feat: add configuration option to enable REST API authorizations (#474)

charts/datahub/Chart.yaml

@@ -4,33 +4,33 @@ description: A Helm chart for DataHub
 type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 0.4.26
+version: 0.4.27
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
 appVersion: 0.14.1
 dependencies:
   - name: datahub-gms
-    version: 0.2.172
+    version: 0.2.173
     repository: file://./subcharts/datahub-gms
     condition: datahub-gms.enabled
   - name: datahub-frontend
-    version: 0.2.159
+    version: 0.2.160
     repository: file://./subcharts/datahub-frontend
     condition: datahub-frontend.enabled
   - name: datahub-mae-consumer
-    version: 0.2.161
+    version: 0.2.162
     repository: file://./subcharts/datahub-mae-consumer
     condition: global.datahub_standalone_consumers_enabled
   - name: datahub-mce-consumer
-    version: 0.2.163
+    version: 0.2.164
     repository: file://./subcharts/datahub-mce-consumer
     condition: global.datahub_standalone_consumers_enabled
   - name: datahub-ingestion-cron
-    version: 0.2.145
+    version: 0.2.146
     repository: file://./subcharts/datahub-ingestion-cron
     condition: datahub-ingestion-cron.enabled
   - name: acryl-datahub-actions
-    version: 0.2.147
+    version: 0.2.148
     repository: file://./subcharts/acryl-datahub-actions
     condition: acryl-datahub-actions.enabled
 maintainers:

charts/datahub/subcharts/acryl-datahub-actions/Chart.yaml

@@ -12,7 +12,7 @@ description: A Helm chart for Kubernetes
 type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 0.2.147
+version: 0.2.148
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
-appVersion: 0.0.11
+appVersion: 0.1.1

charts/datahub/subcharts/acryl-datahub-actions/values.yaml

@@ -5,7 +5,7 @@ replicaCount: 1
 
 image:
   repository: acryldata/datahub-actions
-  tag: "v0.0.1"
+  tag: "v0.1.1"
   pullPolicy: IfNotPresent
   # Override the image's command & args with a new one.
   # This may be necessary for custom startup or shutdown behaviors

charts/datahub/subcharts/datahub-frontend/Chart.yaml

@@ -12,7 +12,7 @@ description: A Helm chart for Kubernetes
 type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 0.2.159
+version: 0.2.160
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
 appVersion: v0.13.1

charts/datahub/subcharts/datahub-frontend/templates/deployment.yaml

@@ -185,7 +185,7 @@ spec:
             {{- end }}
             {{- if .Values.global.kafka.topics }}
             - name: DATAHUB_TRACKING_TOPIC
-              value: {{ .Values.global.kafka.topics.datahub_usage_event_name}}
+              value: {{ .Values.global.kafka.topics.datahub_usage_event_name }}
             {{- else }}
             - name: DATAHUB_TRACKING_TOPIC
               value: "DataHubUsageEvent_v1"
@@ -200,6 +200,9 @@ spec:
                 secretKeyRef:
                   name: {{ .Values.global.datahub.metadata_service_authentication.systemClientSecret.secretRef }}
                   key: {{ .Values.global.datahub.metadata_service_authentication.systemClientSecret.secretKey }}
+            {{- else }}
+            - name: METADATA_SERVICE_AUTH_ENABLED
+              value: "false"
             {{- end }}
             - name: AUTH_SESSION_TTL_HOURS
               value: {{ .Values.auth.sessionTTLHours | quote }}

charts/datahub/subcharts/datahub-frontend/values.yaml

@@ -161,9 +161,6 @@ tolerations: []
 
 affinity: {}
 
-env:
-  JMXPORT: 1099
-
 livenessProbe:
   initialDelaySeconds: 60
   periodSeconds: 30

charts/datahub/subcharts/datahub-gms/Chart.yaml

@@ -12,7 +12,7 @@ description: A Helm chart for DataHub's datahub-gms component
 type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 0.2.172
+version: 0.2.173
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
-appVersion: v0.13.1
+appVersion: v0.14.1

