From fc6a9127d22219f0a08c9b53c1c8807264eb95de Mon Sep 17 00:00:00 2001 From: sonika-shah <58761340+sonika-shah@users.noreply.github.com> Date: Sun, 15 Dec 2024 00:05:17 +0530 Subject: [PATCH 1/6] Minor : Fix #18606 prevent overwriting style for PUT request (#18864) * Minor : Fix 18606 prevent overwriting domain for PUT request * load the attributes of glossaryTerm first and override with the import * change logging to warn type * revert changes --------- Co-authored-by: Sriharsha Chintalapani --- .../org/openmetadata/service/jdbi3/EntityRepository.java | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EntityRepository.java b/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EntityRepository.java index 221da3625c89..68864ff77c5f 100644 --- a/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EntityRepository.java +++ b/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EntityRepository.java @@ -131,6 +131,7 @@ import org.openmetadata.schema.entity.feed.Suggestion; import org.openmetadata.schema.entity.teams.Team; import org.openmetadata.schema.entity.teams.User; +import org.openmetadata.schema.entity.type.Style; import org.openmetadata.schema.system.EntityError; import org.openmetadata.schema.type.ApiStatus; import org.openmetadata.schema.type.AssetCertification; @@ -2969,6 +2970,14 @@ private static List getEntityReferences(List r private void updateStyle() { if (supportsStyle) { + Style originalStyle = original.getStyle(); + Style updatedStyle = updated.getStyle(); + + if (originalStyle == updatedStyle) return; + if (operation == Operation.PUT && updatedStyle == null) { + updatedStyle = originalStyle; + updated.setStyle(updatedStyle); + } recordChange(FIELD_STYLE, original.getStyle(), updated.getStyle(), true); } } From 01646431f676190840c6206019859c2589705af6 Mon Sep 17 00:00:00 2001 From: Mohit Yadav <105265192+mohityadav766@users.noreply.github.com> Date: Sun, 15 Dec 2024 01:16:55 +0530 Subject: [PATCH 2/6] Fix Settings Cache (#19053) --- .../service/OpenMetadataApplication.java | 4 ++ .../governance/workflows/WorkflowHandler.java | 2 +- .../service/jdbi3/EntityRepository.java | 2 +- .../service/jdbi3/SystemRepository.java | 24 +++++++++++ .../WorkflowDefinitionResource.java | 1 - .../resources/system/SystemResourceTest.java | 43 +++++++++++++++++++ 6 files changed, 73 insertions(+), 3 deletions(-) diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/OpenMetadataApplication.java b/openmetadata-service/src/main/java/org/openmetadata/service/OpenMetadataApplication.java index 9fedc0c89534..fdb07d0bcba9 100644 --- a/openmetadata-service/src/main/java/org/openmetadata/service/OpenMetadataApplication.java +++ b/openmetadata-service/src/main/java/org/openmetadata/service/OpenMetadataApplication.java @@ -79,6 +79,7 @@ import org.openmetadata.service.exception.JsonMappingExceptionMapper; import org.openmetadata.service.exception.OMErrorPageHandler; import org.openmetadata.service.fernet.Fernet; +import org.openmetadata.service.governance.workflows.WorkflowHandler; import org.openmetadata.service.jdbi3.CollectionDAO; import org.openmetadata.service.jdbi3.EntityRepository; import org.openmetadata.service.jdbi3.MigrationDAO; @@ -173,6 +174,9 @@ public void run(OpenMetadataApplicationConfig catalogConfig, Environment environ // Configure the Fernet instance Fernet.getInstance().setFernetKey(catalogConfig); + // Initialize Workflow Handler + WorkflowHandler.initialize(catalogConfig); + // Init Settings Cache after repositories SettingsCache.initialize(catalogConfig); diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/governance/workflows/WorkflowHandler.java