# Copyright 2021 Collate # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # http://www.apache.org/licenses/LICENSE-2.0 # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. clusterName: ${OPENMETADATA_CLUSTER_NAME:-openmetadata} swagger: resourcePackage: org.openmetadata.service.resources assets: resourcePath: /assets/ uriPath: ${BASE_PATH:-/} basePath: ${BASE_PATH:-/} server: applicationContextPath: ${BASE_PATH:-/} rootPath: ${BASE_PATH:-/}api/* applicationConnectors: - type: http bindHost: ${SERVER_HOST:-0.0.0.0} port: ${SERVER_PORT:-8585} maxRequestHeaderSize: ${MAX_REQUEST_HEADER_SIZE:-8KiB} adminConnectors: - type: http bindHost: ${SERVER_HOST:-0.0.0.0} port: ${SERVER_ADMIN_PORT:-8586} gzip: syncFlush: true maxThreads: ${SERVER_MAX_THREADS:-150} minThreads: ${SERVER_MIN_THREADS:-100} idleThreadTimeout: ${SERVER_IDLE_THREAD_TIMEOUT:-1 minute} enableVirtualThreads: ${SERVER_ENABLE_VIRTUAL_THREAD:-false} maxQueuedRequests: ${SERVER_REQUEST_QUEUE:-1024} # Above configuration for running http is fine for dev and testing. # For production setup, where UI app will hit apis through DPS it # is strongly recommended to run https instead. Note that only # keyStorePath and keyStorePassword are mandatory properties. Values # for other properties are defaults #server: #applicationConnectors: # - type: https # port: 8585 # keyStorePath: ./conf/keystore.jks # keyStorePassword: changeit # keyStoreType: JKS # keyStoreProvider: # trustStorePath: /path/to/file # trustStorePassword: changeit # trustStoreType: JKS # trustStoreProvider: # keyManagerPassword: changeit # needClientAuth: false # wantClientAuth: # certAlias: # crlPath: /path/to/file # enableCRLDP: false # enableOCSP: false # maxCertPathLength: (unlimited) # ocspResponderUrl: (none) # jceProvider: (none) # validateCerts: true # validatePeers: true # supportedProtocols: SSLv3 # supportedCipherSuites: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 # allowRenegotiation: true # endpointIdentificationAlgorithm: (none) #adminConnectors: # - type: https # port: 8586 # keyStorePath: ./conf/keystore.jks # keyStorePassword: changeit # keyStoreType: JKS # keyStoreProvider: # trustStorePath: /path/to/file # trustStorePassword: changeit # trustStoreType: JKS # trustStoreProvider: # keyManagerPassword: changeit # needClientAuth: false # wantClientAuth: # certAlias: # crlPath: /path/to/file # enableCRLDP: false # enableOCSP: false # maxCertPathLength: (unlimited) # ocspResponderUrl: (none) # jceProvider: (none) # validateCerts: true # validatePeers: true # supportedProtocols: SSLv3 # supportedCipherSuites: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 # allowRenegotiation: true # endpointIdentificationAlgorithm: (none) # Logging settings. # https://logback.qos.ch/manual/layouts.html#conversionWord logging: level: ${LOG_LEVEL:-INFO} loggers: org.openmetadata.service.util.OpenMetadataSetup: level: INFO appenders: - type: console logFormat: "%msg%n" timeZone: UTC - type: file logFormat: "%level [%d{ISO8601,UTC}] [%t] %logger{5} - %msg%n" layout: type: json currentLogFilename: ./logs/openmetadata-operations.log archivedLogFilenamePattern: ./logs/openmetadata-operations-%d{yyyy-MM-dd}-%i.log.gz archivedFileCount: 7 timeZone: UTC maxFileSize: 50MB appenders: - type: console threshold: TRACE logFormat: "%level [%d{ISO8601,UTC}] [%t] %logger{5} - %msg%n" timeZone: UTC - type: file layout: type: json appendLineSeparator: true filterFactories: - type: audit-exclude-filter-factory threshold: TRACE logFormat: "%level [%d{ISO8601,UTC}] [%t] %logger{5} - %msg%n" currentLogFilename: ./logs/openmetadata.log archivedLogFilenamePattern: ./logs/openmetadata-%d{yyyy-MM-dd}-%i.log.gz archivedFileCount: 7 timeZone: UTC maxFileSize: 50MB - type: file layout: type: json appendLineSeparator: true filterFactories: - type: audit-only-filter-factory threshold: TRACE logFormat: "%level [%d{ISO8601,UTC}] [%t] %logger{5} - %msg%n" currentLogFilename: ./logs/audit.log archivedLogFilenamePattern: ./logs/audit-%d{yyyy-MM-dd}-%i.log.gz archivedFileCount: 25 timeZone: UTC maxFileSize: 50MB database: # the name of the JDBC driver, mysql in our case driverClass: ${DB_DRIVER_CLASS:-com.mysql.cj.jdbc.Driver} # the username and password user: ${DB_USER:-openmetadata_user} password: ${DB_USER_PASSWORD:-openmetadata_password} # the JDBC URL; the database is called openmetadata_db url: jdbc:${DB_SCHEME:-mysql}://${DB_HOST:-localhost}:${DB_PORT:-3306}/${OM_DATABASE:-openmetadata_db}?${DB_PARAMS:-allowPublicKeyRetrieval=true&useSSL=false&serverTimezone=UTC} maxSize: ${DB_CONNECTION_POOL_MAX_SIZE:-50} minSize: ${DB_CONNECTION_POOL_MIN_SIZE:-10} initialSize: ${DB_CONNECTION_POOL_INITIAL_SIZE:-10} checkConnectionWhileIdle: ${DB_CONNECTION_CHECK_CONNECTION_WHILE_IDLE:-true} checkConnectionOnBorrow: ${DB_CONNECTION_CHECK_CONNECTION_ON_BORROW:-true} evictionInterval: ${DB_CONNECTION_EVICTION_INTERVAL:-5 minutes} minIdleTime: ${DB_CONNECTION_MIN_IDLE_TIME:-1 minute} objectStorage: enabled: false provider: NOOP maxFileSize: 5242880 migrationConfiguration: flywayPath: "./bootstrap/sql/migrations/flyway" nativePath: "./bootstrap/sql/migrations/native" extensionPath: "" # Authorizer Configuration authorizerConfiguration: className: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.service.security.DefaultAuthorizer} containerRequestFilter: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.service.security.JwtFilter} adminPrincipals: ${AUTHORIZER_ADMIN_PRINCIPALS:-[admin]} allowedEmailRegistrationDomains: ${AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN:-["all"]} principalDomain: ${AUTHORIZER_PRINCIPAL_DOMAIN:-"open-metadata.org"} allowedDomains: ${AUTHORIZER_ALLOWED_DOMAINS:-[]} enforcePrincipalDomain: ${AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN:-false} enableSecureSocketConnection : ${AUTHORIZER_ENABLE_SECURE_SOCKET:-false} useRolesFromProvider: ${AUTHORIZER_USE_ROLES_FROM_PROVIDER:-false} authenticationConfiguration: clientType: ${AUTHENTICATION_CLIENT_TYPE:-public} provider: ${AUTHENTICATION_PROVIDER:-basic} # This is used by auth provider provide response as either id_token or code responseType: ${AUTHENTICATION_RESPONSE_TYPE:-id_token} # This will only be valid when provider type specified is customOidc providerName: ${CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME:-""} publicKeyUrls: ${AUTHENTICATION_PUBLIC_KEYS:-[http://localhost:8585/api/v1/system/config/jwks]} tokenValidationAlgorithm: ${AUTHENTICATION_TOKEN_VALIDATION_ALGORITHM:-"RS256"} authority: ${AUTHENTICATION_AUTHORITY:-https://accounts.google.com} clientId: ${AUTHENTICATION_CLIENT_ID:-""} callbackUrl: ${AUTHENTICATION_CALLBACK_URL:-""} jwtPrincipalClaims: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS:-[email,preferred_username,sub]} jwtPrincipalClaimsMapping: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS_MAPPING:-[]} enableSelfSignup : ${AUTHENTICATION_ENABLE_SELF_SIGNUP:-true} oidcConfiguration: id: ${OIDC_CLIENT_ID:-""} type: ${OIDC_TYPE:-""} # google, azure etc. secret: ${OIDC_CLIENT_SECRET:-""} scope: ${OIDC_SCOPE:-"openid email profile"} discoveryUri: ${OIDC_DISCOVERY_URI:-""} useNonce: ${OIDC_USE_NONCE:-true} preferredJwsAlgorithm: ${OIDC_PREFERRED_JWS:-"RS256"} responseType: ${OIDC_RESPONSE_TYPE:-"code"} disablePkce: ${OIDC_DISABLE_PKCE:-true} callbackUrl: ${OIDC_CALLBACK:-"http://localhost:8585/callback"} serverUrl: ${OIDC_SERVER_URL:-"http://localhost:8585"} clientAuthenticationMethod: ${OIDC_CLIENT_AUTH_METHOD:-"client_secret_post"} tenant: ${OIDC_TENANT:-""} maxClockSkew: ${OIDC_MAX_CLOCK_SKEW:-""} tokenValidity: ${OIDC_OM_REFRESH_TOKEN_VALIDITY:-"3600"} # in seconds customParams: ${OIDC_CUSTOM_PARAMS:-} maxAge: ${OIDC_MAX_AGE:-"0"} prompt: ${OIDC_PROMPT_TYPE:-"consent"} sessionExpiry: ${OIDC_SESSION_EXPIRY:-"604800"} #7 days samlConfiguration: debugMode: ${SAML_DEBUG_MODE:-false} idp: entityId: ${SAML_IDP_ENTITY_ID:-""} ssoLoginUrl: ${SAML_IDP_SSO_LOGIN_URL:-""} idpX509Certificate: ${SAML_IDP_CERTIFICATE:-""} authorityUrl: ${SAML_AUTHORITY_URL:-"http://localhost:8585/api/v1/saml/login"} nameId: ${SAML_IDP_NAME_ID:-"urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress"} sp: entityId: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/metadata"} acs: ${SAML_SP_ACS:-"http://localhost:8585/api/v1/saml/acs"} spX509Certificate: ${SAML_SP_CERTIFICATE:-""} spPrivateKey: ${SAML_SP_PRIVATE_KEY:-""} callback: ${SAML_SP_CALLBACK:-"http://localhost:8585/saml/callback"} security: strictMode: ${SAML_STRICT_MODE:-false} validateXml: ${SAML_VALIDATE_XML:-false} tokenValidity: ${SAML_SP_TOKEN_VALIDITY:-"3600"} sendEncryptedNameId: ${SAML_SEND_ENCRYPTED_NAME_ID:-false} sendSignedAuthRequest: ${SAML_SEND_SIGNED_AUTH_REQUEST:-false} signSpMetadata: ${SAML_SIGNED_SP_METADATA:-false} wantMessagesSigned: ${SAML_WANT_MESSAGE_SIGNED:-false} wantAssertionsSigned: ${SAML_WANT_ASSERTION_SIGNED:-false} wantAssertionEncrypted: ${SAML_WANT_ASSERTION_ENCRYPTED:-false} keyStoreFilePath: ${SAML_KEYSTORE_FILE_PATH:-""} keyStoreAlias: ${SAML_KEYSTORE_ALIAS:-""} keyStorePassword: ${SAML_KEYSTORE_PASSWORD:-""} ldapConfiguration: host: ${AUTHENTICATION_LDAP_HOST:-} port: ${AUTHENTICATION_LDAP_PORT:-} dnAdminPrincipal: ${AUTHENTICATION_LOOKUP_ADMIN_DN:-""} dnAdminPassword: ${AUTHENTICATION_LOOKUP_ADMIN_PWD:-""} userBaseDN: ${AUTHENTICATION_USER_LOOKUP_BASEDN:-""} groupBaseDN: ${AUTHENTICATION_GROUP_LOOKUP_BASEDN:-""} roleAdminName: ${AUTHENTICATION_USER_ROLE_ADMIN_NAME:-} allAttributeName: ${AUTHENTICATION_USER_ALL_ATTR:-} mailAttributeName: ${AUTHENTICATION_USER_MAIL_ATTR:-} usernameAttributeName: ${AUTHENTICATION_USER_NAME_ATTR:-} groupAttributeName: ${AUTHENTICATION_USER_GROUP_ATTR:-} groupAttributeValue: ${AUTHENTICATION_USER_GROUP_ATTR_VALUE:-} groupMemberAttributeName: ${AUTHENTICATION_USER_GROUP_MEMBER_ATTR:-} #the mapping of roles to LDAP groups authRolesMapping: ${AUTH_ROLES_MAPPING:-""} authReassignRoles: ${AUTH_REASSIGN_ROLES:-[]} #optional maxPoolSize: ${AUTHENTICATION_LDAP_POOL_SIZE:-3} sslEnabled: ${AUTHENTICATION_LDAP_SSL_ENABLED:-} truststoreConfigType: ${AUTHENTICATION_LDAP_TRUSTSTORE_TYPE:-TrustAll} trustStoreConfig: customTrustManagerConfig: trustStoreFilePath: ${AUTHENTICATION_LDAP_TRUSTSTORE_PATH:-} trustStoreFilePassword: ${AUTHENTICATION_LDAP_KEYSTORE_PASSWORD:-} trustStoreFileFormat: ${AUTHENTICATION_LDAP_SSL_KEY_FORMAT:-} verifyHostname: ${AUTHENTICATION_LDAP_SSL_VERIFY_CERT_HOST:-} examineValidityDates: ${AUTHENTICATION_LDAP_EXAMINE_VALIDITY_DATES:-} hostNameConfig: allowWildCards: ${AUTHENTICATION_LDAP_ALLOW_WILDCARDS:-} acceptableHostNames: ${AUTHENTICATION_LDAP_ALLOWED_HOSTNAMES:-[]} jvmDefaultConfig: verifyHostname: ${AUTHENTICATION_LDAP_SSL_VERIFY_CERT_HOST:-} trustAllConfig: examineValidityDates: ${AUTHENTICATION_LDAP_EXAMINE_VALIDITY_DATES:-true} jwtTokenConfiguration: rsapublicKeyFilePath: ${RSA_PUBLIC_KEY_FILE_PATH:-"./conf/public_key.der"} rsaprivateKeyFilePath: ${RSA_PRIVATE_KEY_FILE_PATH:-"./conf/private_key.der"} jwtissuer: ${JWT_ISSUER:-"open-metadata.org"} keyId: ${JWT_KEY_ID:-"Gb389a-9f76-gdjs-a92j-0242bk94356"} elasticsearch: searchType: ${SEARCH_TYPE:- "elasticsearch"} host: ${ELASTICSEARCH_HOST:-localhost} port: ${ELASTICSEARCH_PORT:-9200} scheme: ${ELASTICSEARCH_SCHEME:-http} username: ${ELASTICSEARCH_USER:-""} password: ${ELASTICSEARCH_PASSWORD:-""} clusterAlias: ${ELASTICSEARCH_CLUSTER_ALIAS:-""} truststorePath: ${ELASTICSEARCH_TRUST_STORE_PATH:-""} truststorePassword: ${ELASTICSEARCH_TRUST_STORE_PASSWORD:-""} connectionTimeoutSecs: ${ELASTICSEARCH_CONNECTION_TIMEOUT_SECS:-5} socketTimeoutSecs: ${ELASTICSEARCH_SOCKET_TIMEOUT_SECS:-60} keepAliveTimeoutSecs: ${ELASTICSEARCH_KEEP_ALIVE_TIMEOUT_SECS:-600} batchSize: ${ELASTICSEARCH_BATCH_SIZE:-100} payLoadSize: ${ELASTICSEARCH_PAYLOAD_BYTES_SIZE:-10485760} searchIndexMappingLanguage : ${ELASTICSEARCH_INDEX_MAPPING_LANG:-EN} searchIndexFactoryClassName : org.openmetadata.service.search.SearchIndexFactory naturalLanguageSearch: enabled: false embeddingProvider: ${EMBEDDING_PROVIDER:-bedrock} providerClass: ${NATURAL_LANGUAGE_SEARCH_PROVIDER_CLASS:-org.openmetadata.service.search.nlq.NoOpNLQService} bedrock: region: ${AWS_BEDROCK_REGION:-""} modelId: ${AWS_BEDROCK_MODEL_ID:-""} embeddingModelId: ${AWS_BEDROCK_EMBED_MODEL_ID:-""} embeddingDimension: ${AWS_BEDROCK_EMBEDDING_DIMENSION:-""} accessKey: ${AWS_BEDROCK_ACCESS_KEY:-""} secretKey: ${AWS_BEDROCK_SECRET_KEY:-""} useIamRole: ${AWS_BEDROCK_USE_IAM:-"false"} eventMonitoringConfiguration: eventMonitor: ${EVENT_MONITOR:-prometheus} # Possible values are "prometheus", "cloudwatch" batchSize: ${EVENT_MONITOR_BATCH_SIZE:-10} pathPattern: ${EVENT_MONITOR_PATH_PATTERN:-["/api/v1/tables/*", "/api/v1/health-check"]} latency: ${EVENT_MONITOR_LATENCY:-[0.99, 0.90]} # For value p99=0.99, p90=0.90, p50=0.50 etc. servicesHealthCheckInterval: ${EVENT_MONITOR_SERVICES_HEALTH_CHECK_INTERVAL:-300} # it will use the default auth provider for AWS services if parameters are not set # parameters: # region: ${OM_MONITOR_REGION:-""} # accessKeyId: ${OM_MONITOR_ACCESS_KEY_ID:-""} # secretAccessKey: ${OM_MONITOR_ACCESS_KEY:-""} eventHandlerConfiguration: eventHandlerClassNames: - "org.openmetadata.service.events.AuditEventHandler" - "org.openmetadata.service.events.ChangeEventHandler" pipelineServiceClientConfiguration: enabled: ${PIPELINE_SERVICE_CLIENT_ENABLED:-true} # If we don't need this, set "org.openmetadata.service.clients.pipeline.noop.NoopClient" className: ${PIPELINE_SERVICE_CLIENT_CLASS_NAME:-"org.openmetadata.service.clients.pipeline.airflow.AirflowRESTClient"} apiEndpoint: ${PIPELINE_SERVICE_CLIENT_ENDPOINT:-http://localhost:8080} metadataApiEndpoint: ${SERVER_HOST_API_URL:-http://localhost:8585/api} ingestionIpInfoEnabled: ${PIPELINE_SERVICE_IP_INFO_ENABLED:-false} hostIp: ${PIPELINE_SERVICE_CLIENT_HOST_IP:-""} healthCheckInterval: ${PIPELINE_SERVICE_CLIENT_HEALTH_CHECK_INTERVAL:-300} # This SSL information is about the OpenMetadata server. # It will be picked up from the pipelineServiceClient to use/ignore SSL when connecting to the OpenMetadata server. verifySSL: ${PIPELINE_SERVICE_CLIENT_VERIFY_SSL:-"no-ssl"} # Possible values are "no-ssl", "ignore", "validate" sslConfig: certificatePath: ${PIPELINE_SERVICE_CLIENT_SSL_CERT_PATH:-""} # Local path for the Pipeline Service Client # Secrets Manager Loader: specify to the Ingestion Framework how to load the SM credentials from its env # Supported: noop, airflow, env secretsManagerLoader: ${PIPELINE_SERVICE_CLIENT_SECRETS_MANAGER_LOADER:-"noop"} # Default required parameters for Airflow as Pipeline Service Client parameters: username: ${AIRFLOW_USERNAME:-admin} password: ${AIRFLOW_PASSWORD:-admin} timeout: ${AIRFLOW_TIMEOUT:-10} # If we need to use SSL to reach Airflow truststorePath: ${AIRFLOW_TRUST_STORE_PATH:-""} truststorePassword: ${AIRFLOW_TRUST_STORE_PASSWORD:-""} # no_encryption_at_rest is the default value, and it does what it says. Please read the manual on how # to secure your instance of OpenMetadata with TLS and encryption at rest. fernetConfiguration: fernetKey: ${FERNET_KEY:-jJ/9sz0g0OHxsfxOoSfdFdmk3ysNmPRnH3TUAbz3IHA=} secretsManagerConfiguration: secretsManager: ${SECRET_MANAGER:-db} # Possible values are "db", "managed-aws","aws", "managed-aws-ssm", "aws-ssm", "managed-azure-kv", "azure-kv", "in-memory", "gcp", "kubernetes" prefix: ${SECRET_MANAGER_PREFIX:-""} # Define the secret key ID as /// tags: ${SECRET_MANAGER_TAGS:-[]} # Add tags to the created resource. Format is `[key1:value1,key2:value2,...]