Repository: atlas Updated Branches: refs/heads/branch-1.0 028a623a7 -> 8e12c2e19
ATLAS-2821:- Update old atlas-simple-authz-policy.json file with relationship permission attributes Project: http://git-wip-us.apache.org/repos/asf/atlas/repo Commit: http://git-wip-us.apache.org/repos/asf/atlas/commit/8e12c2e1 Tree: http://git-wip-us.apache.org/repos/asf/atlas/tree/8e12c2e1 Diff: http://git-wip-us.apache.org/repos/asf/atlas/diff/8e12c2e1 Branch: refs/heads/branch-1.0 Commit: 8e12c2e19dc9b0fe45df5555400387e2ef300baa Parents: 028a623 Author: nixonrodrigues <ni...@apache.org> Authored: Tue Aug 14 18:49:17 2018 +0530 Committer: nixonrodrigues <ni...@apache.org> Committed: Thu Aug 16 19:28:47 2018 +0530 ---------------------------------------------------------------------- .../simple/AtlasSimpleAuthzUpdateTool.java | 150 +++++++++++++++++++ distro/src/bin/atlas_update_simple_auth_json.py | 40 +++++ 2 files changed, 190 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/atlas/blob/8e12c2e1/authorization/src/main/java/org/apache/atlas/authorize/simple/AtlasSimpleAuthzUpdateTool.java ---------------------------------------------------------------------- diff --git a/authorization/src/main/java/org/apache/atlas/authorize/simple/AtlasSimpleAuthzUpdateTool.java b/authorization/src/main/java/org/apache/atlas/authorize/simple/AtlasSimpleAuthzUpdateTool.java new file mode 100644 index 0000000..fddde98 --- /dev/null +++ b/authorization/src/main/java/org/apache/atlas/authorize/simple/AtlasSimpleAuthzUpdateTool.java @@ -0,0 +1,150 @@ +/** Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.atlas.authorize.simple; + +import java.io.IOException; + +import java.io.File; +import java.nio.file.Files; +import java.nio.file.Paths; + +import java.util.ArrayList; +import java.util.List; + +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.*; +import com.fasterxml.jackson.databind.SerializationFeature; + +public class AtlasSimpleAuthzUpdateTool { + + + public static void main(String[] args) { + + if (args != null & args.length > 0) { + updateSimpleAuthzJsonWithRelationshipPermissions(args[0]); + } else { + System.out.println("Provide Atlas conf path"); + } + + } + + + public static void updateSimpleAuthzJsonWithRelationshipPermissions(String jsonConfPath) { + + List<String> wildCard = new ArrayList<String>(); + wildCard.add(".*"); + + try { + + ObjectMapper mapper = new ObjectMapper(); + AtlasSimpleAuthzPolicy authzPolicy = mapper.readValue(new File(jsonConfPath + "/atlas-simple-authz-policy.json"), AtlasSimpleAuthzPolicy.class); + + + AtlasSimpleAuthzPolicy.AtlasAuthzRole dataAdmin = authzPolicy.getRoles().get("ROLE_ADMIN"); + boolean permissionUpdated = false; + + + if (dataAdmin != null && dataAdmin.getRelationshipPermissions() == null) { + AtlasSimpleAuthzPolicy.AtlasRelationshipPermission relationshipPermissions = new AtlasSimpleAuthzPolicy.AtlasRelationshipPermission(); + relationshipPermissions.setPrivileges(wildCard); + + relationshipPermissions.setRelationshipTypes(wildCard); + + relationshipPermissions.setEnd1EntityClassification(wildCard); + relationshipPermissions.setEnd1EntityId(wildCard); + relationshipPermissions.setEnd1EntityType(wildCard); + + relationshipPermissions.setEnd2EntityClassification(wildCard); + relationshipPermissions.setEnd2EntityId(wildCard); + relationshipPermissions.setEnd2EntityType(wildCard); + + List<AtlasSimpleAuthzPolicy.AtlasRelationshipPermission> relationshipPermissionsList = new