bulk Entity GET API is able to read unauthorised entities too when skipFailedEntities is passed as True

Sidharth Mishra Thu, 18 Feb 2021 18:17:49 -0800

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73193/
-----------------------------------------------------------


Review request for atlas, Ashutosh Mestry, Deep Singh, Madhan Neethiraj, 
Radhika Kundam, and Sarath Subramanian.


Bugs: ATLAS-4170
    https://issues.apache.org/jira/browse/ATLAS-4170


Repository: atlas


Description
-------

ATLAS-4170: Fixed Bulk Entity GET API to skip unauthorised
 entities when skipFailedEntities is passed as True


Diffs
-----

  
repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasEntityStoreV2.java
 ce58e9aa4 


Diff: https://reviews.apache.org/r/73193/diff/1/


Testing
-------

Manually tested:
Added a Ranger policy to deny read access on hive_db for admin user and then 
passed one of the hive_db guid and skipFailedEntities=True (curl - 
http://atlas.test.site:31000/api/atlas/v2/entity/bulk?guid=ad0f349c-1fe6-46f0-be6d-98ca2e754e1c&skipFailedEntities=True)
 This returned empty after the fix as expected:

{
referredEntities: { },
entities: [ ]
}

Along with above when I passed one more hive_tale guid, it returns the 
hive_table entity details (except the hive_db)


Thanks,

Sidharth Mishra

Review Request 73193: ATLAS-4170: v2/entity/bulk Entity GET API is able to read unauthorised entities too when skipFailedEntities is passed as True

Reply via email to