Merge pull request #2278 from atlanhq/nb/1245

GOV-1245 Address review comment

repository/src/main/java/org/apache/atlas/repository/store/bootstrap/AuthPoliciesBootstrapper.java

@@ -81,13 +81,17 @@ private void startInternal() {
     private void loadBootstrapAuthPolicies() {
         LOG.info("==> AuthPoliciesBootstrapper.loadBootstrapAuthPolicies()");
 
-        RequestContext.get().setPoliciesBootstrappingInProgress(true);
+        RequestContext.get().setSkipAuthorizationCheck(true);
 
-        String atlasHomeDir  = System.getProperty("atlas.home");
-        String policiesDirName = (StringUtils.isEmpty(atlasHomeDir) ? "." : atlasHomeDir) + File.separator + "policies";
+        try {
+            String atlasHomeDir  = System.getProperty("atlas.home");
+            String policiesDirName = (StringUtils.isEmpty(atlasHomeDir) ? "." : atlasHomeDir) + File.separator + "policies";
 
-        File topPoliciesDir  = new File(policiesDirName);
-        loadPoliciesInFolder(topPoliciesDir);
+            File topPoliciesDir  = new File(policiesDirName);
+            loadPoliciesInFolder(topPoliciesDir);
+        } finally {
+            RequestContext.get().setSkipAuthorizationCheck(false);
+        }
 
         LOG.info("<== AuthPoliciesBootstrapper.loadBootstrapAuthPolicies()");
     }

repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasEntityStoreV2.java

@@ -1437,7 +1437,7 @@ private EntityMutationResponse createOrUpdate(EntityStream entityStream, boolean
             final EntityMutationContext context = preCreateOrUpdate(entityStream, entityGraphMapper, isPartialUpdate);
 
             // Check if authorized to create entities
-            if (!RequestContext.get().isImportInProgress() && !RequestContext.get().isPoliciesBootstrappingInProgress()) {
+            if (!RequestContext.get().isImportInProgress() && !RequestContext.get().isSkipAuthorizationCheck()) {
                 for (AtlasEntity entity : context.getCreatedEntities()) {
                     if (!PreProcessor.skipInitialAuthCheckTypes.contains(entity.getTypeName())) {
                         AtlasAuthorizationUtils.verifyAccess(new AtlasEntityAccessRequest(typeRegistry, AtlasPrivilege.ENTITY_CREATE, new AtlasEntityHeader(entity)),

repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/AuthPolicyPreProcessor.java

@@ -245,7 +245,7 @@ public void processDelete(AtlasVertex vertex) throws AtlasBaseException {
     }
 
     private void authorizeDeleteAuthPolicy(AtlasEntity policy) throws AtlasBaseException {
-        if (!RequestContext.get().isSkipAuthPolicyDeleteAuthCheck()) {
+        if (!RequestContext.get().isSkipAuthorizationCheck()) {
             AtlasEntityAccessRequest request = new AtlasEntityAccessRequest(typeRegistry, AtlasPrivilege.ENTITY_DELETE, new AtlasEntityHeader(policy));
             verifyAccess(request, "delete entity: guid=" + policy.getGuid());
         }

repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/AuthPolicyValidator.java

@@ -265,7 +265,7 @@ public void validate(AtlasEntity policy, AtlasEntity existingPolicy,
 
         } else {
             //only allow argo & backend
-            if (!RequestContext.get().isPoliciesBootstrappingInProgress()) {
+            if (!RequestContext.get().isSkipAuthorizationCheck()) {
                 String userName = RequestContext.getCurrentUser();
                 validateOperation (!ARGO_SERVICE_USER_NAME.equals(userName) && !BACKEND_SERVICE_USER_NAME.equals(userName),
                         "Create/Update AuthPolicy with policyCategory other than persona & purpose");

repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/ConnectionPreProcessor.java

