diff --git a/conf/openmetadata.yaml b/conf/openmetadata.yaml index 9acaf8055ae..70f2dae6daa 100644 --- a/conf/openmetadata.yaml +++ b/conf/openmetadata.yaml @@ -190,32 +190,6 @@ airflowConfiguration: username: ${AIRFLOW_USERNAME:-admin} password: ${AIRFLOW_PASSWORD:-admin} metadataApiEndpoint: ${SERVER_HOST_API_URL:-http://localhost:8585/api} - authProvider: ${AIRFLOW_AUTH_PROVIDER:-"no-auth"} # Possible values are "no-auth", "azure", "google", "okta", "auth0", "custom-oidc", "openmetadata" - authConfig: - azure: - clientSecret: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_SECRET:-""} - authority: ${OM_AUTH_AIRFLOW_AZURE_AUTHORITY_URL:-""} - scopes: ${OM_AUTH_AIRFLOW_AZURE_SCOPES:-[]} - clientId: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_ID:-""} - google: - secretKey: ${OM_AUTH_AIRFLOW_GOOGLE_SECRET_KEY_PATH:- ""} - audience: ${OM_AUTH_AIRFLOW_GOOGLE_AUDIENCE:-"https://www.googleapis.com/oauth2/v4/token"} - okta: - clientId: ${OM_AUTH_AIRFLOW_OKTA_CLIENT_ID:-""} - orgURL: ${OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL:-""} - privateKey: ${OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY:-""} - email: ${OM_AUTH_AIRFLOW_OKTA_SA_EMAIL:-""} - scopes: ${OM_AUTH_AIRFLOW_OKTA_SCOPES:-[]} - auth0: - clientId: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_ID:-""} - secretKey: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_SECRET:-""} - domain: ${OM_AUTH_AIRFLOW_AUTH0_DOMAIN_URL:-""} - customOidc: - clientId: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_CLIENT_ID:-""} - secretKey: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_SECRET_KEY:-""} - tokenEndpoint: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_TOKEN_ENDPOINT_URL:-""} - openmetadata: - jwtToken: ${OM_AUTH_JWT_TOKEN:-""} verifySSL: ${AIRFLOW_VERIFY_SSL:-"no-ssl"} # Possible values are "no-ssl", "ignore", "validate" sslConfig: validate: diff --git a/docker/local-metadata/docker-compose-postgres.yml b/docker/local-metadata/docker-compose-postgres.yml index d1328aedd92..766322d237c 100644 --- a/docker/local-metadata/docker-compose-postgres.yml +++ b/docker/local-metadata/docker-compose-postgres.yml @@ -87,31 +87,6 @@ services: # OpenMetadata Server Airflow Configuration AIRFLOW_HOST: ${AIRFLOW_HOST:-http://ingestion:8080} SERVER_HOST_API_URL: ${SERVER_HOST_API_URL:-http://openmetadata-server:8585/api} - AIRFLOW_AUTH_PROVIDER: ${AIRFLOW_AUTH_PROVIDER:-no-auth} - # OpenMetadata Airflow Azure SSO Configuration - OM_AUTH_AIRFLOW_AZURE_CLIENT_SECRET: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_SECRET:-""} - OM_AUTH_AIRFLOW_AZURE_AUTHORITY_URL: ${OM_AUTH_AIRFLOW_AZURE_AUTHORITY_URL:-""} - OM_AUTH_AIRFLOW_AZURE_SCOPES: ${OM_AUTH_AIRFLOW_AZURE_SCOPES:-[]} - OM_AUTH_AIRFLOW_AZURE_CLIENT_ID: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_ID:-""} - # OpenMetadata Airflow Google SSO Configuration - OM_AUTH_AIRFLOW_GOOGLE_SECRET_KEY_PATH: ${OM_AUTH_AIRFLOW_GOOGLE_SECRET_KEY_PATH:- ""} - OM_AUTH_AIRFLOW_GOOGLE_AUDIENCE: ${OM_AUTH_AIRFLOW_GOOGLE_AUDIENCE:-"https://www.googleapis.com/oauth2/v4/token"} - # OpenMetadata Airflow Okta SSO Configuration - OM_AUTH_AIRFLOW_OKTA_CLIENT_ID: ${OM_AUTH_AIRFLOW_OKTA_CLIENT_ID:-""} - OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL: ${OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL:-""} - OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY: ${OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY:-""} - OM_AUTH_AIRFLOW_OKTA_SA_EMAIL: ${OM_AUTH_AIRFLOW_OKTA_SA_EMAIL:-""} - OM_AUTH_AIRFLOW_OKTA_SCOPES: ${OM_AUTH_AIRFLOW_OKTA_SCOPES:-[]} - # OpenMetadata Airflow Auth0 SSO Configuration - OM_AUTH_AIRFLOW_AUTH0_CLIENT_ID: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_ID:-""} - OM_AUTH_AIRFLOW_AUTH0_CLIENT_SECRET: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_SECRET:-""} - OM_AUTH_AIRFLOW_AUTH0_DOMAIN_URL: ${OM_AUTH_AIRFLOW_AUTH0_DOMAIN_URL:-""} - # OpenMetadata Airflow Custom OIDC SSO Configuration - OM_AUTH_AIRFLOW_CUSTOM_OIDC_CLIENT_ID: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_CLIENT_ID:-""} - OM_AUTH_AIRFLOW_CUSTOM_OIDC_SECRET_KEY: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_SECRET_KEY:-""} - OM_AUTH_AIRFLOW_CUSTOM_OIDC_TOKEN_ENDPOINT_URL: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_TOKEN_ENDPOINT_URL:-""} - # OpenMetadata Airflow JWT Token Configuration - OM_AUTH_JWT_TOKEN: ${OM_AUTH_JWT_TOKEN:-""} # Database configuration for Postgres DB_DRIVER_CLASS: ${DB_DRIVER_CLASS:-org.postgresql.Driver} DB_SCHEME: ${DB_SCHEME:-postgresql} diff --git a/docker/local-metadata/docker-compose.yml b/docker/local-metadata/docker-compose.yml index 6e32f010ec0..4427b43a0e3 100644 --- a/docker/local-metadata/docker-compose.yml +++ b/docker/local-metadata/docker-compose.yml @@ -86,31 +86,6 @@ services: # OpenMetadata Server Airflow Configuration AIRFLOW_HOST: ${AIRFLOW_HOST:-http://ingestion:8080} SERVER_HOST_API_URL: ${SERVER_HOST_API_URL:-http://openmetadata-server:8585/api} - AIRFLOW_AUTH_PROVIDER: ${AIRFLOW_AUTH_PROVIDER:-no-auth} - # OpenMetadata Airflow Azure SSO Configuration - OM_AUTH_AIRFLOW_AZURE_CLIENT_SECRET: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_SECRET:-""} - OM_AUTH_AIRFLOW_AZURE_AUTHORITY_URL: ${OM_AUTH_AIRFLOW_AZURE_AUTHORITY_URL:-""} - OM_AUTH_AIRFLOW_AZURE_SCOPES: ${OM_AUTH_AIRFLOW_AZURE_SCOPES:-[]} - OM_AUTH_AIRFLOW_AZURE_CLIENT_ID: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_ID:-""} - # OpenMetadata Airflow Google SSO Configuration - OM_AUTH_AIRFLOW_GOOGLE_SECRET_KEY_PATH: ${OM_AUTH_AIRFLOW_GOOGLE_SECRET_KEY_PATH:- ""} - OM_AUTH_AIRFLOW_GOOGLE_AUDIENCE: ${OM_AUTH_AIRFLOW_GOOGLE_AUDIENCE:-"https://www.googleapis.com/oauth2/v4/token"} - # OpenMetadata Airflow Okta SSO Configuration - OM_AUTH_AIRFLOW_OKTA_CLIENT_ID: ${OM_AUTH_AIRFLOW_OKTA_CLIENT_ID:-""} - OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL: ${OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL:-""} - OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY: ${OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY:-""} - OM_AUTH_AIRFLOW_OKTA_SA_EMAIL: ${OM_AUTH_AIRFLOW_OKTA_SA_EMAIL:-""} - OM_AUTH_AIRFLOW_OKTA_SCOPES: ${OM_AUTH_AIRFLOW_OKTA_SCOPES:-[]} - # OpenMetadata Airflow Auth0 SSO Configuration - OM_AUTH_AIRFLOW_AUTH0_CLIENT_ID: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_ID:-""} - OM_AUTH_AIRFLOW_AUTH0_CLIENT_SECRET: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_SECRET:-""} - OM_AUTH_AIRFLOW_AUTH0_DOMAIN_URL: ${OM_AUTH_AIRFLOW_AUTH0_DOMAIN_URL:-""} - # OpenMetadata Airflow Custom OIDC SSO Configuration - OM_AUTH_AIRFLOW_CUSTOM_OIDC_CLIENT_ID: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_CLIENT_ID:-""} - OM_AUTH_AIRFLOW_CUSTOM_OIDC_SECRET_KEY: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_SECRET_KEY:-""} - OM_AUTH_AIRFLOW_CUSTOM_OIDC_TOKEN_ENDPOINT_URL: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_TOKEN_ENDPOINT_URL:-""} - # OpenMetadata Airflow JWT Token Configuration - OM_AUTH_JWT_TOKEN: ${OM_AUTH_JWT_TOKEN:-""} # Database configuration for MySQL DB_DRIVER_CLASS: ${DB_DRIVER_CLASS:-com.mysql.cj.jdbc.Driver} DB_SCHEME: ${DB_SCHEME:-mysql} diff --git a/docker/metadata/docker-compose-postgres.yml b/docker/metadata/docker-compose-postgres.yml index 2f1e0ae9afc..a41fe79c2eb 100644 --- a/docker/metadata/docker-compose-postgres.yml +++ b/docker/metadata/docker-compose-postgres.yml @@ -79,31 +79,6 @@ services: # OpenMetadata Server Airflow Configuration AIRFLOW_HOST: ${AIRFLOW_HOST:-http://ingestion:8080} SERVER_HOST_API_URL: ${SERVER_HOST_API_URL:-http://openmetadata-server:8585/api} - AIRFLOW_AUTH_PROVIDER: ${AIRFLOW_AUTH_PROVIDER:-no-auth} - # OpenMetadata Airflow Azure SSO Configuration - OM_AUTH_AIRFLOW_AZURE_CLIENT_SECRET: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_SECRET:-""} - OM_AUTH_AIRFLOW_AZURE_AUTHORITY_URL: ${OM_AUTH_AIRFLOW_AZURE_AUTHORITY_URL:-""} - OM_AUTH_AIRFLOW_AZURE_SCOPES: ${OM_AUTH_AIRFLOW_AZURE_SCOPES:-[]} - OM_AUTH_AIRFLOW_AZURE_CLIENT_ID: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_ID:-""} - # OpenMetadata Airflow Google SSO Configuration - OM_AUTH_AIRFLOW_GOOGLE_SECRET_KEY_PATH: ${OM_AUTH_AIRFLOW_GOOGLE_SECRET_KEY_PATH:- ""} - OM_AUTH_AIRFLOW_GOOGLE_AUDIENCE: ${OM_AUTH_AIRFLOW_GOOGLE_AUDIENCE:-"https://www.googleapis.com/oauth2/v4/token"} - # OpenMetadata Airflow Okta SSO Configuration - OM_AUTH_AIRFLOW_OKTA_CLIENT_ID: ${OM_AUTH_AIRFLOW_OKTA_CLIENT_ID:-""} - OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL: ${OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL:-""} - OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY: ${OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY:-""} - OM_AUTH_AIRFLOW_OKTA_SA_EMAIL: ${OM_AUTH_AIRFLOW_OKTA_SA_EMAIL:-""} - OM_AUTH_AIRFLOW_OKTA_SCOPES: ${OM_AUTH_AIRFLOW_OKTA_SCOPES:-[]} - # OpenMetadata Airflow Auth0 SSO Configuration - OM_AUTH_AIRFLOW_AUTH0_CLIENT_ID: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_ID:-""} - OM_AUTH_AIRFLOW_AUTH0_CLIENT_SECRET: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_SECRET:-""} - OM_AUTH_AIRFLOW_AUTH0_DOMAIN_URL: ${OM_AUTH_AIRFLOW_AUTH0_DOMAIN_URL:-""} - # OpenMetadata Airflow Custom OIDC SSO Configuration - OM_AUTH_AIRFLOW_CUSTOM_OIDC_CLIENT_ID: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_CLIENT_ID:-""} - OM_AUTH_AIRFLOW_CUSTOM_OIDC_SECRET_KEY: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_SECRET_KEY:-""} - OM_AUTH_AIRFLOW_CUSTOM_OIDC_TOKEN_ENDPOINT_URL: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_TOKEN_ENDPOINT_URL:-""} - # OpenMetadata Airflow JWT Token Configuration - OM_AUTH_JWT_TOKEN: ${OM_AUTH_JWT_TOKEN:-""} #Database configuration for postgresql DB_DRIVER_CLASS: ${DB_DRIVER_CLASS:-org.postgresql.Driver} DB_SCHEME: ${DB_SCHEME:-postgresql} diff --git a/docker/metadata/docker-compose.yml b/docker/metadata/docker-compose.yml index 477f6ca1fed..d7f01419bbe 100644 --- a/docker/metadata/docker-compose.yml +++ b/docker/metadata/docker-compose.yml @@ -75,31 +75,6 @@ services: # OpenMetadata Server Airflow Configuration AIRFLOW_HOST: ${AIRFLOW_HOST:-http://ingestion:8080} SERVER_HOST_API_URL: ${SERVER_HOST_API_URL:-http://openmetadata-server:8585/api} - AIRFLOW_AUTH_PROVIDER: ${AIRFLOW_AUTH_PROVIDER:-no-auth} - # OpenMetadata Airflow Azure SSO Configuration - OM_AUTH_AIRFLOW_AZURE_CLIENT_SECRET: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_SECRET:-""} - OM_AUTH_AIRFLOW_AZURE_AUTHORITY_URL: ${OM_AUTH_AIRFLOW_AZURE_AUTHORITY_URL:-""} - OM_AUTH_AIRFLOW_AZURE_SCOPES: ${OM_AUTH_AIRFLOW_AZURE_SCOPES:-[]} - OM_AUTH_AIRFLOW_AZURE_CLIENT_ID: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_ID:-""} - # OpenMetadata Airflow Google SSO Configuration - OM_AUTH_AIRFLOW_GOOGLE_SECRET_KEY_PATH: ${OM_AUTH_AIRFLOW_GOOGLE_SECRET_KEY_PATH:- ""} - OM_AUTH_AIRFLOW_GOOGLE_AUDIENCE: ${OM_AUTH_AIRFLOW_GOOGLE_AUDIENCE:-"https://www.googleapis.com/oauth2/v4/token"} - # OpenMetadata Airflow Okta SSO Configuration - OM_AUTH_AIRFLOW_OKTA_CLIENT_ID: ${OM_AUTH_AIRFLOW_OKTA_CLIENT_ID:-""} - OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL: ${OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL:-""} - OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY: ${OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY:-""} - OM_AUTH_AIRFLOW_OKTA_SA_EMAIL: ${OM_AUTH_AIRFLOW_OKTA_SA_EMAIL:-""} - OM_AUTH_AIRFLOW_OKTA_SCOPES: ${OM_AUTH_AIRFLOW_OKTA_SCOPES:-[]} - # OpenMetadata Airflow Auth0 SSO Configuration - OM_AUTH_AIRFLOW_AUTH0_CLIENT_ID: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_ID:-""} - OM_AUTH_AIRFLOW_AUTH0_CLIENT_SECRET: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_SECRET:-""} - OM_AUTH_AIRFLOW_AUTH0_DOMAIN_URL: ${OM_AUTH_AIRFLOW_AUTH0_DOMAIN_URL:-""} - # OpenMetadata Airflow Custom OIDC SSO Configuration - OM_AUTH_AIRFLOW_CUSTOM_OIDC_CLIENT_ID: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_CLIENT_ID:-""} - OM_AUTH_AIRFLOW_CUSTOM_OIDC_SECRET_KEY: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_SECRET_KEY:-""} - OM_AUTH_AIRFLOW_CUSTOM_OIDC_TOKEN_ENDPOINT_URL: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_TOKEN_ENDPOINT_URL:-""} - # OpenMetadata Airflow JWT Token Configuration - OM_AUTH_JWT_TOKEN: ${OM_AUTH_JWT_TOKEN:-""} # Database configuration for MySQL DB_DRIVER_CLASS: ${DB_DRIVER_CLASS:-com.mysql.cj.jdbc.Driver} DB_SCHEME: ${DB_SCHEME:-mysql} diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/util/UserUtil.java b/openmetadata-service/src/main/java/org/openmetadata/service/util/UserUtil.java index 94b0e8ab820..46b908733c7 100644 --- a/openmetadata-service/src/main/java/org/openmetadata/service/util/UserUtil.java +++ b/openmetadata-service/src/main/java/org/openmetadata/service/util/UserUtil.java @@ -18,8 +18,8 @@ import java.util.Objects; import java.util.Set; import java.util.UUID; import lombok.extern.slf4j.Slf4j; +import org.openmetadata.api.configuration.airflow.AuthConfiguration; import org.openmetadata.schema.api.configuration.airflow.AirflowConfiguration; -import org.openmetadata.schema.api.security.AuthenticationConfiguration; import org.openmetadata.schema.auth.BasicAuthMechanism; import org.openmetadata.schema.auth.JWTAuthMechanism; import org.openmetadata.schema.auth.JWTTokenExpiry; @@ -140,58 +140,57 @@ public final class UserUtil { */ public static User addOrUpdateBotUser(User user, OpenMetadataApplicationConfig openMetadataApplicationConfig) { User originalUser = retrieveWithAuthMechanism(user); - // the user did not have an auth mechanism + AirflowConfiguration airflowConfig = openMetadataApplicationConfig.getAirflowConfiguration(); AuthenticationMechanism authMechanism = originalUser != null ? originalUser.getAuthenticationMechanism() : null; - if (authMechanism == null) { - AuthenticationConfiguration authConfig = openMetadataApplicationConfig.getAuthenticationConfiguration(); - AirflowConfiguration airflowConfig = openMetadataApplicationConfig.getAirflowConfiguration(); + // the user did not have an auth mechanism and auth config is present + if (authConfigPresent(airflowConfig) && authMechanism == null) { + AuthConfiguration authConfig = airflowConfig.getAuthConfig(); + String currentAuthProvider = openMetadataApplicationConfig.getAuthenticationConfiguration().getProvider(); // if the auth provider is "openmetadata" in the configuration set JWT as auth mechanism - if ("openmetadata".equals(airflowConfig.getAuthProvider()) && !"basic".equals(authConfig.getProvider())) { - OpenMetadataJWTClientConfig jwtClientConfig = airflowConfig.getAuthConfig().getOpenmetadata(); + if ("openmetadata".equals(airflowConfig.getAuthProvider()) && !"basic".equals(currentAuthProvider)) { + OpenMetadataJWTClientConfig jwtClientConfig = authConfig.getOpenmetadata(); authMechanism = buildAuthMechanism(JWT, buildJWTAuthMechanism(jwtClientConfig, user)); - } else { - // Otherwise, set auth mechanism from airflow configuration // TODO: https://github.com/open-metadata/OpenMetadata/issues/7712 - if (airflowConfig.getAuthConfig() != null && !"basic".equals(authConfig.getProvider())) { - switch (authConfig.getProvider()) { - case "no-auth": - break; - case "azure": - authMechanism = - buildAuthMechanism(SSO, buildAuthMechanismConfig(AZURE, airflowConfig.getAuthConfig().getAzure())); - break; - case "google": - authMechanism = - buildAuthMechanism(SSO, buildAuthMechanismConfig(GOOGLE, airflowConfig.getAuthConfig().getGoogle())); - break; - case "okta": - authMechanism = - buildAuthMechanism(SSO, buildAuthMechanismConfig(OKTA, airflowConfig.getAuthConfig().getOkta())); - break; - case "auth0": - authMechanism = - buildAuthMechanism(SSO, buildAuthMechanismConfig(AUTH_0, airflowConfig.getAuthConfig().getAuth0())); - break; - case "custom-oidc": - authMechanism = - buildAuthMechanism( - SSO, buildAuthMechanismConfig(CUSTOM_OIDC, airflowConfig.getAuthConfig().getCustomOidc())); - break; - default: - throw new IllegalArgumentException( - String.format( - "Unexpected auth provider [%s] for bot [%s]", authConfig.getProvider(), user.getName())); - } - } else if ("basic".equals(authConfig.getProvider())) { - authMechanism = buildAuthMechanism(JWT, buildJWTAuthMechanism(null, user)); + } else if (!"basic".equals(currentAuthProvider)) { + switch (currentAuthProvider) { + case "no-auth": + break; + case "azure": + authMechanism = buildAuthMechanism(SSO, buildAuthMechanismConfig(AZURE, authConfig.getAzure())); + break; + case "google": + authMechanism = buildAuthMechanism(SSO, buildAuthMechanismConfig(GOOGLE, authConfig.getGoogle())); + break; + case "okta": + authMechanism = buildAuthMechanism(SSO, buildAuthMechanismConfig(OKTA, authConfig.getOkta())); + break; + case "auth0": + authMechanism = buildAuthMechanism(SSO, buildAuthMechanismConfig(AUTH_0, authConfig.getAuth0())); + break; + case "custom-oidc": + authMechanism = buildAuthMechanism(SSO, buildAuthMechanismConfig(CUSTOM_OIDC, authConfig.getCustomOidc())); + break; + default: + throw new IllegalArgumentException( + String.format("Unexpected auth provider [%s] for bot [%s]", currentAuthProvider, user.getName())); } + } else { + authMechanism = buildAuthMechanism(JWT, buildJWTAuthMechanism(null, user)); + } + } else { + // if auth config not present in airflow configuration and the user did not have an auth mechanism + if (authMechanism == null) { + authMechanism = buildAuthMechanism(JWT, buildJWTAuthMechanism(null, user)); } } user.setAuthenticationMechanism(authMechanism); user.setDescription(user.getDescription()); user.setDisplayName(user.getDisplayName()); - user.setUpdatedBy(ADMIN_USER_NAME); - return UserUtil.addOrUpdateUser(user); + return addOrUpdateUser(user); + } + + private static boolean authConfigPresent(AirflowConfiguration airflowConfig) { + return airflowConfig != null && airflowConfig.getAuthConfig() != null; } private static JWTAuthMechanism buildJWTAuthMechanism(OpenMetadataJWTClientConfig jwtClientConfig, User user) {