mirror of
https://github.com/open-metadata/OpenMetadata.git
synced 2025-11-03 03:59:12 +00:00
Deprecate configurations for auth provider configuration on Airflow (#8896)
* Deprecate configurations for auth provider configuration on Airflow * Fix code after merging Co-authored-by: Sriharsha Chintalapani <harshach@users.noreply.github.com>
This commit is contained in:
Nahuel
GitHub
parent
ce51009eb7
commit
e998ecc407
@ -190,32 +190,6 @@ airflowConfiguration:
|
||||
username: ${AIRFLOW_USERNAME:-admin}
|
||||
password: ${AIRFLOW_PASSWORD:-admin}
|
||||
metadataApiEndpoint: ${SERVER_HOST_API_URL:-http://localhost:8585/api}
|
||||
authProvider: ${AIRFLOW_AUTH_PROVIDER:-"no-auth"} # Possible values are "no-auth", "azure", "google", "okta", "auth0", "custom-oidc", "openmetadata"
|
||||
authConfig:
|
||||
azure:
|
||||
clientSecret: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_SECRET:-""}
|
||||
authority: ${OM_AUTH_AIRFLOW_AZURE_AUTHORITY_URL:-""}
|
||||
scopes: ${OM_AUTH_AIRFLOW_AZURE_SCOPES:-[]}
|
||||
clientId: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_ID:-""}
|
||||
google:
|
||||
secretKey: ${OM_AUTH_AIRFLOW_GOOGLE_SECRET_KEY_PATH:- ""}
|
||||
audience: ${OM_AUTH_AIRFLOW_GOOGLE_AUDIENCE:-"https://www.googleapis.com/oauth2/v4/token"}
|
||||
okta:
|
||||
clientId: ${OM_AUTH_AIRFLOW_OKTA_CLIENT_ID:-""}
|
||||
orgURL: ${OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL:-""}
|
||||
privateKey: ${OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY:-""}
|
||||
email: ${OM_AUTH_AIRFLOW_OKTA_SA_EMAIL:-""}
|
||||
scopes: ${OM_AUTH_AIRFLOW_OKTA_SCOPES:-[]}
|
||||
auth0:
|
||||
clientId: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_ID:-""}
|
||||
secretKey: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_SECRET:-""}
|
||||
domain: ${OM_AUTH_AIRFLOW_AUTH0_DOMAIN_URL:-""}
|
||||
customOidc:
|
||||
clientId: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_CLIENT_ID:-""}
|
||||
secretKey: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_SECRET_KEY:-""}
|
||||
tokenEndpoint: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_TOKEN_ENDPOINT_URL:-""}
|
||||
openmetadata:
|
||||
jwtToken: ${OM_AUTH_JWT_TOKEN:-""}
|
||||
verifySSL: ${AIRFLOW_VERIFY_SSL:-"no-ssl"} # Possible values are "no-ssl", "ignore", "validate"
|
||||
sslConfig:
|
||||
validate:
|
||||
|
||||
@ -87,31 +87,6 @@ services:
|
||||
# OpenMetadata Server Airflow Configuration
|
||||
AIRFLOW_HOST: ${AIRFLOW_HOST:-http://ingestion:8080}
|
||||
SERVER_HOST_API_URL: ${SERVER_HOST_API_URL:-http://openmetadata-server:8585/api}
|
||||
AIRFLOW_AUTH_PROVIDER: ${AIRFLOW_AUTH_PROVIDER:-no-auth}
|
||||
# OpenMetadata Airflow Azure SSO Configuration
|
||||
OM_AUTH_AIRFLOW_AZURE_CLIENT_SECRET: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_SECRET:-""}
|
||||
OM_AUTH_AIRFLOW_AZURE_AUTHORITY_URL: ${OM_AUTH_AIRFLOW_AZURE_AUTHORITY_URL:-""}
|
||||
OM_AUTH_AIRFLOW_AZURE_SCOPES: ${OM_AUTH_AIRFLOW_AZURE_SCOPES:-[]}
|
||||
OM_AUTH_AIRFLOW_AZURE_CLIENT_ID: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_ID:-""}
|
||||
