yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-07-24 17:59:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

FIX #1608 - Fix bot being used in pipelines and workflows (#21446)

Browse Source 
Co-authored-by: Mohit Yadav <105265192+mohityadav766@users.noreply.github.com>
This commit is contained in:
Pere Miquel Brull 2025-06-03 12:04:24 +02:00 committed by GitHub
parent a084b6090a
commit b0091f7271
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 60 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
openmetadata-service/src/main/java/org/openmetadata/service/resources/automations/WorkflowResource.java
View File

@ -85,7 +85,7 @@ public class WorkflowResource extends EntityResource<Workflow, WorkflowRepositor
static final String FIELDS = "owners";
private WorkflowMapper mapper;
private PipelineServiceClientInterface pipelineServiceClient;
private OpenMetadataConnectionBuilder openMetadataConnectionBuilder;
private OpenMetadataApplicationConfig openMetadataApplicationConfig;
public WorkflowResource(Authorizer authorizer, Limits limits) {
super(Entity.WORKFLOW, authorizer, limits);
@ -93,11 +93,11 @@ public class WorkflowResource extends EntityResource<Workflow, WorkflowRepositor
@Override
public void initialize(OpenMetadataApplicationConfig config) {
this.openMetadataApplicationConfig = config;
this.mapper = new WorkflowMapper();
this.pipelineServiceClient =
PipelineServiceClientFactory.createPipelineServiceClient(
config.getPipelineServiceClientConfiguration());
openMetadataConnectionBuilder = new OpenMetadataConnectionBuilder(config);
}
public static class WorkflowList extends ResultList<Workflow> {
@ -359,7 +359,8 @@ public class WorkflowResource extends EntityResource<Workflow, WorkflowRepositor
@Context SecurityContext securityContext) {
EntityUtil.Fields fields = getFields(FIELD_OWNERS);
Workflow workflow = repository.get(uriInfo, id, fields);
workflow.setOpenMetadataServerConnection(openMetadataConnectionBuilder.build());
workflow.setOpenMetadataServerConnection(
new OpenMetadataConnectionBuilder(openMetadataApplicationConfig).build());
/*
We will send the encrypted Workflow to the Pipeline Service Client
It will be fetched from the API from there, since we are
@ -594,7 +595,8 @@ public class WorkflowResource extends EntityResource<Workflow, WorkflowRepositor
return workflowConverted;
}
Workflow workflowDecrypted = secretsManager.decryptWorkflow(workflow);
OpenMetadataConnection openMetadataServerConnection = openMetadataConnectionBuilder.build();
OpenMetadataConnection openMetadataServerConnection =
new OpenMetadataConnectionBuilder(openMetadataApplicationConfig).build();
workflowDecrypted.setOpenMetadataServerConnection(
secretsManager.encryptOpenMetadataConnection(openMetadataServerConnection, false));
if (authorizer.shouldMaskPasswords(securityContext)) {

3
openmetadata-service/src/main/java/org/openmetadata/service/util/OpenMetadataConnectionBuilder.java
View File

@ -166,9 +166,6 @@ public class OpenMetadataConnectionBuilder {
}
public OpenMetadataConnection build() {
// Initialize the bot user while building to update any
// changes done on the bot like updating jwt token
initializeBotUser(Entity.INGESTION_BOT_NAME);
return new OpenMetadataConnection()
.withAuthProvider(authProvider)
.withHostPort(openMetadataURL)

54
openmetadata-service/src/test/java/org/openmetadata/service/util/OpenMetadataConnectionBuilderTest.java Normal file
View File

@ -0,0 +1,54 @@
package org.openmetadata.service.util;
import com.auth0.jwt.JWT;
import com.auth0.jwt.interfaces.DecodedJWT;
import lombok.extern.slf4j.Slf4j;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.openmetadata.schema.api.configuration.pipelineServiceClient.PipelineServiceClientConfiguration;
import org.openmetadata.schema.security.secrets.SecretsManagerClientLoader;
import org.openmetadata.schema.security.secrets.SecretsManagerConfiguration;
import org.openmetadata.schema.security.secrets.SecretsManagerProvider;
import org.openmetadata.schema.security.ssl.VerifySSL;
import org.openmetadata.schema.services.connections.metadata.OpenMetadataConnection;
import org.openmetadata.service.OpenMetadataApplicationConfig;
import org.openmetadata.service.OpenMetadataApplicationTest;
import org.openmetadata.service.secrets.SecretsManagerFactory;
@Slf4j
public class OpenMetadataConnectionBuilderTest extends OpenMetadataApplicationTest {
private static SecretsManagerConfiguration config;
static final String CLUSTER_NAME = "test";
@BeforeAll
static void setUp() {
config = new SecretsManagerConfiguration();
config.setSecretsManager(SecretsManagerProvider.DB);
SecretsManagerFactory.createSecretsManager(config, CLUSTER_NAME);
}
@Test
void testOpenMetadataConnectionBuilder() {
OpenMetadataApplicationConfig openMetadataApplicationConfig =
new OpenMetadataApplicationConfig();
openMetadataApplicationConfig.setClusterName(CLUSTER_NAME);
openMetadataApplicationConfig.setPipelineServiceClientConfiguration(
new PipelineServiceClientConfiguration()
.withMetadataApiEndpoint("http://localhost:8585/api")
.withVerifySSL(VerifySSL.NO_SSL)
.withSecretsManagerLoader(SecretsManagerClientLoader.ENV));
String botName =
"autoClassification-bot"; // Whichever bot other than the ingestion-bot, which is the
// default
OpenMetadataConnection openMetadataServerConnection =
new OpenMetadataConnectionBuilder(openMetadataApplicationConfig, botName).build();
// The OM Connection passes the right JWT based on the incoming bot
DecodedJWT jwt = JWT.decode(openMetadataServerConnection.getSecurityConfig().getJwtToken());
Assertions.assertEquals("autoclassification-bot", jwt.getClaim("sub").asString());
}
}