Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[old] ABAC authz only in mem #4299

Draft
wants to merge 23 commits into
base: master
Choose a base branch
from
Draft

[old] ABAC authz only in mem #4299

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
c76a129
DG-215 Full restrictions on READ indexsearch
nikhilbonte21 Feb 13, 2024
1ae5fd5
Update maven.yml
nikhilbonte21 Feb 13, 2024
a5c9f72
Refactorings
nikhilbonte21 Feb 14, 2024
42a0404
flag based return query string in response
nikhilbonte21 Feb 14, 2024
7e75d6d
Revert
nikhilbonte21 Feb 14, 2024
8d70da4
print full restrictions flag in toString
nikhilbonte21 Feb 20, 2024
f67e171
Ignore full restrictions for Persona/Purpose request
nikhilbonte21 Feb 21, 2024
031b00c
Ignore full restrictions for Persona/Purpose request
nikhilbonte21 Feb 21, 2024
a41823d
Revert "Ignore full restrictions for Persona/Purpose request"
nikhilbonte21 Feb 21, 2024
78d2fe7
revert redundant chnage
nikhilbonte21 Feb 23, 2024
8a1c217
Refactorings
nikhilbonte21 Feb 23, 2024
b7c5ab4
Update maven.yml
nikhilbonte21 Feb 23, 2024
51d5e6d
PLT-860 Persona/Purpose disable/enable issue
nikhilbonte21 Feb 20, 2024
828035f
PLT-860 refactoring
nikhilbonte21 Feb 20, 2024
8f7efd7
ABAC policy support & evaluator
nikhilbonte21 Feb 23, 2024
7f6ca30
Merge branch 'master' into fullrestrictionsonreads
nikhilbonte21 Feb 27, 2024
0ae8933
Fix OR condition evaluation issue
nikhilbonte21 Mar 22, 2024
1437c84
Merge branch 'master' into fullrestrictionsonreads
nikhilbonte21 Mar 22, 2024
f223408
Merge branch 'fullrestrictionsonreads' into fullRestrictionsPlusABACa…
nikhilbonte21 Mar 22, 2024
670d5b0
Remove ES query evaluation
nikhilbonte21 Mar 22, 2024
f8149b7
Club atlas auth result with abac auth result
nikhilbonte21 Apr 5, 2024
bbe5164
Club Atlas authz result with ABAC authz
nikhilbonte21 Apr 15, 2024
2879c05
init commit
hr2904 Jul 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 23 additions & 2 deletions addons/models/0000-Area0/0010-base_model.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -616,7 +616,7 @@
],
"description": "Model to store auth service in Atlas",
"serviceType": "atlan",
"typeVersion": "1.1",
"typeVersion": "1.2",
"attributeDefs": [
{
"name": "authServiceType",
Expand All @@ -640,6 +640,17 @@
"skipScrubbing": true,
"includeInNotification": true
},
{
"name": "abacService",
"typeName": "string",
"indexType": "STRING",
"cardinality": "SINGLE",
"isIndexable": false,
"isOptional": true,
"isUnique": false,
"skipScrubbing": true,
"includeInNotification": true
},
{
"name": "authServiceIsEnabled",
"typeName": "boolean",
Expand Down Expand Up @@ -681,9 +692,19 @@
"Asset"
],
"serviceType": "atlan",
"typeVersion": "1.1",
"typeVersion": "1.2",
"attributeDefs":
[
{
"name": "policyFilterCriteria",
"typeName": "string",
"cardinality": "SINGLE",
"isIndexable": false,
"isOptional": true,
"isUnique": false,
"skipScrubbing": true,
"includeInNotification": true
},
{
"name": "policyType",
"typeName": "AuthPolicyType",
Expand Down
113 changes: 113 additions & 0 deletions addons/override-policies/glossary_policies.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,113 @@
{
"entities":
[
{
"typeName": "AuthPolicy",
"customAttributes": {
"internalId": 28
},
"attributes":
{
"name": "READ_GLOSSARY",
"qualifiedName": "READ_GLOSSARY",
"policyCategory": "bootstrap",
"policySubCategory": "default",
"policyServiceName": "atlas",
"policyType": "allow",
"policyPriority": 1,
"policyUsers":
[],
"policyGroups":
[],
"policyRoles":
[
"$admin",
"$api-token-default-access"
],
"policyResourceCategory": "ENTITY",
"policyResources":
[
"entity-type:AtlasGlossary",
"entity-classification:*",
"entity:*"
],
"policyActions":
[
"entity-read"
]
}
},
{
"typeName": "AuthPolicy",
"customAttributes": {
"internalId": 29
},
"attributes":
{
"name": "READ_TERM",
"qualifiedName": "READ_TERM",
"policyCategory": "bootstrap",
"policySubCategory": "default",
"policyServiceName": "atlas",
"policyType": "allow",
"policyPriority": 1,
"policyUsers":
[],
"policyGroups":
[],
"policyRoles":
[
"$admin",
"$api-token-default-access"
],
"policyResourceCategory": "ENTITY",
"policyResources":
[
"entity-type:AtlasGlossaryTerm",
"entity-classification:*",
"entity:*"
],
"policyActions":
[
"entity-read"
]
}
},
{
"typeName": "AuthPolicy",
"customAttributes": {
"internalId": 30
},
"attributes":
{
"name": "READ_CATEGORY",
"qualifiedName": "READ_CATEGORY",
"policyCategory": "bootstrap",
"policySubCategory": "default",
"policyServiceName": "atlas",
"policyType": "allow",
"policyPriority": 1,
"policyUsers":
[],
"policyGroups":
[],
"policyRoles":
[
"$admin",
"$api-token-default-access"
],
"policyResourceCategory": "ENTITY",
"policyResources":
[
"entity-type:AtlasGlossaryCategory",
"entity-classification:*",
"entity:*"
],
"policyActions":
[
"entity-read"
]
}
}
]
}
13 changes: 13 additions & 0 deletions addons/policies/atlas_service.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,18 @@
}
}
},
{
"typeName": "AuthService",
"attributes":
{
"qualifiedName": "auth_service_atlas_abac",
"name": "atlas_abac",
"authServiceType": "abac",
"authServiceConfig": {
"ranger.plugin.audit.filters": "[{'accessResult':'DENIED','isAudited':true}]"
}
}
},
{
"typeName": "AuthService",
"attributes":
Expand All @@ -20,6 +32,7 @@
"name": "atlas",
"authServiceType": "atlas",
"tagService": "atlas_tag",
"abacService": "atlas_abac",
"authServiceConfig": {
"ranger.plugin.audit.filters": "[ {'accessResult': 'DENIED', 'isAudited': true}, {'users':['atlas'] ,'isAudited':false} ]"
}
Expand Down
6 changes: 6 additions & 0 deletions auth-agents-common/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,12 @@
<version>${project.version}</version>
</dependency>

<dependency>
<groupId>org.apache.atlas</groupId>
<artifactId>auth-common</artifactId>
<version>${project.version}</version>
</dependency>

<dependency>
<groupId>org.apache.atlas</groupId>
<artifactId>auth-audits</artifactId>
Expand Down
Loading