From 67fd1ff3e07d97921cc32b51eedf5e343f904a43 Mon Sep 17 00:00:00 2001 From: Nikhil P Bonte Date: Thu, 21 Sep 2023 19:58:39 +0530 Subject: [PATCH] DG-118 Bootstrap inverse policy for Connection link-assets permission --- .../connection_bootstrap_policies.json | 36 +++++++++++++++++++ .../policy_cache_transformer_persona.json | 21 +++++++++++ 2 files changed, 57 insertions(+) diff --git a/addons/static/templates/connection_bootstrap_policies.json b/addons/static/templates/connection_bootstrap_policies.json index fea01add07..4f0b8a448c 100644 --- a/addons/static/templates/connection_bootstrap_policies.json +++ b/addons/static/templates/connection_bootstrap_policies.json @@ -36,6 +36,42 @@ } }, + { + "typeName": "AuthPolicy", + "guid": -8, + "attributes": { + "qualifiedName": "{guid}/connection-link-assets-inverse", + "name": "{name}-connection-link-assets-inverse", + "policyCategory": "bootstrap", + "policySubCategory": "connection", + "policyType": "allow", + "policyServiceName": "atlas", + "policyRoles": [ + "connection_admins_{guid}" + ], + "policyActions": [ + "add-relationship", + "remove-relationship" + ], + "policyResourceCategory": "RELATIONSHIP", + "policyResources": [ + "end-one-entity-classification:*", + "end-one-entity:*", + "end-one-entity-type:Catalog", + "end-one-entity-type:Connection", + "end-one-entity-type:Process", + "end-one-entity-type:ProcessExecution", + "end-one-entity-type:Namespace", + + "end-two-entity-classification:*", + "end-two-entity:{entity}", + "end-two-entity:{entity}/*", + "end-two-entity-type:*", + + "relationship-type:*" + ] + } + }, { "typeName": "AuthPolicy", "guid": -2, diff --git a/addons/static/templates/policy_cache_transformer_persona.json b/addons/static/templates/policy_cache_transformer_persona.json index 926fab339a..e48eba784a 100644 --- a/addons/static/templates/policy_cache_transformer_persona.json +++ b/addons/static/templates/policy_cache_transformer_persona.json @@ -44,6 +44,27 @@ "end-two-entity:*" ], "actions": ["add-relationship", "remove-relationship"] + }, + { + "policyType": "ACCESS", + "policyResourceCategory": "RELATIONSHIP", + "resources": [ + "relationship-type:*", + + "end-one-entity-type:Catalog", + "end-one-entity-type:Connection", + "end-one-entity-type:Process", + "end-one-entity-type:Namespace", + "end-one-entity-type:ProcessExecution", + "end-one-entity-classification:*", + "end-one-entity:*", + + "end-two-entity-type:{entity-type}", + "end-two-entity-classification:*", + "end-two-entity:{entity}", + "end-two-entity:{entity}/*" + ], + "actions": ["add-relationship", "remove-relationship"] } ], "persona-api-create": [