* test(playwright): add nightly SSO login spec starting with Okta
Extends Playwright coverage end-to-end for SSO login flows. Today's SSO
coverage (Features/SSOConfiguration.spec.ts) only asserts the config
form UI. This adds a new suite that configures OpenMetadata to an
external identity provider, drives a real login through the provider's
hosted UI, and validates the resulting session against the OM API.
Phase 1 ships Okta only (integrator-9351624.okta.com). Additional
providers (Auth0, Azure, Cognito, SAML, Google) plug into the same
dispatcher by adding a ProviderHelper implementation.
## What's new
- playwright/e2e/Auth/SSOLogin.spec.ts — two-test suite tagged @sso
1. Asserts the SSO sign-in button renders on /signin with the correct
brand label and that the basic-auth form is not shown.
2. Clicks the button, drives the provider's login widget, follows the
OAuth callback, completes first-run self-signup when needed,
lands on /my-data, then verifies the JWT by calling
GET /api/v1/users/loggedInUser and asserting the returned email
matches SSO_USERNAME.
- playwright/utils/ssoAuth.ts — provider-agnostic orchestration:
applyProviderConfig (PUT /api/v1/system/security/config),
restoreBasicAuth, buildAuthContextFromJwt, verifyLoggedInUserMatches.
Composes existing getApiContext/getAuthContext/getToken helpers — no
token extraction or HTTP plumbing is reimplemented.
- playwright/utils/sso-providers/{index,okta}.ts — ProviderHelper
interface plus the Okta Identity Engine widget driver. Defaults the
dev tenant values from the committed openmetadata.yaml snippet so the
spec only needs SSO_USERNAME/SSO_PASSWORD to run locally.
- playwright/constant/ssoAuth.ts — env var key constants,
PROVIDER_BUTTON_TEXT map, and the BASIC_AUTH_CONFIG payload used for
cleanup.
- playwright.config.ts — new 'sso-auth' project matching
playwright/e2e/Auth/**/*.spec.ts with its own serial workers, and
'**/Auth/**' added to the chromium project's testIgnore so these
tests never run in the default suite.
## How provider switching works
beforeAll logs in as admin via basic auth, captures the admin JWT via
getToken(page) BEFORE the swap, then PUTs the Okta config. The admin
JWT survives the provider swap because OM's internal JWKS stays in
publicKeyUrls and the admin user's isAdmin flag is persisted in the DB.
afterAll rebuilds an API context from that JWT and restores basic auth,
making the spec fully idempotent — the same OM instance can run the
suite repeatedly without any manual cleanup.
## Running locally
export SSO_PROVIDER_TYPE=okta
export SSO_USERNAME='<okta-test-user>'
export SSO_PASSWORD='<okta-test-password>'
npx playwright test playwright/e2e/Auth/SSOLogin.spec.ts \
--project=sso-auth --workers=1
Verified end-to-end against integrator-9351624.okta.com — both tests
pass in ~12s on an already-provisioned user, ~14s on first-run
self-signup. Cleanup leaves the server in basic-auth mode.
## Notes for reviewers
- The existing .github/workflows/playwright-sso-tests.yml already wires
up the CI matrix and secret names; this change intentionally does
NOT enable the cron schedule. That lands in a follow-up once one
provider is stable for a few nightly runs.
- OKTA_SSO_CLIENT_ID / OKTA_SSO_DOMAIN / OKTA_SSO_PRINCIPAL_DOMAIN env
vars can override the baked-in dev tenant defaults if a different
Okta tenant is used in CI.
* ci: add dedicated SSO Login Nightly workflow
Adds .github/workflows/playwright-sso-login-nightly.yml, a standalone
workflow that runs the new SSOLogin spec nightly at 03:00 UTC instead
of piggy-backing on playwright-sso-tests.yml.
