Skip to content

Commit

Permalink
fix(ui): Display warning in UI when metadata service auth is disabled. (
Browse files Browse the repository at this point in the history
  • Loading branch information
jjoyce0510 authored Apr 22, 2022
1 parent 325c9b0 commit b38d14f
Show file tree
Hide file tree
Showing 7 changed files with 68 additions and 3 deletions.
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package com.linkedin.datahub.graphql;

import com.datahub.authentication.AuthenticationConfiguration;
import com.datahub.authentication.token.TokenService;
import com.datahub.authorization.AuthorizationConfiguration;
import com.google.common.collect.ImmutableList;
Expand Down Expand Up @@ -221,6 +222,7 @@ public class GmsGraphQLEngine {
private final TimeseriesAspectService timeseriesAspectService;

private final IngestionConfiguration ingestionConfiguration;
private final AuthenticationConfiguration authenticationConfiguration;
private final AuthorizationConfiguration authorizationConfiguration;
private final VisualConfiguration visualConfiguration;

Expand Down Expand Up @@ -288,6 +290,7 @@ public GmsGraphQLEngine() {
null,
null,
null,
null,
false,
null);
}
Expand All @@ -304,6 +307,7 @@ public GmsGraphQLEngine(
final EntityRegistry entityRegistry,
final SecretService secretService,
final IngestionConfiguration ingestionConfiguration,
final AuthenticationConfiguration authenticationConfiguration,
final AuthorizationConfiguration authorizationConfiguration,
final GitVersion gitVersion,
final boolean supportsImpactAnalysis,
Expand All @@ -325,6 +329,7 @@ public GmsGraphQLEngine(
this.timeseriesAspectService = timeseriesAspectService;

this.ingestionConfiguration = Objects.requireNonNull(ingestionConfiguration);
this.authenticationConfiguration = Objects.requireNonNull(authenticationConfiguration);
this.authorizationConfiguration = Objects.requireNonNull(authorizationConfiguration);
this.visualConfiguration = visualConfiguration;

Expand Down Expand Up @@ -562,6 +567,7 @@ private void configureQueryResolvers(final RuntimeWiring.Builder builder) {
.dataFetcher("appConfig",
new AppConfigResolver(gitVersion, analyticsService != null,
this.ingestionConfiguration,
this.authenticationConfiguration,
this.authorizationConfiguration,
supportsImpactAnalysis, this.visualConfiguration))
.dataFetcher("me", new AuthenticatedResolver<>(
Expand Down
Original file line number Diff line number Diff line change
@@ -1,9 +1,11 @@
package com.linkedin.datahub.graphql.resolvers.config;

import com.datahub.authentication.AuthenticationConfiguration;
import com.datahub.authorization.AuthorizationConfiguration;
import com.linkedin.datahub.graphql.QueryContext;
import com.linkedin.datahub.graphql.generated.AnalyticsConfig;
import com.linkedin.datahub.graphql.generated.AppConfig;
import com.linkedin.datahub.graphql.generated.AuthConfig;
import com.linkedin.datahub.graphql.generated.EntityType;
import com.linkedin.datahub.graphql.generated.IdentityManagementConfig;
import com.linkedin.datahub.graphql.generated.LineageConfig;
Expand All @@ -28,6 +30,7 @@ public class AppConfigResolver implements DataFetcher<CompletableFuture<AppConfi
private final GitVersion _gitVersion;
private final boolean _isAnalyticsEnabled;
private final IngestionConfiguration _ingestionConfiguration;
private final AuthenticationConfiguration _authenticationConfiguration;
private final AuthorizationConfiguration _authorizationConfiguration;
private final boolean _supportsImpactAnalysis;
private final VisualConfiguration _visualConfiguration;
Expand All @@ -36,12 +39,14 @@ public AppConfigResolver(
final GitVersion gitVersion,
final boolean isAnalyticsEnabled,
final IngestionConfiguration ingestionConfiguration,
final AuthenticationConfiguration authenticationConfiguration,
final AuthorizationConfiguration authorizationConfiguration,
final boolean supportsImpactAnalysis,
final VisualConfiguration visualConfiguration) {
_gitVersion = gitVersion;
_isAnalyticsEnabled = isAnalyticsEnabled;
_ingestionConfiguration = ingestionConfiguration;
_authenticationConfiguration = authenticationConfiguration;
_authorizationConfiguration = authorizationConfiguration;
_supportsImpactAnalysis = supportsImpactAnalysis;
_visualConfiguration = visualConfiguration;
Expand All @@ -63,6 +68,9 @@ public CompletableFuture<AppConfig> get(final DataFetchingEnvironment environmen
final AnalyticsConfig analyticsConfig = new AnalyticsConfig();
analyticsConfig.setEnabled(_isAnalyticsEnabled);

final AuthConfig authConfig = new AuthConfig();
authConfig.setTokenAuthEnabled(_authenticationConfiguration.isEnabled());

final PoliciesConfig policiesConfig = new PoliciesConfig();
policiesConfig.setEnabled(_authorizationConfiguration.getDefaultAuthorizer().isEnabled());