# OpenMetadata Airflow Google SSO Configuration
|
||||
OM_AUTH_AIRFLOW_GOOGLE_SECRET_KEY_PATH: ${OM_AUTH_AIRFLOW_GOOGLE_SECRET_KEY_PATH:- ""}
|
||||
OM_AUTH_AIRFLOW_GOOGLE_AUDIENCE: ${OM_AUTH_AIRFLOW_GOOGLE_AUDIENCE:-"https://www.googleapis.com/oauth2/v4/token"}
|
||||
# OpenMetadata Airflow Okta SSO Configuration
|
||||
OM_AUTH_AIRFLOW_OKTA_CLIENT_ID: ${OM_AUTH_AIRFLOW_OKTA_CLIENT_ID:-""}
|
||||
OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL: ${OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL:-""}
|
||||
OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY: ${OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY:-""}
|
||||
OM_AUTH_AIRFLOW_OKTA_SA_EMAIL: ${OM_AUTH_AIRFLOW_OKTA_SA_EMAIL:-""}
|
||||
OM_AUTH_AIRFLOW_OKTA_SCOPES: ${OM_AUTH_AIRFLOW_OKTA_SCOPES:-[]}
|
||||
# OpenMetadata Airflow Auth0 SSO Configuration
|
||||
OM_AUTH_AIRFLOW_AUTH0_CLIENT_ID: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_ID:-""}
|
||||
OM_AUTH_AIRFLOW_AUTH0_CLIENT_SECRET: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_SECRET:-""}
|
||||
OM_AUTH_AIRFLOW_AUTH0_DOMAIN_URL: ${OM_AUTH_AIRFLOW_AUTH0_DOMAIN_URL:-""}
|
||||
# OpenMetadata Airflow Custom OIDC SSO Configuration
|
||||
OM_AUTH_AIRFLOW_CUSTOM_OIDC_CLIENT_ID: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_CLIENT_ID:-""}
|
||||
OM_AUTH_AIRFLOW_CUSTOM_OIDC_SECRET_KEY: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_SECRET_KEY:-""}
|
||||
OM_AUTH_AIRFLOW_CUSTOM_OIDC_TOKEN_ENDPOINT_URL: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_TOKEN_ENDPOINT_URL:-""}
|
||||
# OpenMetadata Airflow JWT Token Configuration
|
||||
OM_AUTH_JWT_TOKEN: ${OM_AUTH_JWT_TOKEN:-""}
|
||||
# Database configuration for Postgres
|
||||
DB_DRIVER_CLASS: ${DB_DRIVER_CLASS:-org.postgresql.Driver}
|
||||
DB_SCHEME: ${DB_SCHEME:-postgresql}
|
||||
|
||||
@ -86,31 +86,6 @@ services:
|
||||
# OpenMetadata Server Airflow Configuration
|
||||
AIRFLOW_HOST: ${AIRFLOW_HOST:-http://ingestion:8080}
|
||||
SERVER_HOST_API_URL: ${SERVER_HOST_API_URL:-http://openmetadata-server:8585/api}
|
||||
AIRFLOW_AUTH_PROVIDER: ${AIRFLOW_AUTH_PROVIDER:-no-auth}
|
||||
# OpenMetadata Airflow Azure SSO Configuration
|
||||
OM_AUTH_AIRFLOW_AZURE_CLIENT_SECRET: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_SECRET:-""}
|
||||
OM_AUTH_AIRFLOW_AZURE_AUTHORITY_URL: ${OM_AUTH_AIRFLOW_AZURE_AUTHORITY_URL:-""}
|
||||
OM_AUTH_AIRFLOW_AZURE_SCOPES: ${OM_AUTH_AIRFLOW_AZURE_SCOPES:-[]}
|
||||
OM_AUTH_AIRFLOW_AZURE_CLIENT_ID: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_ID:-""}
|
||||
# OpenMetadata Airflow Google SSO Configuration
|
||||
OM_AUTH_AIRFLOW_GOOGLE_SECRET_KEY_PATH: ${OM_AUTH_AIRFLOW_GOOGLE_SECRET_KEY_PATH:- ""}
|
||||
OM_AUTH_AIRFLOW_GOOGLE_AUDIENCE: ${OM_AUTH_AIRFLOW_GOOGLE_AUDIENCE:-"https://www.googleapis.com/oauth2/v4/token"}
|
||||
# OpenMetadata Airflow Okta SSO Configuration
|
||||
OM_AUTH_AIRFLOW_OKTA_CLIENT_ID: ${OM_AUTH_AIRFLOW_OKTA_CLIENT_ID:-""}
|
||||
OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL: ${OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL:-""}