The existing playwright-sso-tests.yml is left untouched — it still
covers the SSO configuration form UI via SSOConfiguration.spec.ts and
its matrix/secrets wiring is unchanged. The new workflow complements
it with a real end-to-end login round-trip:
- Schedule: cron '0 3 * * *'
- Provider matrix: okta only for Phase 1 (extended as helpers ship)
- Invokes playwright/e2e/Auth/SSOLogin.spec.ts under the new
sso-auth Playwright project with workers=1
- Wires provider credentials via secrets with the existing
{PROVIDER}_SSO_USERNAME / {PROVIDER}_SSO_PASSWORD convention plus
optional OKTA_SSO_CLIENT_ID / OKTA_SSO_DOMAIN /
OKTA_SSO_PRINCIPAL_DOMAIN overrides
- Uses the shared setup-openmetadata-test-environment composite
action, PostgreSQL, ingestion disabled — matching the existing SSO
tests workflow
- Uploads the HTML report as an artifact on every run and cleans up
the docker stack in a final always-run step
* refactor(playwright): simplify ssoAuth helpers
- verifyLoggedInUserMatches now asserts directly on the lowercased
email field instead of building a candidate array and feeding it a
long stringified failure message. The assertion failure already
shows expected vs received, so the wrapper string was just noise.
- Drop buildAuthContextFromJwt — it was a one-line wrapper around
getAuthContext. The spec calls getAuthContext directly now.
* refactor(playwright): address SSO suite review feedback
- Extract OM_BASE_URL from PLAYWRIGHT_TEST_BASE_URL (with the same
http://localhost:8585 default as playwright.config.ts) and export
it from constant/ssoAuth.ts. okta.ts and BASIC_AUTH_CONFIG both
consume it, so callbackUrl, the OM JWKS entry in publicKeyUrls, and
the basic-auth restore payload all match the test target — including
CI runs against non-default hosts.
- Drop PROVIDER_BUTTON_TEXT. It was exported but never imported; the
ProviderHelper.expectedButtonText field is the only source of truth
for the SSO sign-in button label and the spec already reads from it.
- Restore the OM convention adminPrincipals: ['admin'] in the Okta
config (matches conf/openmetadata.yaml's AUTHORIZER_ADMIN_PRINCIPALS
default). The previous code was granting admin to whichever IdP user
ran the suite — verifyLoggedInUserMatches only needs an authenticated
session, not admin, so the elevation was unnecessary. This also drops
the now-unused requireEnv on SSO_USERNAME inside okta.ts; the spec
itself still gates on the env var via test.skip.
- Set workers: 1 on the sso-auth Playwright project. fullyParallel:
false alone wasn't enough — the global workers: 3 on CI could still
fan out across multiple Auth/**/*.spec.ts files in the future. The
explicit limit enforces full isolation as more provider specs land.
* ci: avoid CodeQL "Excessive Secrets Exposure" in SSO Login Nightly
Replaces the dynamic secret lookup
secrets[format('{0}_SSO_USERNAME', upper(matrix.provider))]
with a static reference
secrets.OKTA_SSO_USERNAME
CodeQL flagged the dynamic indexing because GitHub Actions can only
mask & scope secrets that are referenced statically. With a computed
key, the runner has no way to know which single secret is needed and
conservatively materializes EVERY org and repo secret into the step's
environment — even though the test only reads OKTA_SSO_*. Static
references let GitHub expose only the two credentials this step
actually uses.
Phase 1's matrix is okta-only so the change is two lines. The added
inline comment documents the convention for future providers: add a
sibling step gated by `if: matrix.provider == '<provider>'` with that
provider's static secret references — do not bring back the
secrets[format(...)] pattern.
* refactor(playwright): capture/restore real security config in SSO suite
- Snapshot /system/security/config in beforeAll, restore exact payload in
afterAll instead of PUTting a hand-rolled basic-auth baseline (preserves
allowedDomains, forceSecureSessionCookie, adminPrincipals, etc.)
- Strip ldap/saml subtrees from the snapshot: GET returns empty-string
placeholders the PUT validator rejects
- Require OKTA_SSO_{CLIENT_ID,DOMAIN,PRINCIPAL_DOMAIN} via getRequiredEnv;
no more hardcoded tenant defaults
- Fail fast in beforeAll if admin JWT capture returns empty string so the
server is never left stuck in SSO mode
- Shrink Okta provider override to just the fields Okta needs; sibling
authorizer fields come from the captured snapshot
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ci(sso-login): extract per-provider composite action
Restructures the nightly workflow so provider credentials stay statically
referenced for CodeQL while making it trivial to add new providers:
- New composite action .github/actions/sso-login-run bundles all shared
setup + test-run logic; pulls non-secret provider config from the
caller's vars context dynamically (${PROVIDER_UPPER}_SSO_*)
- playwright-sso-login-nightly.yml becomes a thin dispatcher with one
real job per provider. Each job declares environment: test so it can
resolve its password via a static secrets.<PROVIDER>_SSO_PASSWORD
reference (no secrets[format(...)] dynamic lookup, CodeQL clean)
- Adding a provider = copy the okta job stanza, swap the secret name,
add the provider to the dispatch input choices, register the helper
in sso-providers/index.ts
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* refactor(playwright): move Okta tenant config to a repo constant
The Okta tenant identifiers (clientId, domain, principalDomain) are
non-secret OAuth public values — visible on the hosted login page
during any sign-in. Keeping them in GitHub environment variables cost
setup friction (5 env vars to configure locally, each a potential typo)
without any security benefit. Move them back to a committed OKTA_TENANT
constant in okta.ts where a reviewer can see exactly which tenant the
suite is exercising.
