atlas-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Saqeeb Shaikh <saqeeb.shaikh...@gmail.com>
Subject Re: Review Request 46700: ATLAS-497 : Simple Authorization
Date Thu, 05 May 2016 14:37:38 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46700/
-----------------------------------------------------------

(Updated May 5, 2016, 2:37 p.m.)


Review request for atlas, Erik Bergenholtz, Shwetha GS, Selvamohan Neethiraj, and Hemanth
Yamijala.


Changes
-------

Handle Hemanth's review request comments.


Bugs: ATLAS-497
    https://issues.apache.org/jira/browse/ATLAS-497


Repository: atlas


Description
-------

**Patch Contains** Simple file based authorization for Atlas REST APIs.

Implementation contains addition of policy based authorization, where policy-store.txt contains
policies for each group / user which will login to Atlas. As initial implementation introducing
permissions for 3 Groups of Users : 

Data Scientist : Users in this Group will have Read only access to the Atlas resources
Data Steward : Users in this Group will have RWU (read, write, update) accesses to the Atlas
resources
Admin : Users in this Group will have RWUD  (read, write, update, delete) accesses to the
Atlas resources

**Assuming following resources for various APIs**
 
TYPE :  for accessing traits,classes 
ENTITY : for accessing entity, discovery, lineage APIs
OPERATION : For APIs related to Admin (version, stack, rextergraph related APIs)


Diffs (updated)
-----

  distro/src/conf/atlas-application.properties 290105f 
  distro/src/conf/policy-store.txt PRE-CREATION 
  pom.xml 729b178 
  webapp/src/main/java/org/apache/atlas/authorize/AtlasAccessRequest.java PRE-CREATION 
  webapp/src/main/java/org/apache/atlas/authorize/AtlasAccessorTypes.java PRE-CREATION 
  webapp/src/main/java/org/apache/atlas/authorize/AtlasActionTypes.java PRE-CREATION 
  webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationException.java PRE-CREATION

  webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationUtils.java PRE-CREATION

  webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizer.java PRE-CREATION 
  webapp/src/main/java/org/apache/atlas/authorize/AtlasResourceTypes.java PRE-CREATION 
  webapp/src/main/java/org/apache/atlas/authorize/PolicyDef.java PRE-CREATION 
  webapp/src/main/java/org/apache/atlas/authorize/PolicyParser.java PRE-CREATION 
  webapp/src/main/java/org/apache/atlas/authorize/PolicyUtil.java PRE-CREATION 
  webapp/src/main/java/org/apache/atlas/authorize/SimpleAtlasAuthorizer.java PRE-CREATION

  webapp/src/main/java/org/apache/atlas/util/FileReaderUtil.java PRE-CREATION 
  webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthorizationFilter.java PRE-CREATION

  webapp/src/test/java/org/apache/atlas/authorize/PolicyParserTest.java PRE-CREATION 
  webapp/src/test/java/org/apache/atlas/authorize/PolicyUtilTest.java PRE-CREATION 
  webapp/src/test/java/org/apache/atlas/authorize/SimpleAtlasAuthorizerTest.java PRE-CREATION


Diff: https://reviews.apache.org/r/46700/diff/


Testing
-------

Verified authorization by logging in to Atlas as user of different groups. 
Verified that Data Scientist should not be allowed to write / update or delete  any of the
resources. 
Added test cases to cater to parsing of policies from the policy store. 

Verifed : mvn clean compile package -Pdist


Thanks,

Saqeeb Shaikh


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message