You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@atlas.apache.org by Saqeeb Shaikh <sa...@gmail.com> on 2016/05/05 14:37:38 UTC
Re: Review Request 46700: ATLAS-497 : Simple Authorization
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46700/
-----------------------------------------------------------
(Updated May 5, 2016, 2:37 p.m.)
Review request for atlas, Erik Bergenholtz, Shwetha GS, Selvamohan Neethiraj, and Hemanth Yamijala.
Changes
-------
Handle Hemanth's review request comments.
Bugs: ATLAS-497
https://issues.apache.org/jira/browse/ATLAS-497
Repository: atlas
Description
-------
**Patch Contains** Simple file based authorization for Atlas REST APIs.
Implementation contains addition of policy based authorization, where policy-store.txt contains policies for each group / user which will login to Atlas. As initial implementation introducing permissions for 3 Groups of Users :
Data Scientist : Users in this Group will have Read only access to the Atlas resources
Data Steward : Users in this Group will have RWU (read, write, update) accesses to the Atlas resources
Admin : Users in this Group will have RWUD (read, write, update, delete) accesses to the Atlas resources
**Assuming following resources for various APIs**
TYPE : for accessing traits,classes
ENTITY : for accessing entity, discovery, lineage APIs
OPERATION : For APIs related to Admin (version, stack, rextergraph related APIs)
Diffs (updated)
-----
distro/src/conf/atlas-application.properties 290105f
distro/src/conf/policy-store.txt PRE-CREATION
pom.xml 729b178
webapp/src/main/java/org/apache/atlas/authorize/AtlasAccessRequest.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/AtlasAccessorTypes.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/AtlasActionTypes.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationException.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationUtils.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizer.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/AtlasResourceTypes.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/PolicyDef.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/PolicyParser.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/PolicyUtil.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/SimpleAtlasAuthorizer.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/util/FileReaderUtil.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthorizationFilter.java PRE-CREATION
webapp/src/test/java/org/apache/atlas/authorize/PolicyParserTest.java PRE-CREATION
webapp/src/test/java/org/apache/atlas/authorize/PolicyUtilTest.java PRE-CREATION
webapp/src/test/java/org/apache/atlas/authorize/SimpleAtlasAuthorizerTest.java PRE-CREATION
Diff: https://reviews.apache.org/r/46700/diff/
Testing
-------
Verified authorization by logging in to Atlas as user of different groups.
Verified that Data Scientist should not be allowed to write / update or delete any of the resources.
Added test cases to cater to parsing of policies from the policy store.
Verifed : mvn clean compile package -Pdist
Thanks,
Saqeeb Shaikh
Re: Review Request 46700: ATLAS-497 : Simple Authorization
Posted by Saqeeb Shaikh <sa...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46700/
-----------------------------------------------------------
(Updated May 9, 2016, 2:15 p.m.)
Review request for atlas, Erik Bergenholtz, Shwetha GS, Selvamohan Neethiraj, and Hemanth Yamijala.
Changes
-------
Fix FileAuthenticationTest.java test failure after filter introduction in spring-security.xml
Bugs: ATLAS-497
https://issues.apache.org/jira/browse/ATLAS-497
Repository: atlas
Description
-------
**Patch Contains** Simple file based authorization for Atlas REST APIs.
Implementation contains addition of policy based authorization, where policy-store.txt contains policies for each group / user which will login to Atlas. As initial implementation introducing permissions for 3 Groups of Users :
Data Scientist : Users in this Group will have Read only access to the Atlas resources
Data Steward : Users in this Group will have RWU (read, write, update) accesses to the Atlas resources
Admin : Users in this Group will have RWUD (read, write, update, delete) accesses to the Atlas resources
**Assuming following resources for various APIs**
TYPE : for accessing traits,classes
ENTITY : for accessing entity, discovery, lineage APIs
OPERATION : For APIs related to Admin (version, stack, rextergraph related APIs)
Diffs (updated)
-----
distro/src/conf/atlas-application.properties 290105f
distro/src/conf/policy-store.txt PRE-CREATION
pom.xml 7b872c3
webapp/src/main/java/org/apache/atlas/authorize/AtlasAccessRequest.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/AtlasAccessorTypes.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/AtlasActionTypes.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationException.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationUtils.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizer.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/AtlasResourceTypes.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/PolicyDef.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/PolicyParser.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/PolicyUtil.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/SimpleAtlasAuthorizer.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/util/FileReaderUtil.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthorizationFilter.java PRE-CREATION
webapp/src/main/resources/spring-security.xml d90b9d6
webapp/src/test/java/org/apache/atlas/authorize/PolicyParserTest.java PRE-CREATION
webapp/src/test/java/org/apache/atlas/authorize/PolicyUtilTest.java PRE-CREATION
webapp/src/test/java/org/apache/atlas/authorize/SimpleAtlasAuthorizerTest.java PRE-CREATION
webapp/src/test/java/org/apache/atlas/web/security/FileAuthenticationTest.java ae98b61
Diff: https://reviews.apache.org/r/46700/diff/
Testing
-------
Verified authorization by logging in to Atlas as user of different groups.