Net effect:
- Local runs only need SSO_PROVIDER_TYPE, SSO_USERNAME, SSO_PASSWORD.
- The test environment in GH Actions keeps OKTA_SSO_USERNAME (variable)
and OKTA_SSO_PASSWORD (secret); the three tenant variables are no
longer consumed.
- Composite action drops the jq-based dynamic var extraction; the
caller passes sso_username directly.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ci(sso-login): move timeout-minutes from composite step to job level
Composite actions don't support timeout-minutes on individual steps —
that's a runner job field only. Move the 30-minute test timeout up to
the dispatcher job and bump to 45 minutes to cover docker + maven setup.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ci(sso-login): consolidate dispatcher + composite action into one file
Collapse the dispatcher workflow + composite action split into a single
~115-line workflow using a strategy matrix and dynamic
vars[format(...)] / secrets[format(...)] credential resolution keyed on
the matrix provider name.
Trade-off:
- CodeQL "Excessive Secrets Exposure" (low severity) will re-flag the
dynamic secret lookup. Accepted in exchange for a single source of
truth and true zero-workflow-churn multi-provider support.
Onboarding a new provider is now:
1. Add its name to the matrix array + dispatch options list.
2. Add <PROVIDER>_SSO_USERNAME (variable) + <PROVIDER>_SSO_PASSWORD
(secret) in the test environment.
3. Register the helper in sso-providers/index.ts.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ci(sso-login): drop provider-prefix bash step; use case-insensitive lookup
GitHub secret and variable names are case-insensitive, so
format('{0}_SSO_PASSWORD', matrix.provider) with the lowercase matrix
value resolves correctly against the uppercase conventional names like
OKTA_SSO_PASSWORD. That removes the need for a separate "Compute
provider prefix" step and its cross-step env-context plumbing.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ci(sso-login): drop redundant case-insensitivity comment
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ci(sso-login): pin playwright install to 1.57.0 to match package.json
The previous 1.51.1 pin was stale vs. the @playwright/test version in
package.json. The mismatch caused browser cache path divergence — the
install step wrote browsers under 1.51.1's cache and the test run
looked for them under 1.57.0's cache and failed with "browsers not
installed."
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* refactor(playwright): address SSO suite review comments [skip ci]
- Drive Okta tenant (clientId, domain, principalDomain) from env vars,
falling back to the existing nightly tenant values as defaults
- Use redirectToHomePage as the final assertion in the SSO login step
- Document why the /signup vs /my-data branch is conditional
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* saml
* test(playwright): add SAML providers to SSO login nightly
Extend the nightly SSO login matrix with Azure AD SAML and a self-contained
Keycloak SAML fixture (Azure-profile + Google-profile realms), so the suite
exercises the full SAML flow end-to-end without relying on a hosted IdP.
- docker/local-sso/keycloak-saml: Keycloak 26.3.3 compose + pre-imported
realms bound to OM at localhost:8585, port-overridable via
KEYCLOAK_SAML_PORT.
- playwright sso-providers: azure-saml helper (hosted tenant, non-secret
federation metadata committed) and keycloak-saml factory that fetches the
realm's IdP X509 at runtime.
- SSO assertion matches OM's actual SAML sign-in label ("Sign in with
SAML SSO"), since providerName isn't propagated into the store for the
SAML provider branch of getAuthConfig.
- Workflow starts/stops the Keycloak stack only for keycloak-* matrix rows
and injects the fixture credentials inline.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* refactor(playwright): fetch Azure SAML IdP cert at runtime
Drop the committed Azure Federated SSO X509 certificate and the
AZURE_SAML_IDP_CERTIFICATE env fallback from the azure-saml provider.
The cert now comes from Azure's federation metadata XML endpoint at test
start, mirroring how the Keycloak provider resolves its realm cert, so the
suite stays aligned with Azure's ~3-year cert rotations automatically.