charts/datahub/subcharts/datahub-gms/templates/deployment.yaml

@@ -87,11 +87,11 @@ spec:
               containerPort: 4318
               protocol: TCP
           {{- end }}
-          {{- if gt .Values.replicaCount 1.0}}
+          {{- if gt .Values.replicaCount 1.0 }}
             - name: hazelcast
               containerPort: 5701
               protocol: TCP
-          {{- end}}
+          {{- end }}
           livenessProbe:
             httpGet:
               path: /health
@@ -118,13 +118,16 @@ spec:
               value: "true"
             - name: ELASTICSEARCH_QUERY_CUSTOM_CONFIG_FILE
               value: "/datahub/datahub-gms/resources/search/search_config.yml"
-            {{- end}}
-            {{- if gt .Values.replicaCount 1.0}}
+            {{- else }}
+            - name: ELASTICSEARCH_QUERY_CUSTOM_CONFIG_ENABLED
+              value: "false"
+            {{- end }}
+            {{- if gt .Values.replicaCount 1.0 }}
             - name: SEARCH_SERVICE_CACHE_IMPLEMENTATION
               value: "hazelcast"
             - name: SEARCH_SERVICE_HAZELCAST_SERVICE_NAME
               value: {{ printf "%s-%s-%s" .Release.Name (regexReplaceAll "[^-a-z0-9]+" .Values.global.datahub.version "-") "hazelcast-svc" | trunc 63 | trimSuffix "-" }}
-            {{- end}}
+            {{- end }}
             {{- if .Values.global.datahub.systemUpdate.enabled }}
             - name: DATAHUB_UPGRADE_HISTORY_KAFKA_CONSUMER_GROUP_ID
               value: {{ printf "%s-%s" .Release.Name "duhe-consumer-job-client-gms" }}
@@ -179,7 +182,7 @@ spec:
             - name: KAFKA_PRODUCER_COMPRESSION_TYPE
               value: "{{ . }}"
             {{- end }}
-            {{- with .Values.global.kafka.consumer.stopContainerOnDeserializationError}}
+            {{- with .Values.global.kafka.consumer.stopContainerOnDeserializationError }}
             - name: KAFKA_CONSUMER_STOP_ON_DESERIALIZATION_ERROR
               value: "{{ . }}"
             {{- end }}
@@ -311,14 +314,17 @@ spec:
                 secretKeyRef:
                   name: {{ .Values.global.datahub.metadata_service_authentication.systemClientSecret.secretRef }}
                   key: {{ .Values.global.datahub.metadata_service_authentication.systemClientSecret.secretKey }}
+            - name: REST_API_AUTHORIZATION_ENABLED
+              value: {{ .Values.global.datahub.metadata_service_authentication.restApi.authorization.enabled | quote }}
             {{- if .Values.global.datahub.metadata_service_authentication.view.authorization.enabled }}
             - name: VIEW_AUTHORIZATION_ENABLED
               value: "true"
-            {{- if .Values.global.datahub.metadata_service_authentication.view.authorization.recommendations.peerGroupEnabled }}
             - name: VIEW_AUTHORIZATION_RECOMMENDATIONS_PEER_GROUP_ENABLED
-              value: "true"
-            {{- end }}
+              value: {{ .Values.global.datahub.metadata_service_authentication.view.authorization.recommendations.peerGroupEnabled | quote }}
             {{- end }}
+            {{- else }}
+            - name: METADATA_SERVICE_AUTH_ENABLED
+              value: "false"
             {{- end }}
             {{- if .Values.global.datahub.managed_ingestion.enabled }}
             - name: UI_INGESTION_ENABLED
@@ -336,10 +342,8 @@ spec:
             - name: UI_INGESTION_DEFAULT_CLI_VERSION
               value: "{{ .Values.global.datahub.managed_ingestion.defaultCliVersion }}"
             {{- end }}
-            {{- if .Values.global.datahub.enable_retention }}
             - name: ENTITY_SERVICE_ENABLE_RETENTION
-              value: "true"
-            {{- end }}
+              value: {{ .Values.global.datahub.enable_retention | quote }}
             - name: ELASTICSEARCH_QUERY_MAX_TERM_BUCKET_SIZE
               value: {{ .Values.global.elasticsearch.search.maxTermBucketSize | quote }}
             - name: ELASTICSEARCH_QUERY_EXACT_MATCH_EXCLUSIVE
@@ -399,7 +403,7 @@ spec:
             {{- end }}
             {{- if .versioned.enabled }}
             - name: MCP_VERSIONED_THROTTLE_ENABLED
-              value: 'true'
+              value: "true"
             {{- with .versioned.threshold }}
             - name: MCP_VERSIONED_THRESHOLD
               value: {{ . | quote }}
@@ -423,7 +427,7 @@ spec:
             {{- end }}
             {{- if .timeseries.enabled }}
             - name: MCP_TIMESERIES_THROTTLE_ENABLED
-              value: 'true'
+              value: "true"
             {{- with .timeseries.threshold }}
             - name: MCP_TIMESERIES_THRESHOLD
               value: {{ . | quote }}

