Skip to content

Commit

Permalink
Merge pull request #3413 from atlanhq/wf_service_account
Browse files Browse the repository at this point in the history 
WIN-24 | Grant permissions to governance workflow client
  • Loading branch information
@ChiragMadan1
ChiragMadan1 committed Aug 26, 2024
2 parents 9d8dc78 + 6b135d5 commit 194ee0b
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 10 deletions.
24 changes: 16 additions & 8 deletions addons/policies/bootstrap_entity_policies.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2120,7 +2120,8 @@
[
"admin",
"service-account-atlan-argo",
"service-account-atlan-backend"
"service-account-atlan-backend",
"atlan-governance-workflows"
],
"policyGroups":
[],
Expand Down Expand Up @@ -2185,7 +2186,8 @@
[
"admin",
"service-account-atlan-argo",
"service-account-atlan-backend"
"service-account-atlan-backend",
"atlan-governance-workflows"
],
"policyGroups":
[],
Expand Down Expand Up @@ -2221,7 +2223,8 @@
[
"admin",
"service-account-atlan-argo",
"service-account-atlan-backend"
"service-account-atlan-backend",
"atlan-governance-workflows"
],
"policyGroups":
[],
Expand Down Expand Up @@ -2441,7 +2444,8 @@
"policyUsers":
[
"service-account-atlan-argo",
"service-account-atlan-backend"
"service-account-atlan-backend",
"atlan-governance-workflows"
],
"policyGroups":
[],
Expand Down Expand Up @@ -2551,7 +2555,8 @@
"policyUsers":
[
"service-account-atlan-argo",
"service-account-atlan-backend"
"service-account-atlan-backend",
"atlan-governance-workflows"
],
"policyGroups":
[],
Expand Down Expand Up @@ -2587,7 +2592,8 @@
"policyUsers":
[
"service-account-atlan-argo",
"service-account-atlan-backend"
"service-account-atlan-backend",
"atlan-governance-workflows"
],
"policyGroups":
[],
Expand Down Expand Up @@ -2622,7 +2628,8 @@
"policyUsers":
[
"service-account-atlan-argo",
"service-account-atlan-backend"
"service-account-atlan-backend",
"atlan-governance-workflows"
],
"policyGroups":
[],
Expand Down Expand Up @@ -2657,7 +2664,8 @@
"policyUsers":
[
"service-account-atlan-argo",
"service-account-atlan-backend"
"service-account-atlan-backend",
"atlan-governance-workflows"
],
"policyGroups":
[],
Expand Down
6 changes: 4 additions & 2 deletions ...ain/java/org/apache/atlas/repository/store/graph/v2/preprocessor/AuthPolicyValidator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -307,8 +307,10 @@ public void validate(AtlasEntity policy, AtlasEntity existingPolicy,
//only allow argo & backend
if (!RequestContext.get().isSkipAuthorizationCheck()) {
String userName = RequestContext.getCurrentUser();
validateOperation (!ARGO_SERVICE_USER_NAME.equals(userName) && !BACKEND_SERVICE_USER_NAME.equals(userName),
"Create/Update AuthPolicy with policyCategory other than persona, purpose and datamesh");
validateOperation (!ARGO_SERVICE_USER_NAME.equals(userName) &&
!BACKEND_SERVICE_USER_NAME.equals(userName) &&
!GOVERNANCE_WORKFLOWS_SERVICE_USER_NAME.equals(userName),
"Create/Update AuthPolicy with policyCategory other than persona, purpose and datamesh");
}
}
}
Expand Down
1 change: 1 addition & 0 deletions repository/src/main/java/org/apache/atlas/repository/util/AccessControlUtils.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,7 @@ public final class AccessControlUtils {
public static final String CONN_NAME_PATTERN = "connection_admins_%s";
public static final String ARGO_SERVICE_USER_NAME = "service-account-atlan-argo";
public static final String BACKEND_SERVICE_USER_NAME = "service-account-atlan-backend";
public static final String GOVERNANCE_WORKFLOWS_SERVICE_USER_NAME = "atlan-governance-workflows";

public static final String INSTANCE_DOMAIN_KEY = "instance";

Expand Down

0 comments on commit 194ee0b

Please sign in to comment.