b/openmetadata-service/src/main/java/org/openmetadata/service/governance/workflows/WorkflowHandler.java index 899c4b7f9c10..3e28d2d39885 100644 --- a/openmetadata-service/src/main/java/org/openmetadata/service/governance/workflows/WorkflowHandler.java +++ b/openmetadata-service/src/main/java/org/openmetadata/service/governance/workflows/WorkflowHandler.java @@ -64,7 +64,7 @@ public void initializeNewProcessEngine( ProcessEngineConfiguration currentProcessEngineConfiguration) { ProcessEngines.destroy(); SystemRepository systemRepository = Entity.getSystemRepository(); - WorkflowSettings workflowSettings = systemRepository.getWorkflowSettings(); + WorkflowSettings workflowSettings = systemRepository.getWorkflowSettingsOrDefault(); StandaloneProcessEngineConfiguration processEngineConfiguration = new StandaloneProcessEngineConfiguration(); diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EntityRepository.java b/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EntityRepository.java index 68864ff77c5f..e86f736d444c 100644 --- a/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EntityRepository.java +++ b/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EntityRepository.java @@ -3032,7 +3032,7 @@ private void updateCertification() { SystemRepository systemRepository = Entity.getSystemRepository(); AssetCertificationSettings assetCertificationSettings = - systemRepository.getAssetCertificationSettings(); + systemRepository.getAssetCertificationSettingOrDefault(); String certificationLabel = updatedCertification.getTagLabel().getTagFQN(); diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/SystemRepository.java b/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/SystemRepository.java index b854c39a6ee5..302882eb0c7d 100644 --- a/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/SystemRepository.java +++ b/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/SystemRepository.java @@ -16,6 +16,8 @@ import org.jdbi.v3.sqlobject.transaction.Transaction; import org.openmetadata.api.configuration.UiThemePreference; import org.openmetadata.schema.configuration.AssetCertificationSettings; +import org.openmetadata.schema.configuration.ExecutorConfiguration; +import org.openmetadata.schema.configuration.HistoryCleanUpConfiguration; import org.openmetadata.schema.configuration.WorkflowSettings; import org.openmetadata.schema.email.SmtpSettings; import org.openmetadata.schema.entity.services.ingestionPipelines.PipelineServiceClientResponse; @@ -121,6 +123,17 @@ public AssetCertificationSettings getAssetCertificationSettings() { .orElse(null); } + public AssetCertificationSettings getAssetCertificationSettingOrDefault() { + AssetCertificationSettings assetCertificationSettings = getAssetCertificationSettings(); + if (assetCertificationSettings == null) { + assetCertificationSettings = + new AssetCertificationSettings() + .withAllowedClassification("Certification") + .withValidityPeriod("P30D"); + } + return assetCertificationSettings; + } + public WorkflowSettings getWorkflowSettings() { Optional oWorkflowSettings = Optional.ofNullable(getConfigWithKey(SettingsType.WORKFLOW_SETTINGS.value())); @@ -130,6 +143,17 @@ public WorkflowSettings getWorkflowSettings() { .orElse(null); } + public WorkflowSettings getWorkflowSettingsOrDefault() { + WorkflowSettings workflowSettings = getWorkflowSettings(); + if (workflowSettings == null) { + workflowSettings = + new WorkflowSettings() + .withExecutorConfiguration(new ExecutorConfiguration()) + .withHistoryCleanUpConfiguration(new HistoryCleanUpConfiguration()); + } + return workflowSettings; + } + public Settings getEmailConfigInternal() { try { Settings setting = dao.getConfigWithKey(SettingsType.EMAIL_CONFIGURATION.value()); diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/resources/governance/WorkflowDefinitionResource.java b/openmetadata-service/src/main/java/org/openmetadata/service/resources/governance/WorkflowDefinitionResource.java index 7cbc8e066a97..f76306509325 100644 --- a/openmetadata-service/src/main/java/org/openmetadata/service/resources/governance/WorkflowDefinitionResource.java +++ b/openmetadata-service/src/main/java/org/openmetadata/service/resources/governance/WorkflowDefinitionResource.java @@ -70,7 +70,6 @@ public static class WorkflowDefinitionList extends ResultList Date: Sun, 15 Dec 2024 01:18:12 +0530 Subject: [PATCH 3/6] Domain Policy Update to be non-system (#19060) --- .../native/1.5.15/mysql/postDataMigrationSQLScript.sql | 0 .../sql/migrations/native/1.5.15/mysql/schemaChanges.sql | 5 +++++ .../native/1.5.15/postgres/postDataMigrationSQLScript.sql | 0 .../sql/migrations/native/1.5.15/postgres/schemaChanges.sql | 5 +++++ .../main/resources/json/data/policy/DomainAccessPolicy.json | 4 ++-- .../main/resources/json/data/role/DomainOnlyAccessRole.json | 4 ++-- 6 files changed, 14 insertions(+), 4 deletions(-) create mode 100644 bootstrap/sql/migrations/native/1.5.15/mysql/postDataMigrationSQLScript.sql create mode 100644 bootstrap/sql/migrations/native/1.5.15/mysql/schemaChanges.sql create mode 100644 bootstrap/sql/migrations/native/1.5.15/postgres/postDataMigrationSQLScript.sql create mode 100644 bootstrap/sql/migrations/native/1.5.15/postgres/schemaChanges.sql diff --git a/bootstrap/sql/migrations/native/1.5.15/mysql/postDataMigrationSQLScript.sql b/bootstrap/sql/migrations/native/1.5.15/mysql/postDataMigrationSQLScript.sql new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/bootstrap/sql/migrations/native/1.5.15/mysql/schemaChanges.sql b/bootstrap/sql/migrations/native/1.5.15/mysql/schemaChanges.sql new file mode 100644 index 000000000000..19762625a9d8 --- /dev/null +++ b/bootstrap/sql/migrations/native/1.5.15/mysql/schemaChanges.sql @@ -0,0 +1,5 @@ +-- Make domain policy and role non-system +UPDATE policy_entity SET json = JSON_SET(json, '$.provider', 'user') where name = 'DomainOnlyAccessPolicy'; +UPDATE policy_entity SET json = JSON_SET(json, '$.allowDelete', true) where name = 'DomainOnlyAccessPolicy'; +UPDATE role_entity SET json = JSON_SET(json, '$.provider', 'user') where name = 'DomainOnlyAccessRole'; +UPDATE role_entity SET json = JSON_SET(json, '$.allowDelete', true) where name = 'DomainOnlyAccessRole'; \ No newline at end of file diff --git a/bootstrap/sql/migrations/native/1.5.15/postgres/postDataMigrationSQLScript.sql b/bootstrap/sql/migrations/native/1.5.15/postgres/postDataMigrationSQLScript.sql new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/bootstrap/sql/migrations/native/1.5.15/postgres/schemaChanges.sql b/bootstrap/sql/migrations/native/1.5.15/postgres/schemaChanges.sql new file mode 100644 index 000000000000..6f92fbea754c --- /dev/null +++ b/bootstrap/sql/migrations/native/1.5.15/postgres/schemaChanges.sql @@ -0,0 +1,5 @@ +-- Make domain policy and role non-system +UPDATE policy_entity SET json = JSONB_SET(json::jsonb, '{provider}', '"user"', true) where name = 'DomainOnlyAccessPolicy'; +UPDATE policy_entity SET json = JSONB_SET(json::jsonb, '{allowDelete}', 'true', true) WHERE name = 'DomainOnlyAccessPolicy'; +UPDATE role_entity SET json = JSONB_SET(json::jsonb, '{provider}', '"user"', true) where name = 'DomainOnlyAccessRole'; +UPDATE role_entity SET json = JSONB_SET(json::jsonb, '{allowDelete}', 'true', true) WHERE name = 'DomainOnlyAccessRole'; diff --git a/openmetadata-service/src/main/resources/json/data/policy/DomainAccessPolicy.json