sure to configure the same secrets manager providers as the ones configured on the OpenMetadata server.",
"type": "string",
"javaType": "org.openmetadata.service.services.connections.metadata.SecretsManagerProvider",
"javaType": "org.openmetadata.catalog.services.connections.metadata.SecretsManagerProvider",
"enum": ["noop", "aws", "aws-ssm", "awesome-sm"],
"additionalProperties": false
}

4
openmetadata-docs/content/deployment/security/amazon-cognito-sso/bare-metal.md
View File

@ -27,9 +27,9 @@ Then,
```yaml
authorizerConfiguration:
className: "org.openmetadata.service.security.DefaultAuthorizer"
className: "org.openmetadata.catalog.security.DefaultAuthorizer"
# JWT Filter
containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
containerRequestFilter: "org.openmetadata.catalog.security.JwtFilter"
adminPrincipals:
- "user1"
- "user2"

4
openmetadata-docs/content/deployment/security/amazon-cognito-sso/docker.md
View File

@ -14,8 +14,8 @@ generated when setting up the account in the previous steps.
```bash
# OpenMetadata Server Authentication Configuration
AUTHORIZER_CLASS_NAME=org.openmetadata.service.security.DefaultAuthorizer
AUTHORIZER_REQUEST_FILTER=org.openmetadata.service.security.JwtFilter
AUTHORIZER_CLASS_NAME=org.openmetadata.catalog.security.DefaultAuthorizer
AUTHORIZER_REQUEST_FILTER=org.openmetadata.catalog.security.JwtFilter
AUTHORIZER_ADMIN_PRINCIPALS=[admin] # Your `name` from name@domain.com
AUTHORIZER_INGESTION_PRINCIPALS=[ingestion-bot]
AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your domain

4
openmetadata-docs/content/deployment/security/amazon-cognito-sso/kubernetes.md
View File

@ -13,8 +13,8 @@ place the client id value and update the authorizer configurations in the `value
```yaml
global:
authorizer:
className: "org.openmetadata.service.security.DefaultAuthorizer"
containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
className: "org.openmetadata.catalog.security.DefaultAuthorizer"
containerRequestFilter: "org.openmetadata.catalog.security.JwtFilter"
initialAdmins:
- "user1"
- "user2"

4
openmetadata-docs/content/deployment/security/auth0/bare-metal.md
View File

@ -25,9 +25,9 @@ Then,
```yaml
authorizerConfiguration:
className: "org.openmetadata.service.security.DefaultAuthorizer"
className: "org.openmetadata.catalog.security.DefaultAuthorizer"
# JWT Filter
containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
containerRequestFilter: "org.openmetadata.catalog.security.JwtFilter"
adminPrincipals:
- "user1"
- "user2"

4
openmetadata-docs/content/deployment/security/auth0/docker.md
View File

@ -14,8 +14,8 @@ generated when setting up the account.
```shell
# OpenMetadata Server Authentication Configuration
AUTHORIZER_CLASS_NAME=org.openmetadata.service.security.DefaultAuthorizer
AUTHORIZER_REQUEST_FILTER=org.openmetadata.service.security.JwtFilter
AUTHORIZER_CLASS_NAME=org.openmetadata.catalog.security.DefaultAuthorizer
AUTHORIZER_REQUEST_FILTER=org.openmetadata.catalog.security.JwtFilter
AUTHORIZER_ADMIN_PRINCIPALS=[admin] # Your `name` from name@domain.com
AUTHORIZER_INGESTION_PRINCIPALS=[ingestion-bot]
AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your domain

4
openmetadata-docs/content/deployment/security/auth0/kubernetes.md
View File

@ -13,8 +13,8 @@ place the client id value and update the authorizer configurations in the `value
```yaml
global:
authorizer:
className: "org.openmetadata.service.security.DefaultAuthorizer"
containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
className: "org.openmetadata.catalog.security.DefaultAuthorizer"
containerRequestFilter: "org.openmetadata.catalog.security.JwtFilter"
initialAdmins:
- "suresh"
botPrincipals:

