Edit/data fabric open lineage migration (#1940)

* add: HEAD routes

* fix: console communication bff snippets

* edit a doc link

* added a note in CPO docs page

* removing obsolete note in projections page

* Update docs/data_catalog/data_catalog_fabric_bff.mdx

Co-authored-by: Alberto Tessarotto <[email protected]>

* Update docs/fast_data/runtime_management/control_plane.mdx

* wip

* feat(fabric): update endpoints and comp matrix for fabric MSs

* docs(control-plane): fix link

* Update secure_access.mdx

* Update control_plane_frontend.mdx with the change of the default behaviour at first deploy

* feat(fast-data): add workload resume chapter to runtime_management workloads

* add: control-plane migration guide

* Update docs/data_catalog/compatibility_matrix.md

---------

Co-authored-by: flower-of-the-bridges <[email protected]>
Co-authored-by: Alberto Tessarotto <[email protected]>
Co-authored-by: Giovanni Fiordeponti <[email protected]>
Co-authored-by: Daniele Bissoli <[email protected]>

Author: 4 people

docs/data_catalog/compatibility_matrix.md

@@ -14,17 +14,27 @@ Please ensure that versions shown in the matrix are respected in your deployed e
 
 | Service                                                     | Version         | MongoDB | Redis  |
 | ----------------------------------------------------------- | --------------- | ------- | ------ |
-| [Fabric BFF](/data_catalog/data_catalog_fabric_bff.mdx)     | 0.1.x - 0.2.x   | \>=5.0  | _N/A_  |
-| [Open Lineage](/data_catalog/data_catalog_open_lineage.mdx) | 0.1.x - 0.2.x   | \>=5.0  | \>=7.0 |
-| [Job Runner](/data_catalog/data_catalog_job_runner.mdx)     | 0.1.x           | \>=5.0  | _N/A_  |
+| [Fabric BFF](/data_catalog/data_catalog_fabric_bff.mdx)     | 0.1.x - 0.3.x   | \>=5.0  | _N/A_  |
+| [Open Lineage](/data_catalog/data_catalog_open_lineage.mdx) | 0.1.x - 0.3.x   | \>=5.0  | \>=7.0 |
+| [Job Runner](/data_catalog/data_catalog_job_runner.mdx)     | 0.1.x - 0.2.x   | \>=5.0  | _N/A_  |
+| [Fabric Admin](/data_catalog/database_setup.mdx)   | 0.1.x - 0.4.x   | \>=5.0  | _N/A_  |
 <p><sup>*</sup><em>N/A</em> means the service does not depend on the resource</p>
 
 ## Service Latest Versions
 
 | Service                                                          | Version |
 | ---------------------------------------------------------------- | ------- |
-| [Fabric BFF](/data_catalog/data_catalog_fabric_bff.mdx)          | 0.2.1   |
-| [Open Lineage](/data_catalog/data_catalog_open_lineage.mdx)      | 0.2.2   |
-| [Job Runner](/data_catalog/data_catalog_job_runner.mdx)          | 0.1.0   |
-| [Data Catalog Frontend](/data_catalog/frontend/overview.mdx)     | 0.2.1   |
-| [Fabric Admin](/data_catalog/database_setup.mdx)                 | 0.2.0   |
+| [Fabric BFF](/data_catalog/data_catalog_fabric_bff.mdx)          | 0.3.0   |
+| [Open Lineage](/data_catalog/data_catalog_open_lineage.mdx)      | 0.3.1   |
+| [Job Runner](/data_catalog/data_catalog_job_runner.mdx)          | 0.2.0   |
+| [Data Catalog Frontend](/data_catalog/frontend/overview.mdx)     | 0.3.0   |
+| [Fabric Admin](/data_catalog/database_setup.mdx)                 | 0.4.0   |
+
+## Internal Compatibility
+
+| Service                                                          | Fabric BFF | Open Lineage | Job Runner |
+| ----------------------------------------------------------------: | :-: | :-: | :-: |
+| [Fabric BFF](/data_catalog/data_catalog_fabric_bff.mdx)     - 0.3.0   | N/A | 0.3.0 | 0.2.0 |
+| [Open Lineage](/data_catalog/data_catalog_open_lineage.mdx) - 0.3.0   | 0.3.0 | N/A | 0.2.0 |
+| [Job Runner](/data_catalog/data_catalog_job_runner.mdx)     - 0.2.0   | 0.3.0 | 0.3.0 | N/A |
+| [Data Catalog Frontend](/data_catalog/frontend/overview.mdx) - 0.3.0  | 0.3.0 | N/A | N/A |

