#6420 - Allow better bot role binding (#15966)

* #6420 - Allow better bot role binding

* format

* Add bot user role in data file

* Add bot user role in data file

* Trigger Build

* Trigger Build

openmetadata-service/src/main/java/org/openmetadata/service/resources/bots/BotResource.java

@@ -13,7 +13,7 @@
 
 package org.openmetadata.service.resources.bots;
 
-import static org.openmetadata.service.util.UserUtil.getRoleForBot;
+import static org.openmetadata.common.utils.CommonUtil.listOrEmpty;
 
 import io.swagger.v3.oas.annotations.ExternalDocumentation;
 import io.swagger.v3.oas.annotations.Operation;
@@ -64,8 +64,10 @@ import org.openmetadata.service.jdbi3.BotRepository;
 import org.openmetadata.service.jdbi3.CollectionDAO.EntityRelationshipRecord;
 import org.openmetadata.service.jdbi3.EntityRepository;
 import org.openmetadata.service.jdbi3.ListFilter;
+import org.openmetadata.service.jdbi3.UserRepository;
 import org.openmetadata.service.resources.Collection;
 import org.openmetadata.service.resources.EntityResource;
+import org.openmetadata.service.resources.teams.RoleResource;
 import org.openmetadata.service.security.Authorizer;
 import org.openmetadata.service.security.SecurityUtil;
 import org.openmetadata.service.util.EntityUtil;
@@ -91,18 +93,31 @@ public class BotResource extends EntityResource<Bot, BotRepository> {
 
   @Override
   public void initialize(OpenMetadataApplicationConfig config) throws IOException {
-    // Load system bots
-    List<Bot> bots = repository.getEntitiesFromSeedData();
     String domain = SecurityUtil.getDomain(config);
+    // First, load the bot users and assign their roles
+    UserRepository userRepository = (UserRepository) Entity.getEntityRepository(Entity.USER);
+    List<User> botUsers = userRepository.getEntitiesFromSeedData(".*json/data/botUser/.*\\.json$");
+    for (User botUser : botUsers) {
+      User user =
+          UserUtil.user(botUser.getName(), domain, botUser.getName())
+              .withIsBot(true)
+              .withIsAdmin(false);
+      user.setRoles(
+          listOrEmpty(botUser.getRoles()).stream()
+              .map(entityReference -> RoleResource.getRole(entityReference.getName()))
+              .toList());
+      // Add or update User Bot
+      UserUtil.addOrUpdateBotUser(user);
+    }
+
+    // Then, load the bots and bind them to the users
+    List<Bot> bots = repository.getEntitiesFromSeedData();
     for (Bot bot : bots) {
       String userName = bot.getBotUser().getName();
-      User user = UserUtil.user(userName, domain, userName).withIsBot(true).withIsAdmin(false);
+      bot.withBotUser(
-
+          userRepository
-      // Add role corresponding to the bot to the user
+              .getByName(null, userName, userRepository.getFields("id"))
-      // we need to set a mutable list here
+              .getEntityReference());
-      user.setRoles(getRoleForBot(bot.getName()));
-      user = UserUtil.addOrUpdateBotUser(user);
-      bot.withBotUser(user.getEntityReference());
       repository.initializeEntity(bot);
     }
   }

openmetadata-service/src/main/java/org/openmetadata/service/resources/teams/UserResource.java

@@ -110,7 +110,6 @@ import org.openmetadata.schema.type.EntityHistory;
 import org.openmetadata.schema.type.EntityReference;
 import org.openmetadata.schema.type.Include;
 import org.openmetadata.schema.type.MetadataOperation;
-import org.openmetadata.schema.type.ProviderType;
 import org.openmetadata.schema.type.Relationship;
 import org.openmetadata.schema.type.csv.CsvImportResult;
 import org.openmetadata.service.Entity;
@@ -147,7 +146,6 @@ import org.openmetadata.service.util.PasswordUtil;
 import org.openmetadata.service.util.RestUtil.PutResponse;
 import org.openmetadata.service.util.ResultList;
 import org.openmetadata.service.util.TokenUtil;
-import org.openmetadata.service.util.UserUtil;
 
 @Slf4j
 @Path("/v1/users")
@@ -1440,8 +1438,6 @@ public class UserResource extends EntityResource<User, UserRepository> {
               create.getAuthenticationMechanism(),
               original.getAuthenticationMechanism());
       user.setRoles(original.getRoles());
-    } else if (bot != null && ProviderType.SYSTEM.equals(bot.getProvider())) {
-      user.setRoles(UserUtil.getRoleForBot(botName));
     }
     // TODO remove this
     addAuthMechanismToBot(user, create, uriInfo);

openmetadata-service/src/main/java/org/openmetadata/service/util/UserUtil.java

@@ -13,7 +13,6 @@
 
 package org.openmetadata.service.util;
 
-import static org.openmetadata.common.utils.CommonUtil.listOf;
 import static org.openmetadata.common.utils.CommonUtil.listOrEmpty;
 import static org.openmetadata.common.utils.CommonUtil.nullOrEmpty;
 import static org.openmetadata.schema.entity.teams.AuthenticationMechanism.AuthType.JWT;
@@ -48,7 +47,6 @@ import org.openmetadata.service.Entity;
 import org.openmetadata.service.exception.EntityNotFoundException;
 import org.openmetadata.service.jdbi3.EntityRepository;
 import org.openmetadata.service.jdbi3.UserRepository;
-import org.openmetadata.service.resources.teams.RoleResource;
 import org.openmetadata.service.security.auth.CatalogSecurityContext;
 import org.openmetadata.service.security.jwt.JWTTokenGenerator;
 import org.openmetadata.service.util.EntityUtil.Fields;
@@ -232,17 +230,6 @@ public final class UserUtil {
     }
   }
 
-  public static List<EntityReference> getRoleForBot(String botName) {
-    String botRole =
-        switch (botName) {
-          case Entity.INGESTION_BOT_NAME -> Entity.INGESTION_BOT_ROLE;
-          case Entity.QUALITY_BOT_NAME -> Entity.QUALITY_BOT_ROLE;
-          case Entity.PROFILER_BOT_NAME -> Entity.PROFILER_BOT_ROLE;
-          default -> throw new IllegalArgumentException("No role found for the bot " + botName);
-        };
-    return listOf(RoleResource.getRole(botRole));
-  }
-
   public static EntityReference getUserOrBot(String name) {
     EntityReference userOrBot;
     try {

openmetadata-service/src/main/resources/json/data/bot/ingestionBot.json

@@ -1,5 +1,6 @@
 {
   "name": "ingestion-bot",
+  "displayName": "IngestionBot",
   "description": "Bot used for ingesting metadata.",
   "fullyQualifiedName": "ingestion-bot",
   "botUser": {

openmetadata-service/src/main/resources/json/data/botUser/ingestionBot.json

@@ -0,0 +1,9 @@
+{
+  "name": "ingestion-bot",
+  "roles": [
+    {
+        "name": "IngestionBotRole",
+        "type": "role"
+    }
+  ]
+}