You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@atlas.apache.org by Bolke de Bruin <bd...@gmail.com> on 2020/05/03 07:43:59 UTC

Re: Review Request 72438: Allow system attributes to be updated when policy allows

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72438/
-----------------------------------------------------------

(Updated May 3, 2020, 7:43 a.m.)


Review request for atlas, Ashutosh Mestry, Bolke de Bruin, Madhan Neethiraj, Nixon Rodrigues, and Sarath Subramanian.


Changes
-------

Improved unit tests
Made into feature flag


Bugs: ATLAS-3755
    https://issues.apache.org/jira/browse/ATLAS-3755


Repository: atlas


Description
-------

Atlas does not operate in a isolated environment, this is one of the reasons the "homeId" system attribute was introduced. Unfortunately system attributes can only be updated when importing. This means any integration with other services is significantly limited (Kafka, Rest API will not work). (See also ATLAS-3754)
To resolve this I propose to make it possible to update the system attributes when policy allows it. This introduces new AtlasPrivilege.ENTITY_UPDATE_SYSTEM_ATTRIBUTE and AtlasPrivilege.ENTITY_CREATE_SYSTEM_ATTRIBUTE next to AtlasPrivilege.ENTITY_UPDATE_ATTRIBUTE and AtlasPrivilege.ENTITY_CREATE_ATTRIBUTE rather than just checking on the entity level. In certain places we will then drop the requirement for an import to be active as this can now happen through other channels as well.
This allows operators to specify policies that allow granular controls over attributes and system attributes.


Diffs (updated)
-----

  authorization/src/main/java/org/apache/atlas/authorize/AtlasEntityAccessRequest.java 6d49d54b1 
  authorization/src/main/java/org/apache/atlas/authorize/simple/AtlasSimpleAuthorizer.java 734991691 
  authorization/src/main/java/org/apache/atlas/authorize/simple/AtlasSimpleAuthzPolicy.java d19112885 
  authorization/src/main/resources/atlas-simple-authz-policy.json 6b2001279 
  intg/src/main/java/org/apache/atlas/ApplicationProperties.java 1f1f3771b 
  intg/src/main/java/org/apache/atlas/model/instance/AtlasEntity.java 4d8c94894 
  intg/src/main/java/org/apache/atlas/type/AtlasEntityType.java 3962c3c42 
  intg/src/main/java/org/apache/atlas/type/Constants.java 3fc13056e 
  repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasEntityStoreV2.java 379150b7b 
  repository/src/main/java/org/apache/atlas/repository/store/graph/v2/EntityGraphRetriever.java 36bee301d 
  repository/src/main/java/org/apache/atlas/repository/store/graph/v2/EntityMutationContext.java deb743eea 
  repository/src/main/java/org/apache/atlas/repository/store/graph/v2/IDBasedEntityResolver.java 3b9694851 
  repository/src/test/java/org/apache/atlas/repository/store/graph/v2/AtlasEntityStoreV2Test.java 38228a8ec 


Diff: https://reviews.apache.org/r/72438/diff/5/

Changes: https://reviews.apache.org/r/72438/diff/4-5/


Testing
-------

- Manually tested
- Unit test updated


Thanks,

Bolke de Bruin