Merge branch 'datahub-project:master' into master

Author: llance

.github/workflows/pr-labeler.yml

@@ -52,7 +52,10 @@ jobs:
                 "chakru-r",
                 "brock-acryl",
                 "mminichino",
-                "jayacryl"
+                "jayacryl",
+                "v-tarasevich-blitz-brain",
+                "ryota-cloud",
+                "annadoesdesign"
               ]'), 
               github.actor
             ) 

.github/workflows/python-build-pages.yml

@@ -8,7 +8,7 @@ on:
       - "metadata-ingestion/**"
       - "metadata-ingestion-modules/**"
       - "metadata-models/**"
-  pull_request_target:
+  pull_request:
     branches:
       - "**"
     paths:
@@ -38,11 +38,7 @@ jobs:
           distribution: "zulu"
           java-version: 17
       - uses: gradle/actions/setup-gradle@v4
-      - uses: actions/checkout@v4
-        # Note: not using acryldata/sane-checkout-action because this is a
-        # pull_request_target event, and hence requires `ref`.
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
+      - uses: acryldata/sane-checkout-action@v3
       - uses: actions/setup-python@v5
         with:
           python-version: "3.10"
@@ -58,17 +54,11 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ github.token }}
       - name: Publish
-        # Cloudflare's pages-action does not support PRs from forks.
-        # See https://developers.cloudflare.com/pages/platform/known-issues/
-        # Based on the discussion here https://github.com/json-schema-org/website/issues/330
-        # we can use a direct upload to work around this limitation.
-        # See https://github.com/AdrianGonz97/refined-cf-pages-action#enabling-pr-previews-from-forks
-        uses: AdrianGonz97/refined-cf-pages-action@v1
+        uses: cloudflare/pages-action@v1
         with:
           apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
           accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
           projectName: ${{ vars.CLOUDFLARE_WHEELS_PROJECT_NAME }}
-          deploymentName: ${{ vars.CLOUDFLARE_WHEELS_PROJECT_NAME }}
           workingDirectory: python-build
           directory: site
           gitHubToken: ${{ github.token }}

build.gradle

@@ -1,3 +1,6 @@
+import org.apache.tools.ant.filters.ReplaceTokens
+
+
 buildscript {
   ext.jdkVersionDefault = 17
   ext.javaClassVersionDefault = 11
@@ -60,6 +63,7 @@ buildscript {
   ext.googleJavaFormatVersion = '1.18.1'
   ext.openLineageVersion = '1.25.0'
   ext.logbackClassicJava8 = '1.2.12'
+  ext.awsSdk2Version = '2.30.33'
 
   ext.docker_registry = 'acryldata'
 
