You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@atlas.apache.org by Nixon Rodrigues <ni...@freestoneinfotech.com> on 2018/02/23 13:22:36 UTC
Review Request 65770: ATLAS-2459:-Authorization enhancements to
support instance level access controls
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65770/
-----------------------------------------------------------
Review request for atlas, Apoorv Naik, Ashutosh Mestry, and Madhan Neethiraj.
Summary (updated)
-----------------
ATLAS-2459:-Authorization enhancements to support instance level access controls
Bugs: ATLAS-2459
https://issues.apache.org/jira/browse/ATLAS-2459
Repository: atlas
Description (updated)
-------
The patch contains changes for Fine grained authorization at Instance level.
Earlier implementation of authorization at API level is removed.
https://issues.apache.org/jira/browse/ATLAS-2459
Diffs (updated)
-----
authorization/pom.xml f210a2f8
authorization/src/main/java/org/apache/atlas/authorize/AtlasAccessRequest.java 07cb2b07
authorization/src/main/java/org/apache/atlas/authorize/AtlasActionTypes.java c5969db1
authorization/src/main/java/org/apache/atlas/authorize/AtlasAuthorizer.java d64c6923
authorization/src/main/java/org/apache/atlas/authorize/AtlasEntityAccessRequest.java PRE-CREATION
authorization/src/main/java/org/apache/atlas/authorize/AtlasEntityAttribute.java PRE-CREATION
authorization/src/main/java/org/apache/atlas/authorize/AtlasPrivilege.java PRE-CREATION
authorization/src/main/java/org/apache/atlas/authorize/AtlasResourceTypes.java 7e2808cb
authorization/src/main/java/org/apache/atlas/authorize/simple/AtlasAuthorizationUtils.java 5bc19414
authorization/src/main/java/org/apache/atlas/authorize/simple/AtlasSimpleAuthzPolicy.java PRE-CREATION
authorization/src/main/java/org/apache/atlas/authorize/simple/FileReaderUtil.java 88bf56b1
authorization/src/main/java/org/apache/atlas/authorize/simple/PolicyDef.java 6b2b8b30
authorization/src/main/java/org/apache/atlas/authorize/simple/PolicyParser.java f61bbf76
authorization/src/main/java/org/apache/atlas/authorize/simple/PolicyUtil.java 9c08e405
authorization/src/main/java/org/apache/atlas/authorize/simple/SimpleAtlasAuthorizer.java 2eb0cd50
authorization/src/test/java/org/apache/atlas/authorize/simple/AtlasAuthorizationUtilsTest.java adebb627
authorization/src/test/java/org/apache/atlas/authorize/simple/PolicyParserTest.java 3b7869aa
authorization/src/test/java/org/apache/atlas/authorize/simple/PolicyUtilTest.java 1cefbcdf
authorization/src/test/java/org/apache/atlas/authorize/simple/SimpleAtlasAuthorizerTest.java b36c9c75
distro/src/conf/atlas-simple-authz-policy.json PRE-CREATION
intg/src/main/java/org/apache/atlas/AtlasErrorCode.java ff09e6c9
intg/src/main/java/org/apache/atlas/model/instance/AtlasEntityHeader.java 340cd05c
intg/src/main/java/org/apache/atlas/utils/AtlasJson.java 4f7b716e
repository/pom.xml 87fe7fde
repository/src/main/java/org/apache/atlas/repository/store/graph/v1/AtlasClassificationDefStoreV1.java 8214cea6
repository/src/main/java/org/apache/atlas/repository/store/graph/v1/AtlasEntityDefStoreV1.java 1d784ef8
repository/src/main/java/org/apache/atlas/repository/store/graph/v1/AtlasEntityStoreV1.java ca0eeeb6
repository/src/main/java/org/apache/atlas/repository/store/graph/v1/AtlasStructDefStoreV1.java 83a6d1d6
webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthorizationFilter.java 8a29bb3f
webapp/src/main/java/org/apache/atlas/web/resources/AdminResource.java 86485fba
webapp/src/main/java/org/apache/atlas/web/rest/TypesREST.java 7177ac74
Diff: https://reviews.apache.org/r/65770/diff/1/
Testing (updated)
-------
maven build is gone fine.
Testing of endpoints is in progress.
Thanks,
Nixon Rodrigues
Re: Review Request 65770: ATLAS-2459:-Authorization enhancements to
support instance level access controls
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65770/#review198289
-----------------------------------------------------------
Ship it!
Ship It!
- Madhan Neethiraj
On Feb. 26, 2018, 2:19 p.m., Nixon Rodrigues wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65770/
> -----------------------------------------------------------
>
> (Updated Feb. 26, 2018, 2:19 p.m.)
>
>
> Review request for atlas, Apoorv Naik, Ashutosh Mestry, and Madhan Neethiraj.
>
>
> Bugs: ATLAS-2459
> https://issues.apache.org/jira/browse/ATLAS-2459
>
>
> Repository: atlas
>
>
> Description
> -------
>
> The patch contains changes for Fine grained authorization at Instance level.