Expand All @@ -82,11 +90,12 @@ public CompletableFuture<AppConfig> get(final DataFetchingEnvironment environmen

final ManagedIngestionConfig ingestionConfig = new ManagedIngestionConfig();
ingestionConfig.setEnabled(_ingestionConfiguration.isEnabled());
appConfig.setAuthConfig(authConfig);
appConfig.setAnalyticsConfig(analyticsConfig);
appConfig.setPoliciesConfig(policiesConfig);
appConfig.setIdentityManagementConfig(identityManagementConfig);
appConfig.setManagedIngestionConfig(ingestionConfig);

appConfig.setAuthConfig(authConfig);
appConfig.setVisualConfig(_visualConfiguration);

return CompletableFuture.completedFuture(appConfig);
Expand Down
16 changes: 16 additions & 0 deletions datahub-graphql-core/src/main/resources/app.graphql
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,11 @@ type AppConfig {
"""
appVersion: String

"""
Auth-related configurations
"""
authConfig: AuthConfig!

"""
Configurations related to the Analytics Feature
"""
Expand Down Expand Up @@ -139,6 +144,17 @@ type AnalyticsConfig {
enabled: Boolean!
}

"""
Configurations related to auth
"""
type AuthConfig {
"""
Whether token-based auth is enabled.
"""
tokenAuthEnabled: Boolean!
}


"""
Configurations related to the Policies Feature
"""
Expand Down
30 changes: 28 additions & 2 deletions datahub-web-react/src/app/settings/AccessTokens.tsx
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
import { Button, Divider, Select, Typography } from 'antd';
import { InfoCircleOutlined } from '@ant-design/icons';
import { Alert, Button, Divider, Select, Typography } from 'antd';
import React, { useEffect, useState } from 'react';
import styled from 'styled-components';
import { useAppConfigQuery } from '../../graphql/app.generated';
import { useGetAccessTokenLazyQuery } from '../../graphql/auth.generated';
import { AccessTokenDuration, AccessTokenType } from '../../types.generated';
import { useGetAuthenticatedUser } from '../useGetAuthenticatedUser';
Expand Down Expand Up @@ -32,6 +34,16 @@ const ExpirationSelectConainer = styled.div`
padding-bottom: 12px;
`;

const StyledAlert = styled(Alert)`
padding-top: 12px;
padding-bottom: 12px;
margin-bottom: 20px;
`;

const StyledInfoCircleOutlined = styled(InfoCircleOutlined)`
margin-right: 8px;
`;

const ExpirationDurationSelect = styled(Select)`
&& {
width: 120px;
Expand All @@ -51,7 +63,9 @@ export const AccessTokens = () => {
const [showModal, setShowModal] = useState(false);
const [selectedTokenDuration, setSelectedTokenDuration] = useState(ACCESS_TOKEN_DURATIONS[0].duration);
const authenticatedUser = useGetAuthenticatedUser();
const canGeneratePersonalAccessTokens = authenticatedUser?.platformPrivileges.generatePersonalAccessTokens;
const isTokenAuthEnabled = useAppConfigQuery().data?.appConfig?.authConfig?.tokenAuthEnabled;
const canGeneratePersonalAccessTokens =
isTokenAuthEnabled && authenticatedUser?.platformPrivileges.generatePersonalAccessTokens;
const currentUserUrn = authenticatedUser?.corpUser.urn;

const [getAccessToken, { data, error }] = useGetAccessTokenLazyQuery({
Expand Down Expand Up @@ -94,6 +108,18 @@ export const AccessTokens = () => {
Manage Access Tokens for use with DataHub APIs.
</Typography.Paragraph>
<Divider />
{isTokenAuthEnabled === false && (
<StyledAlert
type="error"
message={
<span>
<StyledInfoCircleOutlined />
Token based authentication is currently disabled. Contact your DataHub administrator to
enable this feature.
</span>
}
/>
)}
<Typography.Title level={5}>Personal Access Tokens</Typography.Title>
<PersonTokenDescriptionText type="secondary">
Personal Access Tokens allow you to make programmatic requests to DataHub&apos;s APIs. They inherit your
Expand Down
3 changes: 3 additions & 0 deletions datahub-web-react/src/appConfigContext.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,9 @@ export const DEFAULT_APP_CONFIG = {
visualConfig: {
logoUrl: undefined,
},
authConfig: {
tokenAuthEnabled: false,
},
};

export const AppConfigContext = React.createContext<{
Expand Down
3 changes: 3 additions & 0 deletions datahub-web-react/src/graphql/app.graphql
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,9 @@ query appConfig {
analyticsConfig {
enabled
}
authConfig {
tokenAuthEnabled
}
identityManagementConfig {
enabled
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,7 @@ protected GraphQLEngine getInstance() {
_entityRegistry,
_secretService,
_configProvider.getIngestion(),
_configProvider.getAuthentication(),
_configProvider.getAuthorization(),
_gitVersion,
_graphService.supportsMultiHop(),
Expand All @@ -134,6 +135,7 @@ protected GraphQLEngine getInstance() {
_entityRegistry,
_secretService,
_configProvider.getIngestion(),
_configProvider.getAuthentication(),
_configProvider.getAuthorization(),
_gitVersion,
_graphService.supportsMultiHop(),
Expand Down

0 comments on commit b38d14f

Please sign in to comment.