mirror of
https://github.com/open-metadata/OpenMetadata.git
synced 2025-12-07 21:17:07 +00:00
fix: OpenMetadata Airflow config with SSO (#4197)
This commit is contained in:
Akash Jain
GitHub
parent
228a508f03
commit
ff26b6d93e
@ -149,12 +149,34 @@ eventHandlerConfiguration:
|
|||||||
- "org.openmetadata.catalog.events.ChangeEventHandler"
|
- "org.openmetadata.catalog.events.ChangeEventHandler"
|
||||||
|
|
||||||
airflowConfiguration:
|
airflowConfiguration:
|
||||||
apiEndpoint: http://${AIRFLOW_HOST:-localhost}:${AIRFLOW_PORT:-8080}
|
apiEndpoint: ${AIRFLOW_HOST:-http://localhost:8080}
|
||||||
username: ${AIRFLOW_USERNAME:-admin}
|
username: ${AIRFLOW_USERNAME:-admin}
|
||||||
password: ${AIRFLOW_PASSWORD:-admin}
|
password: ${AIRFLOW_PASSWORD:-admin}
|
||||||
metadataApiEndpoint: http://${SERVER_HOST:-localhost}:${SERVER_PORT:-8585}/api
|
metadataApiEndpoint: ${SERVER_HOST:-http://localhost:8585/api}
|
||||||
authProvider: "no-auth"
|
authProvider: ${AIRFLOW_AUTH_PROVIDER:-"no-auth"} # Possible values are "no-auth", "azure", "google", "okta", "auth0", "customOidc"
|
||||||
|
authConfig:
|
||||||
|
azure:
|
||||||
|
clientSecret: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_SECRET:-""}
|
||||||
|
authority: ${OM_AUTH_AIRFLOW_AZURE_AUTHORITY_URL:-""}
|
||||||
|
scopes: ${OM_AUTH_AIRFLOW_AZURE_SCOPES:-[]}
|
||||||
|
clientId: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_ID:-""}
|
||||||
|
google:
|
||||||
|
secretKey: ${OM_AUTH_AIRFLOW_GOOGLE_SECRET_KEY_PATH:- ""}
|
||||||
|
audience: ${OM_AUTH_AIRFLOW_GOOGLE_AUDIENCE:-""}
|
||||||
|
okta:
|
||||||
|
clientId: ${OM_AUTH_AIRFLOW_OKTA_CLIENT_ID:-""}
|
||||||
|
orgURL: ${OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL:-""}
|
||||||
|
privateKey: ${OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY:-""}
|
||||||
|
email: ${OM_AUTH_AIRFLOW_OKTA_SA_EMAIL:-""}
|
||||||
|
scopes: ${OM_AUTH_AIRFLOW_OKTA_SCOPES:-[]}
|
||||||
|
auth0:
|
||||||
|
clientId: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_ID:-""}
|
||||||
|
secretKey: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_SECRET:-""}
|
||||||
|
domain: ${OM_AUTH_AIRFLOW_AUTH0_DOMAIN_URL:-""}
|
||||||
|
customOidc:
|
||||||
|
clientId: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_CLIENT_ID:-""}
|
||||||
|
secretKey: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_SECRET_KEY_PATH:-""}
|
||||||
|
tokenEndpoint: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_TOKEN_ENDPOINT_URL:-""}
|
||||||
|
|
||||||
slackEventPublishers:
|
slackEventPublishers:
|
||||||
- name: "slack events"
|
- name: "slack events"
|
||||||
|
|||||||
@ -54,7 +54,7 @@ services:
|
|||||||
container_name: openmetadata_server
|
container_name: openmetadata_server
|
||||||
environment:
|
environment:
|
||||||
ELASTICSEARCH_HOST: elasticsearch
|
ELASTICSEARCH_HOST: elasticsearch
|
||||||
AIRFLOW_HOST: ingestion
|
# OpenMetadata Server Authentication Configuration
|
||||||
AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.catalog.security.NoopAuthorizer}
|
AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.catalog.security.NoopAuthorizer}
|
||||||
AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.catalog.security.NoopFilter}
|
AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.catalog.security.NoopFilter}
|
||||||
AUTHORIZER_ADMIN_PRINCIPALS: ${AUTHORIZER_ADMIN_PRINCIPALS:-admin}