> Earlier implementation of authorization at API level is removed.
>
> https://issues.apache.org/jira/browse/ATLAS-2459
>
>
> Diffs
> -----
>
> addons/falcon-bridge/src/test/resources/atlas-application.properties 282127c2
> addons/hbase-bridge/src/test/resources/atlas-application.properties 282127c2
> addons/hive-bridge/src/test/resources/atlas-application.properties 282127c2
> addons/sqoop-bridge/src/test/resources/atlas-application.properties 282127c2
> addons/storm-bridge/src/test/resources/atlas-application.properties f46477a6
> authorization/pom.xml f210a2f8
> authorization/src/main/java/org/apache/atlas/authorize/AtlasAccessRequest.java 07cb2b07
> authorization/src/main/java/org/apache/atlas/authorize/AtlasActionTypes.java c5969db1
> authorization/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationUtils.java PRE-CREATION
> authorization/src/main/java/org/apache/atlas/authorize/AtlasAuthorizer.java d64c6923
> authorization/src/main/java/org/apache/atlas/authorize/AtlasAuthorizerFactory.java 9b7933e0
> authorization/src/main/java/org/apache/atlas/authorize/AtlasEntityAccessRequest.java PRE-CREATION
> authorization/src/main/java/org/apache/atlas/authorize/AtlasResourceTypes.java 7e2808cb
> authorization/src/main/java/org/apache/atlas/authorize/AtlasTypeAccessRequest.java PRE-CREATION
> authorization/src/main/java/org/apache/atlas/authorize/simple/AtlasAuthorizationUtils.java 5bc19414
> authorization/src/main/java/org/apache/atlas/authorize/simple/AtlasSimpleAuthorizer.java PRE-CREATION
> authorization/src/main/java/org/apache/atlas/authorize/simple/AtlasSimpleAuthzPolicy.java PRE-CREATION
> authorization/src/main/java/org/apache/atlas/authorize/simple/FileReaderUtil.java 88bf56b1
> authorization/src/main/java/org/apache/atlas/authorize/simple/PolicyDef.java 6b2b8b30
> authorization/src/main/java/org/apache/atlas/authorize/simple/PolicyParser.java f61bbf76
> authorization/src/main/java/org/apache/atlas/authorize/simple/PolicyUtil.java 9c08e405
> authorization/src/main/java/org/apache/atlas/authorize/simple/SimpleAtlasAuthorizer.java 2eb0cd50
> authorization/src/main/resources/atlas-simple-authz-policy.json PRE-CREATION
> authorization/src/test/java/org/apache/atlas/authorize/simple/AtlasAuthorizationUtilsTest.java adebb627
> authorization/src/test/java/org/apache/atlas/authorize/simple/AtlasSimpleAuthorizerTest.java PRE-CREATION
> authorization/src/test/java/org/apache/atlas/authorize/simple/PolicyParserTest.java 3b7869aa
> authorization/src/test/java/org/apache/atlas/authorize/simple/PolicyUtilTest.java 1cefbcdf
> authorization/src/test/java/org/apache/atlas/authorize/simple/SimpleAtlasAuthorizerTest.java b36c9c75
> authorization/src/test/resources/atlas-application.properties PRE-CREATION
> authorization/src/test/resources/atlas-simple-authz-policy.json PRE-CREATION
> distro/src/conf/atlas-application.properties 1f38705f
> intg/src/main/java/org/apache/atlas/ApplicationProperties.java 320563e0
> intg/src/main/java/org/apache/atlas/AtlasErrorCode.java f1d45365
> intg/src/main/java/org/apache/atlas/model/instance/AtlasEntityHeader.java 340cd05c
> intg/src/main/java/org/apache/atlas/type/AtlasClassificationType.java ae0c206b
> intg/src/main/java/org/apache/atlas/utils/AtlasJson.java 9aacb2d2
> intg/src/test/resources/atlas-application.properties 373bf68c
> repository/pom.xml 87fe7fde
> repository/src/main/java/org/apache/atlas/discovery/EntityLineageService.java 9e18dfb4
> repository/src/main/java/org/apache/atlas/repository/store/graph/v1/AtlasClassificationDefStoreV1.java 8214cea6
> repository/src/main/java/org/apache/atlas/repository/store/graph/v1/AtlasEntityDefStoreV1.java 1d784ef8
> repository/src/main/java/org/apache/atlas/repository/store/graph/v1/AtlasEntityStoreV1.java bf417dd0
> repository/src/main/java/org/apache/atlas/repository/store/graph/v1/AtlasStructDefStoreV1.java 83a6d1d6