charts/datahub/subcharts/datahub-gms/templates/hazelcastService.yaml

@@ -1,4 +1,4 @@
-{{- if gt .Values.replicaCount 1.0}}
+{{- if gt .Values.replicaCount 1.0 }}
 apiVersion: v1
 kind: Service
 metadata:
@@ -13,4 +13,4 @@ spec:
   selector:
     app.kubernetes.io/name: {{- include "datahub-gms.name" . | nindent 6 }}
   type: ClusterIP
-{{- end}}
+{{- end }}

charts/datahub/subcharts/datahub-gms/values.yaml

@@ -34,7 +34,6 @@ serviceMonitor:
   create: false
   extraLabels: {}
 
-
 podAnnotations: {}
   # co.elastic.logs/enabled: "true"
 
@@ -231,6 +230,10 @@ global:
       # systemClientSecret:
       #  secretRef: <secret-ref>
       #  secretKey: <secret-key>
+      restApi:
+        authorization:
+          # enables authorization of reads, writes, and deletes on REST APIs
+          enabled: true
       view:
         authorization:
           # search/view authorization filters

charts/datahub/subcharts/datahub-ingestion-cron/Chart.yaml

@@ -12,7 +12,7 @@ description: A Helm chart for Kubernetes
 type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 0.2.145
+version: 0.2.146
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
-appVersion: v0.13.1
+appVersion: v0.14.1

charts/datahub/subcharts/datahub-ingestion-cron/templates/cron.yaml

@@ -8,7 +8,7 @@ metadata:
   name: "{{ $baseName }}-{{ $jobName }}"
   labels: {{- $labels | nindent 4 }}
 spec:
-  schedule: {{ default "0 0 * * *" .schedule | quote}}
+  schedule: {{ default "0 0 * * *" .schedule | quote }}
   concurrencyPolicy: {{ default "Allow" .concurrencyPolicy }}
   successfulJobsHistoryLimit: {{ default 3 .successfulJobsHistoryLimit }}
   failedJobsHistoryLimit: {{ default 1 .failedJobsHistoryLimit }}
@@ -50,25 +50,25 @@ spec:
             {{- if .extraVolumeMounts }}
               {{- toYaml .extraVolumeMounts | nindent 14 }}
             {{- end }}
-            command: ["/bin/sh", "-c", {{ default $defaultCommand .command }} ]
+            command: ["/bin/sh", "-c", {{ default $defaultCommand .command }}]
             {{- if .securityContext }}
             securityContext:
               {{- toYaml .securityContext | nindent 14 }}
             {{- end }}
             env:
               {{- if .env }}
               {{- range $key,$value := .env }}
-              - name: {{ $key | quote}}
-                value: {{ $value | quote}}
+              - name: {{ $key | quote }}
+                value: {{ $value | quote }}
               {{- end }}
               {{- end }}
               {{- if .envFromSecrets }}
               {{- range $key,$value := .envFromSecrets }}
-              - name: {{ $key | quote}}
+              - name: {{ $key | quote }}
                 valueFrom:
                   secretKeyRef:
-                    name: {{ $value.secret | quote}}
-                    key: {{ $value.key | quote}}
+                    name: {{ $value.secret | quote }}
+                    key: {{ $value.key | quote }}
               {{- end }}
               {{- end }}
             {{- if .extraSidecars }}

charts/datahub/subcharts/datahub-mae-consumer/Chart.yaml

@@ -12,7 +12,7 @@ description: A Helm chart for Kubernetes
 type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 0.2.161
+version: 0.2.162
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
-appVersion: v0.13.1
+appVersion: v0.14.1

charts/datahub/subcharts/datahub-mae-consumer/templates/deployment.yaml

@@ -212,6 +212,9 @@ spec:
                 secretKeyRef:
                   name: {{ .Values.global.datahub.metadata_service_authentication.systemClientSecret.secretRef }}
                   key: {{ .Values.global.datahub.metadata_service_authentication.systemClientSecret.secretKey }}
+            {{- else }}
+            - name: METADATA_SERVICE_AUTH_ENABLED
+              value: "false"
             {{- end }}
             {{- if .Values.global.datahub.managed_ingestion.enabled }}
             - name: UI_INGESTION_ENABLED