|
||||
OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY: ${OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY:-""}
|
||||
OM_AUTH_AIRFLOW_OKTA_SA_EMAIL: ${OM_AUTH_AIRFLOW_OKTA_SA_EMAIL:-""}
|
||||
OM_AUTH_AIRFLOW_OKTA_SCOPES: ${OM_AUTH_AIRFLOW_OKTA_SCOPES:-[]}
|
||||
# OpenMetadata Airflow Auth0 SSO Configuration
|
||||
OM_AUTH_AIRFLOW_AUTH0_CLIENT_ID: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_ID:-""}
|
||||
OM_AUTH_AIRFLOW_AUTH0_CLIENT_SECRET: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_SECRET:-""}
|
||||
OM_AUTH_AIRFLOW_AUTH0_DOMAIN_URL: ${OM_AUTH_AIRFLOW_AUTH0_DOMAIN_URL:-""}
|
||||
# OpenMetadata Airflow Custom OIDC SSO Configuration
|
||||
OM_AUTH_AIRFLOW_CUSTOM_OIDC_CLIENT_ID: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_CLIENT_ID:-""}
|
||||
OM_AUTH_AIRFLOW_CUSTOM_OIDC_SECRET_KEY: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_SECRET_KEY:-""}
|
||||
OM_AUTH_AIRFLOW_CUSTOM_OIDC_TOKEN_ENDPOINT_URL: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_TOKEN_ENDPOINT_URL:-""}
|
||||
# OpenMetadata Airflow JWT Token Configuration
|
||||
OM_AUTH_JWT_TOKEN: ${OM_AUTH_JWT_TOKEN:-""}
|
||||
# Database configuration for MySQL
|
||||
DB_DRIVER_CLASS: ${DB_DRIVER_CLASS:-com.mysql.cj.jdbc.Driver}
|
||||
DB_SCHEME: ${DB_SCHEME:-mysql}
|
||||
|
||||
@ -79,31 +79,6 @@ services:
|
||||
# OpenMetadata Server Airflow Configuration
|
||||
AIRFLOW_HOST: ${AIRFLOW_HOST:-http://ingestion:8080}
|
||||
SERVER_HOST_API_URL: ${SERVER_HOST_API_URL:-http://openmetadata-server:8585/api}
|
||||
AIRFLOW_AUTH_PROVIDER: ${AIRFLOW_AUTH_PROVIDER:-no-auth}
|
||||
# OpenMetadata Airflow Azure SSO Configuration
|
||||
OM_AUTH_AIRFLOW_AZURE_CLIENT_SECRET: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_SECRET:-""}
|
||||
OM_AUTH_AIRFLOW_AZURE_AUTHORITY_URL: ${OM_AUTH_AIRFLOW_AZURE_AUTHORITY_URL:-""}
|
||||
OM_AUTH_AIRFLOW_AZURE_SCOPES: ${OM_AUTH_AIRFLOW_AZURE_SCOPES:-[]}
|
||||
OM_AUTH_AIRFLOW_AZURE_CLIENT_ID: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_ID:-""}
|
||||
# OpenMetadata Airflow Google SSO Configuration
|
||||
OM_AUTH_AIRFLOW_GOOGLE_SECRET_KEY_PATH: ${OM_AUTH_AIRFLOW_GOOGLE_SECRET_KEY_PATH:- ""}
|
||||
OM_AUTH_AIRFLOW_GOOGLE_AUDIENCE: ${OM_AUTH_AIRFLOW_GOOGLE_AUDIENCE:-"https://www.googleapis.com/oauth2/v4/token"}
|
||||
# OpenMetadata Airflow Okta SSO Configuration
|
||||
OM_AUTH_AIRFLOW_OKTA_CLIENT_ID: ${OM_AUTH_AIRFLOW_OKTA_CLIENT_ID:-""}
|
||||
OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL: ${OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL:-""}
|
||||
OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY: ${OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY:-""}
|
||||
OM_AUTH_AIRFLOW_OKTA_SA_EMAIL: ${OM_AUTH_AIRFLOW_OKTA_SA_EMAIL:-""}
|
||||
OM_AUTH_AIRFLOW_OKTA_SCOPES: ${OM_AUTH_AIRFLOW_OKTA_SCOPES:-[]}
|
||||
# OpenMetadata Airflow Auth0 SSO Configuration
|
||||
OM_AUTH_AIRFLOW_AUTH0_CLIENT_ID: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_ID:-""}
|
||||
OM_AUTH_AIRFLOW_AUTH0_CLIENT_SECRET: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_SECRET:-""}