4
openmetadata-docs/content/deployment/security/azure/bare-metal.md
View File

@ -25,9 +25,9 @@ Then,
```yaml
authorizerConfiguration:
className: "org.openmetadata.service.security.DefaultAuthorizer"
className: "org.openmetadata.catalog.security.DefaultAuthorizer"
# JWT Filter
containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
containerRequestFilter: "org.openmetadata.catalog.security.JwtFilter"
adminPrincipals:
- "user1"
- "user2"

4
openmetadata-docs/content/deployment/security/azure/docker.md
View File

@ -14,8 +14,8 @@ generated when setting up the account.
```shell
# OpenMetadata Server Authentication Configuration
AUTHORIZER_CLASS_NAME=org.openmetadata.service.security.DefaultAuthorizer
AUTHORIZER_REQUEST_FILTER=org.openmetadata.service.security.JwtFilter
AUTHORIZER_CLASS_NAME=org.openmetadata.catalog.security.DefaultAuthorizer
AUTHORIZER_REQUEST_FILTER=org.openmetadata.catalog.security.JwtFilter
AUTHORIZER_ADMIN_PRINCIPALS=[admin] # Your `name` from name@domain.com
AUTHORIZER_INGESTION_PRINCIPALS=[ingestion-bot]
AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your domain

4
openmetadata-docs/content/deployment/security/azure/kubernetes.md
View File

@ -13,8 +13,8 @@ place the client id value and update the authorizer configurations in the `value
```yaml
global:
authorizer:
className: "org.openmetadata.service.security.DefaultAuthorizer"
containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
className: "org.openmetadata.catalog.security.DefaultAuthorizer"
containerRequestFilter: "org.openmetadata.catalog.security.JwtFilter"
initialAdmins:
- "user1"
- "user2"

4
openmetadata-docs/content/deployment/security/custom-oidc/bare-metal.md
View File

@ -30,9 +30,9 @@ Then,
```yaml
authorizerConfiguration:
className: "org.openmetadata.service.security.DefaultAuthorizer"
className: "org.openmetadata.catalog.security.DefaultAuthorizer"
# JWT Filter
containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
containerRequestFilter: "org.openmetadata.catalog.security.JwtFilter"
adminPrincipals:
- "user1"
- "user2"

4
openmetadata-docs/content/deployment/security/custom-oidc/docker.md
View File

@ -14,8 +14,8 @@ generated when setting up the account.
```shell
# OpenMetadata Server Authentication Configuration
AUTHORIZER_CLASS_NAME=org.openmetadata.service.security.DefaultAuthorizer
AUTHORIZER_REQUEST_FILTER=org.openmetadata.service.security.JwtFilter
AUTHORIZER_CLASS_NAME=org.openmetadata.catalog.security.DefaultAuthorizer
AUTHORIZER_REQUEST_FILTER=org.openmetadata.catalog.security.JwtFilter
AUTHORIZER_ADMIN_PRINCIPALS=[admin] # Your `name` from name@domain.com
AUTHORIZER_INGESTION_PRINCIPALS=[ingestion-bot]
AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your domain

4
openmetadata-docs/content/deployment/security/custom-oidc/kubernetes.md
View File

@ -13,8 +13,8 @@ place the client id value and update the authorizer configurations in the `value
```yaml
global:
authorizer:
className: "org.openmetadata.service.security.DefaultAuthorizer"
containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
className: "org.openmetadata.catalog.security.DefaultAuthorizer"
containerRequestFilter: "org.openmetadata.catalog.security.JwtFilter"
initialAdmins:
- "user1"
- "user2"

4
openmetadata-docs/content/deployment/security/google/bare-metal.md
View File

@ -25,9 +25,9 @@ Then,
```yaml
authorizerConfiguration:
className: "org.openmetadata.service.security.DefaultAuthorizer"
className: "org.openmetadata.catalog.security.DefaultAuthorizer"
# JWT Filter
containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
containerRequestFilter: "org.openmetadata.catalog.security.JwtFilter"
adminPrincipals:
- "user1"
- "user2"

4
openmetadata-docs/content/deployment/security/google/docker.md
View File

@ -14,8 +14,8 @@ generated when setting up the account in the previous steps.
```bash
# OpenMetadata Server Authentication Configuration
AUTHORIZER_CLASS_NAME=org.openmetadata.service.security.DefaultAuthorizer
AUTHORIZER_REQUEST_FILTER=org.openmetadata.service.security.JwtFilter
AUTHORIZER_CLASS_NAME=org.openmetadata.catalog.security.DefaultAuthorizer
AUTHORIZER_REQUEST_FILTER=org.openmetadata.catalog.security.JwtFilter
AUTHORIZER_ADMIN_PRINCIPALS=[admin] # Your `name` from name@domain.com
AUTHORIZER_INGESTION_PRINCIPALS=[ingestion-bot]
AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your domain