` # it will use the default auth provider for the secrets' manager service if parameters are not set parameters: ## For AWS region: ${OM_SM_REGION:-""} accessKeyId: ${OM_SM_ACCESS_KEY_ID:-""} secretAccessKey: ${OM_SM_ACCESS_KEY:-""} ## For Azure Key Vault clientId: ${OM_SM_CLIENT_ID:-""} clientSecret: ${OM_SM_CLIENT_SECRET:-""} tenantId: ${OM_SM_TENANT_ID:-""} vaultName: ${OM_SM_VAULT_NAME:-""} ## For GCP projectId: ${OM_SM_PROJECT_ID:-""} ## For Kubernetes namespace: ${OM_SM_NAMESPACE:-"default"} kubeconfigPath: ${OM_SM_KUBECONFIG_PATH:-""} inCluster: ${OM_SM_IN_CLUSTER:-"false"} health: delayedShutdownHandlerEnabled: true shutdownWaitPeriod: 1s healthChecks: - name: OpenMetadataServerHealthCheck critical: true schedule: checkInterval: 2500ms downtimeInterval: 10s failureAttempts: 2 successAttempts: 1 limits: enable: ${LIMITS_ENABLED:-false} className: ${LIMITS_CLASS_NAME:-"org.openmetadata.service.limits.DefaultLimits"} limitsConfigFile: ${LIMITS_CONFIG_FILE:-""} web: uriPath: ${WEB_CONF_URI_PATH:-"/api"} hsts: enabled: ${WEB_CONF_HSTS_ENABLED:-false} maxAge: ${WEB_CONF_HSTS_MAX_AGE:-"365 days"} includeSubDomains: ${WEB_CONF_HSTS_INCLUDE_SUBDOMAINS:-"true"} preload: ${WEB_CONF_HSTS_PRELOAD:-"true"} frame-options: enabled: ${WEB_CONF_FRAME_OPTION_ENABLED:-false} option: ${WEB_CONF_FRAME_OPTION:-"SAMEORIGIN"} origin: ${WEB_CONF_FRAME_ORIGIN:-""} content-type-options: enabled: ${WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED:-false} xss-protection: enabled: ${WEB_CONF_XSS_PROTECTION_ENABLED:-false} on: ${WEB_CONF_XSS_PROTECTION_ON:-true} block: ${WEB_CONF_XSS_PROTECTION_BLOCK:-true} csp: enabled: ${WEB_CONF_XSS_CSP_ENABLED:-false} policy: ${WEB_CONF_XSS_CSP_POLICY:-"default-src 'self'"} reportOnlyPolicy: ${WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY:-""} referrer-policy: enabled: ${WEB_CONF_REFERRER_POLICY_ENABLED:-false} option: ${WEB_CONF_REFERRER_POLICY_OPTION:-"SAME_ORIGIN"} permission-policy: enabled: ${WEB_CONF_PERMISSION_POLICY_ENABLED:-false} option: ${WEB_CONF_PERMISSION_POLICY_OPTION:-""} cache-control: ${WEB_CONF_CACHE_CONTROL:-""} pragma: ${WEB_CONF_PRAGMA:-""} operationalConfig: enable: ${OPERATIONAL_CONFIG_ENABLED:-true} operationsConfigFile: ${OPERATIONAL_CONFIG_FILE:-"./conf/operations.yaml"} rdf: enabled: ${RDF_ENABLED:-false} baseUri: ${RDF_BASE_URI:-"https://open-metadata.org/"} storageType: ${RDF_STORAGE_TYPE:-"FUSEKI"} remoteEndpoint: ${RDF_ENDPOINT:-"http://localhost:3030/openmetadata"} username: ${RDF_REMOTE_USERNAME:-"admin"} password: ${RDF_REMOTE_PASSWORD:-"admin"} dataset: ${RDF_DATASET:-"openmetadata"}