ArrayList<AtlasSimpleAuthzPolicy.AtlasRelationshipPermission>(); + + + relationshipPermissionsList.add(relationshipPermissions); + + dataAdmin.setRelationshipPermissions(relationshipPermissionsList); + permissionUpdated = true; + } + + + AtlasSimpleAuthzPolicy.AtlasAuthzRole dataSteward = authzPolicy.getRoles().get("DATA_STEWARD"); + List<String> permissiondataSteward = new ArrayList<String>(); + + permissiondataSteward.add("add-relationship"); + permissiondataSteward.add("update-relationship"); + permissiondataSteward.add("remove-relationship"); + + if (dataSteward != null && dataSteward.getRelationshipPermissions() == null) { + AtlasSimpleAuthzPolicy.AtlasRelationshipPermission relationshipPermissions = new AtlasSimpleAuthzPolicy.AtlasRelationshipPermission(); + relationshipPermissions.setPrivileges(permissiondataSteward); + relationshipPermissions.setRelationshipTypes(wildCard); + + relationshipPermissions.setEnd1EntityClassification(wildCard); + relationshipPermissions.setEnd1EntityId(wildCard); + relationshipPermissions.setEnd1EntityType(wildCard); + + relationshipPermissions.setEnd2EntityClassification(wildCard); + relationshipPermissions.setEnd2EntityId(wildCard); + relationshipPermissions.setEnd2EntityType(wildCard); + + + List<AtlasSimpleAuthzPolicy.AtlasRelationshipPermission> relationshipPermissionsList = new ArrayList<AtlasSimpleAuthzPolicy.AtlasRelationshipPermission>(); + relationshipPermissionsList.add(relationshipPermissions); + dataSteward.setRelationshipPermissions(relationshipPermissionsList); + permissionUpdated = true; + } + + if(permissionUpdated) { + writeUsingFiles(jsonConfPath + "/atlas-simple-authz-policy.json", toJson(authzPolicy, mapper)); + } + + + } catch (Exception e) { + System.err.println(" Error while updating JSON " + e.getMessage()); + } + + } + + + public static String toJson(Object obj, ObjectMapper mapper) { + mapper.enable(SerializationFeature.INDENT_OUTPUT); // to beautify json + + String ret; + try { + if (obj instanceof JsonNode && ((JsonNode) obj).isTextual()) { + ret = ((JsonNode) obj).textValue(); + } else { + ret = mapper.writeValueAsString(obj); + } + } catch (IOException e) { + + ret = null; + } + return ret; + } + + + private static void writeUsingFiles(String file, String data) { + try { + Files.write(Paths.get( file ), data.getBytes()); + } catch (IOException e) { + System.err.println(" Error while writeUsingFiles JSON " + e.getMessage()); + } + } +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/atlas/blob/8e12c2e1/distro/src/bin/atlas_update_simple_auth_json.py ---------------------------------------------------------------------- diff --git a/distro/src/bin/atlas_update_simple_auth_json.py b/distro/src/bin/atlas_update_simple_auth_json.py new file mode 100755 index 0000000..f932071 --- /dev/null +++ b/distro/src/bin/atlas_update_simple_auth_json.py @@ -0,0 +1,40 @@ +#!/usr/bin/env python + +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +import os +import sys + +import atlas_config as mc +import atlas_client_cmdline as cmdline + +def main(): + + conf_dir = cmdline.setup_conf_dir() + jvm_opts_list = cmdline.setup_jvm_opts_list(conf_dir, 'atlas_admin.log') + atlas_classpath = cmdline.get_atlas_classpath(conf_dir) + + process = mc.java("org.apache.atlas.authorize.simple.AtlasSimpleAuthzUpdateTool", sys.argv[1:], atlas_classpath, jvm_opts_list) + return process.wait() + +if __name__ == '__main__': + try: + returncode = main() + except Exception as e: + print "Exception: %s " % str(e) + returncode = -1 + + sys.exit(returncode)