> repository/src/main/java/org/apache/atlas/repository/store/graph/v1/EntityGraphRetriever.java 1833b72e
> repository/src/main/java/org/apache/atlas/util/AtlasRepositoryConfiguration.java 85f0d060
> repository/src/test/java/org/apache/atlas/repository/impexp/ExportServiceTest.java 07524d08
> repository/src/test/java/org/apache/atlas/repository/impexp/ImportServiceTest.java 136fe8a1
> repository/src/test/java/org/apache/atlas/repository/impexp/ZipFileResourceTestUtils.java 5ab8c01b
> repository/src/test/java/org/apache/atlas/repository/store/graph/AtlasTypeDefGraphStoreTest.java 2fc8015e
> repository/src/test/java/org/apache/atlas/repository/store/graph/v1/AtlasEntityStoreV1Test.java f4b70531
> repository/src/test/java/org/apache/atlas/repository/store/graph/v1/AtlasRelationshipStoreV1Test.java 8de978c8
> repository/src/test/java/org/apache/atlas/repository/store/graph/v1/InverseReferenceUpdateV1Test.java 6e4689d3
> server-api/src/main/java/org/apache/atlas/RequestContextV1.java 9177cb82
> server-api/src/main/java/org/apache/atlas/aspect/Loggable.java 64f21695
> server-api/src/main/java/org/apache/atlas/aspect/Monitored.java 909fab68
> server-api/src/main/java/org/apache/atlas/discovery/DiscoveryException.java ba69af76
> server-api/src/main/java/org/apache/atlas/exception/SchemaNotFoundException.java 981ef2a8
> server-api/src/main/java/org/apache/atlas/exception/TraitNotFoundException.java ba46a2e4
> server-api/src/main/java/org/apache/atlas/metrics/Metrics.java e0f4e494
> webapp/src/main/java/org/apache/atlas/notification/NotificationHookConsumer.java ced9b7e6
> webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java ddc2ff2b
> webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthorizationFilter.java 8a29bb3f
> webapp/src/main/java/org/apache/atlas/web/filters/AuditFilter.java 3225b0ec
> webapp/src/main/java/org/apache/atlas/web/resources/AdminResource.java 86485fba
> webapp/src/main/java/org/apache/atlas/web/rest/TypesREST.java 7177ac74
> webapp/src/main/java/org/apache/atlas/web/security/AtlasSecurityConfig.java 24be5de2
> webapp/src/main/java/org/apache/atlas/web/util/DateTimeHelper.java 26f3f1ca
> webapp/src/main/resources/spring-security.xml 17432182
> webapp/src/test/java/org/apache/atlas/web/filters/AtlasAuthenticationSimpleFilterIT.java 78f983f8
> webapp/src/test/java/org/apache/atlas/web/resources/AdminResourceTest.java fd96fc3d
> webapp/src/test/resources/atlas-application.properties 62fa603b
> webapp/src/test/resources/test-spring-security.xml 4455b0ad
>
>
> Diff: https://reviews.apache.org/r/65770/diff/4/
>
>
> Testing
> -------
>
> maven build is gone fine.
> Testing of endpoints is in progress.
>
>
> Thanks,
>
> Nixon Rodrigues
>
>
Re: Review Request 65770: ATLAS-2459:-Authorization enhancements to
support instance level access controls
Posted by Nixon Rodrigues <ni...@freestoneinfotech.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65770/
-----------------------------------------------------------
(Updated Feb. 26, 2018, 2:19 p.m.)
Review request for atlas, Apoorv Naik, Ashutosh Mestry, and Madhan Neethiraj.
Changes
-------
This patch includes following changes.
* Added authorization checks in lineage API (EntityLineageService.java)
* updated entity-access check to look for authorization of entity-classifications
* Introduced NONE authorizer, which returns ‘true’ for all access-checks. This is used in unit-tests.
* Renamed SimpleAtlasAuthorizer.java to AtlasSimpleAuthorizer.java
* Removed permissions type-read, entity-read-attribute, entity-update attribute. These can be added later, if necessary.
* Added UnitCases for AtlasSimpleAuthorizer.
Bugs: ATLAS-2459
https://issues.apache.org/jira/browse/ATLAS-2459
Repository: atlas
Description
-------
The patch contains changes for Fine grained authorization at Instance level.
Earlier implementation of authorization at API level is removed.
