mirror of
https://github.com/open-metadata/OpenMetadata.git
synced 2025-12-05 03:54:23 +00:00
fix: OpenMetadata Airflow config with SSO (#4197)
This commit is contained in:
Akash Jain
GitHub
parent
228a508f03
commit
ff26b6d93e
@ -149,12 +149,34 @@ eventHandlerConfiguration:
|
||||
- "org.openmetadata.catalog.events.ChangeEventHandler"
|
||||
|
||||
airflowConfiguration:
|
||||
apiEndpoint: http://${AIRFLOW_HOST:-localhost}:${AIRFLOW_PORT:-8080}
|
||||
apiEndpoint: ${AIRFLOW_HOST:-http://localhost:8080}
|
||||
username: ${AIRFLOW_USERNAME:-admin}
|
||||
password: ${AIRFLOW_PASSWORD:-admin}
|
||||
metadataApiEndpoint: http://${SERVER_HOST:-localhost}:${SERVER_PORT:-8585}/api
|
||||
authProvider: "no-auth"
|
||||
|
||||
metadataApiEndpoint: ${SERVER_HOST:-http://localhost:8585/api}
|
||||
authProvider: ${AIRFLOW_AUTH_PROVIDER:-"no-auth"} # Possible values are "no-auth", "azure", "google", "okta", "auth0", "customOidc"
|
||||
authConfig:
|
||||
azure:
|
||||
clientSecret: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_SECRET:-""}
|
||||
authority: ${OM_AUTH_AIRFLOW_AZURE_AUTHORITY_URL:-""}
|
||||
scopes: ${OM_AUTH_AIRFLOW_AZURE_SCOPES:-[]}
|
||||
clientId: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_ID:-""}
|
||||
google:
|
||||
secretKey: ${OM_AUTH_AIRFLOW_GOOGLE_SECRET_KEY_PATH:- ""}
|
||||
audience: ${OM_AUTH_AIRFLOW_GOOGLE_AUDIENCE:-""}
|
||||
okta:
|
||||
clientId: ${OM_AUTH_AIRFLOW_OKTA_CLIENT_ID:-""}
|
||||
orgURL: ${OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL:-""}
|
||||
privateKey: ${OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY:-""}
|
||||
email: ${OM_AUTH_AIRFLOW_OKTA_SA_EMAIL:-""}
|
||||
scopes: ${OM_AUTH_AIRFLOW_OKTA_SCOPES:-[]}
|
||||
auth0:
|
||||
clientId: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_ID:-""}
|
||||
secretKey: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_SECRET:-""}
|
||||
domain: ${OM_AUTH_AIRFLOW_AUTH0_DOMAIN_URL:-""}
|
||||
customOidc:
|
||||
clientId: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_CLIENT_ID:-""}
|
||||
secretKey: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_SECRET_KEY_PATH:-""}
|
||||
tokenEndpoint: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_TOKEN_ENDPOINT_URL:-""}
|
||||
|
||||
slackEventPublishers:
|
||||
- name: "slack events"
|
||||
|
||||
@ -54,7 +54,7 @@ services:
|
||||
container_name: openmetadata_server
|
||||
environment:
|
||||
ELASTICSEARCH_HOST: elasticsearch
|
||||
AIRFLOW_HOST: ingestion
|
||||
# OpenMetadata Server Authentication Configuration
|
||||
AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.catalog.security.NoopAuthorizer}
|
||||
AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.catalog.security.NoopFilter}
|
||||
AUTHORIZER_ADMIN_PRINCIPALS: ${AUTHORIZER_ADMIN_PRINCIPALS:-admin}
