Initial Commit

Author: mohityadav766

bootstrap/sql/migrations/flyway/com.mysql.cj.jdbc.Driver/v016__add_config_source_columns.sql

@@ -0,0 +1,10 @@
+-- Add columns for configuration source tracking
+ALTER TABLE openmetadata_settings
+ADD COLUMN env_hash VARCHAR(64) NULL,
+ADD COLUMN env_sync_timestamp TIMESTAMP(6) NULL,
+ADD COLUMN db_modified_timestamp TIMESTAMP(6) NULL;
+
+-- Set initial timestamps for existing records
+UPDATE openmetadata_settings
+SET db_modified_timestamp = CURRENT_TIMESTAMP(6)
+WHERE db_modified_timestamp IS NULL;

bootstrap/sql/migrations/flyway/org.postgresql.Driver/v016__add_config_source_columns.sql

@@ -0,0 +1,10 @@
+-- Add columns for configuration source tracking
+ALTER TABLE openmetadata_settings
+ADD COLUMN env_hash VARCHAR(64) NULL,
+ADD COLUMN env_sync_timestamp TIMESTAMP NULL,
+ADD COLUMN db_modified_timestamp TIMESTAMP NULL;
+
+-- Set initial timestamps for existing records
+UPDATE openmetadata_settings
+SET db_modified_timestamp = CURRENT_TIMESTAMP
+WHERE db_modified_timestamp IS NULL;

conf/openmetadata.yaml

@@ -277,6 +277,7 @@ migrationConfiguration:
 
 # Authorizer Configuration
 authorizerConfiguration:
+  configSource: ${AUTHORIZER_CONFIG_SOURCE:-ENV}
   className: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.service.security.DefaultAuthorizer}
   containerRequestFilter: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.service.security.JwtFilter}
   adminPrincipals: ${AUTHORIZER_ADMIN_PRINCIPALS:-[admin]}
@@ -288,6 +289,7 @@ authorizerConfiguration:
   useRolesFromProvider: ${AUTHORIZER_USE_ROLES_FROM_PROVIDER:-false}
 
 authenticationConfiguration:
+  configSource: ${AUTHENTICATION_CONFIG_SOURCE:-ENV}
   clientType: ${AUTHENTICATION_CLIENT_TYPE:-public}
   provider: ${AUTHENTICATION_PROVIDER:-basic}
   # This is used by auth provider provide response as either id_token or code

conf/operations.yaml

@@ -1,4 +1,5 @@
 email:
+  configSource: ${EMAIL_CONFIG_SOURCE:-ENV}
   emailingEntity: ${OM_EMAIL_ENTITY:-"OpenMetadata"}
   supportUrl: ${OM_SUPPORT_URL:-"https://slack.open-metadata.org"}
   enableSmtpServer : ${AUTHORIZER_ENABLE_SMTP:-false}
@@ -11,5 +12,6 @@ email:
   templates: ${TEMPLATES:-"openmetadata"}
 
 serverUrl:
+  configSource: ${SERVER_URL_CONFIG_SOURCE:-ENV}
   openMetadataUrl: ${OPENMETADATA_SERVER_URL:-"http://localhost:8585"}
 

openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/CollectionDAO.java

@@ -26,6 +26,7 @@
 
 import java.sql.ResultSet;
 import java.sql.SQLException;
+import java.sql.Timestamp;
 import java.util.AbstractMap;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -7989,6 +7990,47 @@ interface SystemDAO {
     @SqlUpdate(value = "DELETE from openmetadata_settings WHERE configType = :configType")
     void delete(@Bind("configType") String configType);
 
+    @SqlUpdate(
+        "UPDATE openmetadata_settings SET json = :json, env_hash = :envHash, "
+            + "env_sync_timestamp = :envSyncTimestamp, db_modified_timestamp = :dbModifiedTimestamp "
+            + "WHERE configType = :configType")
+    void updateConfigWithMetadata(
+        @Bind("configType") String configType,
+        @Bind("json") String json,
+        @Bind("envHash") String envHash,
+        @Bind("envSyncTimestamp") Timestamp envSyncTimestamp,
+        @Bind("dbModifiedTimestamp") Timestamp dbModifiedTimestamp);
+
+    @SqlUpdate(
+        "UPDATE openmetadata_settings SET env_hash = :envHash, "
+            + "env_sync_timestamp = :envSyncTimestamp, db_modified_timestamp = :dbModifiedTimestamp "
+            + "WHERE configType = :configType")
+    void updateConfigMetadata(
+        @Bind("configType") String configType,
+        @Bind("envHash") String envHash,
+        @Bind("envSyncTimestamp") Timestamp envSyncTimestamp,
+        @Bind("dbModifiedTimestamp") Timestamp dbModifiedTimestamp);
+
+    @SqlUpdate(
+        "UPDATE openmetadata_settings SET env_hash = :envHash WHERE configType = :configType")
+    void updateEnvHash(@Bind("configType") String configType, @Bind("envHash") String envHash);
+
+    @SqlUpdate(
+        "UPDATE openmetadata_settings SET db_modified_timestamp = :dbModifiedTimestamp WHERE configType = :configType")
+    void updateDbModifiedTimestamp(
+        @Bind("configType") String configType,
+        @Bind("dbModifiedTimestamp") Timestamp dbModifiedTimestamp);
+
+    @SqlQuery("SELECT env_hash FROM openmetadata_settings WHERE configType = :configType")
+    String getEnvHash(@Bind("configType") String configType);
+
+    @SqlQuery("SELECT env_sync_timestamp FROM openmetadata_settings WHERE configType = :configType")
+    Timestamp getEnvSyncTimestamp(@Bind("configType") String configType);
+
+    @SqlQuery(
+        "SELECT db_modified_timestamp FROM openmetadata_settings WHERE configType = :configType")
+    Timestamp getDbModifiedTimestamp(@Bind("configType") String configType);
+
     @SqlQuery("SELECT 42")
     Integer testConnection() throws StatementException;
 

openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/SystemRepository.java

@@ -15,6 +15,7 @@
 import jakarta.json.JsonPatch;
 import jakarta.json.JsonValue;
 import jakarta.ws.rs.core.Response;
+import java.sql.Timestamp;
 import java.util.ArrayList;
 import java.util.HashSet;
 import java.util.List;
@@ -38,6 +39,7 @@
 import org.openmetadata.schema.configuration.AssetCertificationSettings;
 import org.openmetadata.schema.configuration.ExecutorConfiguration;
 import org.openmetadata.schema.configuration.HistoryCleanUpConfiguration;
+import org.openmetadata.schema.configuration.OpenMetadataConfig;
 import org.openmetadata.schema.configuration.SecurityConfiguration;
 import org.openmetadata.schema.configuration.WorkflowSettings;
 import org.openmetadata.schema.email.SmtpSettings;
@@ -54,6 +56,7 @@
 import org.openmetadata.schema.system.SecurityValidationResponse;
 import org.openmetadata.schema.system.StepValidation;
 import org.openmetadata.schema.system.ValidationResponse;
+import org.openmetadata.schema.type.ConfigSource;
 import org.openmetadata.schema.util.EntitiesCount;
 import org.openmetadata.schema.util.ServicesCount;
 import org.openmetadata.schema.utils.JsonUtils;
@@ -86,6 +89,7 @@
 import org.openmetadata.service.security.auth.validator.GoogleAuthValidator;
 import org.openmetadata.service.security.auth.validator.OktaAuthValidator;
 import org.openmetadata.service.security.auth.validator.SamlValidator;
+import org.openmetadata.service.util.ConfigSourceResolver;
 import org.openmetadata.service.util.EntityUtil;
 import org.openmetadata.service.util.LdapUtil;
 import org.openmetadata.service.util.OpenMetadataConnectionBuilder;
@@ -123,6 +127,43 @@ public SystemRepository() {
     migrationValidationClient = MigrationValidationClient.getInstance();
   }
 
+  public boolean isUpdateAllowed(Settings setting) {
+    Object configValue = setting.getConfigValue();
+    if (configValue instanceof OpenMetadataConfig openMetadataConfig) {
+      ConfigSource source = openMetadataConfig.getConfigSource();
+      return source != ConfigSource.ENV;
+    }
+    return true;
+  }
+
+  public String getEnvHash(String configType) {
+    return dao.getEnvHash(configType);
+  }
+
+  public Timestamp getEnvSyncTimestamp(String configType) {
+    return dao.getEnvSyncTimestamp(configType);
+  }
+
+  public Timestamp getDbModifiedTimestamp(String configType) {
+    return dao.getDbModifiedTimestamp(configType);
+  }
+
+  public void updateConfigMetadata(
+      String configType,
+      String envHash,
+      Timestamp envSyncTimestamp,
+      Timestamp dbModifiedTimestamp) {
+    dao.updateConfigMetadata(configType, envHash, envSyncTimestamp, dbModifiedTimestamp);
+  }
+
+  public void updateEnvHash(String configType, String envHash) {
+    dao.updateEnvHash(configType, envHash);
+  }
+
+  public void updateDbModifiedTimestamp(String configType, Timestamp dbModifiedTimestamp) {
+    dao.updateDbModifiedTimestamp(configType, dbModifiedTimestamp);
+  }
+
   public EntitiesCount getAllEntitiesCount(ListFilter filter) {
     return dao.getAggregatedEntitiesCount(filter.getCondition());
   }
@@ -373,9 +414,10 @@ public void updateSetting(Settings setting) {
         JsonUtils.validateJsonSchema(authorizerConfig, AuthorizerConfiguration.class);
         setting.setConfigValue(authorizerConfig);
       }
-      dao.insertSettings(
-          setting.getConfigType().toString(), JsonUtils.pojoToJson(setting.getConfigValue()));
-      // Invalidate Cache
+      String configType = setting.getConfigType().toString();
+      dao.insertSettings(configType, JsonUtils.pojoToJson(setting.getConfigValue()));
+      Timestamp now = ConfigSourceResolver.now();
+      dao.updateDbModifiedTimestamp(configType, now);
       SettingsCache.invalidateSettings(setting.getConfigType().value());
       postUpdate(setting.getConfigType());
     } catch (Exception ex) {

