DG-118 Bootstrap inverse policy for Connection link-assets permission

atlanhq · Sep 21, 2023 · 67fd1ff · 67fd1ff
1 parent e1b793a
commit 67fd1ff
Show file tree

Hide file tree

Showing 2 changed files with 57 additions and 0 deletions.
diff --git a/addons/static/templates/connection_bootstrap_policies.json b/addons/static/templates/connection_bootstrap_policies.json
@@ -36,6 +36,42 @@
 
         }
     },
+    {
+        "typeName": "AuthPolicy",
+        "guid": -8,
+        "attributes": {
+            "qualifiedName": "{guid}/connection-link-assets-inverse",
+            "name": "{name}-connection-link-assets-inverse",
+            "policyCategory": "bootstrap",
+            "policySubCategory": "connection",
+            "policyType": "allow",
+            "policyServiceName": "atlas",
+            "policyRoles": [
+                "connection_admins_{guid}"
+            ],
+            "policyActions": [
+                "add-relationship",
+                "remove-relationship"
+            ],
+            "policyResourceCategory": "RELATIONSHIP",
+            "policyResources": [
+                "end-one-entity-classification:*",
+                "end-one-entity:*",
+                "end-one-entity-type:Catalog",
+                "end-one-entity-type:Connection",
+                "end-one-entity-type:Process",
+                "end-one-entity-type:ProcessExecution",
+                "end-one-entity-type:Namespace",
+
+                "end-two-entity-classification:*",
+                "end-two-entity:{entity}",
+                "end-two-entity:{entity}/*",
+                "end-two-entity-type:*",
+
+                "relationship-type:*"
+            ]
+        }
+    },
     {
         "typeName": "AuthPolicy",
         "guid": -2,

diff --git a/addons/static/templates/policy_cache_transformer_persona.json b/addons/static/templates/policy_cache_transformer_persona.json
@@ -44,6 +44,27 @@
         "end-two-entity:*"
       ],
       "actions": ["add-relationship", "remove-relationship"]
+    },
+    {
+      "policyType": "ACCESS",
+      "policyResourceCategory": "RELATIONSHIP",
+      "resources": [
+        "relationship-type:*",
+
+        "end-one-entity-type:Catalog",
+        "end-one-entity-type:Connection",
+        "end-one-entity-type:Process",
+        "end-one-entity-type:Namespace",
+        "end-one-entity-type:ProcessExecution",
+        "end-one-entity-classification:*",
+        "end-one-entity:*",
+
+        "end-two-entity-type:{entity-type}",
+        "end-two-entity-classification:*",
+        "end-two-entity:{entity}",
+        "end-two-entity:{entity}/*"
+      ],
+      "actions": ["add-relationship", "remove-relationship"]
     }
   ],
   "persona-api-create": [