docs/data_catalog/data_catalog_fabric_bff.mdx

@@ -85,19 +85,19 @@ Here can be found an example of configuration that assumes Fabric BFF and Job Ru
 
 #### Console Communication
 
-In order for Data Catalog UI to know which environments can be linked to [Mia Platform CRUD connections](#todo-crud-section), 
+In order for Data Catalog UI to know which environments can be linked to [Mia Platform CRUD connections](/data_catalog/frontend/data_catalog_connections.mdx#mia-platform-crud), 
 the service needs to contact Mia-Platform Console and retrieve the list of Projects that should be accessible from this Data Catalog instance.
 
 To achieve so, it is first necessary that your Company Owner creates a dedicated [Service Account](/development_suite/identity-and-access-management/manage-service-accounts.md)
 on your Mia-Platform Console instance and assign to it the proper permissions for listing the Console projects of interest.
 
 :::tip Good practices in permissions assignment
 Pay attention to the level of access to the resources that you assign to the Service Account. 
-For Control Plane use case, a good practice may be to assign the role of `guest` at Company level while granting
-the `reporter` role to all the projects that should be visible by Control Plane.  
+For Data Catalog use case, a good practice may be to assign the role of `guest` at Company level while granting
+the `reporter` role to all the projects that should be visible by Data Catalog.  
 About permissions assignment, it is possible to go even more granular in case you want to allow visibility only to a subset of runtime environments of a specific project.
 In fact, to do that, you may opt to assign the role of `guest` even at Project level while granting
-the `reporter` role solely to those runtime environments that should be visible by Control Plane.
+the `reporter` role solely to those runtime environments that should be visible by Data Catalog.
 :::
 
 Once the service account has been registered, your Company Owner needs to hand over to you its credentials, which are:
@@ -115,7 +115,7 @@ These details then should be inserted in your Fabric BFF service configuration u
 :::caution
 It is responsibility of your Company Owner to ensure that service account credentials are properly processed according to your company security policies.
 
-Furthermore, it is of <u>extreme importance</u> understanding that **any** Control Plane user will be able to list the project name
+Furthermore, it is of <u>extreme importance</u> understanding that **any** Data Catalog user with enough permissions for [connections management](/data_catalog/frontend/data_catalog_connections.mdx) will be able to view the project name
 and available environments of all the projects that can be accessed by the service account configured on Fabric BFF. 
 :::
 
@@ -125,10 +125,10 @@ This is and example of `console` property configuration:
 
 :::tip
 The following properties support [secret resolution](/fast_data/configuration/secrets_resolution.md):
-- `console.target`
-- `console.auth.credentials.clientId`
-- `console.auth.credentials.clientKeyId`
-- `console.auth.credentials.privateKey`
+- `console.rest.target`
+- `console.rest.auth.credentials.clientId`
+- `console.rest.auth.credentials.clientKeyId`
+- `console.rest.auth.credentials.privateKey`
 :::
 
 A custom x509 certificate can be added to the default root keychain of certificates for any client/reversed-proxy reached by Fabric BFF.
@@ -230,6 +230,7 @@ The following routes are exposed over the `/api/job-runner` endpoint and are for
 