openmetadata-service/src/main/java/org/openmetadata/service/resources/settings/SettingsCache.java

@@ -32,6 +32,7 @@
 import com.google.common.cache.CacheLoader;
 import com.google.common.cache.LoadingCache;
 import java.io.IOException;
+import java.sql.Timestamp;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
@@ -62,6 +63,7 @@
 import org.openmetadata.schema.security.scim.ScimConfiguration;
 import org.openmetadata.schema.settings.Settings;
 import org.openmetadata.schema.settings.SettingsType;
+import org.openmetadata.schema.type.ConfigSource;
 import org.openmetadata.schema.utils.JsonUtils;
 import org.openmetadata.search.IndexMapping;
 import org.openmetadata.service.Entity;
@@ -70,11 +72,13 @@
 import org.openmetadata.service.jdbi3.EntityRepository;
 import org.openmetadata.service.search.SearchRepository;
 import org.openmetadata.service.search.indexes.SearchIndex;
+import org.openmetadata.service.util.ConfigSourceResolver;
 import org.openmetadata.service.util.EntityUtil;
 
 @Slf4j
 public class SettingsCache {
   private static volatile boolean initialized = false;
+  private static Timestamp applicationStartTime;
   protected static final LoadingCache<String, Settings> CACHE =
       CacheBuilder.newBuilder()
           .maximumSize(1000)
@@ -85,26 +89,21 @@ private SettingsCache() {
     // Private constructor for singleton
   }
 
-  // Expected to be called only once from the DefaultAuthorizer
   public static void initialize(OpenMetadataApplicationConfig config) {
     if (!initialized) {
       initialized = true;
+      applicationStartTime = ConfigSourceResolver.now();
       createDefaultConfiguration(config);
     }
   }
 
   private static void createDefaultConfiguration(OpenMetadataApplicationConfig applicationConfig) {
-    // Initialise Email Setting
-    Settings storedSettings =
-        Entity.getSystemRepository().getConfigWithKey(EMAIL_CONFIGURATION.toString());
-    if (storedSettings == null) {
-      // Only in case a config doesn't exist in DB we insert it
-      SmtpSettings emailConfig =
-          applicationConfig.getOperationalApplicationConfigProvider().getEmailSettings();
-
-      Settings setting =
-          new Settings().withConfigType(EMAIL_CONFIGURATION).withConfigValue(emailConfig);
-      Entity.getSystemRepository().createNewSetting(setting);
+    SmtpSettings emailConfig =
+        applicationConfig.getOperationalApplicationConfigProvider().getEmailSettings();
+    if (emailConfig != null) {
+      ConfigSource configSource =
+          emailConfig.getConfigSource() != null ? emailConfig.getConfigSource() : ConfigSource.ENV;
+      syncConfigWithSource(EMAIL_CONFIGURATION, emailConfig, configSource);
     }
 
     // Initialise OM base url setting
@@ -243,41 +242,27 @@ private static void createDefaultConfiguration(OpenMetadataApplicationConfig app
       Entity.getSystemRepository().createNewSetting(setting);
     }
 
-    // Initialize Authentication Configuration
-    Settings storedAuthConfig =
-        Entity.getSystemRepository().getConfigWithKey(AUTHENTICATION_CONFIGURATION.toString());
-    if (storedAuthConfig == null) {
-      AuthenticationConfiguration authConfig = applicationConfig.getAuthenticationConfiguration();
-      if (authConfig != null) {
-        Settings setting =
-            new Settings().withConfigType(AUTHENTICATION_CONFIGURATION).withConfigValue(authConfig);
-
-        Entity.getSystemRepository().createNewSetting(setting);
-      }
+    AuthenticationConfiguration authConfig = applicationConfig.getAuthenticationConfiguration();
+    if (authConfig != null) {
+      ConfigSource configSource =
+          authConfig.getConfigSource() != null ? authConfig.getConfigSource() : ConfigSource.ENV;
+      syncConfigWithSource(AUTHENTICATION_CONFIGURATION, authConfig, configSource);
     }
 
