You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@atlas.apache.org by Bolke de Bruin <bd...@gmail.com> on 2020/05/03 07:43:59 UTC
Re: Review Request 72438: Allow system attributes to be updated when
policy allows
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72438/
-----------------------------------------------------------
(Updated May 3, 2020, 7:43 a.m.)
Review request for atlas, Ashutosh Mestry, Bolke de Bruin, Madhan Neethiraj, Nixon Rodrigues, and Sarath Subramanian.
Changes
-------
Improved unit tests
Made into feature flag
Bugs: ATLAS-3755
https://issues.apache.org/jira/browse/ATLAS-3755
Repository: atlas
Description
-------
Atlas does not operate in a isolated environment, this is one of the reasons the "homeId" system attribute was introduced. Unfortunately system attributes can only be updated when importing. This means any integration with other services is significantly limited (Kafka, Rest API will not work). (See also ATLAS-3754)
To resolve this I propose to make it possible to update the system attributes when policy allows it. This introduces new AtlasPrivilege.ENTITY_UPDATE_SYSTEM_ATTRIBUTE and AtlasPrivilege.ENTITY_CREATE_SYSTEM_ATTRIBUTE next to AtlasPrivilege.ENTITY_UPDATE_ATTRIBUTE and AtlasPrivilege.ENTITY_CREATE_ATTRIBUTE rather than just checking on the entity level. In certain places we will then drop the requirement for an import to be active as this can now happen through other channels as well.
This allows operators to specify policies that allow granular controls over attributes and system attributes.
Diffs (updated)
-----
authorization/src/main/java/org/apache/atlas/authorize/AtlasEntityAccessRequest.java 6d49d54b1
authorization/src/main/java/org/apache/atlas/authorize/simple/AtlasSimpleAuthorizer.java 734991691
authorization/src/main/java/org/apache/atlas/authorize/simple/AtlasSimpleAuthzPolicy.java d19112885
authorization/src/main/resources/atlas-simple-authz-policy.json 6b2001279
intg/src/main/java/org/apache/atlas/ApplicationProperties.java 1f1f3771b
intg/src/main/java/org/apache/atlas/model/instance/AtlasEntity.java 4d8c94894
intg/src/main/java/org/apache/atlas/type/AtlasEntityType.java 3962c3c42
intg/src/main/java/org/apache/atlas/type/Constants.java 3fc13056e
repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasEntityStoreV2.java 379150b7b
repository/src/main/java/org/apache/atlas/repository/store/graph/v2/EntityGraphRetriever.java 36bee301d
repository/src/main/java/org/apache/atlas/repository/store/graph/v2/EntityMutationContext.java deb743eea
repository/src/main/java/org/apache/atlas/repository/store/graph/v2/IDBasedEntityResolver.java 3b9694851
repository/src/test/java/org/apache/atlas/repository/store/graph/v2/AtlasEntityStoreV2Test.java 38228a8ec
Diff: https://reviews.apache.org/r/72438/diff/5/
Changes: https://reviews.apache.org/r/72438/diff/4-5/
Testing
-------
- Manually tested
- Unit test updated
Thanks,
Bolke de Bruin