 | Route                        | Type      | Method | Description                                                                                                                                                                                                             |
 |------------------------------|-----------|--------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `/feedback`                  | Websocket | HEAD   | Route used by Websocket for authentication.                                                                                                                                                                             |
 | `/feedback`                  | Websocket | GET    | Route for receiving feedback messages from the `Status` method of the [Job Runner gRPC service.](/data_catalog/data_catalog_job_runner.mdx#job-runner)                                                                  |
 | `/job-runner/*`              | REST      | *      | Routes prefixed with `/job-runner` are converted into gRPC requests towards Job Runner service.<br/> For more details please read [corresponding documentation](/data_catalog/data_catalog_job_runner.mdx#grpc-services)|
 | `/agent/drivers`             | REST      | GET    | Route for invoking the `ListDrivers` method of the [ODBC Client gRPC service.](/data_catalog/data_catalog_job_runner.mdx#odbc-client)                                                                                   |

docs/data_catalog/data_catalog_open_lineage.mdx

@@ -217,6 +217,7 @@ The following routes are exposed over the `/api/data-catalog` endpoint.
 |------------------------------------------------------------|-----------|--------|-----------------------------------------------------------------------------------------------------------|
 | `/assets/search`                                           | REST      | GET    | Search for dataset assets and their metadata                                                              |                                         
 | `/assets/search-parents`                                   | REST      | GET    | Search for name of system of record or table name                                                         |
+| `/bulk-actions`                                            | Websocket | HEAD   | Route used by Websocket for authentication.                                                               |
 | `/bulk-actions`                                            | Websocket | GET    | Route for handling async operations over multiple datasets records                                        |
 | `/tags/count`                                              | REST      | GET    | Count how many unique tags exists among all data assets                                                   |
 | `/tags/items`                                              | REST      | GET    | List existing tags associated to data assets                                                              |                                                  
@@ -279,3 +280,10 @@ The following steps needs to be followed:
 
   See [Routes paragraph](#open-lineage-routes) to more details. Remember also to update the [users management microfrontend](/data_catalog/secure_access.mdx#users-management) 
   to support the new permission `update:lineage`. 
+
+### From 0.2.x to 0.3.0
+
+- A migration CLI must run to update data-fabric records. To do so, you must retrieve the docker image `data-fabric/fabric_admin:0.4.0` and run the following subcommand
+```shell
+docker run --pull=always <registry-url>/data-fabric/fabric-admin:latest open-lineage update-records --url=<MONGODB_URL>
+```

docs/data_catalog/secure_access.mdx

@@ -599,8 +599,8 @@ all the functionalities of Data Catalog system, both the frontend and backend co
 | Endpoint            | Service         | Authentication Required | User Group Permission               |
 |---------------------|-----------------|:-----------------------:|-------------------------------------|
 | `/api/connections`  | fabric-bff      |            ✅           | `false`                             |
-| `/api/data-catalog` | fabric-bff      |            ✅           | `permissions["update:bulk-action"]` |
-| `/api/job-runner`   | fabric-bff      |            ✅           | `permissions["admin:connections"]`  |
+| `/api/data-catalog` | fabric-bff      |            ✅           | `false`                             |
+| `/api/job-runner`   | fabric-bff      |            ✅           | `false`                             |
 | `/api/open-lineage` | fabric-bff      |            ✅           | `false`                             |
 | `/data-catalog`     | data-catalog-fe |            ✅           | `true`                              |
 
@@ -616,6 +616,9 @@ is listed here:
 | `update:metadata-assets` | enable editing metadata associated to data catalog records                           |
 | `update:bulk-action`     | allow users performing the same operation in bulk over multiple data catalog records |
 | `update:lineage`         | allow users to update lineage information of assets                                  |
+| `admin:producers`        | enable to trigger the execution of different jobs that can update the state of the Data Catalog solution |
+| `read:users`             | enables a user to access the user management application in read-only mode |
+| `update:users`           | enables a user to edit users details in the user management application                              |
 
 :::caution
 Please ensure that all these endpoints and subsequent routes are set with _Authentication Required_ in their security details tab.
@@ -670,6 +673,7 @@ so that each operation is covered with the correct grant.
 | `/metadata-registry/items/:name`                           | REST      | PATCH  | `permissions["update:metadata-assets"]` |
 | `/metadata-registry/items/:name`                           | REST      | DELETE | `permissions["update:metadata-assets"]` |
 | `/metadata-registry/search`                                | REST      | GET    | `permissions["read:data-assets"]`       |
+| `/bulk-actions`                                            | Websocket | HEAD   | `permissions["update:bulk-action"]`     |
 | `/bulk-actions`                                            | Websocket | GET    | `permissions["update:bulk-action"]`     |
 
