hello, I am trying to enable metadat ingestion service auth within GMS, but the documentations is not up to date I believe, and i cannot find application.yml within datahub-gms comtainer, nor i could find the METADAT_SERVICE_AUTH_ENABLED environment variable within the containers
Hey there! Make sure your message includes the following information if relevant, so we can help more effectively!
<@U06TM7M40RK> Can you help with the questions in this thread?
_Please continue to tag RunLLM (e.g <@U06TM7M40RK>) to have it continue generating responses!
To enable metadata ingestion service authentication within the DataHub GMS, you need to set the METADATA_SERVICE_AUTH_ENABLED
environment variable to true
for both the datahub-gms
and datahub-frontend
containers. If you cannot find the application.yml
file or the environment variable within the containers, you can follow these steps:
Steps to Enable Metadata Service Authentication
Docker Compose Deployment
-
Edit
docker-compose.yml
File:- Locate your
docker-compose.yml
file and add theMETADATA_SERVICE_AUTH_ENABLED
environment variable to thedatahub-gms
anddatahub-frontend
services.
services: datahub-gms: environment: METADATA_SERVICE_AUTH_ENABLED: "true" datahub-frontend: environment: METADATA_SERVICE_AUTH_ENABLED: "true"
- Locate your
-
Restart Docker Services:
- Restart the services to apply the changes.
docker-compose down docker-compose up -d
Kubernetes Deployment
-
Edit Helm Values:
- If you are using Helm for Kubernetes deployment, set
global.datahub.metadata_service_authentication.enabled
totrue
in yourvalues.yaml
file.
global: datahub: metadata_service_authentication: enabled: true
- If you are using Helm for Kubernetes deployment, set
-
Upgrade Helm Release:
- Apply the changes by upgrading your Helm release.
helm upgrade <your-release-name> datahub/datahub -f values.yaml
Example Configuration
Here is an example of how your docker-compose.yml
might look:
version: '3.5'
services:
datahub-gms:
image: linkedin/datahub-gms
environment:
METADATA_SERVICE_AUTH_ENABLED: "true"
ports:
- "8080:8080"
datahub-frontend:
image: linkedin/datahub-frontend
environment:
METADATA_SERVICE_AUTH_ENABLED: "true"
ports:
- "9002:9002"
Additional Configuration
According to the <https://github.com/datahub-project/datahub/blob/master/docs/authentication/introducing-metadata-service-authentication.md|DataHub documentation>, enabling metadata service authentication requires additional steps for handling ingestion and API requests.
-
Generate Personal Access Token:
- After enabling authentication, generate a Personal Access Token (PAT) via the DataHub UI.
- Navigate to
Settings
>Access Tokens
>Generate Personal Access Token
. - Save the generated token securely.
-
Update Ingestion Recipes:
- Update your ingestion recipes to include the generated token.
source: # source configs sink: type: "datahub-rest" config: server: 'http://datahub-gms:8080' token: <your-personal-access-token-here!>
-
Use the Token in API Requests:
- Include the token in the
Authorization
header for API requests.
curl 'http://localhost:9002/api/gms/entities/urn:li:corpuser:datahub' -H 'Authorization: Bearer <access-token>'
- Include the token in the
Would you like more detailed steps or assistance with a specific part of this process?
Sources:
- <https://github.com/datahub-project/datahub/blob/master/docs/authentication/introducing-metadata-service-authentication.md|DataHub Metadata Service Authentication>
- <Metadata Service Authentication | DataHub Metadata Service Authentication> 0 button 0 button Hint: Mention @runllm in the thread for followups.
I have tried doing this, but it is not working still