Add Changes for UI side and disable endpoints

Author: mohityadav766

openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/SystemRepository.java

@@ -127,15 +127,61 @@ public SystemRepository() {
     migrationValidationClient = MigrationValidationClient.getInstance();
   }
 
-  public boolean isUpdateAllowed(Settings setting) {
-    Object configValue = setting.getConfigValue();
+  public boolean isUpdateAllowed(SettingsType configType) {
+    // Fetch the existing setting from DB to check its configSource
+    // We check the DB value, not the incoming request, to prevent bypass
+    Settings existingSetting = getConfigWithKey(configType.value());
+    if (existingSetting == null) {
+      return true;
+    }
+
+    Object configValue = existingSetting.getConfigValue();
+    if (configValue == null) {
+      return true;
+    }
+
+    // If already the correct type, use it directly
     if (configValue instanceof OpenMetadataConfig openMetadataConfig) {
       ConfigSource source = openMetadataConfig.getConfigSource();
       return source != ConfigSource.ENV;
     }
+
+    // Convert LinkedHashMap to proper class based on configType
+    OpenMetadataConfig config = convertToOpenMetadataConfig(configType, configValue);
+    if (config != null) {
+      ConfigSource source = config.getConfigSource();
+      return source != ConfigSource.ENV;
+    }
+
     return true;
   }
 
+  private OpenMetadataConfig convertToOpenMetadataConfig(
+      SettingsType configType, Object configValue) {
+    if (configType == null || configValue == null) {
+      return null;
+    }
+    try {
+      return switch (configType) {
+        case EMAIL_CONFIGURATION -> JsonUtils.convertValue(configValue, SmtpSettings.class);
+        case AUTHENTICATION_CONFIGURATION -> JsonUtils.convertValue(
+            configValue, AuthenticationConfiguration.class);
+        case AUTHORIZER_CONFIGURATION -> JsonUtils.convertValue(
+            configValue, AuthorizerConfiguration.class);
+        case SEARCH_SETTINGS -> JsonUtils.convertValue(configValue, SearchSettings.class);
+        case CUSTOM_UI_THEME_PREFERENCE -> JsonUtils.convertValue(
+            configValue, UiThemePreference.class);
+        case SCIM_CONFIGURATION -> JsonUtils.convertValue(configValue, ScimConfiguration.class);
+        case ASSET_CERTIFICATION_SETTINGS -> JsonUtils.convertValue(
+            configValue, AssetCertificationSettings.class);
+        case WORKFLOW_SETTINGS -> JsonUtils.convertValue(configValue, WorkflowSettings.class);
+        default -> null;
+      };
+    } catch (Exception e) {
+      return null;
+    }
+  }
+
   public String getEnvHash(String configType) {
     return dao.getEnvHash(configType);
   }

openmetadata-service/src/main/java/org/openmetadata/service/resources/system/SystemResource.java

@@ -360,7 +360,7 @@ public Response createOrUpdateSetting(
     }
 
     authorizer.authorizeAdmin(securityContext);
-    if (!systemRepository.isUpdateAllowed(settingName)) {
+    if (!systemRepository.isUpdateAllowed(settingName.getConfigType())) {
       throw new IllegalArgumentException(
           "This setting is managed by ENV configuration and cannot be updated via API. "
               + "Change configSource to DB or AUTO to enable API updates.");
@@ -489,6 +489,15 @@ public Response patch(
     }
 
     authorizer.authorizeAdmin(securityContext);
+
+    // Check if update is allowed based on configSource
+    SettingsType settingsType = SettingsType.fromValue(settingName);
+    if (!systemRepository.isUpdateAllowed(settingsType)) {
+      throw new IllegalArgumentException(
+          "This setting is managed by ENV configuration and cannot be updated via API. "
+              + "Change configSource to DB or AUTO to enable API updates.");
+    }
+
     return systemRepository.patchSetting(settingName, patch);
   }
 
@@ -645,6 +654,19 @@ public Response updateSecurityConfig(
       @Valid SecurityConfiguration securityConfig) {
     authorizer.authorizeAdmin(securityContext);
 
