From 62253393f39cd2be581f86564d0e9c8f9672c9f4 Mon Sep 17 00:00:00 2001
From: Nikhil P Bonte <nikhil.bonte@atlan.com>
Date: Wed, 1 Nov 2023 17:30:25 +0530
Subject: [PATCH] PLT-294 remove service users from guest role

---
 .../java/org/apache/atlas/plugin/util/KeycloakUserStore.java  | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/auth-agents-common/src/main/java/org/apache/atlas/plugin/util/KeycloakUserStore.java b/auth-agents-common/src/main/java/org/apache/atlas/plugin/util/KeycloakUserStore.java
index 06fd614673..cefcb50c7e 100644
--- a/auth-agents-common/src/main/java/org/apache/atlas/plugin/util/KeycloakUserStore.java
+++ b/auth-agents-common/src/main/java/org/apache/atlas/plugin/util/KeycloakUserStore.java
@@ -40,6 +40,8 @@
 
 import static org.apache.atlas.keycloak.client.AtlasKeycloakClient.getKeycloakClient;
 import static org.apache.atlas.repository.Constants.*;
+import static org.apache.atlas.repository.util.AccessControlUtils.ARGO_SERVICE_USER_NAME;
+import static org.apache.atlas.repository.util.AccessControlUtils.BACKEND_SERVICE_USER_NAME;
 
 
 public class KeycloakUserStore {
@@ -257,6 +259,8 @@ private void processDefaultRole(Set<RangerRole> roleSet) {
                 apiTokenDefaultAccessRole.ifPresent(rangerRole -> nonGuestUsers.addAll(rangerRole.getUsers()));
 
                 defaultUsers.removeAll(nonGuestUsers);
+                defaultUsers.remove(new RangerRole.RoleMember(ARGO_SERVICE_USER_NAME, false));
+                defaultUsers.remove(new RangerRole.RoleMember(BACKEND_SERVICE_USER_NAME, false));
 
                 targetRole.get().getUsers().addAll(defaultUsers);
             }