|
||||
@ -65,6 +65,32 @@ services:
|
||||
AUTHENTICATION_AUTHORITY: ${AUTHENTICATION_AUTHORITY:-https://accounts.google.com}
|
||||
AUTHENTICATION_CLIENT_ID: ${AUTHENTICATION_CLIENT_ID:-""}
|
||||
AUTHENTICATION_CALLBACK_URL: ${AUTHENTICATION_CALLBACK_URL:-""}
|
||||
# OpenMetadata Server Airflow Configuration
|
||||
AIRFLOW_HOST: ${AIRFLOW_HOST:-http://ingestion:8080}
|
||||
SERVER_HOST: ${SERVER_HOST:-http://localhost:8585/api}
|
||||
# OpenMetadata Airflow Azure SSO Configuration
|
||||
AIRFLOW_AUTH_PROVIDER: ${AIRFLOW_AUTH_PROVIDER:-no-auth}
|
||||
OM_AUTH_AIRFLOW_AZURE_CLIENT_SECRET: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_SECRET:-""}
|
||||
OM_AUTH_AIRFLOW_AZURE_AUTHORITY_URL: ${OM_AUTH_AIRFLOW_AZURE_AUTHORITY_URL:-""}
|
||||
OM_AUTH_AIRFLOW_AZURE_SCOPES: ${OM_AUTH_AIRFLOW_AZURE_SCOPES:-[]}
|
||||
OM_AUTH_AIRFLOW_AZURE_CLIENT_ID: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_ID:-""}
|
||||
# OpenMetadata Airflow Google SSO Configuration
|
||||
OM_AUTH_AIRFLOW_GOOGLE_SECRET_KEY_PATH: ${OM_AUTH_AIRFLOW_GOOGLE_SECRET_KEY_PATH:- ""}
|
||||
OM_AUTH_AIRFLOW_GOOGLE_AUDIENCE: ${OM_AUTH_AIRFLOW_GOOGLE_AUDIENCE:-""}
|
||||
# OpenMetadata Airflow Okta SSO Configuration
|
||||
OM_AUTH_AIRFLOW_OKTA_CLIENT_ID: ${OM_AUTH_AIRFLOW_OKTA_CLIENT_ID:-""}
|
||||
OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL: ${OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL:-""}
|
||||
OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY: ${OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY:-""}
|
||||
OM_AUTH_AIRFLOW_OKTA_SA_EMAIL: ${OM_AUTH_AIRFLOW_OKTA_SA_EMAIL:-""}
|
||||
OM_AUTH_AIRFLOW_OKTA_SCOPES: ${OM_AUTH_AIRFLOW_OKTA_SCOPES:-[]}
|
||||
# OpenMetadata Airflow Auth0 SSO Configuration
|
||||
OM_AUTH_AIRFLOW_AUTH0_CLIENT_ID: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_ID:-""}
|
||||
OM_AUTH_AIRFLOW_AUTH0_CLIENT_SECRET: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_SECRET:-""}
|
||||
OM_AUTH_AIRFLOW_AUTH0_DOMAIN_URL: ${OM_AUTH_AIRFLOW_AUTH0_DOMAIN_URL:-""}
|
||||
# OpenMetadata Airflow Custom OIDC SSO Configuration
|
||||
OM_AUTH_AIRFLOW_CUSTOM_OIDC_CLIENT_ID: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_CLIENT_ID:-""}
|
||||
OM_AUTH_AIRFLOW_CUSTOM_OIDC_SECRET_KEY_PATH: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_SECRET_KEY_PATH:-""}
|
||||
OM_AUTH_AIRFLOW_CUSTOM_OIDC_TOKEN_ENDPOINT_URL: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_TOKEN_ENDPOINT_URL:-""}
|
||||
expose:
|
||||
- 8585
|
||||
- 9200
|
||||
|
||||
@ -43,7 +43,7 @@ services:
|
||||
image: openmetadata/server:0.9.1
|
||||
environment:
|
||||
ELASTICSEARCH_HOST: elasticsearch
|
||||
AIRFLOW_HOST: ingestion
|
||||
# OpenMetadata Server Authentication Configuration
|
||||
AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.catalog.security.NoopAuthorizer}
|
||||
AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.catalog.security.NoopFilter}
|
||||
AUTHORIZER_ADMIN_PRINCIPALS: ${AUTHORIZER_ADMIN_PRINCIPALS:-admin}
|
||||
@ -54,6 +54,32 @@ services:
|
||||
AUTHENTICATION_AUTHORITY: ${AUTHENTICATION_AUTHORITY:-https://accounts.google.com}
|
||||
AUTHENTICATION_CLIENT_ID: ${AUTHENTICATION_CLIENT_ID:-""}
|
||||
AUTHENTICATION_CALLBACK_URL: ${AUTHENTICATION_CALLBACK_URL:-""}
|
||||
# OpenMetadata Server Airflow Configuration
|
||||
AIRFLOW_HOST: ${AIRFLOW_HOST:-http://ingestion:8080}
|
||||
SERVER_HOST: ${SERVER_HOST:-http://localhost:8585/api}
|
||||
# OpenMetadata Airflow Azure SSO Configuration
|
||||
AIRFLOW_AUTH_PROVIDER: ${AIRFLOW_AUTH_PROVIDER:-no-auth}
|
||||
OM_AUTH_AIRFLOW_AZURE_CLIENT_SECRET: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_SECRET:-""}
|
||||
OM_AUTH_AIRFLOW_AZURE_AUTHORITY_URL: ${OM_AUTH_AIRFLOW_AZURE_AUTHORITY_URL:-""}
|
||||
OM_AUTH_AIRFLOW_AZURE_SCOPES: ${OM_AUTH_AIRFLOW_AZURE_SCOPES:-[]}
|
||||
OM_AUTH_AIRFLOW_AZURE_CLIENT_ID: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_ID:-""}
|
||||
# OpenMetadata Airflow Google SSO Configuration
|
||||
OM_AUTH_AIRFLOW_GOOGLE_SECRET_KEY_PATH: ${OM_AUTH_AIRFLOW_GOOGLE_SECRET_KEY_PATH:- ""}
|
||||
OM_AUTH_AIRFLOW_GOOGLE_AUDIENCE: ${OM_AUTH_AIRFLOW_GOOGLE_AUDIENCE:-""}
|
||||
# OpenMetadata Airflow Okta SSO Configuration
|
||||
OM_AUTH_AIRFLOW_OKTA_CLIENT_ID: ${OM_AUTH_AIRFLOW_OKTA_CLIENT_ID:-""}
|
||||
OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL: ${OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL:-""}
|
||||
OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY: ${OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY:-""}
|
||||
OM_AUTH_AIRFLOW_OKTA_SA_EMAIL: ${OM_AUTH_AIRFLOW_OKTA_SA_EMAIL:-""}
|
||||
OM_AUTH_AIRFLOW_OKTA_SCOPES: ${OM_AUTH_AIRFLOW_OKTA_SCOPES:-[]}
|
||||
# OpenMetadata Airflow Auth0 SSO Configuration
|
||||
OM_AUTH_AIRFLOW_AUTH0_CLIENT_ID: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_ID:-""}
|
||||
OM_AUTH_AIRFLOW_AUTH0_CLIENT_SECRET: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_SECRET:-""}
|
||||
OM_AUTH_AIRFLOW_AUTH0_DOMAIN_URL: ${OM_AUTH_AIRFLOW_AUTH0_DOMAIN_URL:-""}
|
||||
# OpenMetadata Airflow Custom OIDC SSO Configuration
|
||||
OM_AUTH_AIRFLOW_CUSTOM_OIDC_CLIENT_ID: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_CLIENT_ID:-""}
|
||||
OM_AUTH_AIRFLOW_CUSTOM_OIDC_SECRET_KEY_PATH: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_SECRET_KEY_PATH:-""}
|
||||
OM_AUTH_AIRFLOW_CUSTOM_OIDC_TOKEN_ENDPOINT_URL: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_TOKEN_ENDPOINT_URL:-""}
|
||||
expose:
|
||||
- 8585
|
||||
- 9200
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user