Fix #3236: Add support for secure docker compose with an env file (#3241)

* Fix #3236: Add support for secure docker compose with an env file
2025-08-18 05:57:17 +00:00 · 2022-03-08 07:05:31 -08:00 · 2022-03-08 07:05:31 -08:00 · f0927ecebb
commit f0927ecebb
parent 37d93316ae
5 changed files with 40 additions and 4 deletions
--- a/conf/openmetadata.yaml
+++ b/conf/openmetadata.yaml
@ -120,7 +120,7 @@ authorizerConfiguration:
  adminPrincipals:
    - ${AUTHORIZER_ADMIN_PRINCIPALS:-admin}
  botPrincipals:
-    - ${AUTHORIZER_INGESTION_PRINCIPAL:-ingestion-bot]}
+    - ${AUTHORIZER_INGESTION_PRINCIPAL:-ingestion-bot}
  principalDomain: ${AUTHORIZER_PRINCIPAL_DOMAIN:-""}

 authenticationConfiguration:
--- a/docker/local-metadata/docker-compose.yml
+++ b/docker/local-metadata/docker-compose.yml
@ -53,6 +53,16 @@ services:
    environment:
      ELASTICSEARCH_HOST: elasticsearch
      AIRFLOW_HOST: ingestion
+      AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.catalog.security.NoopAuthorizer}
+      AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.catalog.security.NoopFilter}
+      AUTHORIZER_ADMIN_PRINCIPALS: ${AUTHORIZER_ADMIN_PRINCIPALS:-admin}
+      AUTHORIZER_INGESTION_PRINCIPAL: ${AUTHORIZER_INGESTION_PRINCIPAL:-ingestion-bot}
+      AUTHORIZER_PRINCIPAL_DOMAIN: ${AUTHORIZER_PRINCIPAL_DOMAIN:-""}
+      AUTHENTICATION_PROVIDER: ${AUTHENTICATION_PROVIDER:-no-auth}
+      AUTHENTICATION_PUBLIC_KEY: ${AUTHENTICATION_PUBLIC_KEY:-https://www.googleapis.com/oauth2/v3/certs}
+      AUTHENTICATION_AUTHORITY: ${AUTHENTICATION_AUTHORITY:-https://accounts.google.com}
+      AUTHENTICATION_CLIENT_ID: ${AUTHENTICATION_CLIENT_ID:-""}
+      AUTHENTICATION_CALLBACK_URL: ${AUTHENTICATION_CALLBACK_URL:-""}
    expose:
      - 8585
      - 9200
--- a/docker/metadata/docker-compose.yml
+++ b/docker/metadata/docker-compose.yml
@ -44,6 +44,16 @@ services:
    environment:
      ELASTICSEARCH_HOST: elasticsearch
      AIRFLOW_HOST: ingestion
+      AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.catalog.security.NoopAuthorizer}
+      AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.catalog.security.NoopFilter}
+      AUTHORIZER_ADMIN_PRINCIPALS: ${AUTHORIZER_ADMIN_PRINCIPALS:-admin}
+      AUTHORIZER_INGESTION_PRINCIPAL: ${AUTHORIZER_INGESTION_PRINCIPAL:-ingestion-bot}
+      AUTHORIZER_PRINCIPAL_DOMAIN: ${AUTHORIZER_PRINCIPAL_DOMAIN:-""}
+      AUTHENTICATION_PROVIDER: ${AUTHENTICATION_PROVIDER:-no-auth}
+      AUTHENTICATION_PUBLIC_KEY: ${AUTHENTICATION_PUBLIC_KEY:-https://www.googleapis.com/oauth2/v3/certs}
+      AUTHENTICATION_AUTHORITY: ${AUTHENTICATION_AUTHORITY:-https://accounts.google.com}
+      AUTHENTICATION_CLIENT_ID: ${AUTHENTICATION_CLIENT_ID:-""}
+      AUTHENTICATION_CALLBACK_URL: ${AUTHENTICATION_CALLBACK_URL:-""}
    expose:
      - 8585
      - 9200
--- a/ingestion/src/metadata/cli/docker.py
+++ b/ingestion/src/metadata/cli/docker.py
@ -24,7 +24,7 @@ calc_gb = 1024 * 1024 * 1000
 min_memory_limit = 3 * calc_gb


-def run_docker(start, stop, pause, resume, clean, file_path):
+def run_docker(start, stop, pause, resume, clean, file_path, env_file_path):
    try:
        from python_on_whales import DockerClient

@ -69,10 +69,19 @@ def run_docker(start, stop, pause, resume, clean, file_path):
                logger.info(f"Using docker compose file from {file_path}")
                docker_compose_file_path = pathlib.Path(file_path)

+        env_file = None
+        if env_file_path is not None:
+            if env_file_path == "":
+                raise ValueError("Please provide path to env file")
+            else:
+                logger.info(f"Using env file from {env_file_path}")
+                env_file = pathlib.Path(env_file_path)
+
        # Set up Docker Client Config with docker compose file path
        docker = DockerClient(
            compose_project_name="openmetadata",
            compose_files=[docker_compose_file_path],
+            compose_env_file=env_file,
        )

        if start:
--- a/ingestion/src/metadata/cmd.py
+++ b/ingestion/src/metadata/cmd.py
@ -190,13 +190,20 @@ def report(config: str) -> None:
    type=click.Path(exists=True, dir_okay=False),
    required=False,
 )
-def docker(start, stop, pause, resume, clean, file_path) -> None:
+@click.option(
+    "-env-file",
+    "--env-file-path",
+    help="Path to env file containing the environment variables",
+    type=click.Path(exists=True, dir_okay=False),
+    required=False,
+)
+def docker(start, stop, pause, resume, clean, file_path, env_file_path) -> None:
    """
    Checks Docker Memory Allocation
    Run Latest Release Docker - metadata docker --start
    Run Local Docker - metadata docker --start -f path/to/docker-compose.yml
    """
-    run_docker(start, stop, pause, resume, clean, file_path)
+    run_docker(start, stop, pause, resume, clean, file_path, env_file_path)


@metadata.command()