- New saml-metadata.ts exporting fetchIdpX509Certificate(descriptorUrl,
label), reused by azure-saml and keycloak-saml.
- azure-saml.buildConfigPayload is now async and pulls the cert from
https://login.microsoftonline.com/<tenantId>/federationmetadata/2007-06/federationmetadata.xml
before building the SAML payload.
- keycloak-saml drops its inline cert-fetching helpers and delegates to
the shared util.
- Trim narration comments across the SSO suite to keep only the
non-obvious rationale.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* refactor(playwright): drop hosted Azure SAML provider
The nightly Keycloak SAML fixture with Azure-profile attribute claims
exercises the same OM SAML code path as the hosted Azure AD tenant. The
hosted provider added external tenant/cert coupling without unique
coverage, so this removes it.
Drops the azure-saml helper, its env keys (AZURE_SAML_TENANT_ID /
AZURE_SAML_PRINCIPAL_DOMAIN), the dispatcher registration, and the
workflow dispatch option. Keycloak Azure/Google realms remain.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* test(playwright): cover SSO session lifecycle end-to-end
Extends the SSO login spec beyond "can you log in" to the full session
round-trip: reload survives, same-context tabs inherit auth, sidebar
logout (with modal confirm) lands on /signin, and post-logout refresh
stays signed out.
Adds a describe-scoped userContext/userPage created in beforeAll so
tests 2-6 inherit the IdP-backed session; test 1 keeps its fresh
fixture for the unauthenticated assertion. Cleanup closes the user
context before restoring the server security config.
Verified locally against keycloak-azure-saml and keycloak-google-saml
realms: 6 passed each (was 2).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* remove slow from individual spec
* remove slow from beforeAll
* style(playwright): fix SSOLogin spec prettier issues
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* test(playwright): tighten SSO sign-in locator and await logout response
Address Copilot review comments on PR #27164:
- Use button.signin-button to match the pattern in SSOAuthentication.spec.ts.
- Await /api/v1/users/logout POST alongside the /signin navigation in
the logout test to remove the race against the server response.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix
* Update openmetadata-ui/src/main/resources/ui/playwright/e2e/Auth/SSOLogin.spec.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* fix
* test(playwright): resolve SSO creds via env vars, drop keycloak-google-saml
Route Keycloak credentials through the same `vars[format(...)]` /
`secrets[format(...)]` indirection as Okta via an `env_prefix` matrix
column, removing the hardcoded fixture literals from the workflow.
Password lookup falls back `vars || secrets` so fixture passwords can
live as vars while real provider secrets stay in secrets.
Also drop the keycloak-google-saml variant — same IdP and realm shape
as the Azure variant, so it adds CI cost without meaningful coverage.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* test(playwright): post SSO login nightly results to Slack
Adds a per-provider Slack notification step mirroring the pattern used
by the postgresql/mysql nightly workflows — reuses the existing
`slack-cli.config.json` and `playwright-slack-report` CLI against the
`results.json` that the global JSON reporter already emits.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(playwright): drop logout response wait in SSO spec
OktaAuthenticator.logout clears tokens locally with no backend call, and
GenericAuthenticator (SAML) hits `GET /auth/logout` — neither triggers
the `POST /api/v1/users/logout` the test was waiting on. The listener
never matched, so `Promise.all` hung past the 180s test timeout even
though the page had already navigated to /signin.
Rely on `waitForURL('**/signin')` + the signin button assertion, which
are the actual cross-provider success signals.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Siddhant <siddhant@MacBook-Pro-457.local>
Co-authored-by: Siddhant <siddhant@MacBook-Pro-529.local>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Siddhant <siddhant@MacBook-Pro-621.local>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Fix k8s operator exit handler pod loop and TTL cleanup, add tolerations support (#26772)
Fix two bugs in the OMJob operator:
- Exit handler pods were recreated indefinitely because findExitHandlerPod()
lacked the name-based fallback that findMainPod() already had, causing
label propagation delays to trigger repeated pod creation events
- Terminal phase handler never rescheduled for TTL-based cleanup, so pods
were never cleaned up after ttlSecondsAfterFinished expired
Add tolerations support for ingestion pod scheduling across the full stack:
- Operator: OMJobPodSpec field, PodManager.buildPod(), CRD schema
- Server: OMJob model, K8sPipelineClientConfig parsing, K8sPipelineClient
builder, K8sJobUtils serialization
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Add K8S_TOLERATIONS env var mapping in openmetadata.yaml
Adds the tolerations config binding so the server picks up the
K8S_TOLERATIONS env var set by the Helm chart secret.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Add tolerations to k8s test values for local validation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix cleanup
* Address PR review: remove redundant pod lookup and guard null items
- Remove redundant server-created pod selector fallback in findMainPod()
since buildPodSelector() now matches all pods by omjob-name alone
- Add null guard for getItems() in deletePods() to prevent NPE
- Update local test values for namespace and image config
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* Add Prometheus metrics for reindexing pipeline via Micrometer Bridge the existing reindexing atomic counters to Prometheus so operators can alert on failures, latency spikes, and backpressure without relying solely on database-flushed stats.