b/openmetadata-service/src/main/resources/json/data/policy/DomainAccessPolicy.json index 572760b5ef01..d103fff85265 100644 --- a/openmetadata-service/src/main/resources/json/data/policy/DomainAccessPolicy.json +++ b/openmetadata-service/src/main/resources/json/data/policy/DomainAccessPolicy.json @@ -4,8 +4,8 @@ "fullyQualifiedName": "DomainOnlyAccessPolicy", "description": "This Policy adds restrictions so that users will have access to domain related data. If the user has some domain, then he will be able to access data only for that domain. If the user does not have any domain assigned , he will be able to access only assets which also does not have any domain.", "enabled": true, - "allowDelete": false, - "provider": "system", + "allowDelete": true, + "provider": "user", "rules": [ { "name": "DomainOnlyAccessRule", diff --git a/openmetadata-service/src/main/resources/json/data/role/DomainOnlyAccessRole.json b/openmetadata-service/src/main/resources/json/data/role/DomainOnlyAccessRole.json index b18aeae18424..ec770210e4da 100644 --- a/openmetadata-service/src/main/resources/json/data/role/DomainOnlyAccessRole.json +++ b/openmetadata-service/src/main/resources/json/data/role/DomainOnlyAccessRole.json @@ -2,8 +2,8 @@ "name": "DomainOnlyAccessRole", "displayName": "Domain Only Access Role", "description": "Role Corresponding to Domain Access Restriction.", - "allowDelete": false, - "provider": "system", + "allowDelete": true, + "provider": "user", "policies" : [ { "type" : "policy", From 521619ae32b7a306b1c26e47e4cf2662ce06601f Mon Sep 17 00:00:00 2001 From: Mohit Yadav <105265192+mohityadav766@users.noreply.github.com> Date: Sun, 15 Dec 2024 01:20:28 +0530 Subject: [PATCH 4/6] Correct Imports for Class Converter Factory (#19057) --- .../service/secrets/converter/ClassConverterFactory.java | 4 ++-- .../entity/services/connections/database/mysqlConnection.json | 1 + .../services/connections/database/postgresConnection.json | 1 + .../entity/services/connections/database/mysqlConnection.ts | 4 +--- .../services/connections/database/postgresConnection.ts | 4 +--- 5 files changed, 6 insertions(+), 8 deletions(-) diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/secrets/converter/ClassConverterFactory.java b/openmetadata-service/src/main/java/org/openmetadata/service/secrets/converter/ClassConverterFactory.java index c30238cd3d93..3a9fedee9408 100644 --- a/openmetadata-service/src/main/java/org/openmetadata/service/secrets/converter/ClassConverterFactory.java +++ b/openmetadata-service/src/main/java/org/openmetadata/service/secrets/converter/ClassConverterFactory.java @@ -13,10 +13,8 @@ package org.openmetadata.service.secrets.converter; -import com.mysql.cj.MysqlConnection; import java.util.Map; import lombok.Getter; -import org.flywaydb.core.internal.database.redshift.RedshiftConnection; import org.openmetadata.schema.auth.SSOAuthMechanism; import org.openmetadata.schema.entity.automations.TestServiceConnectionRequest; import org.openmetadata.schema.entity.automations.Workflow; @@ -34,7 +32,9 @@ import org.openmetadata.schema.services.connections.database.GreenplumConnection; import org.openmetadata.schema.services.connections.database.HiveConnection; import org.openmetadata.schema.services.connections.database.IcebergConnection; +import org.openmetadata.schema.services.connections.database.MysqlConnection; import org.openmetadata.schema.services.connections.database.PostgresConnection; +import org.openmetadata.schema.services.connections.database.RedshiftConnection; import org.openmetadata.schema.services.connections.database.SalesforceConnection; import org.openmetadata.schema.services.connections.database.SapHanaConnection; import