From aac0cbfbe9f928c3cc67cb5b93774407963967a8 Mon Sep 17 00:00:00 2001 From: Sriharsha Chintalapani Date: Tue, 22 Feb 2022 23:50:56 -0800 Subject: [PATCH] Fix #2953: NoopAuthorizer should create a anonymous user (#2940) --- .../catalog/CatalogApplication.java | 1 + .../catalog/security/DefaultAuthorizer.java | 21 ++------ .../catalog/security/NoopAuthorizer.java | 51 ++++++++++++++++++- 3 files changed, 56 insertions(+), 17 deletions(-) diff --git a/catalog-rest-service/src/main/java/org/openmetadata/catalog/CatalogApplication.java b/catalog-rest-service/src/main/java/org/openmetadata/catalog/CatalogApplication.java index d68d42d555d..f72ecfd2dd4 100644 --- a/catalog-rest-service/src/main/java/org/openmetadata/catalog/CatalogApplication.java +++ b/catalog-rest-service/src/main/java/org/openmetadata/catalog/CatalogApplication.java @@ -198,6 +198,7 @@ public class CatalogApplication extends Application { } else { LOG.info("Authorizer config not set, setting noop authorizer"); authorizer = NoopAuthorizer.class.getConstructor().newInstance(); + authorizer.init(null, jdbi); ContainerRequestFilter filter = NoopFilter.class.getConstructor().newInstance(); environment.jersey().register(filter); } diff --git a/catalog-rest-service/src/main/java/org/openmetadata/catalog/security/DefaultAuthorizer.java b/catalog-rest-service/src/main/java/org/openmetadata/catalog/security/DefaultAuthorizer.java index 31f7065145a..c2752e89de4 100644 --- a/catalog-rest-service/src/main/java/org/openmetadata/catalog/security/DefaultAuthorizer.java +++ b/catalog-rest-service/src/main/java/org/openmetadata/catalog/security/DefaultAuthorizer.java @@ -73,7 +73,7 @@ public class DefaultAuthorizer implements Authorizer { if (user != null && (user.getIsAdmin() == null || !user.getIsAdmin())) { user.setIsAdmin(true); } - addOrUpdateAdmin(user); + addOrUpdateUser(user); } catch (EntityNotFoundException ex) { User user = new User() @@ -83,7 +83,7 @@ public class DefaultAuthorizer implements Authorizer { .withIsAdmin(true) .withUpdatedBy(adminUser) .withUpdatedAt(System.currentTimeMillis()); - addOrUpdateAdmin(user); + addOrUpdateUser(user); } catch (IOException | ParseException e) { LOG.error("Failed to create admin user {}", adminUser, e); } @@ -99,7 +99,7 @@ public class DefaultAuthorizer implements Authorizer { if (user != null && (user.getIsBot() == null || !user.getIsBot())) { user.setIsBot(true); } - addOrUpdateAdmin(user); + addOrUpdateUser(user); } catch (EntityNotFoundException ex) { User user = new User() @@ -109,7 +109,7 @@ public class DefaultAuthorizer implements Authorizer { .withIsBot(true) .withUpdatedBy(botUser) .withUpdatedAt(System.currentTimeMillis()); - addOrUpdateAdmin(user); + addOrUpdateUser(user); } catch (IOException | ParseException e) { LOG.error("Failed to create admin user {}", botUser, e); } @@ -245,7 +245,7 @@ public class DefaultAuthorizer implements Authorizer { return userRepository.getByName(null, userName, fields); } - private void addOrUpdateAdmin(User user) { + private void addOrUpdateUser(User user) { try { RestUtil.PutResponse addedUser = userRepository.createOrUpdate(null, user); LOG.debug("Added admin user entry: {}", addedUser); @@ -255,15 +255,4 @@ public class DefaultAuthorizer implements Authorizer { LOG.debug("Admin user entry: {} already exists.", user); } } - - private void addOrUpdateBot(User user) { - try { - RestUtil.PutResponse addedUser = userRepository.createOrUpdate(null, user); - LOG.debug("Added bot user entry: {}", addedUser); - } catch (IOException | ParseException exception) { - // In HA se tup the other server may have already added the user. - LOG.debug("Caught exception: {}", ExceptionUtils.getStackTrace(exception)); - LOG.debug("Bot user entry: {} already exists.", user); - } - } } diff --git a/catalog-rest-service/src/main/java/org/openmetadata/catalog/security/NoopAuthorizer.java b/catalog-rest-service/src/main/java/org/openmetadata/catalog/security/NoopAuthorizer.java index 3f2299466c1..fa90e6e3950 100644 --- a/catalog-rest-service/src/main/java/org/openmetadata/catalog/security/NoopAuthorizer.java +++ b/catalog-rest-service/src/main/java/org/openmetadata/catalog/security/NoopAuthorizer.java @@ -13,18 +13,38 @@ package org.openmetadata.catalog.security; +import static org.openmetadata.catalog.resources.teams.UserResource.FIELD_LIST; + +import java.io.IOException; +import java.text.ParseException; import java.util.List; +import java.util.UUID; import java.util.stream.Collectors; import java.util.stream.Stream; +import lombok.extern.slf4j.Slf4j; +import org.apache.commons.lang3.exception.ExceptionUtils; import org.jdbi.v3.core.Jdbi; +import org.openmetadata.catalog.entity.teams.User; +import org.openmetadata.catalog.exception.EntityNotFoundException; +import org.openmetadata.catalog.jdbi3.CollectionDAO; +import org.openmetadata.catalog.jdbi3.UserRepository; import org.openmetadata.catalog.type.EntityReference; import org.openmetadata.catalog.type.MetadataOperation; +import org.openmetadata.catalog.util.EntityUtil; +import org.openmetadata.catalog.util.RestUtil; +@Slf4j public class NoopAuthorizer implements Authorizer { + private static final String fieldsParam = "roles,teams"; + private UserRepository userRepository; + private String username = "anonymous"; + @Override public void init(AuthorizerConfiguration config, Jdbi jdbi) { - /* Nothing to do */ + CollectionDAO collectionDAO = jdbi.onDemand(CollectionDAO.class); + this.userRepository = new UserRepository(collectionDAO); + addAnonymousUser(); } @Override @@ -53,4 +73,33 @@ public class NoopAuthorizer implements Authorizer { public boolean isBot(AuthenticationContext ctx) { return true; } + + private void addAnonymousUser() { + EntityUtil.Fields fields = new EntityUtil.Fields(FIELD_LIST, fieldsParam); + try { + userRepository.getByName(null, username, fields); + } catch (EntityNotFoundException ex) { + User user = + new User() + .withId(UUID.randomUUID()) + .withName(username) + .withEmail(username + "@domain.com") + .withUpdatedBy(username) + .withUpdatedAt(System.currentTimeMillis()); + addOrUpdateUser(user); + } catch (IOException | ParseException e) { + LOG.error("Failed to create anonymous user {}", username, e); + } + } + + private void addOrUpdateUser(User user) { + try { + RestUtil.PutResponse addedUser = userRepository.createOrUpdate(null, user); + LOG.debug("Added anonymous user entry: {}", addedUser); + } catch (IOException | ParseException exception) { + // In HA set up the other server may have already added the user. + LOG.debug("Caught exception: {}", ExceptionUtils.getStackTrace(exception)); + LOG.debug("Anonymous user entry: {} already exists.", user); + } + } }