@@ -142,12 +142,12 @@ private void processCreateConnection(AtlasStruct struct) throws AtlasBaseExcepti
             AtlasEntitiesWithExtInfo policies = transformer.transform(connection);
 
             try {
-                RequestContext.get().setPoliciesBootstrappingInProgress(true);
+                RequestContext.get().setSkipAuthorizationCheck(true);
                 EntityStream entityStream = new AtlasEntityStream(policies);
                 entityStore.createOrUpdate(entityStream, false);
                 LOG.info("Created bootstrap policies for connection {}", connection.getAttribute(QUALIFIED_NAME));
             } finally {
-                RequestContext.get().setPoliciesBootstrappingInProgress(false);
+                RequestContext.get().setSkipAuthorizationCheck(false);
             }
 
             RequestContext.get().endMetricRecord(metricRecorder);
@@ -254,6 +254,7 @@ private List<AtlasEntityHeader> getConnectionPolicies(String guid, String roleNa
         dsl.put("query", mapOf("bool", mapOf("must", mustClauseList)));
 
         indexSearchParams.setDsl(dsl);
+        indexSearchParams.setSuppressLogs(true);
 
         AtlasSearchResult result = discovery.directIndexSearch(indexSearchParams);
         if (result != null) {

repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/sql/QueryCollectionPreProcessor.java

@@ -28,7 +28,6 @@
 import org.apache.atlas.model.instance.AtlasEntity;
 import org.apache.atlas.model.instance.AtlasEntityHeader;
 import org.apache.atlas.model.instance.AtlasStruct;
-import org.apache.atlas.model.instance.EntityMutationResponse;
 import org.apache.atlas.model.instance.EntityMutations;
 import org.apache.atlas.repository.graph.GraphHelper;
 import org.apache.atlas.repository.graphdb.AtlasVertex;
@@ -138,12 +137,12 @@ private void processCreate(AtlasStruct entity) throws AtlasBaseException {
                 AtlasEntity.AtlasEntitiesWithExtInfo policies = transformer.transform(collection);
 
                 try {
-                    RequestContext.get().setPoliciesBootstrappingInProgress(true);
+                    RequestContext.get().setSkipAuthorizationCheck(true);
                     EntityStream entityStream = new AtlasEntityStream(policies);
                     entityStore.createOrUpdate(entityStream, false);
                     LOG.info("Created bootstrap policies for collection {}", entity.getAttribute(QUALIFIED_NAME));
                 } finally {
-                    RequestContext.get().setPoliciesBootstrappingInProgress(false);
+                    RequestContext.get().setSkipAuthorizationCheck(false);
                 }
             }
         } finally {
@@ -182,7 +181,7 @@ public void processDelete(AtlasVertex vertex) throws AtlasBaseException {
 
                 //delete collection policies
                 List<AtlasEntityHeader> policies = getCollectionPolicies(collectionGuid);
-                RequestContext.get().setSkipAuthPolicyDeleteAuthCheck(true);
+                RequestContext.get().setSkipAuthorizationCheck(true);
                 entityStore.deleteByIds(policies.stream().map(x -> x.getGuid()).collect(Collectors.toList()));
 
                 //delete collection roles
@@ -194,7 +193,7 @@ public void processDelete(AtlasVertex vertex) throws AtlasBaseException {
             }
         } finally {
             RequestContext.get().endMetricRecord(metricRecorder);
-            RequestContext.get().setSkipAuthPolicyDeleteAuthCheck(false);
+            RequestContext.get().setSkipAuthorizationCheck(false);
         }
     }
 

server-api/src/main/java/org/apache/atlas/RequestContext.java

@@ -80,7 +80,6 @@ public class RequestContext {
     private int maxAttempts = 1;
     private int attemptCount = 1;
     private boolean isImportInProgress = false;
-    private boolean isPoliciesBootstrappingInProgress = false;
     private boolean     isInNotificationProcessing = false;
     private boolean     isInTypePatching           = false;
     private boolean     createShellEntityForNonExistingReference = false;
@@ -94,7 +93,7 @@ public class RequestContext {
     private final Map<AtlasObjectId, Object> relationshipEndToVertexIdMap = new HashMap<>();
     private boolean     allowDuplicateDisplayName;
     private MetricsRegistry metricsRegistry;
-    private boolean skipAuthPolicyDeleteAuthCheck = false;
+    private boolean skipAuthorizationCheck = false;
 