org.openmetadata.schema.services.connections.database.TrinoConnection; diff --git a/openmetadata-spec/src/main/resources/json/schema/entity/services/connections/database/mysqlConnection.json b/openmetadata-spec/src/main/resources/json/schema/entity/services/connections/database/mysqlConnection.json index 5d269f58a6f0..663c3b70b85f 100644 --- a/openmetadata-spec/src/main/resources/json/schema/entity/services/connections/database/mysqlConnection.json +++ b/openmetadata-spec/src/main/resources/json/schema/entity/services/connections/database/mysqlConnection.json @@ -44,6 +44,7 @@ "authType": { "title": "Auth Configuration Type", "description": "Choose Auth Config Type.", + "mask": true, "oneOf": [ { "$ref": "./common/basicAuth.json" diff --git a/openmetadata-spec/src/main/resources/json/schema/entity/services/connections/database/postgresConnection.json b/openmetadata-spec/src/main/resources/json/schema/entity/services/connections/database/postgresConnection.json index 71defb2941b8..019e6816e743 100644 --- a/openmetadata-spec/src/main/resources/json/schema/entity/services/connections/database/postgresConnection.json +++ b/openmetadata-spec/src/main/resources/json/schema/entity/services/connections/database/postgresConnection.json @@ -45,6 +45,7 @@ "authType": { "title": "Auth Configuration Type", "description": "Choose Auth Config Type.", + "mask": true, "oneOf": [ { "$ref": "./common/basicAuth.json" diff --git a/openmetadata-ui/src/main/resources/ui/src/generated/entity/services/connections/database/mysqlConnection.ts b/openmetadata-ui/src/main/resources/ui/src/generated/entity/services/connections/database/mysqlConnection.ts index 4aab7d80f0fa..035b8b79deba 100644 --- a/openmetadata-ui/src/main/resources/ui/src/generated/entity/services/connections/database/mysqlConnection.ts +++ b/openmetadata-ui/src/main/resources/ui/src/generated/entity/services/connections/database/mysqlConnection.ts @@ -10,9 +10,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - - - /** +/** * Mysql Database Connection Config */ export interface MysqlConnection { diff --git a/openmetadata-ui/src/main/resources/ui/src/generated/entity/services/connections/database/postgresConnection.ts b/openmetadata-ui/src/main/resources/ui/src/generated/entity/services/connections/database/postgresConnection.ts index c681b859806b..4294e5c637ac 100644 --- a/openmetadata-ui/src/main/resources/ui/src/generated/entity/services/connections/database/postgresConnection.ts +++ b/openmetadata-ui/src/main/resources/ui/src/generated/entity/services/connections/database/postgresConnection.ts @@ -10,9 +10,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - - - /** +/** * Postgres Database Connection Config */ export interface PostgresConnection { From 50ae01e2ceeae8180178d24ddc66065e4b96cef0 Mon Sep 17 00:00:00 2001 From: Mohit Yadav <105265192+mohityadav766@users.noreply.github.com> Date: Sun, 15 Dec 2024 01:24:03 +0530 Subject: [PATCH 5/6] Add Algorithm option for validation in yaml (#19049) * Add algorithm option in authentication * ENtity Repository code remove * Keep Default Value * Fix Test --------- Co-authored-by: Siddhant <86899184+Siddhanttimeline@users.noreply.github.com> --- conf/openmetadata.yaml | 1 + .../service/OpenMetadataApplication.java | 5 ++++- .../service/security/JwtFilter.java | 6 +++++- .../security/jwt/JWTTokenGenerator.java | 20 +++++++++++++++++-- .../security/JWTTokenGeneratorTest.java | 4 +++- .../authenticationConfiguration.json | 6 ++++++ .../authenticationConfiguration.ts | 17 +++++++++++++--- 7 files changed, 51 insertions(+), 8 deletions(-) diff --git a/conf/openmetadata.yaml b/conf/openmetadata.yaml