|
||||
OM_AUTH_AIRFLOW_AUTH0_DOMAIN_URL: ${OM_AUTH_AIRFLOW_AUTH0_DOMAIN_URL:-""}
|
||||
# OpenMetadata Airflow Custom OIDC SSO Configuration
|
||||
OM_AUTH_AIRFLOW_CUSTOM_OIDC_CLIENT_ID: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_CLIENT_ID:-""}
|
||||
OM_AUTH_AIRFLOW_CUSTOM_OIDC_SECRET_KEY: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_SECRET_KEY:-""}
|
||||
OM_AUTH_AIRFLOW_CUSTOM_OIDC_TOKEN_ENDPOINT_URL: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_TOKEN_ENDPOINT_URL:-""}
|
||||
# OpenMetadata Airflow JWT Token Configuration
|
||||
OM_AUTH_JWT_TOKEN: ${OM_AUTH_JWT_TOKEN:-""}
|
||||
#Database configuration for postgresql
|
||||
DB_DRIVER_CLASS: ${DB_DRIVER_CLASS:-org.postgresql.Driver}
|
||||
DB_SCHEME: ${DB_SCHEME:-postgresql}
|
||||
|
||||
@ -75,31 +75,6 @@ services:
|
||||
# OpenMetadata Server Airflow Configuration
|
||||
AIRFLOW_HOST: ${AIRFLOW_HOST:-http://ingestion:8080}
|
||||
SERVER_HOST_API_URL: ${SERVER_HOST_API_URL:-http://openmetadata-server:8585/api}
|
||||
AIRFLOW_AUTH_PROVIDER: ${AIRFLOW_AUTH_PROVIDER:-no-auth}
|
||||
# OpenMetadata Airflow Azure SSO Configuration
|
||||
OM_AUTH_AIRFLOW_AZURE_CLIENT_SECRET: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_SECRET:-""}
|
||||
OM_AUTH_AIRFLOW_AZURE_AUTHORITY_URL: ${OM_AUTH_AIRFLOW_AZURE_AUTHORITY_URL:-""}
|
||||
OM_AUTH_AIRFLOW_AZURE_SCOPES: ${OM_AUTH_AIRFLOW_AZURE_SCOPES:-[]}
|
||||
OM_AUTH_AIRFLOW_AZURE_CLIENT_ID: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_ID:-""}
|
||||
# OpenMetadata Airflow Google SSO Configuration
|
||||
OM_AUTH_AIRFLOW_GOOGLE_SECRET_KEY_PATH: ${OM_AUTH_AIRFLOW_GOOGLE_SECRET_KEY_PATH:- ""}
|
||||
OM_AUTH_AIRFLOW_GOOGLE_AUDIENCE: ${OM_AUTH_AIRFLOW_GOOGLE_AUDIENCE:-"https://www.googleapis.com/oauth2/v4/token"}
|
||||
# OpenMetadata Airflow Okta SSO Configuration
|
||||
OM_AUTH_AIRFLOW_OKTA_CLIENT_ID: ${OM_AUTH_AIRFLOW_OKTA_CLIENT_ID:-""}
|
||||
OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL: ${OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL:-""}
|
||||
OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY: ${OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY:-""}
|
||||
OM_AUTH_AIRFLOW_OKTA_SA_EMAIL: ${OM_AUTH_AIRFLOW_OKTA_SA_EMAIL:-""}
|
||||
OM_AUTH_AIRFLOW_OKTA_SCOPES: ${OM_AUTH_AIRFLOW_OKTA_SCOPES:-[]}
|
||||
# OpenMetadata Airflow Auth0 SSO Configuration
|
||||
OM_AUTH_AIRFLOW_AUTH0_CLIENT_ID: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_ID:-""}
|
||||
OM_AUTH_AIRFLOW_AUTH0_CLIENT_SECRET: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_SECRET:-""}
|
||||
OM_AUTH_AIRFLOW_AUTH0_DOMAIN_URL: ${OM_AUTH_AIRFLOW_AUTH0_DOMAIN_URL:-""}
|
||||
# OpenMetadata Airflow Custom OIDC SSO Configuration
|
||||
OM_AUTH_AIRFLOW_CUSTOM_OIDC_CLIENT_ID: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_CLIENT_ID:-""}
|
||||
OM_AUTH_AIRFLOW_CUSTOM_OIDC_SECRET_KEY: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_SECRET_KEY:-""}
|
||||
OM_AUTH_AIRFLOW_CUSTOM_OIDC_TOKEN_ENDPOINT_URL: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_TOKEN_ENDPOINT_URL:-""}
