Merge pull request #2438 from atlanhq/PLT-294

PLT-294 remove service users from guest role
atlanhq · Nov 1, 2023 · 31f8fcc · 31f8fcc
2 parents 95f4361 + 6225339
commit 31f8fcc
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/auth-agents-common/src/main/java/org/apache/atlas/plugin/util/KeycloakUserStore.java b/auth-agents-common/src/main/java/org/apache/atlas/plugin/util/KeycloakUserStore.java
@@ -40,6 +40,8 @@
 
 import static org.apache.atlas.keycloak.client.AtlasKeycloakClient.getKeycloakClient;
 import static org.apache.atlas.repository.Constants.*;
+import static org.apache.atlas.repository.util.AccessControlUtils.ARGO_SERVICE_USER_NAME;
+import static org.apache.atlas.repository.util.AccessControlUtils.BACKEND_SERVICE_USER_NAME;
 
 
 public class KeycloakUserStore {
@@ -257,6 +259,8 @@ private void processDefaultRole(Set<RangerRole> roleSet) {
                 apiTokenDefaultAccessRole.ifPresent(rangerRole -> nonGuestUsers.addAll(rangerRole.getUsers()));
 
                 defaultUsers.removeAll(nonGuestUsers);
+                defaultUsers.remove(new RangerRole.RoleMember(ARGO_SERVICE_USER_NAME, false));
+                defaultUsers.remove(new RangerRole.RoleMember(BACKEND_SERVICE_USER_NAME, false));
 
                 targetRole.get().getUsers().addAll(defaultUsers);
             }