https://issues.apache.org/jira/browse/ATLAS-2459
Diffs (updated)
-----
addons/falcon-bridge/src/test/resources/atlas-application.properties 282127c2
addons/hbase-bridge/src/test/resources/atlas-application.properties 282127c2
addons/hive-bridge/src/test/resources/atlas-application.properties 282127c2
addons/sqoop-bridge/src/test/resources/atlas-application.properties 282127c2
addons/storm-bridge/src/test/resources/atlas-application.properties f46477a6
authorization/pom.xml f210a2f8
authorization/src/main/java/org/apache/atlas/authorize/AtlasAccessRequest.java 07cb2b07
authorization/src/main/java/org/apache/atlas/authorize/AtlasActionTypes.java c5969db1
authorization/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationUtils.java PRE-CREATION
authorization/src/main/java/org/apache/atlas/authorize/AtlasAuthorizer.java d64c6923
authorization/src/main/java/org/apache/atlas/authorize/AtlasAuthorizerFactory.java 9b7933e0
authorization/src/main/java/org/apache/atlas/authorize/AtlasEntityAccessRequest.java PRE-CREATION
authorization/src/main/java/org/apache/atlas/authorize/AtlasResourceTypes.java 7e2808cb
authorization/src/main/java/org/apache/atlas/authorize/AtlasTypeAccessRequest.java PRE-CREATION
authorization/src/main/java/org/apache/atlas/authorize/simple/AtlasAuthorizationUtils.java 5bc19414
authorization/src/main/java/org/apache/atlas/authorize/simple/AtlasSimpleAuthorizer.java PRE-CREATION
authorization/src/main/java/org/apache/atlas/authorize/simple/AtlasSimpleAuthzPolicy.java PRE-CREATION
authorization/src/main/java/org/apache/atlas/authorize/simple/FileReaderUtil.java 88bf56b1
authorization/src/main/java/org/apache/atlas/authorize/simple/PolicyDef.java 6b2b8b30
authorization/src/main/java/org/apache/atlas/authorize/simple/PolicyParser.java f61bbf76
authorization/src/main/java/org/apache/atlas/authorize/simple/PolicyUtil.java 9c08e405
authorization/src/main/java/org/apache/atlas/authorize/simple/SimpleAtlasAuthorizer.java 2eb0cd50
authorization/src/main/resources/atlas-simple-authz-policy.json PRE-CREATION
authorization/src/test/java/org/apache/atlas/authorize/simple/AtlasAuthorizationUtilsTest.java adebb627
authorization/src/test/java/org/apache/atlas/authorize/simple/AtlasSimpleAuthorizerTest.java PRE-CREATION
authorization/src/test/java/org/apache/atlas/authorize/simple/PolicyParserTest.java 3b7869aa
authorization/src/test/java/org/apache/atlas/authorize/simple/PolicyUtilTest.java 1cefbcdf
authorization/src/test/java/org/apache/atlas/authorize/simple/SimpleAtlasAuthorizerTest.java b36c9c75
authorization/src/test/resources/atlas-application.properties PRE-CREATION
authorization/src/test/resources/atlas-simple-authz-policy.json PRE-CREATION
distro/src/conf/atlas-application.properties 1f38705f
intg/src/main/java/org/apache/atlas/ApplicationProperties.java 320563e0
intg/src/main/java/org/apache/atlas/AtlasErrorCode.java f1d45365
intg/src/main/java/org/apache/atlas/model/instance/AtlasEntityHeader.java 340cd05c
intg/src/main/java/org/apache/atlas/type/AtlasClassificationType.java ae0c206b
intg/src/main/java/org/apache/atlas/utils/AtlasJson.java 9aacb2d2
intg/src/test/resources/atlas-application.properties 373bf68c
repository/pom.xml 87fe7fde
repository/src/main/java/org/apache/atlas/discovery/EntityLineageService.java 9e18dfb4
repository/src/main/java/org/apache/atlas/repository/store/graph/v1/AtlasClassificationDefStoreV1.java 8214cea6
repository/src/main/java/org/apache/atlas/repository/store/graph/v1/AtlasEntityDefStoreV1.java 1d784ef8
repository/src/main/java/org/apache/atlas/repository/store/graph/v1/AtlasEntityStoreV1.java bf417dd0
repository/src/main/java/org/apache/atlas/repository/store/graph/v1/AtlasStructDefStoreV1.java 83a6d1d6
repository/src/main/java/org/apache/atlas/repository/store/graph/v1/EntityGraphRetriever.java 1833b72e
repository/src/main/java/org/apache/atlas/util/AtlasRepositoryConfiguration.java 85f0d060
repository/src/test/java/org/apache/atlas/repository/impexp/ExportServiceTest.java 07524d08
repository/src/test/java/org/apache/atlas/repository/impexp/ImportServiceTest.java 136fe8a1
repository/src/test/java/org/apache/atlas/repository/impexp/ZipFileResourceTestUtils.java 5ab8c01b
repository/src/test/java/org/apache/atlas/repository/store/graph/AtlasTypeDefGraphStoreTest.java 2fc8015e
repository/src/test/java/org/apache/atlas/repository/store/graph/v1/AtlasEntityStoreV1Test.java f4b70531
repository/src/test/java/org/apache/atlas/repository/store/graph/v1/AtlasRelationshipStoreV1Test.java 8de978c8
repository/src/test/java/org/apache/atlas/repository/store/graph/v1/InverseReferenceUpdateV1Test.java 6e4689d3
server-api/src/main/java/org/apache/atlas/RequestContextV1.java 9177cb82
server-api/src/main/java/org/apache/atlas/aspect/Loggable.java 64f21695
server-api/src/main/java/org/apache/atlas/aspect/Monitored.java 909fab68
server-api/src/main/java/org/apache/atlas/discovery/DiscoveryException.java ba69af76
server-api/src/main/java/org/apache/atlas/exception/SchemaNotFoundException.java 981ef2a8
server-api/src/main/java/org/apache/atlas/exception/TraitNotFoundException.java ba46a2e4
server-api/src/main/java/org/apache/atlas/metrics/Metrics.java e0f4e494
webapp/src/main/java/org/apache/atlas/notification/NotificationHookConsumer.java ced9b7e6
webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java ddc2ff2b
webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthorizationFilter.java 8a29bb3f
webapp/src/main/java/org/apache/atlas/web/filters/AuditFilter.java 3225b0ec
webapp/src/main/java/org/apache/atlas/web/resources/AdminResource.java 86485fba
webapp/src/main/java/org/apache/atlas/web/rest/TypesREST.java 7177ac74
webapp/src/main/java/org/apache/atlas/web/security/AtlasSecurityConfig.java 24be5de2
webapp/src/main/java/org/apache/atlas/web/util/DateTimeHelper.java 26f3f1ca
webapp/src/main/resources/spring-security.xml 17432182
webapp/src/test/java/org/apache/atlas/web/filters/AtlasAuthenticationSimpleFilterIT.java 78f983f8
webapp/src/test/java/org/apache/atlas/web/resources/AdminResourceTest.java fd96fc3d
webapp/src/test/resources/atlas-application.properties 62fa603b
webapp/src/test/resources/test-spring-security.xml 4455b0ad
Diff: https://reviews.apache.org/r/65770/diff/4/
Changes: https://reviews.apache.org/r/65770/diff/3-4/
Testing
-------
maven build is gone fine.
