Skip to content

Commit

Permalink
Grant permissions to governance workflow client
Browse files Browse the repository at this point in the history
  • Loading branch information
ChiragMadan1 committed Aug 19, 2024
1 parent ec00198 commit f8adb1b
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 12 deletions.
30 changes: 20 additions & 10 deletions addons/policies/bootstrap_entity_policies.json
Original file line number Diff line number Diff line change
Expand Up @@ -2120,7 +2120,8 @@
[
"admin",
"service-account-atlan-argo",
"service-account-atlan-backend"
"service-account-atlan-backend",
"atlan-governance-workflows"
],
"policyGroups":
[],
Expand Down Expand Up @@ -2185,7 +2186,8 @@
[
"admin",
"service-account-atlan-argo",
"service-account-atlan-backend"
"service-account-atlan-backend",
"atlan-governance-workflows"
],
"policyGroups":
[],
Expand Down Expand Up @@ -2221,7 +2223,8 @@
[
"admin",
"service-account-atlan-argo",
"service-account-atlan-backend"
"service-account-atlan-backend",
"atlan-governance-workflows"
],
"policyGroups":
[],
Expand Down Expand Up @@ -2257,7 +2260,8 @@
[
"admin",
"service-account-atlan-argo",
"service-account-atlan-backend"
"service-account-atlan-backend",
"atlan-governance-workflows"
],
"policyGroups":
[],
Expand Down Expand Up @@ -2367,7 +2371,8 @@
[
"admin",
"service-account-atlan-argo",
"service-account-atlan-backend"
"service-account-atlan-backend",
"atlan-governance-workflows"
],
"policyGroups":
[],
Expand Down Expand Up @@ -2441,7 +2446,8 @@
"policyUsers":
[
"service-account-atlan-argo",
"service-account-atlan-backend"
"service-account-atlan-backend",
"atlan-governance-workflows"
],
"policyGroups":
[],
Expand Down Expand Up @@ -2551,7 +2557,8 @@
"policyUsers":
[
"service-account-atlan-argo",
"service-account-atlan-backend"
"service-account-atlan-backend",
"atlan-governance-workflows"
],
"policyGroups":
[],
Expand Down Expand Up @@ -2587,7 +2594,8 @@
"policyUsers":
[
"service-account-atlan-argo",
"service-account-atlan-backend"
"service-account-atlan-backend",
"atlan-governance-workflows"
],
"policyGroups":
[],
Expand Down Expand Up @@ -2622,7 +2630,8 @@
"policyUsers":
[
"service-account-atlan-argo",
"service-account-atlan-backend"
"service-account-atlan-backend",
"atlan-governance-workflows"
],
"policyGroups":
[],
Expand Down Expand Up @@ -2657,7 +2666,8 @@
"policyUsers":
[
"service-account-atlan-argo",
"service-account-atlan-backend"
"service-account-atlan-backend",
"atlan-governance-workflows"
],
"policyGroups":
[],
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -307,8 +307,10 @@ public void validate(AtlasEntity policy, AtlasEntity existingPolicy,
//only allow argo & backend
if (!RequestContext.get().isSkipAuthorizationCheck()) {
String userName = RequestContext.getCurrentUser();
validateOperation (!ARGO_SERVICE_USER_NAME.equals(userName) && !BACKEND_SERVICE_USER_NAME.equals(userName),
"Create/Update AuthPolicy with policyCategory other than persona, purpose and datamesh");
validateOperation (!ARGO_SERVICE_USER_NAME.equals(userName) &&
!BACKEND_SERVICE_USER_NAME.equals(userName) &&
!GOVERNANCE_WORKFLOWS_SERVICE_USER_NAME.equals(userName),
"Create/Update AuthPolicy with policyCategory other than persona, purpose and datamesh");
}
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,7 @@ public final class AccessControlUtils {
public static final String CONN_NAME_PATTERN = "connection_admins_%s";
public static final String ARGO_SERVICE_USER_NAME = "service-account-atlan-argo";
public static final String BACKEND_SERVICE_USER_NAME = "service-account-atlan-backend";
public static final String GOVERNANCE_WORKFLOWS_SERVICE_USER_NAME = "atlan-governance-workflows";

public static final String INSTANCE_DOMAIN_KEY = "instance";

Expand Down

0 comments on commit f8adb1b

Please sign in to comment.