index dedceb705dd9..cf7f07b7f286 100644 --- a/conf/openmetadata.yaml +++ b/conf/openmetadata.yaml @@ -180,6 +180,7 @@ authenticationConfiguration: # This will only be valid when provider type specified is customOidc providerName: ${CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME:-""} publicKeyUrls: ${AUTHENTICATION_PUBLIC_KEYS:-[http://localhost:8585/api/v1/system/config/jwks]} + tokenValidationAlgorithm: ${AUTHENTICATION_TOKEN_VALIDATION_ALGORITHM:-"RS256"} authority: ${AUTHENTICATION_AUTHORITY:-https://accounts.google.com} clientId: ${AUTHENTICATION_CLIENT_ID:-""} callbackUrl: ${AUTHENTICATION_CALLBACK_URL:-""} diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/OpenMetadataApplication.java b/openmetadata-service/src/main/java/org/openmetadata/service/OpenMetadataApplication.java index fdb07d0bcba9..8efa36c4bc47 100644 --- a/openmetadata-service/src/main/java/org/openmetadata/service/OpenMetadataApplication.java +++ b/openmetadata-service/src/main/java/org/openmetadata/service/OpenMetadataApplication.java @@ -190,7 +190,10 @@ public void run(OpenMetadataApplicationConfig catalogConfig, Environment environ EntityMaskerFactory.createEntityMasker(); // Instantiate JWT Token Generator - JWTTokenGenerator.getInstance().init(catalogConfig.getJwtTokenConfiguration()); + JWTTokenGenerator.getInstance() + .init( + catalogConfig.getAuthenticationConfiguration().getTokenValidationAlgorithm(), + catalogConfig.getJwtTokenConfiguration()); // Set the Database type for choosing correct queries from annotations jdbi.getConfig(SqlObjects.class) diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/security/JwtFilter.java b/openmetadata-service/src/main/java/org/openmetadata/service/security/JwtFilter.java index 0e57365b069e..60f1bb688daf 100644 --- a/openmetadata-service/src/main/java/org/openmetadata/service/security/JwtFilter.java +++ b/openmetadata-service/src/main/java/org/openmetadata/service/security/JwtFilter.java @@ -22,6 +22,7 @@ import static org.openmetadata.service.security.SecurityUtil.validatePrincipalClaimsMapping; import static org.openmetadata.service.security.jwt.JWTTokenGenerator.ROLES_CLAIM; import static org.openmetadata.service.security.jwt.JWTTokenGenerator.TOKEN_TYPE; +import static org.openmetadata.service.security.jwt.JWTTokenGenerator.getAlgorithm; import com.auth0.jwk.Jwk; import com.auth0.jwk.JwkProvider; @@ -71,6 +72,7 @@ public class JwtFilter implements ContainerRequestFilter { private boolean enforcePrincipalDomain; private AuthProvider providerType; private boolean useRolesFromProvider = false; + private AuthenticationConfiguration.TokenValidationAlgorithm tokenValidationAlgorithm; private static final List DEFAULT_PUBLIC_KEY_URLS = Arrays.asList( @@ -123,6 +125,7 @@ public JwtFilter( this.principalDomain = authorizerConfiguration.getPrincipalDomain(); this.enforcePrincipalDomain = authorizerConfiguration.getEnforcePrincipalDomain(); this.useRolesFromProvider = authorizerConfiguration.getUseRolesFromProvider(); + this.tokenValidationAlgorithm = authenticationConfiguration.getTokenValidationAlgorithm(); } @VisibleForTesting @@ -224,7 +227,8 @@ public Map validateJwtAndGetClaims(String token) { // Validate JWT with public key Jwk jwk = jwkProvider.get(jwt.getKeyId()); - Algorithm algorithm = Algorithm.RSA256((RSAPublicKey) jwk.getPublicKey(), null); + Algorithm algorithm = + getAlgorithm(tokenValidationAlgorithm, (RSAPublicKey) jwk.getPublicKey(), null); try { algorithm.verify(jwt); } catch (RuntimeException runtimeException) { diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/security/jwt/JWTTokenGenerator.java b/openmetadata-service/src/main/java/org/openmetadata/service/security/jwt/JWTTokenGenerator.java