|
||||
# OpenMetadata Airflow JWT Token Configuration
|
||||
OM_AUTH_JWT_TOKEN: ${OM_AUTH_JWT_TOKEN:-""}
|
||||
# Database configuration for MySQL
|
||||
DB_DRIVER_CLASS: ${DB_DRIVER_CLASS:-com.mysql.cj.jdbc.Driver}
|
||||
DB_SCHEME: ${DB_SCHEME:-mysql}
|
||||
|
||||
@ -18,8 +18,8 @@ import java.util.Objects;
|
||||
import java.util.Set;
|
||||
import java.util.UUID;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.openmetadata.api.configuration.airflow.AuthConfiguration;
|
||||
import org.openmetadata.schema.api.configuration.airflow.AirflowConfiguration;
|
||||
import org.openmetadata.schema.api.security.AuthenticationConfiguration;
|
||||
import org.openmetadata.schema.auth.BasicAuthMechanism;
|
||||
import org.openmetadata.schema.auth.JWTAuthMechanism;
|
||||
import org.openmetadata.schema.auth.JWTTokenExpiry;
|
||||
@ -140,58 +140,57 @@ public final class UserUtil {
|
||||
*/
|
||||
public static User addOrUpdateBotUser(User user, OpenMetadataApplicationConfig openMetadataApplicationConfig) {
|
||||
User originalUser = retrieveWithAuthMechanism(user);
|
||||
// the user did not have an auth mechanism
|
||||
AirflowConfiguration airflowConfig = openMetadataApplicationConfig.getAirflowConfiguration();
|
||||
AuthenticationMechanism authMechanism = originalUser != null ? originalUser.getAuthenticationMechanism() : null;
|
||||
if (authMechanism == null) {
|
||||
AuthenticationConfiguration authConfig = openMetadataApplicationConfig.getAuthenticationConfiguration();
|
||||
AirflowConfiguration airflowConfig = openMetadataApplicationConfig.getAirflowConfiguration();
|
||||
// the user did not have an auth mechanism and auth config is present
|
||||
if (authConfigPresent(airflowConfig) && authMechanism == null) {
|
||||
AuthConfiguration authConfig = airflowConfig.getAuthConfig();
|
||||
String currentAuthProvider = openMetadataApplicationConfig.getAuthenticationConfiguration().getProvider();
|
||||
// if the auth provider is "openmetadata" in the configuration set JWT as auth mechanism
|
||||
if ("openmetadata".equals(airflowConfig.getAuthProvider()) && !"basic".equals(authConfig.getProvider())) {
|
||||
OpenMetadataJWTClientConfig jwtClientConfig = airflowConfig.getAuthConfig().getOpenmetadata();
|
||||
if ("openmetadata".equals(airflowConfig.getAuthProvider()) && !"basic".equals(currentAuthProvider)) {
|
||||
OpenMetadataJWTClientConfig jwtClientConfig = authConfig.getOpenmetadata();
|
||||
authMechanism = buildAuthMechanism(JWT, buildJWTAuthMechanism(jwtClientConfig, user));
|
||||
} else {
|
||||
// Otherwise, set auth mechanism from airflow configuration
|
||||
// TODO: https://github.com/open-metadata/OpenMetadata/issues/7712
|
||||
if (airflowConfig.getAuthConfig() != null && !"basic".equals(authConfig.getProvider())) {
|
||||
switch (authConfig.getProvider()) {
|
||||
case "no-auth":
|
||||
break;
|
||||
case "azure":
|
||||
authMechanism =
|
||||
buildAuthMechanism(SSO, buildAuthMechanismConfig(AZURE, airflowConfig.getAuthConfig().getAzure()));
|
||||
break;