Testing of endpoints is in progress.
Thanks,
Nixon Rodrigues
Re: Review Request 65770: ATLAS-2459:-Authorization enhancements to
support instance level access controls
Posted by Nixon Rodrigues <ni...@freestoneinfotech.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65770/
-----------------------------------------------------------
(Updated Feb. 25, 2018, 4:47 p.m.)
Review request for atlas, Apoorv Naik, Ashutosh Mestry, and Madhan Neethiraj.
Changes
-------
This patch include simplification of authz intrumented code from earlier version and also below changes.
* Removal of AtlasAuthorizationFilter.java, Metrics.java, ..
* Updates to AuditFilter, to capture response status and timeTaken in audit.log
* Added atlas-simple-authz-policy.json as an embedded-resource in authorization jar. If the file is not present in CLASSPATH, it will be loaded from the jar file
* Updated entity-access authorization to take into account policies for super-types of entity/classifications. For example, anyone with access to ‘Asset’ type will be able to read all sub-types of Asset.
Bugs: ATLAS-2459
https://issues.apache.org/jira/browse/ATLAS-2459
Repository: atlas
Description
-------
The patch contains changes for Fine grained authorization at Instance level.
Earlier implementation of authorization at API level is removed.
https://issues.apache.org/jira/browse/ATLAS-2459
Diffs (updated)
-----
authorization/pom.xml f210a2f8
authorization/src/main/java/org/apache/atlas/authorize/AtlasAccessRequest.java 07cb2b07
authorization/src/main/java/org/apache/atlas/authorize/AtlasActionTypes.java c5969db1
authorization/src/main/java/org/apache/atlas/authorize/AtlasAuthorizer.java d64c6923
authorization/src/main/java/org/apache/atlas/authorize/AtlasAuthorizerFactory.java 9b7933e0
authorization/src/main/java/org/apache/atlas/authorize/AtlasEntityAccessRequest.java PRE-CREATION
authorization/src/main/java/org/apache/atlas/authorize/AtlasResourceTypes.java 7e2808cb
authorization/src/main/java/org/apache/atlas/authorize/AtlasTypeAccessRequest.java PRE-CREATION
authorization/src/main/java/org/apache/atlas/authorize/simple/AtlasAuthorizationUtils.java 5bc19414
authorization/src/main/java/org/apache/atlas/authorize/simple/AtlasSimpleAuthzPolicy.java PRE-CREATION
authorization/src/main/java/org/apache/atlas/authorize/simple/FileReaderUtil.java 88bf56b1
authorization/src/main/java/org/apache/atlas/authorize/simple/PolicyDef.java 6b2b8b30
authorization/src/main/java/org/apache/atlas/authorize/simple/PolicyParser.java f61bbf76
authorization/src/main/java/org/apache/atlas/authorize/simple/PolicyUtil.java 9c08e405
authorization/src/main/java/org/apache/atlas/authorize/simple/SimpleAtlasAuthorizer.java 2eb0cd50
authorization/src/main/resources/atlas-simple-authz-policy.json PRE-CREATION
authorization/src/test/java/org/apache/atlas/authorize/simple/AtlasAuthorizationUtilsTest.java adebb627
authorization/src/test/java/org/apache/atlas/authorize/simple/PolicyParserTest.java 3b7869aa
authorization/src/test/java/org/apache/atlas/authorize/simple/PolicyUtilTest.java 1cefbcdf
authorization/src/test/java/org/apache/atlas/authorize/simple/SimpleAtlasAuthorizerTest.java b36c9c75
intg/src/main/java/org/apache/atlas/ApplicationProperties.java 320563e0
intg/src/main/java/org/apache/atlas/AtlasErrorCode.java f1d45365
intg/src/main/java/org/apache/atlas/model/instance/AtlasEntityHeader.java 340cd05c
intg/src/main/java/org/apache/atlas/type/AtlasClassificationType.java ae0c206b
intg/src/main/java/org/apache/atlas/utils/AtlasJson.java 9aacb2d2
repository/pom.xml 87fe7fde
repository/src/main/java/org/apache/atlas/repository/store/graph/v1/AtlasClassificationDefStoreV1.java 8214cea6
