atlas-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bolke de Bruin <bdbr...@gmail.com>
Subject Re: Review Request 72438: Allow system attributes to be updated when policy allows
Date Sun, 03 May 2020 07:43:59 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72438/
-----------------------------------------------------------

(Updated May 3, 2020, 7:43 a.m.)


Review request for atlas, Ashutosh Mestry, Bolke de Bruin, Madhan Neethiraj, Nixon Rodrigues,
and Sarath Subramanian.


Changes
-------

Improved unit tests
Made into feature flag


Bugs: ATLAS-3755
    https://issues.apache.org/jira/browse/ATLAS-3755


Repository: atlas


Description
-------

Atlas does not operate in a isolated environment, this is one of the reasons the "homeId"
system attribute was introduced. Unfortunately system attributes can only be updated when
importing. This means any integration with other services is significantly limited (Kafka,
Rest API will not work). (See also ATLAS-3754)
To resolve this I propose to make it possible to update the system attributes when policy
allows it. This introduces new AtlasPrivilege.ENTITY_UPDATE_SYSTEM_ATTRIBUTE and AtlasPrivilege.ENTITY_CREATE_SYSTEM_ATTRIBUTE
next to AtlasPrivilege.ENTITY_UPDATE_ATTRIBUTE and AtlasPrivilege.ENTITY_CREATE_ATTRIBUTE
rather than just checking on the entity level. In certain places we will then drop the requirement
for an import to be active as this can now happen through other channels as well.
This allows operators to specify policies that allow granular controls over attributes and
system attributes.


Diffs (updated)
-----

  authorization/src/main/java/org/apache/atlas/authorize/AtlasEntityAccessRequest.java 6d49d54b1

  authorization/src/main/java/org/apache/atlas/authorize/simple/AtlasSimpleAuthorizer.java
734991691 
  authorization/src/main/java/org/apache/atlas/authorize/simple/AtlasSimpleAuthzPolicy.java
d19112885 
  authorization/src/main/resources/atlas-simple-authz-policy.json 6b2001279 
  intg/src/main/java/org/apache/atlas/ApplicationProperties.java 1f1f3771b 
  intg/src/main/java/org/apache/atlas/model/instance/AtlasEntity.java 4d8c94894 
  intg/src/main/java/org/apache/atlas/type/AtlasEntityType.java 3962c3c42 
  intg/src/main/java/org/apache/atlas/type/Constants.java 3fc13056e 
  repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasEntityStoreV2.java
379150b7b 
  repository/src/main/java/org/apache/atlas/repository/store/graph/v2/EntityGraphRetriever.java
36bee301d 
  repository/src/main/java/org/apache/atlas/repository/store/graph/v2/EntityMutationContext.java
deb743eea 
  repository/src/main/java/org/apache/atlas/repository/store/graph/v2/IDBasedEntityResolver.java
3b9694851 
  repository/src/test/java/org/apache/atlas/repository/store/graph/v2/AtlasEntityStoreV2Test.java
38228a8ec 


Diff: https://reviews.apache.org/r/72438/diff/5/

Changes: https://reviews.apache.org/r/72438/diff/4-5/


Testing
-------

- Manually tested
- Unit test updated


Thanks,

Bolke de Bruin


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message