4
openmetadata-docs/content/deployment/security/google/kubernetes.md
View File

@ -13,8 +13,8 @@ place the client id value and update the authorizer configurations in the `value
```yaml
global:
authorizer:
className: "org.openmetadata.service.security.DefaultAuthorizer"
containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
className: "org.openmetadata.catalog.security.DefaultAuthorizer"
containerRequestFilter: "org.openmetadata.catalog.security.JwtFilter"
initialAdmins:
- "user1"
- "user2"

4
openmetadata-docs/content/deployment/security/keycloak/bare-metal.md
View File

@ -31,9 +31,9 @@ Then,
```yaml
authorizerConfiguration:
className: "org.openmetadata.service.security.DefaultAuthorizer"
className: "org.openmetadata.catalog.security.DefaultAuthorizer"
# JWT Filter
containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
containerRequestFilter: "org.openmetadata.catalog.security.JwtFilter"
adminPrincipals:
- "admin-user"
botPrincipals:

4
openmetadata-docs/content/deployment/security/keycloak/docker.md
View File

@ -16,8 +16,8 @@ The configuration below already uses the presets shown in the example of keycloa
```shell
# OpenMetadata Server Authentication Configuration
AUTHORIZER_CLASS_NAME=org.openmetadata.service.security.DefaultAuthorizer
AUTHORIZER_REQUEST_FILTER=org.openmetadata.service.security.JwtFilter
AUTHORIZER_CLASS_NAME=org.openmetadata.catalog.security.DefaultAuthorizer
AUTHORIZER_REQUEST_FILTER=org.openmetadata.catalog.security.JwtFilter
AUTHORIZER_ADMIN_PRINCIPALS=[admin-user] # Your `name` from name@domain.com
AUTHORIZER_INGESTION_PRINCIPALS=[ingestion-bot,service-account-open-metadata]
AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your domain

4
openmetadata-docs/content/deployment/security/keycloak/kubernetes.md
View File

@ -20,8 +20,8 @@ The configuration below already uses the presets shown in the example of keycloa
```yaml
global:
authorizer:
className: "org.openmetadata.service.security.DefaultAuthorizer"
containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
className: "org.openmetadata.catalog.security.DefaultAuthorizer"
containerRequestFilter: "org.openmetadata.catalog.security.JwtFilter"
initialAdmins:
- "admin-user"
botPrincipals:

4
openmetadata-docs/content/deployment/security/okta/bare-metal.md
View File

@ -26,9 +26,9 @@ Then,
```yaml
authorizerConfiguration:
className: "org.openmetadata.service.security.DefaultAuthorizer"
className: "org.openmetadata.catalog.security.DefaultAuthorizer"
# JWT Filter
containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
containerRequestFilter: "org.openmetadata.catalog.security.JwtFilter"
adminPrincipals:
- "user1"
- "user2"

4
openmetadata-docs/content/deployment/security/okta/docker.md
View File

@ -16,8 +16,8 @@ Note: Make sure to add the Ingestion Client ID for the Service application in `A
```shell
# OpenMetadata Server Authentication Configuration
AUTHORIZER_CLASS_NAME=org.openmetadata.service.security.DefaultAuthorizer
AUTHORIZER_REQUEST_FILTER=org.openmetadata.service.security.JwtFilter
AUTHORIZER_CLASS_NAME=org.openmetadata.catalog.security.DefaultAuthorizer
AUTHORIZER_REQUEST_FILTER=org.openmetadata.catalog.security.JwtFilter
AUTHORIZER_ADMIN_PRINCIPALS=[admin] # Your `name` from name@domain.com
AUTHORIZER_INGESTION_PRINCIPALS=[ingestion-bot, <service_application_client_id>]
AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your domain

4
openmetadata-docs/content/deployment/security/okta/kubernetes.md
View File

@ -15,8 +15,8 @@ Note: Make sure to add the Ingestion Client ID for the Service application in `b
```yaml
global:
authorizer:
className: "org.openmetadata.service.security.DefaultAuthorizer"
containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
className: "org.openmetadata.catalog.security.DefaultAuthorizer"
containerRequestFilter: "org.openmetadata.catalog.security.JwtFilter"
initialAdmins:
- "user1"
- "user2"

4
openmetadata-docs/content/deployment/security/one-login/bare-metal.md
View File

@ -30,9 +30,9 @@ Then,
```yaml
authorizerConfiguration:
className: "org.openmetadata.service.security.DefaultAuthorizer"
className: "org.openmetadata.catalog.security.DefaultAuthorizer"
# JWT Filter
containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
containerRequestFilter: "org.openmetadata.catalog.security.JwtFilter"
adminPrincipals:
- "user1"
- "user2"