     private RequestContext() {
     }
@@ -152,8 +151,7 @@ public void clearCache() {
         this.relationshipEndToVertexIdMap.clear();
         this.relationshipMutationMap.clear();
         this.currentTask = null;
-
-        this.isPoliciesBootstrappingInProgress = false;
+        this.skipAuthorizationCheck = false;
 
         if (metrics != null && !metrics.isEmpty()) {
             METRICS.debug(metrics.toString());
@@ -412,20 +410,12 @@ public static int getActiveRequestsCount() {
         return ACTIVE_REQUESTS.size();
     }
 
-    public boolean isPoliciesBootstrappingInProgress() {
-        return isPoliciesBootstrappingInProgress;
-    }
-
-    public void setPoliciesBootstrappingInProgress(boolean policiesBootstrappingInProgress) {
-        isPoliciesBootstrappingInProgress = policiesBootstrappingInProgress;
-    }
-
-    public boolean isSkipAuthPolicyDeleteAuthCheck() {
-        return skipAuthPolicyDeleteAuthCheck;
+    public boolean isSkipAuthorizationCheck() {
+        return skipAuthorizationCheck;
     }
 
-    public void setSkipAuthPolicyDeleteAuthCheck(boolean skipAuthPolicyDeleteAuthCheck) {
-        this.skipAuthPolicyDeleteAuthCheck = skipAuthPolicyDeleteAuthCheck;
+    public void setSkipAuthorizationCheck(boolean skipAuthorizationCheck) {
+        this.skipAuthorizationCheck = skipAuthorizationCheck;
     }
 
     public static long earliestActiveRequestTime() {

webapp/src/main/java/org/apache/atlas/web/rest/MigrationREST.java

@@ -109,13 +109,13 @@ public EntityMutationResponse bootstrapConnections(AtlasEntity.AtlasEntitiesWith
                     }
                     AtlasEntity.AtlasEntitiesWithExtInfo policiesExtInfo = transformer.transform(entity);
                     try {
-                        RequestContext.get().setPoliciesBootstrappingInProgress(true);
+                        RequestContext.get().setSkipAuthorizationCheck(true);
                         EntityStream entityStream = new AtlasEntityStream(policiesExtInfo);
                         EntityMutationResponse policyResponse = entityStore.createOrUpdate(entityStream, false);
                         response.setMutatedEntities(policyResponse.getMutatedEntities());
                         LOG.info("Created bootstrap policies for connection");
                     } finally {
-                        RequestContext.get().setPoliciesBootstrappingInProgress(false);
+                        RequestContext.get().setSkipAuthorizationCheck(false);
                     }
                 }
             }
@@ -142,14 +142,14 @@ public EntityMutationResponse bootstrapCollections(AtlasEntity.AtlasEntitiesWith
                     //create bootstrap policies
                     AtlasEntity.AtlasEntitiesWithExtInfo policies = transformer.transform(entity);
                     try {
-                        RequestContext.get().setPoliciesBootstrappingInProgress(true);
+                        RequestContext.get().setSkipAuthorizationCheck(true);
 
                         EntityStream entityStream = new AtlasEntityStream(policies);
                         EntityMutationResponse policyResponse = entityStore.createOrUpdate(entityStream, false);
                         response.setMutatedEntities(policyResponse.getMutatedEntities());
                         LOG.info("Created bootstrap policies for connection");
                     } finally {
-                        RequestContext.get().setPoliciesBootstrappingInProgress(false);
+                        RequestContext.get().setSkipAuthorizationCheck(false);
                     }
                 }
             }