@@ -120,12 +124,12 @@ project.ext.externalDependency = [
     'assertJ': 'org.assertj:assertj-core:3.11.1',
     'avro': 'org.apache.avro:avro:1.11.4',
     'avroCompiler': 'org.apache.avro:avro-compiler:1.11.4',
-    'awsGlueSchemaRegistrySerde': 'software.amazon.glue:schema-registry-serde:1.1.17',
-    'awsMskIamAuth': 'software.amazon.msk:aws-msk-iam-auth:2.0.3',
-    'awsS3': 'software.amazon.awssdk:s3:2.26.21',
-    'awsSecretsManagerJdbc': 'com.amazonaws.secretsmanager:aws-secretsmanager-jdbc:1.0.13',
-    'awsPostgresIamAuth': 'software.amazon.jdbc:aws-advanced-jdbc-wrapper:1.0.2',
-    'awsRds':'software.amazon.awssdk:rds:2.18.24',
+    'awsGlueSchemaRegistrySerde': 'software.amazon.glue:schema-registry-serde:1.1.23',
+    'awsMskIamAuth': 'software.amazon.msk:aws-msk-iam-auth:2.3.0',
+    'awsS3': "software.amazon.awssdk:s3:$awsSdk2Version",
+    'awsSecretsManagerJdbc': 'com.amazonaws.secretsmanager:aws-secretsmanager-jdbc:1.0.15',
+    'awsPostgresIamAuth': 'software.amazon.jdbc:aws-advanced-jdbc-wrapper:2.5.4',
+    'awsRds':"software.amazon.awssdk:rds:$awsSdk2Version",
     'cacheApi': 'javax.cache:cache-api:1.1.0',
     'commonsCli': 'commons-cli:commons-cli:1.5.0',
     'commonsIo': 'commons-io:commons-io:2.17.0',
@@ -240,7 +244,7 @@ project.ext.externalDependency = [
     'playFilters': "com.typesafe.play:filters-helpers_$playScalaVersion:$playVersion",
     'pac4j': 'org.pac4j:pac4j-oidc:6.0.6',
     'playPac4j': "org.pac4j:play-pac4j_$playScalaVersion:12.0.0-PLAY2.8",
-    'postgresql': 'org.postgresql:postgresql:42.7.4',
+    'postgresql': 'org.postgresql:postgresql:42.7.5',
     'protobuf': 'com.google.protobuf:protobuf-java:3.25.5',
     'grpcProtobuf': 'io.grpc:grpc-protobuf:1.53.0',
     'rangerCommons': 'org.apache.ranger:ranger-plugins-common:2.3.0',
@@ -395,25 +399,56 @@ configure(subprojects.findAll {! it.name.startsWith('spark-lineage')}) {
   }
 }
 
+apply plugin: 'com.gorylenko.gradle-git-properties'
+gitProperties {
+  keys = ['git.commit.id','git.commit.id.describe','git.commit.time']
+  // using any tags (not limited to annotated tags) for "git.commit.id.describe" property
+  // see http://ajoberstar.org/grgit/grgit-describe.html for more info about the describe method and available parameters
+  // 'it' is an instance of org.ajoberstar.grgit.Grgit
+  customProperty 'git.commit.id.describe', { it.describe(tags: true) }
+  gitPropertiesResourceDir = rootProject.buildDir
+  failOnNoGitDirectory = false
+}
+
+def gitPropertiesGenerated = false
+
+apply from: 'gradle/versioning/versioning-global.gradle'
+
+tasks.register("generateGitPropertiesGlobal", com.gorylenko.GenerateGitPropertiesTask) {
+  doFirst {
+    if (!gitPropertiesGenerated) {
+      println "Generating git.properties"
+      gitPropertiesGenerated = true
+    } else {
+      // Skip actual execution if already run
+      onlyIf { false }
+    }
+  }
+}
+
 subprojects {
 
   apply plugin: 'maven-publish'
-  apply plugin: 'com.gorylenko.gradle-git-properties'
   apply plugin: 'com.diffplug.spotless'
 
-  gitProperties {
-    keys = ['git.commit.id','git.commit.id.describe','git.commit.time']
-    // using any tags (not limited to annotated tags) for "git.commit.id.describe" property
-    // see http://ajoberstar.org/grgit/grgit-describe.html for more info about the describe method and available parameters
-    // 'it' is an instance of org.ajoberstar.grgit.Grgit
-    customProperty 'git.commit.id.describe', { it.describe(tags: true) }
-    failOnNoGitDirectory = false
+  def gitPropertiesTask = tasks.register("copyGitProperties", Copy) {
+    dependsOn rootProject.tasks.named("generateGitPropertiesGlobal")
+    def sourceFile = file("${rootProject.buildDir}/git.properties")
+    from sourceFile
+    into "$project.buildDir/resources/main"
   }
 
   plugins.withType(JavaPlugin).configureEach {
+    project.tasks.named(JavaPlugin.CLASSES_TASK_NAME).configure{
+      dependsOn gitPropertiesTask
+    }
     if (project.name == 'datahub-web-react') {
       return
     }
+    /* TODO: evaluate ignoring jar timestamps for increased caching (compares checksum instead)
+    jar {
+      preserveFileTimestamps = false
+    }*/
 
