From c395d433fc0f1b6895ddc183d4d10f0c89d21bb2 Mon Sep 17 00:00:00 2001 From: Nikhil P Bonte Date: Fri, 18 Aug 2023 12:34:52 +0530 Subject: [PATCH] GOV-1245 Address review comment --- .../bootstrap/AuthPoliciesBootstrapper.java | 14 +++++++----- .../store/graph/v2/AtlasEntityStoreV2.java | 2 +- .../preprocessor/AuthPolicyPreProcessor.java | 2 +- .../v2/preprocessor/AuthPolicyValidator.java | 2 +- .../preprocessor/ConnectionPreProcessor.java | 5 +++-- .../sql/QueryCollectionPreProcessor.java | 9 ++++---- .../java/org/apache/atlas/RequestContext.java | 22 +++++-------------- .../apache/atlas/web/rest/MigrationREST.java | 8 +++---- 8 files changed, 29 insertions(+), 35 deletions(-) diff --git a/repository/src/main/java/org/apache/atlas/repository/store/bootstrap/AuthPoliciesBootstrapper.java b/repository/src/main/java/org/apache/atlas/repository/store/bootstrap/AuthPoliciesBootstrapper.java index ddb94056b8..9b1327ba1f 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/bootstrap/AuthPoliciesBootstrapper.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/bootstrap/AuthPoliciesBootstrapper.java @@ -81,13 +81,17 @@ private void startInternal() { private void loadBootstrapAuthPolicies() { LOG.info("==> AuthPoliciesBootstrapper.loadBootstrapAuthPolicies()"); - RequestContext.get().setPoliciesBootstrappingInProgress(true); + RequestContext.get().setSkipAuthorizationCheck(true); - String atlasHomeDir = System.getProperty("atlas.home"); - String policiesDirName = (StringUtils.isEmpty(atlasHomeDir) ? "." : atlasHomeDir) + File.separator + "policies"; + try { + String atlasHomeDir = System.getProperty("atlas.home"); + String policiesDirName = (StringUtils.isEmpty(atlasHomeDir) ? "." : atlasHomeDir) + File.separator + "policies"; - File topPoliciesDir = new File(policiesDirName); - loadPoliciesInFolder(topPoliciesDir); + File topPoliciesDir = new File(policiesDirName); + loadPoliciesInFolder(topPoliciesDir); + } finally { + RequestContext.get().setSkipAuthorizationCheck(false); + } LOG.info("<== AuthPoliciesBootstrapper.loadBootstrapAuthPolicies()"); } diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasEntityStoreV2.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasEntityStoreV2.java index 8b7e7b95f8..88dedd45a9 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasEntityStoreV2.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasEntityStoreV2.java @@ -1437,7 +1437,7 @@ private EntityMutationResponse createOrUpdate(EntityStream entityStream, boolean final EntityMutationContext context = preCreateOrUpdate(entityStream, entityGraphMapper, isPartialUpdate); // Check if authorized to create entities - if (!RequestContext.get().isImportInProgress() && !RequestContext.get().isPoliciesBootstrappingInProgress()) { + if (!RequestContext.get().isImportInProgress() && !RequestContext.get().isSkipAuthorizationCheck()) { for (AtlasEntity entity : context.getCreatedEntities()) { if (!PreProcessor.skipInitialAuthCheckTypes.contains(entity.getTypeName())) { AtlasAuthorizationUtils.verifyAccess(new AtlasEntityAccessRequest(typeRegistry, AtlasPrivilege.ENTITY_CREATE, new AtlasEntityHeader(entity)), diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/AuthPolicyPreProcessor.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/AuthPolicyPreProcessor.java index 4574363b78..5149568f1a 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/AuthPolicyPreProcessor.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/AuthPolicyPreProcessor.java @@ -245,7 +245,7 @@ public void processDelete(AtlasVertex vertex) throws AtlasBaseException { } private void authorizeDeleteAuthPolicy(AtlasEntity policy) throws AtlasBaseException { - if (!RequestContext.get().isSkipAuthPolicyDeleteAuthCheck()) { + if (!RequestContext.get().isSkipAuthorizationCheck()) { AtlasEntityAccessRequest request = new AtlasEntityAccessRequest(typeRegistry, AtlasPrivilege.ENTITY_DELETE, new AtlasEntityHeader(policy)); verifyAccess(request, "delete entity: guid=" + policy.getGuid()); } diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/AuthPolicyValidator.