-    // Initialize Authorizer Configuration
-    Settings storedAuthzConfig =
-        Entity.getSystemRepository().getConfigWithKey(AUTHORIZER_CONFIGURATION.toString());
-    if (storedAuthzConfig == null) {
-      AuthorizerConfiguration authzConfig = applicationConfig.getAuthorizerConfiguration();
-      if (authzConfig != null) {
-        Settings setting =
-            new Settings().withConfigType(AUTHORIZER_CONFIGURATION).withConfigValue(authzConfig);
-
-        Entity.getSystemRepository().createNewSetting(setting);
-      }
+    AuthorizerConfiguration authzConfig = applicationConfig.getAuthorizerConfiguration();
+    if (authzConfig != null) {
+      ConfigSource configSource =
+          authzConfig.getConfigSource() != null ? authzConfig.getConfigSource() : ConfigSource.ENV;
+      syncConfigWithSource(AUTHORIZER_CONFIGURATION, authzConfig, configSource);
     }
 
-    Settings storedScimConfig =
-        Entity.getSystemRepository().getConfigWithKey(SCIM_CONFIGURATION.toString());
-    if (storedScimConfig == null) {
-      ScimConfiguration scimConfiguration = applicationConfig.getScimConfiguration();
-      if (scimConfiguration != null) {
-        Settings setting =
-            new Settings().withConfigType(SCIM_CONFIGURATION).withConfigValue(scimConfiguration);
-        Entity.getSystemRepository().createNewSetting(setting);
-      }
+    ScimConfiguration scimConfiguration = applicationConfig.getScimConfiguration();
+    if (scimConfiguration != null) {
+      ConfigSource configSource =
+          scimConfiguration.getConfigSource() != null
+              ? scimConfiguration.getConfigSource()
+              : ConfigSource.ENV;
+      syncConfigWithSource(SCIM_CONFIGURATION, scimConfiguration, configSource);
     }
 
     Settings entityRulesSettings =
@@ -318,6 +303,54 @@ private static void createDefaultConfiguration(OpenMetadataApplicationConfig app
     }
   }
 
+  private static void syncConfigWithSource(
+      SettingsType settingsType, Object envConfigValue, ConfigSource configSource) {
+    if (envConfigValue == null) {
+      return;
+    }
+
+    String currentEnvHash = ConfigSourceResolver.computeHash(envConfigValue);
+    String storedEnvHash = Entity.getSystemRepository().getEnvHash(settingsType.toString());
+    Timestamp dbModifiedTimestamp =
+        Entity.getSystemRepository().getDbModifiedTimestamp(settingsType.toString());
+
+    Settings storedSettings =
+        Entity.getSystemRepository().getConfigWithKey(settingsType.toString());
+
+    if (storedSettings == null) {
+      Settings setting =
+          new Settings().withConfigType(settingsType).withConfigValue(envConfigValue);
+      Entity.getSystemRepository().createNewSetting(setting);
+      Entity.getSystemRepository()
+          .updateConfigMetadata(
+              settingsType.toString(), currentEnvHash, applicationStartTime, applicationStartTime);
+      return;
+    }
+
+    boolean shouldUseEnv =
+        ConfigSourceResolver.shouldUseEnvValue(
+            configSource,
+            currentEnvHash,
+            storedEnvHash,
+            null,
+            dbModifiedTimestamp,
+            applicationStartTime);
+
+    if (shouldUseEnv) {
+      LOG.info("Config source resolution: using ENV value for {}", settingsType);
+      Settings setting =
+          new Settings().withConfigType(settingsType).withConfigValue(envConfigValue);
+      Entity.getSystemRepository().updateSetting(setting);
+      Entity.getSystemRepository()
+          .updateConfigMetadata(
+              settingsType.toString(), currentEnvHash, applicationStartTime, applicationStartTime);
+    } else {
+      if (storedEnvHash == null || !currentEnvHash.equals(storedEnvHash)) {
+        Entity.getSystemRepository().updateEnvHash(settingsType.toString(), currentEnvHash);
+      }
+    }
+  }
+
   public static <T> T getSetting(SettingsType settingName, Class<T> clazz) {
     try {
       String json = JsonUtils.pojoToJson(CACHE.get(settingName.toString()).getConfigValue());

openmetadata-service/src/main/java/org/openmetadata/service/resources/system/SystemResource.java

@@ -360,6 +360,11 @@ public Response createOrUpdateSetting(
     }
 
     authorizer.authorizeAdmin(securityContext);
+    if (!systemRepository.isUpdateAllowed(settingName)) {
+      throw new IllegalArgumentException(
+          "This setting is managed by ENV configuration and cannot be updated via API. "
+              + "Change configSource to DB or AUTO to enable API updates.");
+    }
     if (SettingsType.SEARCH_SETTINGS
         .value()
         .equalsIgnoreCase(settingName.getConfigType().toString())) {