Fix SSL issue (#16412)

open-metadata · May 27, 2024 · 2b536a2 · 2b536a2
1 parent 61bb409
commit 2b536a2
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 4 deletions.
diff --git a/ingestion/src/airflow_provider_openmetadata/hooks/openmetadata.py b/ingestion/src/airflow_provider_openmetadata/hooks/openmetadata.py
@@ -66,7 +66,7 @@ def get_conn(self) -> OpenMetadataConnection:
  extra = conn.extra_dejson if conn.get_extra() else {}
  verify_ssl = extra.get("verifySSL") or self.default_verify_ssl
  ssl_config = (
- ValidateSslClientConfig(certificatePath=extra["sslConfig"])
+ ValidateSslClientConfig(caCertificate=extra["sslConfig"])
  if extra.get("sslConfig")
  else self.default_ssl_config
  )

diff --git a/ingestion/src/metadata/utils/ssl_registry.py b/ingestion/src/metadata/utils/ssl_registry.py
@@ -39,7 +39,7 @@ def ignore_ssl_init(_: Optional[SslConfig]) -> bool:
 
 @ssl_verification_registry.add(VerifySSL.validate.value)
 def validate_ssl_init(ssl_config: Optional[SslConfig]) -> str:
- return ssl_config.__root__.certificatePath
+ return ssl_config.__root__.caCertificate.get_secret_value()
 
 
 def get_verify_ssl_fn(verify_ssl: VerifySSL) -> Callable:

diff --git a/...etadata-service/src/main/java/org/openmetadata/service/OpenMetadataApplicationConfig.java b/...etadata-service/src/main/java/org/openmetadata/service/OpenMetadataApplicationConfig.java
@@ -18,6 +18,7 @@
 import io.dropwizard.db.DataSourceFactory;
 import io.dropwizard.health.conf.HealthConfiguration;
 import io.federecio.dropwizard.swagger.SwaggerBundleConfiguration;
+import java.util.LinkedHashMap;
 import javax.validation.Valid;
 import javax.validation.constraints.NotNull;
 import lombok.Getter;
@@ -66,6 +67,20 @@ public class OpenMetadataApplicationConfig extends Configuration {
  @JsonProperty("pipelineServiceClientConfiguration")
  private PipelineServiceClientConfiguration pipelineServiceClientConfiguration;
 
+ private static final String CERTIFICATE_PATH = "certificatePath";
+
+ public PipelineServiceClientConfiguration getPipelineServiceClientConfiguration() {
+
+ LinkedHashMap<String, String> temporarySSLConfig =
+ (LinkedHashMap<String, String>) pipelineServiceClientConfiguration.getSslConfig();
+ if (temporarySSLConfig != null && temporarySSLConfig.containsKey(CERTIFICATE_PATH)) {
+ temporarySSLConfig.put("caCertificate", temporarySSLConfig.get(CERTIFICATE_PATH));
+ temporarySSLConfig.remove(CERTIFICATE_PATH);
+ }
+ pipelineServiceClientConfiguration.setSslConfig(temporarySSLConfig);
+ return pipelineServiceClientConfiguration;
+ }
+
  @JsonProperty("migrationConfiguration")
  @NotNull
  private MigrationConfiguration migrationConfiguration;

diff --git a/openmetadata-ui/src/main/resources/ui/src/utils/ConnectionSchemas/SupersetConnection.json b/openmetadata-ui/src/main/resources/ui/src/utils/ConnectionSchemas/SupersetConnection.json
@@ -84,7 +84,7 @@
  "type": "object",
  "javaType": "org.openmetadata.schema.security.ssl.ValidateSSLClientConfig",
  "properties": {
- "certificatePath": {
+ "caCertificate": {
  "title": "Certificate Path",
  "description": "CA certificate path. E.g., /path/to/public.cert. Will be used if Verify SSL is set to `validate`.",
  "type": "string"
@@ -264,7 +264,7 @@
  "type": "object",
  "javaType": "org.openmetadata.schema.security.ssl.ValidateSSLClientConfig",
  "properties": {
- "certificatePath": {
+ "caCertificate": {
  "description": "CA certificate path. E.g., /path/to/public.cert. Will be used if Verify SSL is set to `validate`.",
  "type": "string"
  }