|
||||
case "google":
|
||||
authMechanism =
|
||||
buildAuthMechanism(SSO, buildAuthMechanismConfig(GOOGLE, airflowConfig.getAuthConfig().getGoogle()));
|
||||
break;
|
||||
case "okta":
|
||||
authMechanism =
|
||||
buildAuthMechanism(SSO, buildAuthMechanismConfig(OKTA, airflowConfig.getAuthConfig().getOkta()));
|
||||
break;
|
||||
case "auth0":
|
||||
authMechanism =
|
||||
buildAuthMechanism(SSO, buildAuthMechanismConfig(AUTH_0, airflowConfig.getAuthConfig().getAuth0()));
|
||||
break;
|
||||
case "custom-oidc":
|
||||
authMechanism =
|
||||
buildAuthMechanism(
|
||||
SSO, buildAuthMechanismConfig(CUSTOM_OIDC, airflowConfig.getAuthConfig().getCustomOidc()));
|
||||
break;
|
||||
default:
|
||||
throw new IllegalArgumentException(
|
||||
String.format(
|
||||
"Unexpected auth provider [%s] for bot [%s]", authConfig.getProvider(), user.getName()));
|
||||
}
|
||||
} else if ("basic".equals(authConfig.getProvider())) {
|
||||
authMechanism = buildAuthMechanism(JWT, buildJWTAuthMechanism(null, user));
|
||||
} else if (!"basic".equals(currentAuthProvider)) {
|
||||
switch (currentAuthProvider) {
|
||||
case "no-auth":
|
||||
break;
|
||||
case "azure":
|
||||
authMechanism = buildAuthMechanism(SSO, buildAuthMechanismConfig(AZURE, authConfig.getAzure()));
|
||||
break;
|
||||
case "google":
|
||||
authMechanism = buildAuthMechanism(SSO, buildAuthMechanismConfig(GOOGLE, authConfig.getGoogle()));
|
||||
break;
|
||||
case "okta":
|
||||
authMechanism = buildAuthMechanism(SSO, buildAuthMechanismConfig(OKTA, authConfig.getOkta()));
|
||||
break;
|
||||
case "auth0":
|
||||
authMechanism = buildAuthMechanism(SSO, buildAuthMechanismConfig(AUTH_0, authConfig.getAuth0()));
|
||||
break;
|
||||
case "custom-oidc":
|
||||
authMechanism = buildAuthMechanism(SSO, buildAuthMechanismConfig(CUSTOM_OIDC, authConfig.getCustomOidc()));
|
||||
break;
|
||||
default:
|
||||
throw new IllegalArgumentException(
|
||||
String.format("Unexpected auth provider [%s] for bot [%s]", currentAuthProvider, user.getName()));
|
||||
}
|
||||
} else {
|
||||
authMechanism = buildAuthMechanism(JWT, buildJWTAuthMechanism(null, user));
|
||||
}
|
||||
} else {
|
||||
// if auth config not present in airflow configuration and the user did not have an auth mechanism
|
||||
if (authMechanism == null) {
|
||||
authMechanism = buildAuthMechanism(JWT, buildJWTAuthMechanism(null, user));
|
||||
}
|
||||
}
|
||||
user.setAuthenticationMechanism(authMechanism);
|
||||
user.setDescription(user.getDescription());
|
||||
user.setDisplayName(user.getDisplayName());
|
||||
user.setUpdatedBy(ADMIN_USER_NAME);
|
||||
return UserUtil.addOrUpdateUser(user);
|
||||
return addOrUpdateUser(user);
|
||||
}
|
||||
|
||||
private static boolean authConfigPresent(AirflowConfiguration airflowConfig) {
|
||||
return airflowConfig != null && airflowConfig.getAuthConfig() != null;
|
||||
}
|
||||
|
||||
private static JWTAuthMechanism buildJWTAuthMechanism(OpenMetadataJWTClientConfig jwtClientConfig, User user) {
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user