From d1e832c3bb2e09c4d04498cfba32d96bc0a8b2d7 Mon Sep 17 00:00:00 2001 From: Sriharsha Chintalapani Date: Mon, 21 Mar 2022 22:54:01 -0700 Subject: [PATCH] Fix #3532: Enable ownership tests for Team entity (#3567) --- .../catalog/jdbi3/TeamRepository.java | 54 +++++++++++-------- .../catalog/resources/teams/TeamResource.java | 6 ++- .../catalog/security/DefaultAuthorizer.java | 7 +-- .../policy/DataConsumerAccessControl.json | 27 +++++++++- .../json/schema/api/teams/createTeam.json | 6 +-- .../json/schema/entity/teams/team.json | 5 ++ .../catalog/resources/EntityResourceTest.java | 24 +++++---- ...Test.java => PermissionsResourceTest.java} | 18 +++---- .../resources/teams/TeamResourceTest.java | 14 +++-- 9 files changed, 106 insertions(+), 55 deletions(-) rename catalog-rest-service/src/test/java/org/openmetadata/catalog/resources/permissions/{PermisssionsResourceTest.java => PermissionsResourceTest.java} (92%) diff --git a/catalog-rest-service/src/main/java/org/openmetadata/catalog/jdbi3/TeamRepository.java b/catalog-rest-service/src/main/java/org/openmetadata/catalog/jdbi3/TeamRepository.java index 3a2dd037f01..d63b58b8c26 100644 --- a/catalog-rest-service/src/main/java/org/openmetadata/catalog/jdbi3/TeamRepository.java +++ b/catalog-rest-service/src/main/java/org/openmetadata/catalog/jdbi3/TeamRepository.java @@ -13,11 +13,14 @@ package org.openmetadata.catalog.jdbi3; +import static org.openmetadata.catalog.Entity.FIELD_OWNER; +import static org.openmetadata.catalog.Entity.TEAM; import static org.openmetadata.common.utils.CommonUtil.listOrEmpty; import com.fasterxml.jackson.core.JsonProcessingException; import java.io.IOException; import java.net.URI; +import java.text.ParseException; import java.util.ArrayList; import java.util.List; import java.util.UUID; @@ -32,18 +35,11 @@ import org.openmetadata.catalog.util.EntityUtil; import org.openmetadata.catalog.util.EntityUtil.Fields; public class TeamRepository extends EntityRepository { - static final Fields TEAM_UPDATE_FIELDS = new Fields(TeamResource.ALLOWED_FIELDS, "profile,users,defaultRoles"); - static final Fields TEAM_PATCH_FIELDS = new Fields(TeamResource.ALLOWED_FIELDS, "profile,users,defaultRoles"); + static final Fields TEAM_UPDATE_FIELDS = new Fields(TeamResource.ALLOWED_FIELDS, "owner,profile,users,defaultRoles"); + static final Fields TEAM_PATCH_FIELDS = new Fields(TeamResource.ALLOWED_FIELDS, "owner,profile,users,defaultRoles"); public TeamRepository(CollectionDAO dao) { - super( - TeamResource.COLLECTION_PATH, - Entity.TEAM, - Team.class, - dao.teamDAO(), - dao, - TEAM_PATCH_FIELDS, - TEAM_UPDATE_FIELDS); + super(TeamResource.COLLECTION_PATH, TEAM, Team.class, dao.teamDAO(), dao, TEAM_PATCH_FIELDS, TEAM_UPDATE_FIELDS); } public List getEntityReferences(List ids) { @@ -58,13 +54,14 @@ public class TeamRepository extends EntityRepository { } @Override - public Team setFields(Team team, Fields fields) throws IOException { + public Team setFields(Team team, Fields fields) throws IOException, ParseException { if (!fields.contains("profile")) { team.setProfile(null); // Clear the profile attribute, if it was not requested } team.setUsers(fields.contains("users") ? getUsers(team) : null); team.setOwns(fields.contains("owns") ? getOwns(team) : null); team.setDefaultRoles(fields.contains("defaultRoles") ? getDefaultRoles(team) : null); + team.setOwner(fields.contains(FIELD_OWNER) ? getOwner(team) : null); return team; } @@ -81,6 +78,8 @@ public class TeamRepository extends EntityRepository { @Override public void prepare(Team team) throws IOException { + // Check if owner is valid and set the relationship + EntityUtil.populateOwner(daoCollection.userDAO(), daoCollection.teamDAO(), team.getOwner()); // Validate owner validateUsers(team.getUsers()); validateRoles(team.getDefaultRoles()); } @@ -88,25 +87,28 @@ public class TeamRepository extends EntityRepository { @Override public void storeEntity(Team team, boolean update) throws IOException { // Relationships and fields such as href are derived and not stored as part of json + EntityReference owner = team.getOwner(); List users = team.getUsers(); List defaultRoles = team.getDefaultRoles(); // Don't store users, defaultRoles, href as JSON. Build it on the fly based on relationships - team.withUsers(null).withDefaultRoles(null).withHref(null); + team.withUsers(null).withDefaultRoles(null).withHref(null).withOwner(null); store(team.getId(), team, update); // Restore the relationships - team.withUsers(users).withDefaultRoles(defaultRoles); + team.withUsers(users).withDefaultRoles(defaultRoles).withOwner(owner); } @Override public void storeRelationships(Team team) { + // Add team owner relationship + setOwner(team.getId(), TEAM, team.getOwner()); for (EntityReference user : listOrEmpty(team.getUsers())) { - addRelationship(team.getId(), user.getId(), Entity.TEAM, Entity.USER, Relationship.HAS); + addRelationship(team.getId(), user.getId(), TEAM, Entity.USER, Relationship.HAS); } for (EntityReference defaultRole : listOrEmpty(team.getDefaultRoles())) { - addRelationship(team.getId(), defaultRole.getId(), Entity.TEAM, Entity.ROLE, Relationship.HAS); + addRelationship(team.getId(), defaultRole.getId(), TEAM, Entity.ROLE, Relationship.HAS); } } @@ -116,18 +118,18 @@ public class TeamRepository extends EntityRepository { } private List getUsers(Team team) throws IOException { - List userIds = findTo(team.getId(), Entity.TEAM, Relationship.HAS, Entity.USER); + List userIds = findTo(team.getId(), TEAM, Relationship.HAS, Entity.USER); return EntityUtil.populateEntityReferences(userIds, Entity.USER); } private List getOwns(Team team) throws IOException { // Compile entities owned by the team return EntityUtil.populateEntityReferences( - daoCollection.relationshipDAO().findTo(team.getId().toString(), Entity.TEAM, Relationship.OWNS.ordinal())); + daoCollection.relationshipDAO().findTo(team.getId().toString(), TEAM, Relationship.OWNS.ordinal())); } private List getDefaultRoles(Team team) throws IOException { - List defaultRoleIds = findTo(team.getId(), Entity.TEAM, Relationship.HAS, Entity.ROLE); + List defaultRoleIds = findTo(team.getId(), TEAM, Relationship.HAS, Entity.ROLE); return EntityUtil.populateEntityReferences(defaultRoleIds, Entity.ROLE); } @@ -163,6 +165,16 @@ public class TeamRepository extends EntityRepository { return entity.getDeleted(); } + @Override + public void setOwner(EntityReference owner) { + entity.setOwner(owner); + } + + @Override + public EntityReference getOwner() { + return entity.getOwner(); + } + @Override public String getFullyQualifiedName() { return entity.getName(); @@ -195,7 +207,7 @@ public class TeamRepository extends EntityRepository { .withName(getFullyQualifiedName()) .withDescription(getDescription()) .withDisplayName(getDisplayName()) - .withType(Entity.TEAM) + .withType(TEAM) .withHref(getHref()) .withDeleted(isDeleted()); } @@ -270,7 +282,7 @@ public class TeamRepository extends EntityRepository { List origUsers = listOrEmpty(origTeam.getUsers()); List updatedUsers = listOrEmpty(updatedTeam.getUsers()); updateToRelationships( - "users", Entity.TEAM, origTeam.getId(), Relationship.HAS, Entity.USER, origUsers, updatedUsers, false); + "users", TEAM, origTeam.getId(), Relationship.HAS, Entity.USER, origUsers, updatedUsers, false); } private void updateDefaultRoles(Team origTeam, Team updatedTeam) throws JsonProcessingException { @@ -278,7 +290,7 @@ public class TeamRepository extends EntityRepository { List updatedDefaultRoles = listOrEmpty(updatedTeam.getDefaultRoles()); updateToRelationships( "defaultRoles", - Entity.TEAM, + TEAM, origTeam.getId(), Relationship.HAS, Entity.ROLE, diff --git a/catalog-rest-service/src/main/java/org/openmetadata/catalog/resources/teams/TeamResource.java b/catalog-rest-service/src/main/java/org/openmetadata/catalog/resources/teams/TeamResource.java index 5f0d3cf2b5e..5ceebf239ee 100644 --- a/catalog-rest-service/src/main/java/org/openmetadata/catalog/resources/teams/TeamResource.java +++ b/catalog-rest-service/src/main/java/org/openmetadata/catalog/resources/teams/TeamResource.java @@ -75,6 +75,7 @@ public class TeamResource extends EntityResource { @Override public Team addHref(UriInfo uriInfo, Team team) { + Entity.withHref(uriInfo, team.getOwner()); Entity.withHref(uriInfo, team.getUsers()); Entity.withHref(uriInfo, team.getDefaultRoles()); Entity.withHref(uriInfo, team.getOwns()); @@ -94,7 +95,7 @@ public class TeamResource extends EntityResource { } } - static final String FIELDS = "profile,users,owns,defaultRoles"; + static final String FIELDS = "owner,profile,users,owns,defaultRoles"; public static final List ALLOWED_FIELDS = Entity.getEntityFields(Team.class); @GET @@ -294,7 +295,7 @@ public class TeamResource extends EntityResource { @Context UriInfo uriInfo, @Context SecurityContext securityContext, @Valid CreateTeam ct) throws IOException, ParseException { Team team = getTeam(ct, securityContext); - SecurityUtil.checkAdminOrBotOrOwner(authorizer, securityContext, dao.getOriginalOwner(team)); + SecurityUtil.checkAdminRoleOrPermissions(authorizer, securityContext, dao.getOriginalOwner(team)); RestUtil.PutResponse response = dao.createOrUpdate(uriInfo, team); addHref(uriInfo, response.getEntity()); return response.toResponse(); @@ -361,6 +362,7 @@ public class TeamResource extends EntityResource { .withDisplayName(ct.getDisplayName()) .withProfile(ct.getProfile()) .withOwner(ct.getOwner()) + .withIsJoinable(ct.getIsJoinable()) .withUpdatedBy(securityContext.getUserPrincipal().getName()) .withUpdatedAt(System.currentTimeMillis()) .withUsers(dao.getEntityReferences(ct.getUsers())) diff --git a/catalog-rest-service/src/main/java/org/openmetadata/catalog/security/DefaultAuthorizer.java b/catalog-rest-service/src/main/java/org/openmetadata/catalog/security/DefaultAuthorizer.java index 29f4a8f23df..49026e8855a 100644 --- a/catalog-rest-service/src/main/java/org/openmetadata/catalog/security/DefaultAuthorizer.java +++ b/catalog-rest-service/src/main/java/org/openmetadata/catalog/security/DefaultAuthorizer.java @@ -155,11 +155,8 @@ public class DefaultAuthorizer implements Authorizer { Object entity = Entity.getEntity(entityReference, new EntityUtil.Fields(List.of("tags", FIELD_OWNER))); EntityReference owner = Entity.getEntityInterface(entity).getOwner(); - if (Entity.shouldHaveOwner(entityReference.getType()) && owner == null) { - // Entity does not have an owner. - return true; - } - if (Entity.shouldHaveOwner(entityReference.getType()) && isOwnedByUser(user, owner)) { + + if (Entity.shouldHaveOwner(entityReference.getType()) && owner != null && isOwnedByUser(user, owner)) { // Entity is owned by the user. return true; } diff --git a/catalog-rest-service/src/main/resources/json/data/policy/DataConsumerAccessControl.json b/catalog-rest-service/src/main/resources/json/data/policy/DataConsumerAccessControl.json index ea8d2c1b373..f130184688d 100644 --- a/catalog-rest-service/src/main/resources/json/data/policy/DataConsumerAccessControl.json +++ b/catalog-rest-service/src/main/resources/json/data/policy/DataConsumerAccessControl.json @@ -6,5 +6,30 @@ "policyType": "AccessControl", "enabled": true, "deleted": false, - "rules": [] + "rules": [ + { + "name": "DataConsumerRoleAccessControlPolicy-UpdateDescription", + "userRoleAttr": "DataConsumer", + "operation": "UpdateDescription", + "allow": true, + "enabled": true, + "priority": 1000 + }, + { + "name": "DataConsumerRoleAccessControlPolicy-UpdateOwner", + "userRoleAttr": "DataConsumer", + "operation": "UpdateOwner", + "allow": true, + "enabled": true, + "priority": 1000 + }, + { + "name": "DataConsumerRoleAccessControlPolicy-UpdateTags", + "userRoleAttr": "DataConsumer", + "operation": "UpdateTags", + "allow": true, + "enabled": true, + "priority": 1000 + } + ] } \ No newline at end of file diff --git a/catalog-rest-service/src/main/resources/json/schema/api/teams/createTeam.json b/catalog-rest-service/src/main/resources/json/schema/api/teams/createTeam.json index ca7dc597de5..14b1d61c1b4 100644 --- a/catalog-rest-service/src/main/resources/json/schema/api/teams/createTeam.json +++ b/catalog-rest-service/src/main/resources/json/schema/api/teams/createTeam.json @@ -41,10 +41,10 @@ "$ref": "../../type/entityReference.json", "default": null }, - "joinable": { - "description": "This field describes if the users can join a team without any permission. By default this is set to True.", + "isJoinable": { + "description": "Can any user join this team during sign up? Value of true indicates yes, and false no.", "type": "boolean", - "default": "true" + "default": true } }, "required": ["name"], diff --git a/catalog-rest-service/src/main/resources/json/schema/entity/teams/team.json b/catalog-rest-service/src/main/resources/json/schema/entity/teams/team.json index dfc561490be..1985c4ecc75 100644 --- a/catalog-rest-service/src/main/resources/json/schema/entity/teams/team.json +++ b/catalog-rest-service/src/main/resources/json/schema/entity/teams/team.json @@ -61,6 +61,11 @@ "$ref": "../../type/entityReference.json", "default": null }, + "isJoinable": { + "description": "Can any user join this team during sign up? Value of true indicates yes, and false no.", + "type": "boolean", + "default": true + }, "changeDescription": { "description": "Change that lead to this version of the entity.", "$ref": "../../type/entityHistory.json#/definitions/changeDescription" diff --git a/catalog-rest-service/src/test/java/org/openmetadata/catalog/resources/EntityResourceTest.java b/catalog-rest-service/src/test/java/org/openmetadata/catalog/resources/EntityResourceTest.java index 71819b7c474..6921cd7c773 100644 --- a/catalog-rest-service/src/test/java/org/openmetadata/catalog/resources/EntityResourceTest.java +++ b/catalog-rest-service/src/test/java/org/openmetadata/catalog/resources/EntityResourceTest.java @@ -262,15 +262,21 @@ public abstract class EntityResourceTest extends CatalogApplicationTest { webhookResourceTest.startWebhookSubscription(); webhookResourceTest.startWebhookEntitySubscriptions(entityType); } - + RoleResourceTest roleResourceTest = new RoleResourceTest(); + DATA_CONSUMER_ROLE = + roleResourceTest.getEntityByName(DATA_CONSUMER_ROLE_NAME, RoleResource.FIELDS, ADMIN_AUTH_HEADERS); + DATA_CONSUMER_ROLE_REFERENCE = new RoleEntityInterface(DATA_CONSUMER_ROLE).getEntityReference(); UserResourceTest userResourceTest = new UserResourceTest(); - USER1 = userResourceTest.createEntity(userResourceTest.createRequest(test), ADMIN_AUTH_HEADERS); + USER1 = + userResourceTest.createEntity( + userResourceTest.createRequest(test).withRoles(List.of(DATA_CONSUMER_ROLE.getId())), ADMIN_AUTH_HEADERS); USER_OWNER1 = new UserEntityInterface(USER1).getEntityReference(); - USER2 = userResourceTest.createEntity(userResourceTest.createRequest(test, 1), ADMIN_AUTH_HEADERS); + USER2 = + userResourceTest.createEntity( + userResourceTest.createRequest(test, 1).withRoles(List.of(DATA_CONSUMER_ROLE.getId())), ADMIN_AUTH_HEADERS); USER_OWNER2 = new UserEntityInterface(USER2).getEntityReference(); - RoleResourceTest roleResourceTest = new RoleResourceTest(); DATA_STEWARD_ROLE = roleResourceTest.getEntityByName(DATA_STEWARD_ROLE_NAME, RoleResource.FIELDS, ADMIN_AUTH_HEADERS); DATA_STEWARD_ROLE_REFERENCE = new RoleEntityInterface(DATA_STEWARD_ROLE).getEntityReference(); @@ -280,9 +286,7 @@ public abstract class EntityResourceTest extends CatalogApplicationTest { .createRequest("user-data-steward", "", "", null) .withRoles(List.of(DATA_STEWARD_ROLE.getId())), ADMIN_AUTH_HEADERS); - DATA_CONSUMER_ROLE = - roleResourceTest.getEntityByName(DATA_CONSUMER_ROLE_NAME, RoleResource.FIELDS, ADMIN_AUTH_HEADERS); - DATA_CONSUMER_ROLE_REFERENCE = new RoleEntityInterface(DATA_CONSUMER_ROLE).getEntityReference(); + USER_WITH_DATA_CONSUMER_ROLE = userResourceTest.createEntity( userResourceTest @@ -1125,12 +1129,12 @@ public abstract class EntityResourceTest extends CatalogApplicationTest { T entity = createEntity(createRequest(getEntityName(test), "description", null, null), ADMIN_AUTH_HEADERS); - // Anyone can update description on unowned entity. + // Admins, Owner or a User with policy can update the entity entity = patchEntityAndCheckAuthorization(getEntityInterface(entity), TestUtils.ADMIN_USER_NAME, false); - entity = patchEntityAndCheckAuthorization(getEntityInterface(entity), USER1.getName(), false); entity = patchEntityAndCheckAuthorization(getEntityInterface(entity), USER_WITH_DATA_STEWARD_ROLE.getName(), false); entity = patchEntityAndCheckAuthorization(getEntityInterface(entity), USER_WITH_DATA_CONSUMER_ROLE.getName(), false); + entity = patchEntityAndCheckAuthorization(getEntityInterface(entity), USER1.getName(), false); EntityInterface entityInterface = getEntityInterface(entity); @@ -1155,7 +1159,7 @@ public abstract class EntityResourceTest extends CatalogApplicationTest { entity = patchEntityAndCheckAuthorization(getEntityInterface(entity), TestUtils.ADMIN_USER_NAME, false); entity = patchEntityAndCheckAuthorization(getEntityInterface(entity), USER1.getName(), false); entity = patchEntityAndCheckAuthorization(getEntityInterface(entity), USER_WITH_DATA_STEWARD_ROLE.getName(), false); - patchEntityAndCheckAuthorization(getEntityInterface(entity), USER_WITH_DATA_CONSUMER_ROLE.getName(), true); + patchEntityAndCheckAuthorization(getEntityInterface(entity), USER_WITH_DATA_CONSUMER_ROLE.getName(), false); } @Test diff --git a/catalog-rest-service/src/test/java/org/openmetadata/catalog/resources/permissions/PermisssionsResourceTest.java b/catalog-rest-service/src/test/java/org/openmetadata/catalog/resources/permissions/PermissionsResourceTest.java similarity index 92% rename from catalog-rest-service/src/test/java/org/openmetadata/catalog/resources/permissions/PermisssionsResourceTest.java rename to catalog-rest-service/src/test/java/org/openmetadata/catalog/resources/permissions/PermissionsResourceTest.java index b228d9d771b..e4c76f522a2 100644 --- a/catalog-rest-service/src/test/java/org/openmetadata/catalog/resources/permissions/PermisssionsResourceTest.java +++ b/catalog-rest-service/src/test/java/org/openmetadata/catalog/resources/permissions/PermissionsResourceTest.java @@ -39,11 +39,11 @@ import org.openmetadata.catalog.type.MetadataOperation; import org.openmetadata.catalog.util.TestUtils; @TestInstance(TestInstance.Lifecycle.PER_CLASS) -class PermisssionsResourceTest extends CatalogApplicationTest { +class PermissionsResourceTest extends CatalogApplicationTest { private static final String DATA_STEWARD_ROLE_NAME = "DataSteward"; private static final String DATA_CONSUMER_ROLE_NAME = "DataConsumer"; - private static final String DATA_STEWARD_USER_NAME = "user-data-steward"; - private static final String DATA_CONSUMER_USER_NAME = "user-data-consumer"; + private static final String DATA_STEWARD_USER_NAME = "puser-data-steward"; + private static final String DATA_CONSUMER_USER_NAME = "puser-data-consumer"; @BeforeAll static void setup() throws IOException { @@ -69,7 +69,7 @@ class PermisssionsResourceTest extends CatalogApplicationTest { @ParameterizedTest @MethodSource("getPermissionsTestParams") - void get_permissions(String username, Map expectedOperations) + void get_permissiofns(String username, Map expectedOperations) throws HttpResponseException { WebTarget target = getResource("permissions"); Map authHeaders = SecurityUtil.authHeaders(username + "@open-metadata.org"); @@ -99,12 +99,12 @@ class PermisssionsResourceTest extends CatalogApplicationTest { DATA_STEWARD_USER_NAME, new HashMap() { { - put(MetadataOperation.SuggestDescription, Boolean.FALSE); - put(MetadataOperation.SuggestTags, Boolean.FALSE); put(MetadataOperation.UpdateDescription, Boolean.TRUE); put(MetadataOperation.UpdateLineage, Boolean.TRUE); put(MetadataOperation.UpdateOwner, Boolean.TRUE); put(MetadataOperation.UpdateTags, Boolean.TRUE); + put(MetadataOperation.SuggestDescription, Boolean.FALSE); + put(MetadataOperation.SuggestTags, Boolean.FALSE); put(MetadataOperation.DecryptTokens, Boolean.FALSE); put(MetadataOperation.UpdateTeam, Boolean.FALSE); } @@ -115,10 +115,10 @@ class PermisssionsResourceTest extends CatalogApplicationTest { { put(MetadataOperation.SuggestDescription, Boolean.FALSE); put(MetadataOperation.SuggestTags, Boolean.FALSE); - put(MetadataOperation.UpdateDescription, Boolean.FALSE); + put(MetadataOperation.UpdateDescription, Boolean.TRUE); put(MetadataOperation.UpdateLineage, Boolean.FALSE); - put(MetadataOperation.UpdateOwner, Boolean.FALSE); - put(MetadataOperation.UpdateTags, Boolean.FALSE); + put(MetadataOperation.UpdateOwner, Boolean.TRUE); + put(MetadataOperation.UpdateTags, Boolean.TRUE); put(MetadataOperation.DecryptTokens, Boolean.FALSE); put(MetadataOperation.UpdateTeam, Boolean.FALSE); } diff --git a/catalog-rest-service/src/test/java/org/openmetadata/catalog/resources/teams/TeamResourceTest.java b/catalog-rest-service/src/test/java/org/openmetadata/catalog/resources/teams/TeamResourceTest.java index 13967c36c6d..41399fe89ad 100644 --- a/catalog-rest-service/src/test/java/org/openmetadata/catalog/resources/teams/TeamResourceTest.java +++ b/catalog-rest-service/src/test/java/org/openmetadata/catalog/resources/teams/TeamResourceTest.java @@ -76,7 +76,6 @@ public class TeamResourceTest extends EntityResourceTest { public TeamResourceTest() { super(Entity.TEAM, Team.class, TeamList.class, "teams", TeamResource.FIELDS); - this.supportsOwner = false; // TODO fix the test failures after removing this this.supportsDots = false; this.supportsAuthorizedMetadataOperations = false; } @@ -345,7 +344,8 @@ public class TeamResourceTest extends EntityResourceTest { .withName(name) .withDescription(description) .withDisplayName(displayName) - .withProfile(PROFILE); + .withProfile(PROFILE) + .withOwner(owner); } @Override @@ -360,7 +360,10 @@ public class TeamResourceTest extends EntityResourceTest { @Override public void validateCreatedEntity(Team team, CreateTeam createRequest, Map authHeaders) { validateCommonEntityFields( - getEntityInterface(team), createRequest.getDescription(), TestUtils.getPrincipal(authHeaders), null); + getEntityInterface(team), + createRequest.getDescription(), + TestUtils.getPrincipal(authHeaders), + createRequest.getOwner()); assertEquals(createRequest.getProfile(), team.getProfile()); TestUtils.validateEntityReferences(team.getOwns()); @@ -401,7 +404,10 @@ public class TeamResourceTest extends EntityResourceTest { @Override public void compareEntities(Team expected, Team updated, Map authHeaders) { validateCommonEntityFields( - getEntityInterface(updated), expected.getDescription(), TestUtils.getPrincipal(authHeaders), null); + getEntityInterface(updated), + expected.getDescription(), + TestUtils.getPrincipal(authHeaders), + expected.getOwner()); assertEquals(expected.getDisplayName(), updated.getDisplayName()); assertEquals(expected.getProfile(), updated.getProfile());