repository/src/main/java/org/apache/atlas/repository/store/graph/v1/AtlasEntityDefStoreV1.java 1d784ef8
repository/src/main/java/org/apache/atlas/repository/store/graph/v1/AtlasEntityStoreV1.java bf417dd0
repository/src/main/java/org/apache/atlas/repository/store/graph/v1/AtlasStructDefStoreV1.java 83a6d1d6
repository/src/main/java/org/apache/atlas/repository/store/graph/v1/EntityGraphRetriever.java 1833b72e
repository/src/main/java/org/apache/atlas/util/AtlasRepositoryConfiguration.java 85f0d060
repository/src/test/java/org/apache/atlas/repository/impexp/ExportServiceTest.java 07524d08
repository/src/test/java/org/apache/atlas/repository/impexp/ImportServiceTest.java 136fe8a1
repository/src/test/java/org/apache/atlas/repository/impexp/ZipFileResourceTestUtils.java 5ab8c01b
repository/src/test/java/org/apache/atlas/repository/store/graph/AtlasTypeDefGraphStoreTest.java 2fc8015e
repository/src/test/java/org/apache/atlas/repository/store/graph/v1/AtlasEntityStoreV1Test.java f4b70531
repository/src/test/java/org/apache/atlas/repository/store/graph/v1/AtlasRelationshipStoreV1Test.java 8de978c8
repository/src/test/java/org/apache/atlas/repository/store/graph/v1/InverseReferenceUpdateV1Test.java 6e4689d3
server-api/src/main/java/org/apache/atlas/RequestContextV1.java 9177cb82
server-api/src/main/java/org/apache/atlas/aspect/Loggable.java 64f21695
server-api/src/main/java/org/apache/atlas/aspect/Monitored.java 909fab68
server-api/src/main/java/org/apache/atlas/discovery/DiscoveryException.java ba69af76
server-api/src/main/java/org/apache/atlas/exception/SchemaNotFoundException.java 981ef2a8
server-api/src/main/java/org/apache/atlas/exception/TraitNotFoundException.java ba46a2e4
server-api/src/main/java/org/apache/atlas/metrics/Metrics.java e0f4e494
webapp/src/main/java/org/apache/atlas/notification/NotificationHookConsumer.java ced9b7e6
webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java ddc2ff2b
webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthorizationFilter.java 8a29bb3f
webapp/src/main/java/org/apache/atlas/web/filters/AuditFilter.java 3225b0ec
webapp/src/main/java/org/apache/atlas/web/resources/AdminResource.java 86485fba
webapp/src/main/java/org/apache/atlas/web/rest/TypesREST.java 7177ac74
webapp/src/main/java/org/apache/atlas/web/security/AtlasSecurityConfig.java 24be5de2
webapp/src/main/java/org/apache/atlas/web/util/DateTimeHelper.java 26f3f1ca
webapp/src/main/resources/spring-security.xml 17432182
webapp/src/test/java/org/apache/atlas/web/filters/AtlasAuthenticationSimpleFilterIT.java 78f983f8
webapp/src/test/java/org/apache/atlas/web/resources/AdminResourceTest.java fd96fc3d
webapp/src/test/resources/test-spring-security.xml 4455b0ad
Diff: https://reviews.apache.org/r/65770/diff/3/
Changes: https://reviews.apache.org/r/65770/diff/2-3/
Testing
-------
maven build is gone fine.
Testing of endpoints is in progress.
Thanks,
Nixon Rodrigues
Re: Review Request 65770: ATLAS-2459:-Authorization enhancements to
support instance level access controls
Posted by Nixon Rodrigues <ni...@freestoneinfotech.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65770/
-----------------------------------------------------------
(Updated Feb. 24, 2018, 11:59 a.m.)
Review request for atlas, Apoorv Naik, Ashutosh Mestry, and Madhan Neethiraj.
Changes
-------
This patch includes addition of atlas-policy json file to test module, so that it can be used in authorization during Integration Test.
Handled review comments from Apoorv.
Bugs: ATLAS-2459
https://issues.apache.org/jira/browse/ATLAS-2459
Repository: atlas
Description
-------
The patch contains changes for Fine grained authorization at Instance level.