     dependencies {
       implementation externalDependency.annotationApi

datahub-frontend/app/auth/GuestAuthenticationConfigs.java

@@ -0,0 +1,40 @@
+package auth;
+
+public class GuestAuthenticationConfigs {
+  public static final String GUEST_ENABLED_CONFIG_PATH = "auth.guest.enabled";
+  public static final String GUEST_USER_CONFIG_PATH = "auth.guest.user";
+  public static final String GUEST_PATH_CONFIG_PATH = "auth.guest.path";
+  public static final String DEFAULT_GUEST_USER_NAME = "guest";
+  public static final String DEFAULT_GUEST_PATH = "/public";
+
+  private Boolean isEnabled = false;
+  private String guestUser =
+      DEFAULT_GUEST_USER_NAME; // Default if not defined but guest auth is enabled.
+  private String guestPath =
+      DEFAULT_GUEST_PATH; // The path for initial access to login as guest and bypass login page.
+
+  public GuestAuthenticationConfigs(final com.typesafe.config.Config configs) {
+    if (configs.hasPath(GUEST_ENABLED_CONFIG_PATH)
+        && configs.getBoolean(GUEST_ENABLED_CONFIG_PATH)) {
+      isEnabled = true;
+    }
+    if (configs.hasPath(GUEST_USER_CONFIG_PATH)) {
+      guestUser = configs.getString(GUEST_USER_CONFIG_PATH);
+    }
+    if (configs.hasPath(GUEST_PATH_CONFIG_PATH)) {
+      guestPath = configs.getString(GUEST_PATH_CONFIG_PATH);
+    }
+  }
+
+  public boolean isGuestEnabled() {
+    return isEnabled;
+  }
+
+  public String getGuestUser() {
+    return guestUser;
+  }
+
+  public String getGuestPath() {
+    return guestPath;
+  }
+}

datahub-frontend/app/controllers/AuthenticationController.java

@@ -6,6 +6,7 @@
 
 import auth.AuthUtils;
 import auth.CookieConfigs;
+import auth.GuestAuthenticationConfigs;
 import auth.JAASConfigs;
 import auth.NativeAuthenticationConfigs;
 import auth.sso.SsoManager;
@@ -58,6 +59,8 @@ public class AuthenticationController extends Controller {
   private final CookieConfigs cookieConfigs;
   private final JAASConfigs jaasConfigs;
   private final NativeAuthenticationConfigs nativeAuthenticationConfigs;
+  private final GuestAuthenticationConfigs guestAuthenticationConfigs;
+
   private final boolean verbose;
 
   @Inject private org.pac4j.core.config.Config ssoConfig;
@@ -73,6 +76,7 @@ public AuthenticationController(@Nonnull Config configs) {
     cookieConfigs = new CookieConfigs(configs);
     jaasConfigs = new JAASConfigs(configs);
     nativeAuthenticationConfigs = new NativeAuthenticationConfigs(configs);
+    guestAuthenticationConfigs = new GuestAuthenticationConfigs(configs);
     verbose = configs.hasPath(AUTH_VERBOSE_LOGGING) && configs.getBoolean(AUTH_VERBOSE_LOGGING);
   }
 
@@ -110,6 +114,23 @@ public Result authenticate(Http.Request request) {
       return Results.redirect(redirectPath);
     }
 
+    if (guestAuthenticationConfigs.isGuestEnabled()
+        && guestAuthenticationConfigs.getGuestPath().equals(redirectPath)) {
+      final String accessToken =
+          authClient.generateSessionTokenForUser(guestAuthenticationConfigs.getGuestUser());
+      redirectPath =
+          "/"; // We requested guest login by accessing {guestPath} URL. It is not really a target.
+      CorpuserUrn guestUserUrn = new CorpuserUrn(guestAuthenticationConfigs.getGuestUser());
+      return Results.redirect(redirectPath)
+          .withSession(createSessionMap(guestUserUrn.toString(), accessToken))
+          .withCookies(
+              createActorCookie(
+                  guestUserUrn.toString(),
+                  cookieConfigs.getTtlInHours(),
+                  cookieConfigs.getAuthCookieSameSite(),
+                  cookieConfigs.getAuthCookieSecure()));
+    }
+
     // 1. If SSO is enabled, redirect to IdP if not authenticated.
     if (ssoManager.isSsoEnabled()) {
       return redirectToIdentityProvider(request, redirectPath)