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/AuthPolicyValidator.java index 451e7326ec..8a91b4af5f 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/AuthPolicyValidator.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/AuthPolicyValidator.java @@ -265,7 +265,7 @@ public void validate(AtlasEntity policy, AtlasEntity existingPolicy, } else { //only allow argo & backend - if (!RequestContext.get().isPoliciesBootstrappingInProgress()) { + if (!RequestContext.get().isSkipAuthorizationCheck()) { String userName = RequestContext.getCurrentUser(); validateOperation (!ARGO_SERVICE_USER_NAME.equals(userName) && !BACKEND_SERVICE_USER_NAME.equals(userName), "Create/Update AuthPolicy with policyCategory other than persona & purpose"); diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/ConnectionPreProcessor.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/ConnectionPreProcessor.java index f143ae9fc5..b994398c23 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/ConnectionPreProcessor.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/ConnectionPreProcessor.java @@ -142,12 +142,12 @@ private void processCreateConnection(AtlasStruct struct) throws AtlasBaseExcepti AtlasEntitiesWithExtInfo policies = transformer.transform(connection); try { - RequestContext.get().setPoliciesBootstrappingInProgress(true); + RequestContext.get().setSkipAuthorizationCheck(true); EntityStream entityStream = new AtlasEntityStream(policies); entityStore.createOrUpdate(entityStream, false); LOG.info("Created bootstrap policies for connection {}", connection.getAttribute(QUALIFIED_NAME)); } finally { - RequestContext.get().setPoliciesBootstrappingInProgress(false); + RequestContext.get().setSkipAuthorizationCheck(false); } RequestContext.get().endMetricRecord(metricRecorder); @@ -254,6 +254,7 @@ private List getConnectionPolicies(String guid, String roleNa dsl.put("query", mapOf("bool", mapOf("must", mustClauseList))); indexSearchParams.setDsl(dsl); + indexSearchParams.setSuppressLogs(true); AtlasSearchResult result = discovery.directIndexSearch(indexSearchParams); if (result != null) { diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/sql/QueryCollectionPreProcessor.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/sql/QueryCollectionPreProcessor.java index 4b7496611f..63e8ba4250 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/sql/QueryCollectionPreProcessor.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/sql/QueryCollectionPreProcessor.java @@ -28,7 +28,6 @@ import org.apache.atlas.model.instance.AtlasEntity; import org.apache.atlas.model.instance.AtlasEntityHeader; import org.apache.atlas.model.instance.AtlasStruct; -import org.apache.atlas.model.instance.EntityMutationResponse; import org.apache.atlas.model.instance.EntityMutations; import org.apache.atlas.repository.graph.GraphHelper; import org.apache.atlas.repository.graphdb.AtlasVertex; @@ -138,12 +137,12 @@ private void processCreate(AtlasStruct entity) throws AtlasBaseException { AtlasEntity.AtlasEntitiesWithExtInfo policies = transformer.transform(collection); try { - RequestContext.get().setPoliciesBootstrappingInProgress(true); + RequestContext.get().setSkipAuthorizationCheck(true); EntityStream entityStream = new AtlasEntityStream(policies); entityStore.createOrUpdate(entityStream, false); LOG.info("Created bootstrap policies for collection {}", entity.getAttribute(QUALIFIED_NAME)); } finally { - RequestContext.get().setPoliciesBootstrappingInProgress(false); + RequestContext.get().setSkipAuthorizationCheck(false); } } } finally { @@ -182,7 +181,7 @@ public void processDelete(AtlasVertex vertex) throws AtlasBaseException { //delete collection policies List policies = getCollectionPolicies(collectionGuid); - RequestContext.get().setSkipAuthPolicyDeleteAuthCheck(true); + RequestContext.get().setSkipAuthorizationCheck(true); entityStore.deleteByIds(policies.stream().map(x -> x.getGuid()).collect(Collectors.toList())); //delete collection roles @@ -194,7 +193,7 @@ public void processDelete(AtlasVertex vertex) throws AtlasBaseException { } } finally { RequestContext.get().endMetricRecord(metricRecorder); - RequestContext.get().setSkipAuthPolicyDeleteAuthCheck(false); + RequestContext.get().setSkipAuthorizationCheck(false); } } diff --git a/server-api/src/main/java/org/apache/atlas/RequestContext.java b/server-api/src/main/java/org/apache/atlas/RequestContext.java index bdf9dfa3df..e3cbeb5d94 100644 --- a/server-api/src/main/java/org/apache/atlas/RequestContext.java +++ b/server-api/src/main/java/org/apache/atlas/RequestContext.java @@ -80,7 +80,6 @@ public class RequestContext { private int maxAttempts = 1; private int attemptCount = 1; private boolean isImportInProgress = false; - private boolean isPoliciesBootstrappingInProgress = false; private boolean isInNotificationProcessing = false; private boolean isInTypePatching = false; private boolean createShellEntityForNonExistingReference = false; @@ -94,7 +93,7 @@ public class RequestContext { private final Map relationshipEndToVertexIdMap = new HashMap<>(); private boolean allowDuplicateDisplayName; private MetricsRegistry metricsRegistry; - private boolean skipAuthPolicyDeleteAuthCheck = false; + private boolean skipAuthorizationCheck = false; private RequestContext() { } @@ -152,8 +151,7 @@ public void clearCache() { this.relationshipEndToVertexIdMap.clear(); this.relationshipMutationMap.clear(); this.currentTask = null; - - this.isPoliciesBootstrappingInProgress = false; + this.skipAuthorizationCheck = false; if (metrics != null && !metrics.isEmpty()) { METRICS.debug(metrics.toString()); @@ -412,20 +410,12 @@ public static int getActiveRequestsCount() { return ACTIVE_REQUESTS.size(); } - public boolean isPoliciesBootstrappingInProgress() { - return isPoliciesBootstrappingInProgress; - } - - public void setPoliciesBootstrappingInProgress(boolean policiesBootstrappingInProgress) { - isPoliciesBootstrappingInProgress = policiesBootstrappingInProgress; - } - - public boolean isSkipAuthPolicyDeleteAuthCheck() { - return skipAuthPolicyDeleteAuthCheck; + public boolean isSkipAuthorizationCheck() { + return skipAuthorizationCheck; } - public void setSkipAuthPolicyDeleteAuthCheck(boolean skipAuthPolicyDeleteAuthCheck) { - this.skipAuthPolicyDeleteAuthCheck = skipAuthPolicyDeleteAuthCheck; + public void setSkipAuthorizationCheck(boolean skipAuthorizationCheck) { + this.skipAuthorizationCheck = skipAuthorizationCheck; } public static long earliestActiveRequestTime() { diff --git a/webapp/src/main/java/org/apache/atlas/web/rest/MigrationREST.java b/webapp/src/main/java/org/apache/atlas/web/rest/MigrationREST.java index 1d0a00c422..b1cb307550 100644 --- a/webapp/src/main/java/org/apache/atlas/web/rest/MigrationREST.java +++ b/webapp/src/main/java/org/apache/atlas/web/rest/MigrationREST.java @@ -109,13 +109,13 @@ public EntityMutationResponse bootstrapConnections(AtlasEntity.AtlasEntitiesWith } AtlasEntity.AtlasEntitiesWithExtInfo policiesExtInfo = transformer.transform(entity); try { - RequestContext.get().setPoliciesBootstrappingInProgress(true); + RequestContext.get().setSkipAuthorizationCheck(true); EntityStream entityStream = new AtlasEntityStream(policiesExtInfo); EntityMutationResponse policyResponse = entityStore.createOrUpdate(entityStream, false); response.setMutatedEntities(policyResponse.getMutatedEntities()); LOG.info("Created bootstrap policies for connection"); } finally { - RequestContext.get().setPoliciesBootstrappingInProgress(false); + RequestContext.get().setSkipAuthorizationCheck(false); } } } @@ -142,14 +142,14 @@ public EntityMutationResponse bootstrapCollections(AtlasEntity.AtlasEntitiesWith //create bootstrap policies AtlasEntity.AtlasEntitiesWithExtInfo policies = transformer.transform(entity); try { - RequestContext.get().setPoliciesBootstrappingInProgress(true); + RequestContext.get().setSkipAuthorizationCheck(true); EntityStream entityStream = new AtlasEntityStream(policies); EntityMutationResponse policyResponse = entityStore.createOrUpdate(entityStream, false); response.setMutatedEntities(policyResponse.getMutatedEntities()); LOG.info("Created bootstrap policies for connection"); } finally { - RequestContext.get().setPoliciesBootstrappingInProgress(false); + RequestContext.get().setSkipAuthorizationCheck(false); } } }