+    // Check if update is allowed based on configSource for both configs
+    if (!systemRepository.isUpdateAllowed(AUTHENTICATION_CONFIGURATION)) {
+      throw new IllegalArgumentException(
+          "Authentication configuration is managed by ENV and cannot be updated via API. "
+              + "Change configSource to DB or AUTO to enable API updates.");
+    }
+
+    if (!systemRepository.isUpdateAllowed(AUTHORIZER_CONFIGURATION)) {
+      throw new IllegalArgumentException(
+          "Authorizer configuration is managed by ENV and cannot be updated via API. "
+              + "Change configSource to DB or AUTO to enable API updates.");
+    }
+
     try {
       // Update both configurations in a transaction
       Settings authSettings =
@@ -700,6 +722,19 @@ public Response patchSecurityConfig(
           JsonPatch patch) {
     authorizer.authorizeAdmin(securityContext);
 
+    // Check if update is allowed based on configSource for both configs
+    if (!systemRepository.isUpdateAllowed(AUTHENTICATION_CONFIGURATION)) {
+      throw new IllegalArgumentException(
+          "Authentication configuration is managed by ENV and cannot be updated via API. "
+              + "Change configSource to DB or AUTO to enable API updates.");
+    }
+
+    if (!systemRepository.isUpdateAllowed(AUTHORIZER_CONFIGURATION)) {
+      throw new IllegalArgumentException(
+          "Authorizer configuration is managed by ENV and cannot be updated via API. "
+              + "Change configSource to DB or AUTO to enable API updates.");
+    }
+
     try {
       SecurityConfiguration originalConfig =
           SecurityConfigurationManager.getInstance().getCurrentSecurityConfig();

openmetadata-ui/src/main/resources/ui/src/components/SettingsSso/SettingsSso.tsx

@@ -16,6 +16,7 @@ import { useTranslation } from 'react-i18next';
 import { useSearchParams } from 'react-router-dom';
 import { GlobalSettingsMenuCategory } from '../../constants/GlobalSettings.constants';
 import { AuthProvider } from '../../generated/settings/settings';
+import { ConfigSource } from '../../generated/type/configSource';
 import {
   getSecurityConfiguration,
   patchSecurityConfiguration,
@@ -29,6 +30,7 @@ import { getProviderDisplayName, getProviderIcon } from '../../utils/SSOUtils';
 import Loader from '../common/Loader/Loader';
 import TitleBreadcrumb from '../common/TitleBreadcrumb/TitleBreadcrumb.component';
 import PageLayoutV1 from '../PageLayoutV1/PageLayoutV1';
+import ConfigSourceIndicator from '../Settings/ConfigSourceIndicator';
 import ProviderSelector from './ProviderSelector/ProviderSelector';
 import './settings-sso.less';
 import SSOConfigurationForm from './SSOConfigurationForm/SSOConfigurationForm';
@@ -327,6 +329,14 @@ const SettingsSso = () => {
     setActiveTab(key);
   }, []);
 
+  const isEnvManaged = useMemo(() => {
+    return (
+      securityConfig?.authenticationConfiguration?.configSource ===
+        ConfigSource.ENV ||
+      securityConfig?.authorizerConfiguration?.configSource === ConfigSource.ENV
+    );
+  }, [securityConfig]);
+
   const handleProviderSelect = useCallback(
     (provider: AuthProvider) => {
       setCurrentProvider(provider);
@@ -424,6 +434,12 @@ const SettingsSso = () => {
           </div>
         )}
 
+        {isEnvManaged && (
+          <div className="m-b-md">
+            <ConfigSourceIndicator configSource={ConfigSource.ENV} />
+          </div>
+        )}
+
         <Tabs
           activeKey={activeTab}
           items={tabItems}

openmetadata-ui/src/main/resources/ui/src/constants/EmailConfig.constants.ts

@@ -20,4 +20,4 @@ export const TRANSPORTATION_STRATEGY_OPTIONS = Object.values(
   value: strategy,
 }));
 