datahub-frontend/app/security/AuthenticationManager.java

@@ -3,31 +3,65 @@
 import com.google.common.base.Preconditions;
 import javax.annotation.Nonnull;
 import javax.naming.AuthenticationException;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
 import org.apache.commons.lang3.StringUtils;
-import org.eclipse.jetty.security.UserPrincipal;
-import org.eclipse.jetty.util.security.Credential;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 public class AuthenticationManager {
+  private static final Logger log = LoggerFactory.getLogger(AuthenticationManager.class);
+
   private AuthenticationManager() {} // Prevent instantiation
 
   public static void authenticateJaasUser(@Nonnull String userName, @Nonnull String password)
       throws Exception {
     Preconditions.checkArgument(!StringUtils.isAnyEmpty(userName), "Username cannot be empty");
 
     try {
-      // Create and configure credentials for authentication
-      UserPrincipal userPrincipal = new UserPrincipal(userName, Credential.getCredential(password));
+      // Create a login context with our custom callback handler
+      LoginContext loginContext =
+          new LoginContext("WHZ-Authentication", new WHZCallbackHandler(userName, password));
 
-      // Verify credentials
-      if (!userPrincipal.authenticate(password)) {
-        throw new AuthenticationException("Invalid credentials for user: " + userName);
-      }
+      // Attempt login
+      loginContext.login();
+
+      // If we get here, authentication succeeded
+      log.debug("Authentication succeeded for user: {}", userName);
 
-    } catch (Exception e) {
+    } catch (LoginException le) {
+      log.info("Authentication failed for user {}: {}", userName, le.getMessage());
       AuthenticationException authenticationException =
-          new AuthenticationException("Authentication failed");
-      authenticationException.setRootCause(e);
+          new AuthenticationException(le.getMessage());
+      authenticationException.setRootCause(le);
       throw authenticationException;
     }
   }
+
+  private static class WHZCallbackHandler implements CallbackHandler {
+    private final String password;
+    private final String username;
+
+    private WHZCallbackHandler(@Nonnull String username, @Nonnull String password) {
+      this.username = username;
+      this.password = password;
+    }
+
+    @Override
+    public void handle(@Nonnull Callback[] callbacks) {
+      for (Callback callback : callbacks) {
+        if (callback instanceof NameCallback) {
+          NameCallback nc = (NameCallback) callback;
+          nc.setName(username);
+        } else if (callback instanceof PasswordCallback) {
+          PasswordCallback pc = (PasswordCallback) callback;
+          pc.setPassword(password.toCharArray());
+        }
+      }
+    }
+  }
 }

datahub-frontend/app/security/DataHubUserPrincipal.java

@@ -0,0 +1,35 @@
+package security;
+
+import java.security.Principal;
+
+public class DataHubUserPrincipal implements Principal {
+  private final String name;
+
+  public DataHubUserPrincipal(String name) {
+    this.name = name;
+  }
+
+  @Override
+  public String getName() {
+    return name;
+  }
+
+  @Override
+  public boolean equals(Object o) {
+    if (this == o) return true;
+    if (o == null || getClass() != o.getClass()) return false;
+
+    DataHubUserPrincipal that = (DataHubUserPrincipal) o;
+    return name.equals(that.name);
+  }
+
+  @Override
+  public int hashCode() {
+    return name.hashCode();
+  }
+
+  @Override
+  public String toString() {
+    return "DataHubUserPrincipal[" + name + "]";
+  }
+}