index 868175326469..21aaeeeef9b2 100644 --- a/openmetadata-service/src/main/java/org/openmetadata/service/security/jwt/JWTTokenGenerator.java +++ b/openmetadata-service/src/main/java/org/openmetadata/service/security/jwt/JWTTokenGenerator.java @@ -37,6 +37,7 @@ import java.util.Set; import lombok.Getter; import lombok.extern.slf4j.Slf4j; +import org.openmetadata.schema.api.security.AuthenticationConfiguration; import org.openmetadata.schema.api.security.jwt.JWTTokenConfiguration; import org.openmetadata.schema.auth.JWTAuthMechanism; import org.openmetadata.schema.auth.JWTTokenExpiry; @@ -56,6 +57,7 @@ public class JWTTokenGenerator { @Getter private RSAPublicKey publicKey; private String issuer; private String kid; + private AuthenticationConfiguration.TokenValidationAlgorithm tokenValidationAlgorithm; private JWTTokenGenerator() { /* Private constructor for singleton */ @@ -66,7 +68,9 @@ public static JWTTokenGenerator getInstance() { } /** Expected to be initialized only once during application start */ - public void init(JWTTokenConfiguration jwtTokenConfiguration) { + public void init( + AuthenticationConfiguration.TokenValidationAlgorithm algorithm, + JWTTokenConfiguration jwtTokenConfiguration) { try { if (jwtTokenConfiguration.getRsaprivateKeyFilePath() != null && !jwtTokenConfiguration.getRsaprivateKeyFilePath().isEmpty() @@ -84,6 +88,7 @@ public void init(JWTTokenConfiguration jwtTokenConfiguration) { publicKey = (RSAPublicKey) kf.generatePublic(spec); issuer = jwtTokenConfiguration.getJwtissuer(); kid = jwtTokenConfiguration.getKeyId(); + tokenValidationAlgorithm = algorithm; } } catch (Exception ex) { LOG.error("Failed to initialize JWTTokenGenerator ", ex); @@ -141,7 +146,7 @@ public JWTAuthMechanism getJwtAuthMechanism( } } JWTAuthMechanism jwtAuthMechanism = new JWTAuthMechanism().withJWTTokenExpiry(expiry); - Algorithm algorithm = Algorithm.RSA256(null, privateKey); + Algorithm algorithm = getAlgorithm(tokenValidationAlgorithm, null, privateKey); String token = JWT.create() .withIssuer(issuer) @@ -214,4 +219,15 @@ public Date getTokenExpiryFromJWT(String token) { return jwt.getExpiresAt(); } + + public static Algorithm getAlgorithm( + AuthenticationConfiguration.TokenValidationAlgorithm algorithm, + RSAPublicKey publicKey, + RSAPrivateKey privateKey) { + return switch (algorithm) { + case RS_256 -> Algorithm.RSA256(publicKey, privateKey); + case RS_384 -> Algorithm.RSA384(publicKey, privateKey); + case RS_512 -> Algorithm.RSA512(publicKey, privateKey); + }; + } } diff --git a/openmetadata-service/src/test/java/org/openmetadata/service/security/JWTTokenGeneratorTest.java b/openmetadata-service/src/test/java/org/openmetadata/service/security/JWTTokenGeneratorTest.java index b7d935f5c624..555a079ddd30 100644 --- a/openmetadata-service/src/test/java/org/openmetadata/service/security/JWTTokenGeneratorTest.java +++ b/openmetadata-service/src/test/java/org/openmetadata/service/security/JWTTokenGeneratorTest.java @@ -15,6 +15,7 @@ import org.junit.jupiter.api.BeforeAll; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.TestInstance; +import org.openmetadata.schema.api.security.AuthenticationConfiguration; import org.openmetadata.schema.api.security.jwt.JWTTokenConfiguration; import org.openmetadata.schema.auth.JWTAuthMechanism; import org.openmetadata.schema.auth.JWTTokenExpiry; @@ -38,7 +39,8 @@ public void setup() { jwtTokenConfiguration.setRsaprivateKeyFilePath(rsaPrivateKeyPath); jwtTokenConfiguration.setRsapublicKeyFilePath(rsaPublicKeyPath); jwtTokenGenerator = JWTTokenGenerator.getInstance(); - jwtTokenGenerator.init(jwtTokenConfiguration); + jwtTokenGenerator.init( + AuthenticationConfiguration.TokenValidationAlgorithm.RS_256, jwtTokenConfiguration); } @Test diff --git a/openmetadata-spec/src/main/resources/json/schema/configuration/authenticationConfiguration.json b/openmetadata-spec/src/main/resources/json/schema/configuration/authenticationConfiguration.json index 670401107ca8..ac7d5075ecae 100644 --- a/openmetadata-spec/src/main/resources/json/schema/configuration/authenticationConfiguration.json +++ b/openmetadata-spec/src/main/resources/json/schema/configuration/authenticationConfiguration.json @@ -46,6 +46,12 @@ "type": "string" } }, + "tokenValidationAlgorithm": { + "description": "Token Validation Algorithm to use.", + "type": "string", + "enum": ["RS256", "RS384", "RS512"], + "default": "RS256" + }, "authority": { "description": "Authentication Authority", "type": "string" diff --git a/openmetadata-ui/src/main/resources/ui/src/generated/configuration/authenticationConfiguration.ts b/openmetadata-ui/src/main/resources/ui/src/generated/configuration/authenticationConfiguration.ts index c21521c1562a..41f559faee8a 100644 --- a/openmetadata-ui/src/main/resources/ui/src/generated/configuration/authenticationConfiguration.ts +++ b/openmetadata-ui/src/main/resources/ui/src/generated/configuration/authenticationConfiguration.ts @@ -10,9 +10,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - - - /** +/** * This schema defines the Authentication Configuration. */ export interface AuthenticationConfiguration { @@ -69,6 +67,10 @@ export interface AuthenticationConfiguration { * Saml Configuration that is applicable only when the provider is Saml */ samlConfiguration?: SamlSSOClientConfig; + /** + * Token Validation Algorithm to use. + */ + tokenValidationAlgorithm?: TokenValidationAlgorithm; } /** @@ -492,3 +494,12 @@ export interface SP { */ spX509Certificate?: string; } + +/** + * Token Validation Algorithm to use. + */ +export enum TokenValidationAlgorithm { + Rs256 = "RS256", + Rs384 = "RS384", + Rs512 = "RS512", +} From 17e5331bdce1930d0d352d091f8b1084fe74ef95 Mon Sep 17 00:00:00 2001 From: Mayur Singal <39544459+ulixius9@users.noreply.github.com> Date: Mon, 16 Dec 2024 12:04:46 +0530 Subject: [PATCH 6/6] Docs - Fix PowerBI RS Slug (#19081) --- .../v1.6.x/connectors/dashboard/powerbi-report-server/index.md | 2 +- .../connectors/dashboard/powerbi-report-server/index.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/openmetadata-docs/content/v1.6.x/connectors/dashboard/powerbi-report-server/index.md b/openmetadata-docs/content/v1.6.x/connectors/dashboard/powerbi-report-server/index.md index c4e2b53fba19..7ba0d77b9946 100644 --- a/openmetadata-docs/content/v1.6.x/connectors/dashboard/powerbi-report-server/index.md +++ b/openmetadata-docs/content/v1.6.x/connectors/dashboard/powerbi-report-server/index.md @@ -1,6 +1,6 @@ --- title: Run the PowerBI Report Server Connector Externally -slug: /connectors/dashboard/powerbireportserver/yaml +slug: /connectors/dashboard/powerbireportserver --- {% connectorDetailsHeader diff --git a/openmetadata-docs/content/v1.7.x-SNAPSHOT/connectors/dashboard/powerbi-report-server/index.md b/openmetadata-docs/content/v1.7.x-SNAPSHOT/connectors/dashboard/powerbi-report-server/index.md index fea58de2378d..92be3f90d0e3 100644 --- a/openmetadata-docs/content/v1.7.x-SNAPSHOT/connectors/dashboard/powerbi-report-server/index.md +++ b/openmetadata-docs/content/v1.7.x-SNAPSHOT/connectors/dashboard/powerbi-report-server/index.md @@ -1,6 +1,6 @@ --- title: Run the PowerBI Report Server Connector Externally -slug: /connectors/dashboard/powerbireportserver/yaml +slug: /connectors/dashboard/powerbireportserver --- {% connectorDetailsHeader