Verified that Data Scientist should not be allowed to write / update or delete any of the resources.
Added test cases to cater to parsing of policies from the policy store.
Verifed : mvn clean compile package -Pdist
Thanks,
Saqeeb Shaikh
Re: Review Request 46700: ATLAS-497 : Simple Authorization
Posted by Saqeeb Shaikh <sa...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46700/#review132262
-----------------------------------------------------------
pom.xml
<https://reviews.apache.org/r/46700/#comment196458>
@hemanth, i had added this exclude since that policy-store.txt did not have a LICENCE.
I am afraid removing this will break RAT checks. Please confirm.
webapp/src/test/java/org/apache/atlas/authorize/SimpleAtlasAuthorizerTest.java (line 39)
<https://reviews.apache.org/r/46700/#comment196459>
Thanks Hemanth for fixing these. I missed removing the terms from test cases while creating the patch.
webapp/src/main/resources/spring-security.xml (line 52)
<https://reviews.apache.org/r/46700/#comment196457>
Added the filter "atlasAuthorizationFilter". This was not added in previous patches, since it was blocked on ATLAS-661.
- Saqeeb Shaikh
On May 9, 2016, 12:28 p.m., Saqeeb Shaikh wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/46700/
> -----------------------------------------------------------
>
> (Updated May 9, 2016, 12:28 p.m.)
>
>
> Review request for atlas, Erik Bergenholtz, Shwetha GS, Selvamohan Neethiraj, and Hemanth Yamijala.
>
>
> Bugs: ATLAS-497
> https://issues.apache.org/jira/browse/ATLAS-497
>
>
> Repository: atlas
>
>
> Description
> -------
>
> **Patch Contains** Simple file based authorization for Atlas REST APIs.
>
> Implementation contains addition of policy based authorization, where policy-store.txt contains policies for each group / user which will login to Atlas. As initial implementation introducing permissions for 3 Groups of Users :
>
> Data Scientist : Users in this Group will have Read only access to the Atlas resources
> Data Steward : Users in this Group will have RWU (read, write, update) accesses to the Atlas resources
> Admin : Users in this Group will have RWUD (read, write, update, delete) accesses to the Atlas resources
>
> **Assuming following resources for various APIs**
>
> TYPE : for accessing traits,classes
> ENTITY : for accessing entity, discovery, lineage APIs
> OPERATION : For APIs related to Admin (version, stack, rextergraph related APIs)
>
>
> Diffs
> -----
>
> distro/src/conf/atlas-application.properties 290105f
> distro/src/conf/policy-store.txt PRE-CREATION
> pom.xml 7b872c3
> webapp/src/main/java/org/apache/atlas/authorize/AtlasAccessRequest.java PRE-CREATION
> webapp/src/main/java/org/apache/atlas/authorize/AtlasAccessorTypes.java PRE-CREATION
> webapp/src/main/java/org/apache/atlas/authorize/AtlasActionTypes.java PRE-CREATION
> webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationException.java PRE-CREATION
> webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationUtils.java PRE-CREATION
> webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizer.java PRE-CREATION
> webapp/src/main/java/org/apache/atlas/authorize/AtlasResourceTypes.java PRE-CREATION
> webapp/src/main/java/org/apache/atlas/authorize/PolicyDef.java PRE-CREATION
> webapp/src/main/java/org/apache/atlas/authorize/PolicyParser.java PRE-CREATION
> webapp/src/main/java/org/apache/atlas/authorize/PolicyUtil.java PRE-CREATION
> webapp/src/main/java/org/apache/atlas/authorize/SimpleAtlasAuthorizer.java PRE-CREATION
> webapp/src/main/java/org/apache/atlas/util/FileReaderUtil.java PRE-CREATION
> webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthorizationFilter.java PRE-CREATION
> webapp/src/main/resources/spring-security.xml d90b9d6
> webapp/src/test/java/org/apache/atlas/authorize/PolicyParserTest.java PRE-CREATION
> webapp/src/test/java/org/apache/atlas/authorize/PolicyUtilTest.java PRE-CREATION
> webapp/src/test/java/org/apache/atlas/authorize/SimpleAtlasAuthorizerTest.java PRE-CREATION
>
> Diff: https://reviews.apache.org/r/46700/diff/
>
>
> Testing
> -------
>
> Verified authorization by logging in to Atlas as user of different groups.
