yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-08-24 00:48:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix #3236: Add support for secure docker compose with an env file (#3241)

Browse Source 
* Fix #3236: Add support for secure docker compose with an env file
This commit is contained in:
Vivek Ratnavel Subramanian 2022-03-08 07:05:31 -08:00 committed by GitHub
parent 37d93316ae
commit f0927ecebb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 40 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
conf/openmetadata.yaml
View File

@ -120,7 +120,7 @@ authorizerConfiguration:
adminPrincipals: adminPrincipals:
- ${AUTHORIZER_ADMIN_PRINCIPALS:-admin} - ${AUTHORIZER_ADMIN_PRINCIPALS:-admin}
botPrincipals: botPrincipals:
- ${AUTHORIZER_INGESTION_PRINCIPAL:-ingestion-bot]} - ${AUTHORIZER_INGESTION_PRINCIPAL:-ingestion-bot}
principalDomain: ${AUTHORIZER_PRINCIPAL_DOMAIN:-""} principalDomain: ${AUTHORIZER_PRINCIPAL_DOMAIN:-""}
authenticationConfiguration: authenticationConfiguration:

10
docker/local-metadata/docker-compose.yml
View File

@ -53,6 +53,16 @@ services:
environment: environment:
ELASTICSEARCH_HOST: elasticsearch ELASTICSEARCH_HOST: elasticsearch
AIRFLOW_HOST: ingestion AIRFLOW_HOST: ingestion
AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.catalog.security.NoopAuthorizer}
AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.catalog.security.NoopFilter}
AUTHORIZER_ADMIN_PRINCIPALS: ${AUTHORIZER_ADMIN_PRINCIPALS:-admin}
AUTHORIZER_INGESTION_PRINCIPAL: ${AUTHORIZER_INGESTION_PRINCIPAL:-ingestion-bot}
AUTHORIZER_PRINCIPAL_DOMAIN: ${AUTHORIZER_PRINCIPAL_DOMAIN:-""}
AUTHENTICATION_PROVIDER: ${AUTHENTICATION_PROVIDER:-no-auth}
AUTHENTICATION_PUBLIC_KEY: ${AUTHENTICATION_PUBLIC_KEY:-https://www.googleapis.com/oauth2/v3/certs}
AUTHENTICATION_AUTHORITY: ${AUTHENTICATION_AUTHORITY:-https://accounts.google.com}
AUTHENTICATION_CLIENT_ID: ${AUTHENTICATION_CLIENT_ID:-""}
AUTHENTICATION_CALLBACK_URL: ${AUTHENTICATION_CALLBACK_URL:-""}
expose: expose:
- 8585 - 8585
- 9200 - 9200

10
docker/metadata/docker-compose.yml
View File

@ -44,6 +44,16 @@ services:
environment: environment:
ELASTICSEARCH_HOST: elasticsearch ELASTICSEARCH_HOST: elasticsearch
AIRFLOW_HOST: ingestion AIRFLOW_HOST: ingestion
AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.catalog.security.NoopAuthorizer}
AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.catalog.security.NoopFilter}
AUTHORIZER_ADMIN_PRINCIPALS: ${AUTHORIZER_ADMIN_PRINCIPALS:-admin}
AUTHORIZER_INGESTION_PRINCIPAL: ${AUTHORIZER_INGESTION_PRINCIPAL:-ingestion-bot}
AUTHORIZER_PRINCIPAL_DOMAIN: ${AUTHORIZER_PRINCIPAL_DOMAIN:-""}
AUTHENTICATION_PROVIDER: ${AUTHENTICATION_PROVIDER:-no-auth}
AUTHENTICATION_PUBLIC_KEY: ${AUTHENTICATION_PUBLIC_KEY:-https://www.googleapis.com/oauth2/v3/certs}
AUTHENTICATION_AUTHORITY: ${AUTHENTICATION_AUTHORITY:-https://accounts.google.com}
AUTHENTICATION_CLIENT_ID: ${AUTHENTICATION_CLIENT_ID:-""}
AUTHENTICATION_CALLBACK_URL: ${AUTHENTICATION_CALLBACK_URL:-""}
expose: expose:
- 8585 - 8585
- 9200 - 9200

11
ingestion/src/metadata/cli/docker.py
View File

@ -24,7 +24,7 @@ calc_gb = 1024 * 1024 * 1000
min_memory_limit = 3 * calc_gb min_memory_limit = 3 * calc_gb
def run_docker(start, stop, pause, resume, clean, file_path): def run_docker(start, stop, pause, resume, clean, file_path, env_file_path):
try: try:
from python_on_whales import DockerClient from python_on_whales import DockerClient
@ -69,10 +69,19 @@ def run_docker(start, stop, pause, resume, clean, file_path):
logger.info(f"Using docker compose file from {file_path}") logger.info(f"Using docker compose file from {file_path}")
docker_compose_file_path = pathlib.Path(file_path) docker_compose_file_path = pathlib.Path(file_path)
env_file = None
if env_file_path is not None:
if env_file_path == "":
raise ValueError("Please provide path to env file")
else:
logger.info(f"Using env file from {env_file_path}")
env_file = pathlib.Path(env_file_path)
# Set up Docker Client Config with docker compose file path # Set up Docker Client Config with docker compose file path
docker = DockerClient( docker = DockerClient(
compose_project_name="openmetadata", compose_project_name="openmetadata",
compose_files=[docker_compose_file_path], compose_files=[docker_compose_file_path],
compose_env_file=env_file,
) )
if start: if start:

11
ingestion/src/metadata/cmd.py
View File

@ -190,13 +190,20 @@ def report(config: str) -> None:
type=click.Path(exists=True, dir_okay=False), type=click.Path(exists=True, dir_okay=False),
required=False, required=False,
) )
def docker(start, stop, pause, resume, clean, file_path) -> None: @click.option(
"-env-file",
"--env-file-path",
help="Path to env file containing the environment variables",
type=click.Path(exists=True, dir_okay=False),
required=False,
)
def docker(start, stop, pause, resume, clean, file_path, env_file_path) -> None:
""" """
Checks Docker Memory Allocation Checks Docker Memory Allocation
Run Latest Release Docker - metadata docker --start Run Latest Release Docker - metadata docker --start
Run Local Docker - metadata docker --start -f path/to/docker-compose.yml Run Local Docker - metadata docker --start -f path/to/docker-compose.yml
""" """
run_docker(start, stop, pause, resume, clean, file_path) run_docker(start, stop, pause, resume, clean, file_path, env_file_path)
@metadata.command() @metadata.command()