FIX #1608 - Fix bot being used in pipelines and workflows (#21446)

Co-authored-by: Mohit Yadav <105265192+mohityadav766@users.noreply.github.com>

openmetadata-service/src/main/java/org/openmetadata/service/resources/automations/WorkflowResource.java

@@ -85,7 +85,7 @@ public class WorkflowResource extends EntityResource<Workflow, WorkflowRepositor
   static final String FIELDS = "owners";
   private WorkflowMapper mapper;
   private PipelineServiceClientInterface pipelineServiceClient;
-  private OpenMetadataConnectionBuilder openMetadataConnectionBuilder;
+  private OpenMetadataApplicationConfig openMetadataApplicationConfig;
 
   public WorkflowResource(Authorizer authorizer, Limits limits) {
     super(Entity.WORKFLOW, authorizer, limits);
@@ -93,11 +93,11 @@ public class WorkflowResource extends EntityResource<Workflow, WorkflowRepositor
 
   @Override
   public void initialize(OpenMetadataApplicationConfig config) {
+    this.openMetadataApplicationConfig = config;
     this.mapper = new WorkflowMapper();
     this.pipelineServiceClient =
         PipelineServiceClientFactory.createPipelineServiceClient(
             config.getPipelineServiceClientConfiguration());
-    openMetadataConnectionBuilder = new OpenMetadataConnectionBuilder(config);
   }
 
   public static class WorkflowList extends ResultList<Workflow> {
@@ -359,7 +359,8 @@ public class WorkflowResource extends EntityResource<Workflow, WorkflowRepositor
       @Context SecurityContext securityContext) {
     EntityUtil.Fields fields = getFields(FIELD_OWNERS);
     Workflow workflow = repository.get(uriInfo, id, fields);
-    workflow.setOpenMetadataServerConnection(openMetadataConnectionBuilder.build());
+    workflow.setOpenMetadataServerConnection(
+        new OpenMetadataConnectionBuilder(openMetadataApplicationConfig).build());
     /*
      We will send the encrypted Workflow to the Pipeline Service Client
      It will be fetched from the API from there, since we are
@@ -594,7 +595,8 @@ public class WorkflowResource extends EntityResource<Workflow, WorkflowRepositor
       return workflowConverted;
     }
     Workflow workflowDecrypted = secretsManager.decryptWorkflow(workflow);
-    OpenMetadataConnection openMetadataServerConnection = openMetadataConnectionBuilder.build();
+    OpenMetadataConnection openMetadataServerConnection =
+        new OpenMetadataConnectionBuilder(openMetadataApplicationConfig).build();
     workflowDecrypted.setOpenMetadataServerConnection(
         secretsManager.encryptOpenMetadataConnection(openMetadataServerConnection, false));
     if (authorizer.shouldMaskPasswords(securityContext)) {

openmetadata-service/src/main/java/org/openmetadata/service/util/OpenMetadataConnectionBuilder.java

@@ -166,9 +166,6 @@ public class OpenMetadataConnectionBuilder {
   }
 
   public OpenMetadataConnection build() {
-    // Initialize the bot user while building to update any
-    // changes done on the bot like updating jwt token
-    initializeBotUser(Entity.INGESTION_BOT_NAME);
     return new OpenMetadataConnection()
         .withAuthProvider(authProvider)
         .withHostPort(openMetadataURL)

openmetadata-service/src/test/java/org/openmetadata/service/util/OpenMetadataConnectionBuilderTest.java

@@ -0,0 +1,54 @@
+package org.openmetadata.service.util;
+
+import com.auth0.jwt.JWT;
+import com.auth0.jwt.interfaces.DecodedJWT;
+import lombok.extern.slf4j.Slf4j;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+import org.openmetadata.schema.api.configuration.pipelineServiceClient.PipelineServiceClientConfiguration;
+import org.openmetadata.schema.security.secrets.SecretsManagerClientLoader;
+import org.openmetadata.schema.security.secrets.SecretsManagerConfiguration;
+import org.openmetadata.schema.security.secrets.SecretsManagerProvider;
+import org.openmetadata.schema.security.ssl.VerifySSL;
+import org.openmetadata.schema.services.connections.metadata.OpenMetadataConnection;
+import org.openmetadata.service.OpenMetadataApplicationConfig;
+import org.openmetadata.service.OpenMetadataApplicationTest;
+import org.openmetadata.service.secrets.SecretsManagerFactory;
+
+@Slf4j
+public class OpenMetadataConnectionBuilderTest extends OpenMetadataApplicationTest {
+
+  private static SecretsManagerConfiguration config;
+  static final String CLUSTER_NAME = "test";
+
+  @BeforeAll
+  static void setUp() {
+    config = new SecretsManagerConfiguration();
+    config.setSecretsManager(SecretsManagerProvider.DB);
+    SecretsManagerFactory.createSecretsManager(config, CLUSTER_NAME);
+  }
+
+  @Test
+  void testOpenMetadataConnectionBuilder() {
+
+    OpenMetadataApplicationConfig openMetadataApplicationConfig =
+        new OpenMetadataApplicationConfig();
+    openMetadataApplicationConfig.setClusterName(CLUSTER_NAME);
+    openMetadataApplicationConfig.setPipelineServiceClientConfiguration(
+        new PipelineServiceClientConfiguration()
+            .withMetadataApiEndpoint("http://localhost:8585/api")
+            .withVerifySSL(VerifySSL.NO_SSL)
+            .withSecretsManagerLoader(SecretsManagerClientLoader.ENV));
+
+    String botName =
+        "autoClassification-bot"; // Whichever bot other than the ingestion-bot, which is the
+    // default
+    OpenMetadataConnection openMetadataServerConnection =
+        new OpenMetadataConnectionBuilder(openMetadataApplicationConfig, botName).build();
+
+    // The OM Connection passes the right JWT based on the incoming bot
+    DecodedJWT jwt = JWT.decode(openMetadataServerConnection.getSecurityConfig().getJwtToken());
+    Assertions.assertEquals("autoclassification-bot", jwt.getClaim("sub").asString());
+  }
+}