> Verified that Data Scientist should not be allowed to write / update or delete any of the resources.
> Added test cases to cater to parsing of policies from the policy store.
>
> Verifed : mvn clean compile package -Pdist
>
>
> Thanks,
>
> Saqeeb Shaikh
>
>
Re: Review Request 46700: ATLAS-497 : Simple Authorization
Posted by Saqeeb Shaikh <sa...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46700/
-----------------------------------------------------------
(Updated May 9, 2016, 12:28 p.m.)
Review request for atlas, Erik Bergenholtz, Shwetha GS, Selvamohan Neethiraj, and Hemanth Yamijala.
Changes
-------
Latest patch containing: modification of spring-security.xml and Hemanths changes after commit of ATLAS-661.
Bugs: ATLAS-497
https://issues.apache.org/jira/browse/ATLAS-497
Repository: atlas
Description
-------
**Patch Contains** Simple file based authorization for Atlas REST APIs.
Implementation contains addition of policy based authorization, where policy-store.txt contains policies for each group / user which will login to Atlas. As initial implementation introducing permissions for 3 Groups of Users :
Data Scientist : Users in this Group will have Read only access to the Atlas resources
Data Steward : Users in this Group will have RWU (read, write, update) accesses to the Atlas resources
Admin : Users in this Group will have RWUD (read, write, update, delete) accesses to the Atlas resources
**Assuming following resources for various APIs**
TYPE : for accessing traits,classes
ENTITY : for accessing entity, discovery, lineage APIs
OPERATION : For APIs related to Admin (version, stack, rextergraph related APIs)
Diffs (updated)
-----
distro/src/conf/atlas-application.properties 290105f
distro/src/conf/policy-store.txt PRE-CREATION
pom.xml 7b872c3
webapp/src/main/java/org/apache/atlas/authorize/AtlasAccessRequest.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/AtlasAccessorTypes.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/AtlasActionTypes.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationException.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationUtils.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizer.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/AtlasResourceTypes.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/PolicyDef.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/PolicyParser.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/PolicyUtil.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/SimpleAtlasAuthorizer.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/util/FileReaderUtil.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthorizationFilter.java PRE-CREATION
webapp/src/main/resources/spring-security.xml d90b9d6
webapp/src/test/java/org/apache/atlas/authorize/PolicyParserTest.java PRE-CREATION
webapp/src/test/java/org/apache/atlas/authorize/PolicyUtilTest.java PRE-CREATION
webapp/src/test/java/org/apache/atlas/authorize/SimpleAtlasAuthorizerTest.java PRE-CREATION
Diff: https://reviews.apache.org/r/46700/diff/
Testing
-------
Verified authorization by logging in to Atlas as user of different groups.
Verified that Data Scientist should not be allowed to write / update or delete any of the resources.
Added test cases to cater to parsing of policies from the policy store.
Verifed : mvn clean compile package -Pdist
Thanks,
Saqeeb Shaikh
Re: Review Request 46700: ATLAS-497 : Simple Authorization
Posted by Selvamohan Neethiraj <sn...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46700/#review131838
-----------------------------------------------------------
Ship it!
Ship It!
- Selvamohan Neethiraj
On May 5, 2016, 10:48 a.m., Saqeeb Shaikh wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/46700/
> -----------------------------------------------------------
>
> (Updated May 5, 2016, 10:48 a.m.)
>
>
> Review request for atlas, Erik Bergenholtz, Shwetha GS, Selvamohan Neethiraj, and Hemanth Yamijala.
>
>
> Bugs: ATLAS-497
> https://issues.apache.org/jira/browse/ATLAS-497
>
>
> Repository: atlas
>
>
> Description
> -------
>
> **Patch Contains** Simple file based authorization for Atlas REST APIs.