4
openmetadata-docs/content/deployment/security/one-login/docker.md
View File

@ -14,8 +14,8 @@ generated when setting up the account.
```shell
# OpenMetadata Server Authentication Configuration
AUTHORIZER_CLASS_NAME=org.openmetadata.service.security.DefaultAuthorizer
AUTHORIZER_REQUEST_FILTER=org.openmetadata.service.security.JwtFilter
AUTHORIZER_CLASS_NAME=org.openmetadata.catalog.security.DefaultAuthorizer
AUTHORIZER_REQUEST_FILTER=org.openmetadata.catalog.security.JwtFilter
AUTHORIZER_ADMIN_PRINCIPALS=[admin] # Your `name` from name@domain.com
AUTHORIZER_INGESTION_PRINCIPALS=[ingestion-bot]
AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your domain

4
openmetadata-docs/content/deployment/security/one-login/kubernetes.md
View File

@ -13,9 +13,9 @@ place the client id value and update the authorizer configurations in the `value
```yaml
global:
authorizer:
className: "org.openmetadata.service.security.DefaultAuthorizer"
className: "org.openmetadata.catalog.security.DefaultAuthorizer"
# JWT Filter
containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
containerRequestFilter: "org.openmetadata.catalog.security.JwtFilter"
initialAdmins:
- "suresh"
botPrincipals:

10
openmetadata-docs/content/deployment/upgrade/kubernetes.md
View File

@ -95,7 +95,7 @@ release is backward incompatible.
```commandline
[I/O dispatcher 1] DEBUG org.apache.http.impl.nio.client.InternalIODispatch - http-outgoing-0 [ACTIVE] [content length: 263; pos: 263; completed: true]
[main] DEBUG org.elasticsearch.client.RestClient - request [PUT http://elasticsearch:9200/glossary_search_index/_mapping?master_timeout=30s&ignore_unavailable=false&expand_wildcards=open%2Cclosed&allow_no_indices=false&ignore_throttled=false&timeout=30s] returned [HTTP/1.1 400 Bad Request]
[main] ERROR org.openmetadata.service.elasticsearch.ElasticSearchIndexDefinition - Failed to update Elastic Search indexes due to
[main] ERROR org.openmetadata.catalog.elasticsearch.ElasticSearchIndexDefinition - Failed to update Elastic Search indexes due to
org.elasticsearch.ElasticsearchStatusException: Elasticsearch exception [type=illegal_argument_exception, reason=can't merge a non object mapping [owner] with an object mapping]
at org.elasticsearch.rest.BytesRestResponse.errorFromXContent(BytesRestResponse.java:176)
at org.elasticsearch.client.RestHighLevelClient.parseEntity(RestHighLevelClient.java:1933)
@ -104,10 +104,10 @@ org.elasticsearch.ElasticsearchStatusException: Elasticsearch exception [type=il
at org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:1639)
at org.elasticsearch.client.RestHighLevelClient.performRequestAndParseEntity(RestHighLevelClient.java:1606)
at org.elasticsearch.client.IndicesClient.putMapping(IndicesClient.java:342)
at org.openmetadata.service.elasticsearch.ElasticSearchIndexDefinition.updateIndex(ElasticSearchIndexDefinition.java:139)
at org.openmetadata.service.elasticsearch.ElasticSearchIndexDefinition.updateIndexes(ElasticSearchIndexDefinition.java:91)
at org.openmetadata.service.util.TablesInitializer.execute(TablesInitializer.java:227)
at org.openmetadata.service.util.TablesInitializer.main(TablesInitializer.java:149)
at org.openmetadata.catalog.elasticsearch.ElasticSearchIndexDefinition.updateIndex(ElasticSearchIndexDefinition.java:139)
at org.openmetadata.catalog.elasticsearch.ElasticSearchIndexDefinition.updateIndexes(ElasticSearchIndexDefinition.java:91)
at org.openmetadata.catalog.util.TablesInitializer.execute(TablesInitializer.java:227)
at org.openmetadata.catalog.util.TablesInitializer.main(TablesInitializer.java:149)
Suppressed: org.elasticsearch.client.ResponseException: method [PUT], host [http://elasticsearch:9200], URI [/glossary_search_index/_mapping?master_timeout=30s&ignore_unavailable=false&expand_wildcards=open%2Cclosed&allow_no_indices=false&ignore_throttled=false&timeout=30s], status line [HTTP/1.1 400 Bad Request]
{"error":{"root_cause":[{"type":"illegal_argument_exception","reason":"can't merge a non object mapping [owner] with an object mapping"}],"type":"illegal_argument_exception","reason":"can't merge a non object mapping [owner] with an object mapping"},"status":400}
at org.elasticsearch.client.RestClient.convertResponse(RestClient.java:326)