-export const NOT_INCLUDE_EMAIL_CONFIG_VALUE = ['templates'];
+export const NOT_INCLUDE_EMAIL_CONFIG_VALUE = ['templates', 'configSource'];

openmetadata-ui/src/main/resources/ui/src/constants/SSO.constant.ts

@@ -12,6 +12,7 @@
  */
 
 import { ClientType } from '../generated/configuration/securityConfiguration';
+import { ConfigSource } from '../generated/type/configSource';
 import {
   getAuthorityUrl,
   getCallbackUrl,
@@ -683,6 +684,7 @@ export const VALIDATION_STATUS = {
 } as const;
 
 export interface AuthenticationConfiguration {
+  configSource?: ConfigSource;
   provider: string;
   providerName: string;
   authority: string;
@@ -702,6 +704,7 @@ export interface AuthenticationConfiguration {
 }
 
 export interface AuthorizerConfiguration {
+  configSource?: ConfigSource;
   className: string;
   containerRequestFilter: string;
   adminPrincipals: string[];

openmetadata-ui/src/main/resources/ui/src/generated/email/smtpSettings.ts

@@ -10,10 +10,16 @@
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
  */
+import { ConfigSource } from '../type/configSource';
+
 /**
  * This schema defines the SMTP Settings for sending Email
  */
 export interface SMTPSettings {
+    /**
+     * Determines where this configuration is read from.
+     */
+    configSource?: ConfigSource;
     /**
      * Emailing Entity
      */

openmetadata-ui/src/main/resources/ui/src/generated/type/configSource.ts

@@ -0,0 +1,20 @@
+/*
+ *  Copyright 2025 Collate.
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+/**
+ * Determines where configuration is read from.
+ */
+export enum ConfigSource {
+  ENV = 'ENV',
+  DB = 'DB',
+  AUTO = 'AUTO',
+}

openmetadata-ui/src/main/resources/ui/src/pages/EmailConfigSettingsPage/EmailConfigSettingsPage.component.tsx

@@ -25,13 +25,15 @@ import TitleBreadcrumb from '../../components/common/TitleBreadcrumb/TitleBreadc
 import { TitleBreadcrumbProps } from '../../components/common/TitleBreadcrumb/TitleBreadcrumb.interface';
 import PageHeader from '../../components/PageHeader/PageHeader.component';
 import PageLayoutV1 from '../../components/PageLayoutV1/PageLayoutV1';
+import ConfigSourceIndicator from '../../components/Settings/ConfigSourceIndicator';
 import TestEmail from '../../components/Settings/Email/TestEmail/TestEmail.component';
 import { ROUTES } from '../../constants/constants';
 import { NOT_INCLUDE_EMAIL_CONFIG_VALUE } from '../../constants/EmailConfig.constants';
 import { GlobalSettingsMenuCategory } from '../../constants/GlobalSettings.constants';
 import { ERROR_PLACEHOLDER_TYPE } from '../../enums/common.enum';
 import { SMTPSettings } from '../../generated/email/smtpSettings';
 import { SettingType } from '../../generated/settings/settings';
+import { ConfigSource } from '../../generated/type/configSource';
 import { useAuth } from '../../hooks/authHooks';
 import { getSettingsConfigFromConfigType } from '../../rest/settingConfigAPI';
 import { getEmailConfigFieldLabels } from '../../utils/EmailConfigUtils';
@@ -181,22 +183,31 @@ function EmailConfigSettingsPage() {
               {loading ? (
                 <ButtonSkeleton />
               ) : (
-                <Button
-                  className="m-l-md"
-                  icon={
-                    !isUndefined(emailConfigValues) && (
-                      <Icon component={IconEdit} size={12} />
-                    )
-                  }
-                  onClick={handleEditClick}>
-                  {isUndefined(emailConfigValues)
-                    ? t('label.add')
-                    : t('label.edit')}
-                </Button>
+                emailConfigValues?.configSource !== ConfigSource.ENV && (
+                  <Button
+                    className="m-l-md"
+                    icon={
+                      !isUndefined(emailConfigValues) && (
+                        <Icon component={IconEdit} size={12} />
+                      )
+                    }
+                    onClick={handleEditClick}>
+                    {isUndefined(emailConfigValues)
+                      ? t('label.add')
+                      : t('label.edit')}
+                  </Button>
+                )
               )}
             </Col>
           </Row>
         </Col>
+        {emailConfigValues?.configSource && (
+          <Col span={24}>
+            <ConfigSourceIndicator
+              configSource={emailConfigValues.configSource}
+            />
+          </Col>
+        )}
         <Col span={24}>{configValuesContainer}</Col>
       </Row>