>
> Implementation contains addition of policy based authorization, where policy-store.txt contains policies for each group / user which will login to Atlas. As initial implementation introducing permissions for 3 Groups of Users :
>
> Data Scientist : Users in this Group will have Read only access to the Atlas resources
> Data Steward : Users in this Group will have RWU (read, write, update) accesses to the Atlas resources
> Admin : Users in this Group will have RWUD (read, write, update, delete) accesses to the Atlas resources
>
> **Assuming following resources for various APIs**
>
> TYPE : for accessing traits,classes
> ENTITY : for accessing entity, discovery, lineage APIs
> OPERATION : For APIs related to Admin (version, stack, rextergraph related APIs)
>
>
> Diffs
> -----
>
> distro/src/conf/atlas-application.properties 290105f
> distro/src/conf/policy-store.txt PRE-CREATION
> pom.xml 729b178
> webapp/src/main/java/org/apache/atlas/authorize/AtlasAccessRequest.java PRE-CREATION
> webapp/src/main/java/org/apache/atlas/authorize/AtlasAccessorTypes.java PRE-CREATION
> webapp/src/main/java/org/apache/atlas/authorize/AtlasActionTypes.java PRE-CREATION
> webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationException.java PRE-CREATION
> webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationUtils.java PRE-CREATION
> webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizer.java PRE-CREATION
> webapp/src/main/java/org/apache/atlas/authorize/AtlasResourceTypes.java PRE-CREATION
> webapp/src/main/java/org/apache/atlas/authorize/PolicyDef.java PRE-CREATION
> webapp/src/main/java/org/apache/atlas/authorize/PolicyParser.java PRE-CREATION
> webapp/src/main/java/org/apache/atlas/authorize/PolicyUtil.java PRE-CREATION
> webapp/src/main/java/org/apache/atlas/authorize/SimpleAtlasAuthorizer.java PRE-CREATION
> webapp/src/main/java/org/apache/atlas/util/FileReaderUtil.java PRE-CREATION
> webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthorizationFilter.java PRE-CREATION
> webapp/src/test/java/org/apache/atlas/authorize/PolicyParserTest.java PRE-CREATION
> webapp/src/test/java/org/apache/atlas/authorize/PolicyUtilTest.java PRE-CREATION
> webapp/src/test/java/org/apache/atlas/authorize/SimpleAtlasAuthorizerTest.java PRE-CREATION
>
> Diff: https://reviews.apache.org/r/46700/diff/
>
>
> Testing
> -------
>
> Verified authorization by logging in to Atlas as user of different groups.
> Verified that Data Scientist should not be allowed to write / update or delete any of the resources.
> Added test cases to cater to parsing of policies from the policy store.
>
> Verifed : mvn clean compile package -Pdist
>
>
> Thanks,
>
> Saqeeb Shaikh
>
>
Re: Review Request 46700: ATLAS-497 : Simple Authorization
Posted by Saqeeb Shaikh <sa...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46700/
-----------------------------------------------------------
(Updated May 5, 2016, 2:48 p.m.)
Review request for atlas, Erik Bergenholtz, Shwetha GS, Selvamohan Neethiraj, and Hemanth Yamijala.
Bugs: ATLAS-497
https://issues.apache.org/jira/browse/ATLAS-497
Repository: atlas
Description
-------
**Patch Contains** Simple file based authorization for Atlas REST APIs.
Implementation contains addition of policy based authorization, where policy-store.txt contains policies for each group / user which will login to Atlas. As initial implementation introducing permissions for 3 Groups of Users :
Data Scientist : Users in this Group will have Read only access to the Atlas resources
Data Steward : Users in this Group will have RWU (read, write, update) accesses to the Atlas resources
Admin : Users in this Group will have RWUD (read, write, update, delete) accesses to the Atlas resources
**Assuming following resources for various APIs**
TYPE : for accessing traits,classes
ENTITY : for accessing entity, discovery, lineage APIs
OPERATION : For APIs related to Admin (version, stack, rextergraph related APIs)
Diffs (updated)
-----
distro/src/conf/atlas-application.properties 290105f
distro/src/conf/policy-store.txt PRE-CREATION
pom.xml 729b178
webapp/src/main/java/org/apache/atlas/authorize/AtlasAccessRequest.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/AtlasAccessorTypes.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/AtlasActionTypes.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationException.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationUtils.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizer.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/AtlasResourceTypes.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/PolicyDef.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/PolicyParser.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/PolicyUtil.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/authorize/SimpleAtlasAuthorizer.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/util/FileReaderUtil.java PRE-CREATION
webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthorizationFilter.java PRE-CREATION
webapp/src/test/java/org/apache/atlas/authorize/PolicyParserTest.java PRE-CREATION
webapp/src/test/java/org/apache/atlas/authorize/PolicyUtilTest.java PRE-CREATION
webapp/src/test/java/org/apache/atlas/authorize/SimpleAtlasAuthorizerTest.java PRE-CREATION
Diff: https://reviews.apache.org/r/46700/diff/
Testing
-------
Verified authorization by logging in to Atlas as user of different groups.
Verified that Data Scientist should not be allowed to write / update or delete any of the resources.
Added test cases to cater to parsing of policies from the policy store.
Verifed : mvn clean compile package -Pdist
Thanks,
Saqeeb Shaikh