|
AUTHORIZER_ADMIN_PRINCIPALS: ${AUTHORIZER_ADMIN_PRINCIPALS:-admin}
|
||||||
@ -65,6 +65,32 @@ services:
|
|||||||
AUTHENTICATION_AUTHORITY: ${AUTHENTICATION_AUTHORITY:-https://accounts.google.com}
|
AUTHENTICATION_AUTHORITY: ${AUTHENTICATION_AUTHORITY:-https://accounts.google.com}
|
||||||
AUTHENTICATION_CLIENT_ID: ${AUTHENTICATION_CLIENT_ID:-""}
|
AUTHENTICATION_CLIENT_ID: ${AUTHENTICATION_CLIENT_ID:-""}
|
||||||
AUTHENTICATION_CALLBACK_URL: ${AUTHENTICATION_CALLBACK_URL:-""}
|
AUTHENTICATION_CALLBACK_URL: ${AUTHENTICATION_CALLBACK_URL:-""}
|
||||||
|
# OpenMetadata Server Airflow Configuration
|
||||||
|
AIRFLOW_HOST: ${AIRFLOW_HOST:-http://ingestion:8080}
|
||||||
|
SERVER_HOST: ${SERVER_HOST:-http://localhost:8585/api}
|
||||||
|
# OpenMetadata Airflow Azure SSO Configuration
|
||||||
|
AIRFLOW_AUTH_PROVIDER: ${AIRFLOW_AUTH_PROVIDER:-no-auth}
|
||||||
|
OM_AUTH_AIRFLOW_AZURE_CLIENT_SECRET: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_SECRET:-""}
|
||||||
|
OM_AUTH_AIRFLOW_AZURE_AUTHORITY_URL: ${OM_AUTH_AIRFLOW_AZURE_AUTHORITY_URL:-""}
|
||||||
|
OM_AUTH_AIRFLOW_AZURE_SCOPES: ${OM_AUTH_AIRFLOW_AZURE_SCOPES:-[]}
|
||||||
|
OM_AUTH_AIRFLOW_AZURE_CLIENT_ID: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_ID:-""}
|
||||||
|
# OpenMetadata Airflow Google SSO Configuration
|
||||||
|
OM_AUTH_AIRFLOW_GOOGLE_SECRET_KEY_PATH: ${OM_AUTH_AIRFLOW_GOOGLE_SECRET_KEY_PATH:- ""}
|
||||||
|
OM_AUTH_AIRFLOW_GOOGLE_AUDIENCE: ${OM_AUTH_AIRFLOW_GOOGLE_AUDIENCE:-""}
|
||||||
|
# OpenMetadata Airflow Okta SSO Configuration
|
||||||
|
OM_AUTH_AIRFLOW_OKTA_CLIENT_ID: ${OM_AUTH_AIRFLOW_OKTA_CLIENT_ID:-""}
|
||||||
|
OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL: ${OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL:-""}
|
||||||
|
OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY: ${OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY:-""}
|
||||||
|
OM_AUTH_AIRFLOW_OKTA_SA_EMAIL: ${OM_AUTH_AIRFLOW_OKTA_SA_EMAIL:-""}
|
||||||
|
OM_AUTH_AIRFLOW_OKTA_SCOPES: ${OM_AUTH_AIRFLOW_OKTA_SCOPES:-[]}
|
||||||
|
# OpenMetadata Airflow Auth0 SSO Configuration
|
||||||
|
OM_AUTH_AIRFLOW_AUTH0_CLIENT_ID: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_ID:-""}
|
||||||
|
OM_AUTH_AIRFLOW_AUTH0_CLIENT_SECRET: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_SECRET:-""}
|
||||||
|
OM_AUTH_AIRFLOW_AUTH0_DOMAIN_URL: ${OM_AUTH_AIRFLOW_AUTH0_DOMAIN_URL:-""}
|
||||||
|
# OpenMetadata Airflow Custom OIDC SSO Configuration
|
||||||
|
OM_AUTH_AIRFLOW_CUSTOM_OIDC_CLIENT_ID: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_CLIENT_ID:-""}
|
||||||
|
OM_AUTH_AIRFLOW_CUSTOM_OIDC_SECRET_KEY_PATH: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_SECRET_KEY_PATH:-""}
|
||||||
|
OM_AUTH_AIRFLOW_CUSTOM_OIDC_TOKEN_ENDPOINT_URL: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_TOKEN_ENDPOINT_URL:-""}
|
||||||
expose:
|
expose:
|
||||||
- 8585
|
- 8585
|
||||||
- 9200
|
- 9200
|
||||||
|
|||||||
@ -43,7 +43,7 @@ services:
|
|||||||
image: openmetadata/server:0.9.1
|
image: openmetadata/server:0.9.1
|
||||||
environment:
|
environment:
|
||||||
ELASTICSEARCH_HOST: elasticsearch
|
ELASTICSEARCH_HOST: elasticsearch
|
||||||
AIRFLOW_HOST: ingestion
|
# OpenMetadata Server Authentication Configuration
|
||||||
AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.catalog.security.NoopAuthorizer}