Earlier implementation of authorization at API level is removed.
https://issues.apache.org/jira/browse/ATLAS-2459
Diffs (updated)
-----
addons/falcon-bridge/src/test/resources/atlas-simple-authz-policy.json PRE-CREATION
addons/hbase-bridge/src/test/resources/atlas-simple-authz-policy.json PRE-CREATION
addons/hive-bridge/src/test/resources/atlas-simple-authz-policy.json PRE-CREATION
addons/sqoop-bridge/src/test/resources/atlas-simple-authz-policy.json PRE-CREATION
addons/storm-bridge/src/test/resources/atlas-simple-authz-policy.json PRE-CREATION
authorization/pom.xml f210a2f8
authorization/src/main/java/org/apache/atlas/authorize/AtlasAccessRequest.java 07cb2b07
authorization/src/main/java/org/apache/atlas/authorize/AtlasActionTypes.java c5969db1
authorization/src/main/java/org/apache/atlas/authorize/AtlasAuthorizer.java d64c6923
authorization/src/main/java/org/apache/atlas/authorize/AtlasAuthorizerFactory.java 9b7933e0
authorization/src/main/java/org/apache/atlas/authorize/AtlasEntityAccessRequest.java PRE-CREATION
authorization/src/main/java/org/apache/atlas/authorize/AtlasPrivilege.java PRE-CREATION
authorization/src/main/java/org/apache/atlas/authorize/AtlasResourceTypes.java 7e2808cb
authorization/src/main/java/org/apache/atlas/authorize/AtlasTypeAccessRequest.java PRE-CREATION
authorization/src/main/java/org/apache/atlas/authorize/simple/AtlasAuthorizationUtils.java 5bc19414
authorization/src/main/java/org/apache/atlas/authorize/simple/AtlasSimpleAuthzPolicy.java PRE-CREATION
authorization/src/main/java/org/apache/atlas/authorize/simple/FileReaderUtil.java 88bf56b1
authorization/src/main/java/org/apache/atlas/authorize/simple/PolicyDef.java 6b2b8b30
authorization/src/main/java/org/apache/atlas/authorize/simple/PolicyParser.java f61bbf76
authorization/src/main/java/org/apache/atlas/authorize/simple/PolicyUtil.java 9c08e405
authorization/src/main/java/org/apache/atlas/authorize/simple/SimpleAtlasAuthorizer.java 2eb0cd50
authorization/src/test/java/org/apache/atlas/authorize/simple/AtlasAuthorizationUtilsTest.java adebb627
authorization/src/test/java/org/apache/atlas/authorize/simple/PolicyParserTest.java 3b7869aa
authorization/src/test/java/org/apache/atlas/authorize/simple/PolicyUtilTest.java 1cefbcdf
authorization/src/test/java/org/apache/atlas/authorize/simple/SimpleAtlasAuthorizerTest.java b36c9c75
distro/src/conf/atlas-simple-authz-policy.json PRE-CREATION
intg/src/main/java/org/apache/atlas/AtlasErrorCode.java f1d45365
intg/src/main/java/org/apache/atlas/model/instance/AtlasEntityHeader.java 340cd05c
intg/src/main/java/org/apache/atlas/utils/AtlasJson.java 9aacb2d2
intg/src/test/resources/atlas-simple-authz-policy.json PRE-CREATION
repository/pom.xml 87fe7fde
repository/src/main/java/org/apache/atlas/repository/store/graph/v1/AtlasClassificationDefStoreV1.java 8214cea6
repository/src/main/java/org/apache/atlas/repository/store/graph/v1/AtlasEntityDefStoreV1.java 1d784ef8
repository/src/main/java/org/apache/atlas/repository/store/graph/v1/AtlasEntityStoreV1.java bf417dd0
repository/src/main/java/org/apache/atlas/repository/store/graph/v1/AtlasStructDefStoreV1.java 83a6d1d6
webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthorizationFilter.java 8a29bb3f
webapp/src/main/java/org/apache/atlas/web/resources/AdminResource.java 86485fba
webapp/src/main/java/org/apache/atlas/web/rest/TypesREST.java 7177ac74
webapp/src/test/java/org/apache/atlas/web/filters/AtlasAuthenticationSimpleFilterIT.java 78f983f8
webapp/src/test/resources/atlas-simple-authz-policy.json PRE-CREATION
Diff: https://reviews.apache.org/r/65770/diff/2/
Changes: https://reviews.apache.org/r/65770/diff/1-2/
Testing
-------
maven build is gone fine.
Testing of endpoints is in progress.
Thanks,
Nixon Rodrigues
Re: Review Request 65770: ATLAS-2459:-Authorization enhancements to
support instance level access controls
Posted by Apoorv Naik <na...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65770/#review198214
-----------------------------------------------------------
Overall it's a very good change, simplification of policies and rules has led to a much cleaner/concise code
authorization/src/main/java/org/apache/atlas/authorize/AtlasEntityAttribute.java
Lines 1 (patched)
<https://reviews.apache.org/r/65770/#comment278324>
Missing ASF header
repository/src/main/java/org/apache/atlas/repository/store/graph/v1/AtlasClassificationDefStoreV1.java
Lines 97 (patched)
<https://reviews.apache.org/r/65770/#comment278325>
Can you pull all these error messages as separate AtlasErrorCode messages ?