- Add ReindexingMetrics singleton (initialize/getInstance pattern matching
CacheMetrics) with job lifecycle counters, stage success/failed/warnings
counters, bulk request timers with SLA buckets, payload size distribution,
backpressure and promotion counters, and active/pending gauges
- Register in MicrometerBundle after StreamableLogsMetrics
- Instrument ReindexingOrchestrator.run() with job started/completed/failed/stopped
- Bridge StageStatsTracker.flush() deltas to Prometheus per stage and entity type
- Add bulk request latency timer and payload size recording in OpenSearchBulkSink
- Record backpressure events in SearchIndexExecutor.handleBackpressure()
- Record promotion success/failure in DefaultRecreateHandler
- Add ReindexingMetricsTest with 24 tests covering all metric types
* Add Improvements
* Auto Gene
* Use Auto Config in distributed
* Fix Partition Claim Spread
* Make partition use config
* Correct total count
* Fix Wait time to 5 mins
* Revert om yaml
* Fix Sink sync
* Add Failure Handling at different stages
* Update script to create entities
* Move to scripts
* Add usage and fix script
* Fix Script
* Update generated TypeScript types
* Fix Staging miss
* Fix Stats reconcilation issue
* Revert workflow handler
* Fix Partition worker early sync
* Update Logs
* Update logs EntityRepository
* Error failure test
* Review Comments fix
* Fix Non Distributed live feed
* Fix Non Distributed stats feed
* Fix Review comments
* Fix Time Series cutt off
* Update generated TypeScript types
* Md
* Benchmark addition
* Fix date time warning
* Update load test to do benchmark analysis
* Disagnostic and update perf test
* Move load test to bin
* Fix Review Comments
* Add numeric values
* Move to localhost by default
* Fix Perf test issues
* Review Comments
* Add Preflight Fixes
* Add Preflight fixes for stale entry
* Remove stale entry on ApplicationHandler
---------
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* Fix Stats
* Add Warning logs and reindex failure analysis
* Add Search Insights in Preferences
* Add Label
* Fix Full Error not available
* Add check for reindex run
* Add support for Dropwizard 5.0 and Jetty 12.1.x
* Dropwizard 5x and Jetty 12.1 upgrade
* Fix test behavior
* Fix rdf tests
* revert enableVirtualThreads
* fix tests
* Fix Tests
* Fix tests
* Switch to jersey-jetty-connector for Jetty 12 compatibility
- Replace jersey-apache-connector with jersey-jetty-connector
- Jersey 3.1.4+ jersey-jetty-connector supports Jetty 12.0.x+
- Use JettyConnectorProvider and JettyHttpClientSupplier for HTTP client
- Keep reasonable timeouts (30s connect, 2min read) to prevent CI hangs
- Set SYNC_LISTENER_RESPONSE_MAX_SIZE for large responses
This fixes the 1,093 InterruptedException test failures caused by
using the default Jersey client (HttpURLConnection-based) which doesn't
handle concurrent test execution properly.
* Fix: Start Jetty HttpClient before use
Jetty 12 HttpClient implements LifeCycle and must be explicitly
started with httpClient.start() before use. This fixes the 163
InterruptedException test failures.
* Fix: Force jetty-client to 12.1.1 for jersey-jetty-connector
jersey-jetty-connector brings transitive jetty-client:12.0.22 but
Dropwizard 5.0 uses Jetty 12.1.1. The ClientConnector.newTransport()
API changed between 12.0.x and 12.1.x, causing NoSuchMethodError.
Fix: Exclude transitive jetty-client and add explicit 12.1.x dependency.