|
AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.catalog.security.NoopAuthorizer}
|
||||||
AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.catalog.security.NoopFilter}
|
AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.catalog.security.NoopFilter}
|
||||||
AUTHORIZER_ADMIN_PRINCIPALS: ${AUTHORIZER_ADMIN_PRINCIPALS:-admin}
|
AUTHORIZER_ADMIN_PRINCIPALS: ${AUTHORIZER_ADMIN_PRINCIPALS:-admin}
|
||||||
@ -54,6 +54,32 @@ services:
|
|||||||
AUTHENTICATION_AUTHORITY: ${AUTHENTICATION_AUTHORITY:-https://accounts.google.com}
|
AUTHENTICATION_AUTHORITY: ${AUTHENTICATION_AUTHORITY:-https://accounts.google.com}
|
||||||
AUTHENTICATION_CLIENT_ID: ${AUTHENTICATION_CLIENT_ID:-""}
|
AUTHENTICATION_CLIENT_ID: ${AUTHENTICATION_CLIENT_ID:-""}
|
||||||
AUTHENTICATION_CALLBACK_URL: ${AUTHENTICATION_CALLBACK_URL:-""}
|
AUTHENTICATION_CALLBACK_URL: ${AUTHENTICATION_CALLBACK_URL:-""}
|
||||||
|
# OpenMetadata Server Airflow Configuration
|
||||||
|
AIRFLOW_HOST: ${AIRFLOW_HOST:-http://ingestion:8080}
|
||||||
|
SERVER_HOST: ${SERVER_HOST:-http://localhost:8585/api}
|
||||||
|
# OpenMetadata Airflow Azure SSO Configuration
|
||||||
|
AIRFLOW_AUTH_PROVIDER: ${AIRFLOW_AUTH_PROVIDER:-no-auth}
|
||||||
|
OM_AUTH_AIRFLOW_AZURE_CLIENT_SECRET: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_SECRET:-""}
|
||||||
|
OM_AUTH_AIRFLOW_AZURE_AUTHORITY_URL: ${OM_AUTH_AIRFLOW_AZURE_AUTHORITY_URL:-""}
|
||||||
|
OM_AUTH_AIRFLOW_AZURE_SCOPES: ${OM_AUTH_AIRFLOW_AZURE_SCOPES:-[]}
|
||||||
|
OM_AUTH_AIRFLOW_AZURE_CLIENT_ID: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_ID:-""}
|
||||||
|
# OpenMetadata Airflow Google SSO Configuration
|
||||||
|
OM_AUTH_AIRFLOW_GOOGLE_SECRET_KEY_PATH: ${OM_AUTH_AIRFLOW_GOOGLE_SECRET_KEY_PATH:- ""}
|
||||||
|
OM_AUTH_AIRFLOW_GOOGLE_AUDIENCE: ${OM_AUTH_AIRFLOW_GOOGLE_AUDIENCE:-""}
|
||||||
|
# OpenMetadata Airflow Okta SSO Configuration
|
||||||
|
OM_AUTH_AIRFLOW_OKTA_CLIENT_ID: ${OM_AUTH_AIRFLOW_OKTA_CLIENT_ID:-""}
|
||||||
|
OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL: ${OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL:-""}
|
||||||
|
OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY: ${OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY:-""}
|
||||||
|
OM_AUTH_AIRFLOW_OKTA_SA_EMAIL: ${OM_AUTH_AIRFLOW_OKTA_SA_EMAIL:-""}
|
||||||
|
OM_AUTH_AIRFLOW_OKTA_SCOPES: ${OM_AUTH_AIRFLOW_OKTA_SCOPES:-[]}
|
||||||
|
# OpenMetadata Airflow Auth0 SSO Configuration
|
||||||
|
OM_AUTH_AIRFLOW_AUTH0_CLIENT_ID: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_ID:-""}
|
||||||
|
OM_AUTH_AIRFLOW_AUTH0_CLIENT_SECRET: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_SECRET:-""}
|
||||||
|
OM_AUTH_AIRFLOW_AUTH0_DOMAIN_URL: ${OM_AUTH_AIRFLOW_AUTH0_DOMAIN_URL:-""}
|
||||||
|
# OpenMetadata Airflow Custom OIDC SSO Configuration
|
||||||
|
OM_AUTH_AIRFLOW_CUSTOM_OIDC_CLIENT_ID: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_CLIENT_ID:-""}
|
||||||
|
OM_AUTH_AIRFLOW_CUSTOM_OIDC_SECRET_KEY_PATH: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_SECRET_KEY_PATH:-""}
|
||||||
|
OM_AUTH_AIRFLOW_CUSTOM_OIDC_TOKEN_ENDPOINT_URL: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_TOKEN_ENDPOINT_URL:-""}
|
||||||
expose:
|
expose:
|
||||||
- 8585
|
- 8585
|
||||||
- 9200
|
- 9200
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user