Please review all occurences
repository/src/main/java/org/apache/atlas/repository/store/graph/v1/AtlasEntityStoreV1.java
Lines 187 (patched)
<https://reviews.apache.org/r/65770/#comment278326>
This comment doesn't look valid in the context
repository/src/main/java/org/apache/atlas/repository/store/graph/v1/AtlasEntityStoreV1.java
Lines 231 (patched)
<https://reviews.apache.org/r/65770/#comment278327>
Can we do this authorization check even before the mapping ?
webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthorizationFilter.java
Line 49 (original), 37 (patched)
<https://reviews.apache.org/r/65770/#comment278328>
This looks pretty much no-op. Can this be removed if that's the case ?
- Apoorv Naik
On Feb. 23, 2018, 1:22 p.m., Nixon Rodrigues wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65770/
> -----------------------------------------------------------
>
> (Updated Feb. 23, 2018, 1:22 p.m.)
>
>
> Review request for atlas, Apoorv Naik, Ashutosh Mestry, and Madhan Neethiraj.
>
>
> Bugs: ATLAS-2459
> https://issues.apache.org/jira/browse/ATLAS-2459
>
>
> Repository: atlas
>
>
> Description
> -------
>
> The patch contains changes for Fine grained authorization at Instance level.
> Earlier implementation of authorization at API level is removed.
>
> https://issues.apache.org/jira/browse/ATLAS-2459
>
>
> Diffs
> -----
>
> authorization/pom.xml f210a2f8
> authorization/src/main/java/org/apache/atlas/authorize/AtlasAccessRequest.java 07cb2b07
> authorization/src/main/java/org/apache/atlas/authorize/AtlasActionTypes.java c5969db1
> authorization/src/main/java/org/apache/atlas/authorize/AtlasAuthorizer.java d64c6923
> authorization/src/main/java/org/apache/atlas/authorize/AtlasEntityAccessRequest.java PRE-CREATION
> authorization/src/main/java/org/apache/atlas/authorize/AtlasEntityAttribute.java PRE-CREATION
> authorization/src/main/java/org/apache/atlas/authorize/AtlasPrivilege.java PRE-CREATION
> authorization/src/main/java/org/apache/atlas/authorize/AtlasResourceTypes.java 7e2808cb
> authorization/src/main/java/org/apache/atlas/authorize/simple/AtlasAuthorizationUtils.java 5bc19414
> authorization/src/main/java/org/apache/atlas/authorize/simple/AtlasSimpleAuthzPolicy.java PRE-CREATION
> authorization/src/main/java/org/apache/atlas/authorize/simple/FileReaderUtil.java 88bf56b1
> authorization/src/main/java/org/apache/atlas/authorize/simple/PolicyDef.java 6b2b8b30
> authorization/src/main/java/org/apache/atlas/authorize/simple/PolicyParser.java f61bbf76
> authorization/src/main/java/org/apache/atlas/authorize/simple/PolicyUtil.java 9c08e405
> authorization/src/main/java/org/apache/atlas/authorize/simple/SimpleAtlasAuthorizer.java 2eb0cd50
> authorization/src/test/java/org/apache/atlas/authorize/simple/AtlasAuthorizationUtilsTest.java adebb627
> authorization/src/test/java/org/apache/atlas/authorize/simple/PolicyParserTest.java 3b7869aa
> authorization/src/test/java/org/apache/atlas/authorize/simple/PolicyUtilTest.java 1cefbcdf
> authorization/src/test/java/org/apache/atlas/authorize/simple/SimpleAtlasAuthorizerTest.java b36c9c75
> distro/src/conf/atlas-simple-authz-policy.json PRE-CREATION
> intg/src/main/java/org/apache/atlas/AtlasErrorCode.java ff09e6c9
> intg/src/main/java/org/apache/atlas/model/instance/AtlasEntityHeader.java 340cd05c
> intg/src/main/java/org/apache/atlas/utils/AtlasJson.java 4f7b716e
> repository/pom.xml 87fe7fde
> repository/src/main/java/org/apache/atlas/repository/store/graph/v1/AtlasClassificationDefStoreV1.java 8214cea6
> repository/src/main/java/org/apache/atlas/repository/store/graph/v1/AtlasEntityDefStoreV1.java 1d784ef8
> repository/src/main/java/org/apache/atlas/repository/store/graph/v1/AtlasEntityStoreV1.java ca0eeeb6
> repository/src/main/java/org/apache/atlas/repository/store/graph/v1/AtlasStructDefStoreV1.java 83a6d1d6
> webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthorizationFilter.java 8a29bb3f
> webapp/src/main/java/org/apache/atlas/web/resources/AdminResource.java 86485fba
> webapp/src/main/java/org/apache/atlas/web/rest/TypesREST.java 7177ac74
>
>
> Diff: https://reviews.apache.org/r/65770/diff/1/
>
>
> Testing
> -------
>
> maven build is gone fine.
> Testing of endpoints is in progress.
>
>
> Thanks,
>
> Nixon Rodrigues
>
>