yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-08-31 20:51:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Minor: Add ViewAll policy to enable default OrganizationPolicy to allow users to view metadata (#18353)

Browse Source 
* Minor: Add ViewAll policy to enable default OrganizationPolicy to allow uses to view metadata

* Minor: Add ViewAll policy to enable default OrganizationPolicy to allow uses to view metadata
This commit is contained in:
Sriharsha Chintalapani 2024-10-21 23:21:13 -07:00 committed by GitHub
parent d0fb5137af
commit 9bd93c15ab
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 42 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
openmetadata-service/src/main/java/org/openmetadata/service/migration/mysql/v160/Migration.java
View File

@ -1,6 +1,7 @@
package org.openmetadata.service.migration.mysql.v160; package org.openmetadata.service.migration.mysql.v160;
import static org.openmetadata.service.migration.utils.v160.MigrationUtil.addAppExtensionName; import static org.openmetadata.service.migration.utils.v160.MigrationUtil.addAppExtensionName;
import static org.openmetadata.service.migration.utils.v160.MigrationUtil.addViewAllRuleToOrgPolicy;
import static org.openmetadata.service.migration.utils.v160.MigrationUtil.migrateServiceTypesAndConnections; import static org.openmetadata.service.migration.utils.v160.MigrationUtil.migrateServiceTypesAndConnections;
import lombok.SneakyThrows; import lombok.SneakyThrows;
@ -18,5 +19,6 @@ public class Migration extends MigrationProcessImpl {
public void runDataMigration() { public void runDataMigration() {
addAppExtensionName(handle, collectionDAO, authenticationConfiguration, false); addAppExtensionName(handle, collectionDAO, authenticationConfiguration, false);
migrateServiceTypesAndConnections(handle, false); migrateServiceTypesAndConnections(handle, false);
addViewAllRuleToOrgPolicy(collectionDAO);
} }
} }

2
openmetadata-service/src/main/java/org/openmetadata/service/migration/postgres/v160/Migration.java
View File

@ -1,6 +1,7 @@
package org.openmetadata.service.migration.postgres.v160; package org.openmetadata.service.migration.postgres.v160;
import static org.openmetadata.service.migration.utils.v160.MigrationUtil.addAppExtensionName; import static org.openmetadata.service.migration.utils.v160.MigrationUtil.addAppExtensionName;
import static org.openmetadata.service.migration.utils.v160.MigrationUtil.addViewAllRuleToOrgPolicy;
import static org.openmetadata.service.migration.utils.v160.MigrationUtil.migrateServiceTypesAndConnections; import static org.openmetadata.service.migration.utils.v160.MigrationUtil.migrateServiceTypesAndConnections;
import lombok.SneakyThrows; import lombok.SneakyThrows;
@ -18,5 +19,6 @@ public class Migration extends MigrationProcessImpl {
public void runDataMigration() { public void runDataMigration() {
addAppExtensionName(handle, collectionDAO, authenticationConfiguration, true); addAppExtensionName(handle, collectionDAO, authenticationConfiguration, true);
migrateServiceTypesAndConnections(handle, true); migrateServiceTypesAndConnections(handle, true);
addViewAllRuleToOrgPolicy(collectionDAO);
} }
} }

38
openmetadata-service/src/main/java/org/openmetadata/service/migration/utils/v160/MigrationUtil.java
View File

@ -1,5 +1,7 @@
package org.openmetadata.service.migration.utils.v160; package org.openmetadata.service.migration.utils.v160;
import static org.openmetadata.common.utils.CommonUtil.listOf;
import java.util.UUID; import java.util.UUID;
import javax.json.JsonObject; import javax.json.JsonObject;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
@ -8,11 +10,15 @@ import org.jdbi.v3.core.statement.Update;
import org.openmetadata.schema.api.security.AuthenticationConfiguration; import org.openmetadata.schema.api.security.AuthenticationConfiguration;
import org.openmetadata.schema.entity.app.App; import org.openmetadata.schema.entity.app.App;
import org.openmetadata.schema.entity.app.AppExtension; import org.openmetadata.schema.entity.app.AppExtension;
import org.openmetadata.schema.entity.policies.Policy;
import org.openmetadata.schema.entity.policies.accessControl.Rule;
import org.openmetadata.schema.type.Include; import org.openmetadata.schema.type.Include;
import org.openmetadata.schema.type.MetadataOperation;
import org.openmetadata.service.Entity; import org.openmetadata.service.Entity;
import org.openmetadata.service.exception.EntityNotFoundException; import org.openmetadata.service.exception.EntityNotFoundException;
import org.openmetadata.service.jdbi3.AppRepository; import org.openmetadata.service.jdbi3.AppRepository;
import org.openmetadata.service.jdbi3.CollectionDAO; import org.openmetadata.service.jdbi3.CollectionDAO;
import org.openmetadata.service.jdbi3.PolicyRepository;
import org.openmetadata.service.util.JsonUtils; import org.openmetadata.service.util.JsonUtils;
@Slf4j @Slf4j
@ -71,6 +77,38 @@ public class MigrationUtil {
} }
} }
public static void addViewAllRuleToOrgPolicy(CollectionDAO collectionDAO) {
PolicyRepository repository = (PolicyRepository) Entity.getEntityRepository(Entity.POLICY);
try {
Policy organizationPolicy = repository.findByName("OrganizationPolicy", Include.NON_DELETED);
boolean noViewAllRule = true;
for (Rule rule : organizationPolicy.getRules()) {
if (rule.getName().equals("OrganizationPolicy-View-All-Rule")) {
noViewAllRule = false;
break;
}
}
if (noViewAllRule) {
Rule viewAllRule =
new Rule()
.withName("OrganizationPolicy-ViewAll-Rule")
.withResources(listOf("all"))
.withOperations(listOf(MetadataOperation.VIEW_ALL))
.withEffect(Rule.Effect.ALLOW)
.withDescription("Allow all users to view all metadata");
organizationPolicy.getRules().add(viewAllRule);
collectionDAO
.policyDAO()
.update(
organizationPolicy.getId(),
organizationPolicy.getFullyQualifiedName(),
JsonUtils.pojoToJson(organizationPolicy));
}
} catch (EntityNotFoundException ex) {
LOG.warn("OrganizationPolicy not found", ex);
}
}
private static void updateAppExtension(Handle handle, App app, boolean postgres) { private static void updateAppExtension(Handle handle, App app, boolean postgres) {
Update update; Update update;
if (postgres) { if (postgres) {