* Use Java 11+ HttpClient connector for tests (jersey-jnh-connector)
Switch from the broken jersey-jetty-connector (incompatible with Jetty 12.1.x)
to jersey-jnh-connector which uses Java's built-in java.net.http.HttpClient.
This connector:
- Natively supports all HTTP methods including PATCH
- Works with Java 21
- No external dependencies required
- Avoids compatibility issues with Jetty versions
* Use Apache HttpClient 5.x connector for tests (jersey-apache5-connector)
Switch from jersey-jetty-connector (incompatible with Jetty 12.1.x)
to jersey-apache5-connector which uses Apache HttpClient 5.x.
This connector:
- Supports all HTTP methods including PATCH
- Lenient with empty PUT request bodies
- Has proper timeout support to prevent indefinite hangs
- Works with Jetty 12.1.x
* Fix tests
* Fix docker compose
* Fix tests
* Fix tests - make url compatible
* Add URL parsing
* Fix URL decode
* fix tests
* fix test
* fix tests
* Fix integration with new dropwizard-5x changes
---------
Co-authored-by: Karan Hotchandani <33024356+karanh37@users.noreply.github.com>
Co-authored-by: karanh37 <karanh37@gmail.com>
Co-authored-by: Mohit Yadav <105265192+mohityadav766@users.noreply.github.com>
* Single RDF knowledge graph for all entities
* Fix RDF Resource Test
* fix test
* fix test
* Add support for TagLabel objects
---------
Co-authored-by: Pere Miquel Brull <peremiquelbrull@gmail.com>
Co-authored-by: lautel <laura92cp2@gmail.com>
* MINOR - Prepare extra validations for system repository health
* Update generated TypeScript types
---------
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* chore: set lower DAG serialization defaults
* chore: increase timeout for testSuite
* chore: update DAG processor interval postgres
* chore: lower DAG parse interval and delay
* fix: remove internal parsing and trigger dag parsing automatically on deploy
* Separating terms and tags in action config
* Update generated TypeScript types
* add: migration files for separate tags and terms
* chore: java formatting
* yaml formatting
* Chore: updated the release number
* updated to v194 as per release cycle
* updated to v195 as per release cycle
---------
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: --global <--global>
* wip
* feat: trigger external apps with override config
- Added in openmetadata-airflow-apis functionality to trigger DAG with feature.
- Modified openmetadata-airflow-apis application runner to accept override config from params.
- Added overloaded runPipeline with `Map<String,Object> config` to allow triggering apps with configuration. We might want to expand this to all ingestion pipelines. For now its just for apps.
- Implemented an example external app that can be used to test functionality of external apps. The app can be enabled by setting the `ENABLE_APP_HelloPipelines=true` environment variable.
* fix class doc for application
* fixed README for airflow apis
* fixes
* set HelloPipelines to disabeld by default
* fixed basedpywright errros
* fixed app schema
* reduced airflow client runPipeline to an overload with null config
removed duplicate call to runPipeline in AppResource
* Update openmetadata-docs/content/v1.7.x-SNAPSHOT/developers/applications/index.md
Co-authored-by: Matias Puerta <matias@getcollate.io>
* deleted documentation file
---------
Co-authored-by: Matias Puerta <matias@getcollate.io>
* fix(data-quality): table diff
- added handling for case-insensitive columns
- added handling for different numeric types (int/float/Decimal)
- added handling of boolean test case parameters
* add migrations for table diff
* add migrations for table diff
* removed cross type diff for now. it appears to be flaky
* fixed migrations
* use casefold() instead of lower()
* - implemented utils.get_test_case_param_value
- fixed params for case sensitive column
* handle bool test case parameters
* format
* testing
* format
* list -> List
* list -> List
* - change caseSensitiveColumns default to fase
- added migration to stay backward compatible
* - removed migration files
- updated logging message for table diff migration
* changed bool test case parameters default to always be false
* format
* docs: data diff
- added the caseSensitiveColumns parameter
requires: https://github.com/open-metadata/OpenMetadata/pull/18115
* fixed test_get_bool_test_case_param
* enable logging for debugging
* remove node-gyp
* add node-gyp globally before installing deps
* reduce quick type to 10
* revert quicktype and node-gyp changes for CI
* fix unit tests
* GEN-1493 - Fix opensearch pagination
* GEN-1494 - Add CI for py-tests with Postgres and Opensearch
* GEN-1494 - Add CI for py-tests with Postgres and Opensearch