 #### Job Runner API
@@ -685,6 +689,7 @@ so that each operation is covered with the correct grant.
 | `/agent/dsn`                  | REST      | GET      | `permissions["admin:connections"]`       |
 | `/agent/drivers`              | REST      | GET      | `permissions["admin:connections"]`       |
 | `/feedback`                   | Websocket | GET      | `permissions["admin:connections"]`       |
+| `/feedback`                   | Websocket | HEAD     | `permissions["admin:connections"]`       |
 
 #### Open Lineage API
 
@@ -698,10 +703,10 @@ so that each operation is covered with the correct grant.
 | `/jobs/items`                                              | REST      | POST     | `permissions["update:lineage"]`         |
 | `/jobs/items/:id`                                          | REST      | PATCH    | `permissions["update:lineage"]`         |
 | `/jobs/items/:id`                                          | REST      | DELETE   | `permissions["update:lineage"]`         |
-| `/dataset/items/:id`                                       | REST      | GET      | `permissions["read:data-assets"]`       |
-| `/dataset/items`                                           | REST      | POST     | `permissions["update:lineage"]`         |
-| `/dataset/items/:id`                                       | REST      | PATCH    | `permissions["update:lineage"]`         |
-| `/dataset/items/:id`                                       | REST      | DELETE   | `permissions["update:lineage"]`         |
+| `/datasets/items/:id`                                      | REST      | GET      | `permissions["read:data-assets"]`       |
+| `/datasets/items`                                          | REST      | POST     | `permissions["update:lineage"]`         |
+| `/datasets/items/:id`                                      | REST      | PATCH    | `permissions["update:lineage"]`         |
+| `/datasets/items/:id`                                      | REST      | DELETE   | `permissions["update:lineage"]`         |
 | `/facets/storage/items/:id`                                | REST      | GET      | `permissions["read:data-assets"]`       |
 | `/facets/storage/items/:id`                                | REST      | DELETE   | `permissions["update:lineage"]`         |
 
@@ -1368,4 +1373,4 @@ showing a set of user's details and scrolling it will be possible to access the
 
 Once the needed permissions are added to the `permissions`, click the _Update Data_ button to store the changes.
 Now, the user who has just received the new permissions **must log out and login again** to be able to access
-Data Catalog UI with the new set of grants.
+Data Catalog UI with the new set of grants.

docs/development_suite/api-console/api-design/endpoints.md

@@ -225,7 +225,7 @@ The **Advanced** tab is visible only if the Envoy API Gateway service is enabled
 - **Rate limit** (_integer_): the maximum frequency (in terms of requests per second) with which requests are forwarded to the underlying service;
 - **Request body size** (_decimal_): the maximum body size of user requests.
 - **Iframe embedding options**: the X-Frame-Options directive that is considered when the endpoint response should be embedded in an iframe;
-- **Protcol options**: this options instruct Envoy to process the request with the protocol coming from the downstream connection, allowing to dinamically infer the protocol to be used (HTTP/1.1 or HTTP/2);
+- **Protocol options**: this options instruct Envoy to process the request with the protocol coming from the downstream connection, allowing to dinamically infer the protocol to be used (HTTP/1.1 or HTTP/2);
 
 :::warning
 This `Iframe embedding` option is configurable only for the `Envoy API Gateway`, instead for `Nginx API Gateway` it is required to configure it manually using the `Advanced` section of the Console

docs/fast_data/configuration/projections.md

@@ -18,11 +18,6 @@ The creation of a System of Record requires you to insert a System ID, which is
 
 The System of Record is then created.
 
-:::note
-In case it is not possible to find the button `Create new System of Record`, it means that a project may have been configured
-to expose Systems of Record under the [Data Catalog](/data_catalog/overview.mdx) feature, which allows to visualize them in a read-only fashion.
-:::
-
 ## Delete a System of Record
 
 To delete a System of Record, you have to click the `Delete` button in the bottom-right corner of the System of Record detail page.