charts/datahub/subcharts/datahub-mae-consumer/values.yaml

@@ -120,9 +120,6 @@ tolerations: []
 
 affinity: {}
 
-env:
-  JMXPORT: 1099
-
 livenessProbe:
   initialDelaySeconds: 60
   periodSeconds: 30

charts/datahub/subcharts/datahub-mce-consumer/Chart.yaml

@@ -12,7 +12,7 @@ description: A Helm chart for Kubernetes
 type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 0.2.163
+version: 0.2.164
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
-appVersion: v0.13.1
+appVersion: v0.14.1

charts/datahub/subcharts/datahub-mce-consumer/templates/deployment.yaml

@@ -234,6 +234,9 @@ spec:
                 secretKeyRef:
                   name: {{ .Values.global.datahub.metadata_service_authentication.systemClientSecret.secretRef }}
                   key: {{ .Values.global.datahub.metadata_service_authentication.systemClientSecret.secretKey }}
+            {{- else }}
+            - name: METADATA_SERVICE_AUTH_ENABLED
+              value: "false"
             {{- end }}
             {{- if .Values.global.springKafkaConfigurationOverrides }}
             {{- range $configName, $configValue := .Values.global.springKafkaConfigurationOverrides }}
@@ -277,7 +280,7 @@ spec:
             {{- end }}
             {{- if .versioned.enabled }}
             - name: MCP_VERSIONED_THROTTLE_ENABLED
-              value: 'true'
+              value: "true"
             {{- with .versioned.threshold }}
             - name: MCP_VERSIONED_THRESHOLD
               value: {{ . | quote }}
@@ -301,7 +304,7 @@ spec:
             {{- end }}
             {{- if .timeseries.enabled }}
             - name: MCP_TIMESERIES_THROTTLE_ENABLED
-              value: 'true'
+              value: "true"
             {{- with .timeseries.threshold }}
             - name: MCP_TIMESERIES_THRESHOLD
               value: {{ . | quote }}

charts/datahub/subcharts/datahub-mce-consumer/values.yaml

@@ -121,9 +121,6 @@ tolerations: []
 
 affinity: {}
 
-env:
-  JMXPORT: 1099
-
 livenessProbe:
   initialDelaySeconds: 60
   periodSeconds: 30

charts/datahub/templates/datahub-upgrade/datahub-cleanup-job-template.yml

@@ -65,7 +65,7 @@ spec:
               args: [ "-u", "NoCodeDataMigrationCleanup" ]
               {{- end }}
               env:
-                {{- include "datahub.upgrade.env" . | nindent 16}}
+                {{- include "datahub.upgrade.env" . | nindent 16 }}
                 {{- if .Values.global.datahub.metadata_service_authentication.enabled }}
                 - name: DATAHUB_SYSTEM_CLIENT_ID
                   value: {{ .Values.global.datahub.metadata_service_authentication.systemClientId }}

charts/datahub/templates/datahub-upgrade/datahub-nocode-migration-job.yml

@@ -11,7 +11,7 @@ metadata:
   {{- end }}
 spec:
   template:
-    {{- if or .Values.global.podLabels .Values.datahubUpgrade.podAnnotations}}
+    {{- if or .Values.global.podLabels .Values.datahubUpgrade.podAnnotations }}
     metadata:
     {{- with .Values.datahubUpgrade.podAnnotations }}
       annotations:
@@ -44,7 +44,7 @@ spec:
             secretName: {{ .name }}
         {{- end }}
       {{- with .Values.datahubUpgrade.extraVolumes }}
-        {{- toYaml . | nindent 8}}
+        {{- toYaml . | nindent 8 }}
       {{- end }}
       restartPolicy: Never
       securityContext:
@@ -74,7 +74,7 @@ spec:
             - "dbType={{ .Values.datahubUpgrade.noCodeDataMigration.sqlDbType }}"
           {{- end }}
           env:
-            {{- include "datahub.upgrade.env" . | nindent 12}}
+            {{- include "datahub.upgrade.env" . | nindent 12 }}
             {{- if .Values.global.datahub.metadata_service_authentication.enabled }}
             - name: DATAHUB_SYSTEM_CLIENT_ID
               value: {{ .Values.global.datahub.metadata_service_authentication.systemClientId }}