From 1dab7c2b4e56ea615d47d2fea7fa0fcb0bee889a Mon Sep 17 00:00:00 2001
From: Mayur Singal <39544459+ulixius9@users.noreply.github.com>
Date: Mon, 17 Mar 2025 11:56:07 +0530
Subject: [PATCH] MINOR: Grant EditAll permission to lineage bot (#20258)

---
 .../migration/mysql/v170/Migration.java       |  4 ++++
 .../migration/postgres/v170/Migration.java    |  7 +++---
 .../migration/utils/v170/MigrationUtil.java   | 22 +++++++++++++++++++
 .../json/data/policy/LineageBotPolicy.json    |  2 +-
 4 files changed, 31 insertions(+), 4 deletions(-)

diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/migration/mysql/v170/Migration.java b/openmetadata-service/src/main/java/org/openmetadata/service/migration/mysql/v170/Migration.java
index 640d974d51a..59652b19cca 100644
--- a/openmetadata-service/src/main/java/org/openmetadata/service/migration/mysql/v170/Migration.java
+++ b/openmetadata-service/src/main/java/org/openmetadata/service/migration/mysql/v170/Migration.java
@@ -5,6 +5,7 @@ import static org.openmetadata.service.migration.utils.v170.MigrationUtil.runLin
 import static org.openmetadata.service.migration.utils.v170.MigrationUtil.runLineageMigrationForNullColumn;
 import static org.openmetadata.service.migration.utils.v170.MigrationUtil.updateDataInsightsApplication;
 import static org.openmetadata.service.migration.utils.v170.MigrationUtil.updateGovernanceWorkflowDefinitions;
+import static org.openmetadata.service.migration.utils.v170.MigrationUtil.updateLineageBotPolicy;
 
 import lombok.SneakyThrows;
 import org.openmetadata.service.migration.api.MigrationProcessImpl;
@@ -28,6 +29,9 @@ public class Migration extends MigrationProcessImpl {
     runLineageMigrationForNullColumn(handle);
     runLineageMigrationForNonNullColumn(handle);
 
+    // DI
     createServiceCharts();
+
+    updateLineageBotPolicy();
   }
 }
diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/migration/postgres/v170/Migration.java b/openmetadata-service/src/main/java/org/openmetadata/service/migration/postgres/v170/Migration.java
index 8e89a1df71d..6990e6cb8d3 100644
--- a/openmetadata-service/src/main/java/org/openmetadata/service/migration/postgres/v170/Migration.java
+++ b/openmetadata-service/src/main/java/org/openmetadata/service/migration/postgres/v170/Migration.java
@@ -5,6 +5,7 @@ import static org.openmetadata.service.migration.utils.v170.MigrationUtil.runLin
 import static org.openmetadata.service.migration.utils.v170.MigrationUtil.runLineageMigrationForNullColumn;
 import static org.openmetadata.service.migration.utils.v170.MigrationUtil.updateDataInsightsApplication;
 import static org.openmetadata.service.migration.utils.v170.MigrationUtil.updateGovernanceWorkflowDefinitions;
+import static org.openmetadata.service.migration.utils.v170.MigrationUtil.updateLineageBotPolicy;
 
 import lombok.SneakyThrows;
 import org.openmetadata.service.migration.api.MigrationProcessImpl;
@@ -27,10 +28,10 @@ public class Migration extends MigrationProcessImpl {
     // Lineage
     runLineageMigrationForNullColumn(handle);
     runLineageMigrationForNonNullColumn(handle);
-    initializeWorkflowHandler();
-    updateGovernanceWorkflowDefinitions();
-    updateDataInsightsApplication();
 
+    // DI
     createServiceCharts();
+
+    updateLineageBotPolicy();
   }
 }
diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/migration/utils/v170/MigrationUtil.java b/openmetadata-service/src/main/java/org/openmetadata/service/migration/utils/v170/MigrationUtil.java
index 23bbc32b938..cdae3feb5c9 100644
--- a/openmetadata-service/src/main/java/org/openmetadata/service/migration/utils/v170/MigrationUtil.java
+++ b/openmetadata-service/src/main/java/org/openmetadata/service/migration/utils/v170/MigrationUtil.java
@@ -14,10 +14,13 @@ import org.jdbi.v3.core.statement.UnableToExecuteStatementException;
 import org.openmetadata.schema.dataInsight.custom.DataInsightCustomChart;
 import org.openmetadata.schema.dataInsight.custom.LineChart;
 import org.openmetadata.schema.dataInsight.custom.LineChartMetric;
+import org.openmetadata.schema.entity.policies.Policy;
+import org.openmetadata.schema.entity.policies.accessControl.Rule;
 import org.openmetadata.schema.governance.workflows.WorkflowConfiguration;
 import org.openmetadata.schema.governance.workflows.WorkflowDefinition;
 import org.openmetadata.schema.governance.workflows.elements.WorkflowNodeDefinitionInterface;
 import org.openmetadata.schema.type.LineageDetails;
+import org.openmetadata.schema.type.MetadataOperation;
 import org.openmetadata.service.Entity;
 import org.openmetadata.service.exception.EntityNotFoundException;
 import org.openmetadata.service.governance.workflows.flowable.MainWorkflow;
@@ -25,6 +28,7 @@ import org.openmetadata.service.jdbi3.AppMarketPlaceRepository;
 import org.openmetadata.service.jdbi3.AppRepository;
 import org.openmetadata.service.jdbi3.DataInsightSystemChartRepository;
 import org.openmetadata.service.jdbi3.ListFilter;
+import org.openmetadata.service.jdbi3.PolicyRepository;
 import org.openmetadata.service.jdbi3.WorkflowDefinitionRepository;
 import org.openmetadata.service.resources.databases.DatasourceConfig;
 import org.openmetadata.service.util.EntityUtil;
@@ -327,4 +331,22 @@ public class MigrationUtil {
                         .withFormula("sum(k='tierSources.Automated')")
                         .withName("ai"))));
   }
+
+  public static void updateLineageBotPolicy() {
+    PolicyRepository policyRepository =
+        (PolicyRepository) Entity.getEntityRepository(Entity.POLICY);
+    List<Policy> policies =
+        policyRepository.listAll(EntityUtil.Fields.EMPTY_FIELDS, new ListFilter());
+    for (Policy policy : policies) {
+      if (policy.getName().equals("LineageBotPolicy")) {
+        for (Rule rule : policy.getRules()) {
+          if (rule.getName().equals("LineageBotRule-Allow")
+              && !rule.getOperations().contains(MetadataOperation.EDIT_ALL)) {
+            rule.getOperations().add(MetadataOperation.EDIT_ALL);
+            policyRepository.createOrUpdate(null, policy);
+          }
+        }
+      }
+    }
+  }
 }
diff --git a/openmetadata-service/src/main/resources/json/data/policy/LineageBotPolicy.json b/openmetadata-service/src/main/resources/json/data/policy/LineageBotPolicy.json
index 7e24ceade5b..63ab1c73e7d 100644
--- a/openmetadata-service/src/main/resources/json/data/policy/LineageBotPolicy.json
+++ b/openmetadata-service/src/main/resources/json/data/policy/LineageBotPolicy.json
@@ -18,7 +18,7 @@
       "name": "LineageBotRule-Allow",
       "description" : "Allow creating and updating lineage",
       "resources" : ["All"],
-      "operations": ["EditLineage", "EditQueries", "ViewAll"],
+      "operations": ["EditAll", "ViewAll"],
       "effect": "allow"
     }
   ]