Merge pull request #2271 from atlanhq/nb/1245

GOV-1245 Address Review comments #2271
atlanhq · Aug 16, 2023 · 9c36e83 · 9c36e83
2 parents 703cfa2 + f697300
commit 9c36e83
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 10 deletions.
diff --git a/.../java/org/apache/atlas/repository/store/graph/v2/preprocessor/AuthPolicyPreProcessor.java b/.../java/org/apache/atlas/repository/store/graph/v2/preprocessor/AuthPolicyPreProcessor.java
@@ -245,13 +245,13 @@ public void processDelete(AtlasVertex vertex) throws AtlasBaseException {
     }
 
     private void authorizeDeleteAuthPolicy(AtlasEntity policy) throws AtlasBaseException {
-        if (getPolicyCategory(policy).equals(POLICY_CATEGORY_BOOTSTRAP) && getPolicySubCategory(policy).equals(POLICY_SUB_CATEGORY_COLLECTION)) {
-            //skip auth check for collection bootstrap policies
-            //refer - https://linear.app/atlanproduct/issue/GOV-1245/collection-delete-is-failing-for-member-as-they-dont-have-authpolicy
-        } else {
+        if (!RequestContext.get().isSkipAuthPolicyDeleteAuthCheck()) {
             AtlasEntityAccessRequest request = new AtlasEntityAccessRequest(typeRegistry, AtlasPrivilege.ENTITY_DELETE, new AtlasEntityHeader(policy));
             verifyAccess(request, "delete entity: guid=" + policy.getGuid());
         }
+        /* else,
+        * skip auth check
+        * */
     }
 
     private void validateConnectionAdmin(AtlasEntity policy) throws AtlasBaseException {

diff --git a/.../apache/atlas/repository/store/graph/v2/preprocessor/sql/QueryCollectionPreProcessor.java b/.../apache/atlas/repository/store/graph/v2/preprocessor/sql/QueryCollectionPreProcessor.java
@@ -30,6 +30,7 @@
 import org.apache.atlas.model.instance.AtlasStruct;
 import org.apache.atlas.model.instance.EntityMutationResponse;
 import org.apache.atlas.model.instance.EntityMutations;
+import org.apache.atlas.repository.graph.GraphHelper;
 import org.apache.atlas.repository.graphdb.AtlasVertex;
 import org.apache.atlas.repository.store.graph.AtlasEntityStore;
 import org.apache.atlas.repository.store.graph.v2.AtlasEntityStream;
@@ -170,26 +171,30 @@ public void processDelete(AtlasVertex vertex) throws AtlasBaseException {
         AtlasPerfMetrics.MetricRecorder metricRecorder = RequestContext.get().startMetricRecord("processDeleteCollection");
 
         try {
-            AtlasEntityHeader collection = entityRetriever.toAtlasEntityHeader(vertex);
+            AtlasEntity.Status collectionStatus = GraphHelper.getStatus(vertex);
 
-            if (!AtlasEntity.Status.ACTIVE.equals(collection.getStatus())) {
+            if (!AtlasEntity.Status.ACTIVE.equals(collectionStatus)) {
                 throw new AtlasBaseException("Collection is already deleted/purged");
             }
 
             if (ATLAS_AUTHORIZER_IMPL.equalsIgnoreCase(CURRENT_AUTHORIZER_IMPL)) {
+                String collectionGuid = GraphHelper.getGuid(vertex);
+
                 //delete collection policies
-                List<AtlasEntityHeader> policies = getCollectionPolicies(collection.getGuid());
-                EntityMutationResponse response = entityStore.deleteByIds(policies.stream().map(x -> x.getGuid()).collect(Collectors.toList()));
+                List<AtlasEntityHeader> policies = getCollectionPolicies(collectionGuid);
+                RequestContext.get().setSkipAuthPolicyDeleteAuthCheck(true);
+                entityStore.deleteByIds(policies.stream().map(x -> x.getGuid()).collect(Collectors.toList()));
 
                 //delete collection roles
-                String adminRoleName = String.format(COLL_ADMIN_ROLE_PATTERN, collection.getGuid());
-                String viewerRoleName = String.format(COLL_VIEWER_ROLE_PATTERN, collection.getGuid());
+                String adminRoleName = String.format(COLL_ADMIN_ROLE_PATTERN, collectionGuid);
+                String viewerRoleName = String.format(COLL_VIEWER_ROLE_PATTERN, collectionGuid);
 
                 keycloakStore.removeRoleByName(adminRoleName);
                 keycloakStore.removeRoleByName(viewerRoleName);
             }
         } finally {
             RequestContext.get().endMetricRecord(metricRecorder);
+            RequestContext.get().setSkipAuthPolicyDeleteAuthCheck(false);
         }
     }
 
@@ -303,6 +308,7 @@ private List<AtlasEntityHeader> getCollectionPolicies(String guid) throws AtlasB
         dsl.put("query", mapOf("bool", mapOf("must", mustClauseList)));
 
         indexSearchParams.setDsl(dsl);
+        indexSearchParams.setSuppressLogs(true);
 
         AtlasSearchResult result = discovery.directIndexSearch(indexSearchParams);
         if (result != null) {

diff --git a/server-api/src/main/java/org/apache/atlas/RequestContext.java b/server-api/src/main/java/org/apache/atlas/RequestContext.java
@@ -94,6 +94,7 @@ public class RequestContext {
     private final Map<AtlasObjectId, Object> relationshipEndToVertexIdMap = new HashMap<>();
     private boolean     allowDuplicateDisplayName;
     private MetricsRegistry metricsRegistry;
+    private boolean skipAuthPolicyDeleteAuthCheck = false;
 
     private RequestContext() {
     }
@@ -419,6 +420,14 @@ public void setPoliciesBootstrappingInProgress(boolean policiesBootstrappingInPr
         isPoliciesBootstrappingInProgress = policiesBootstrappingInProgress;
     }
 
+    public boolean isSkipAuthPolicyDeleteAuthCheck() {
+        return skipAuthPolicyDeleteAuthCheck;
+    }
+
+    public void setSkipAuthPolicyDeleteAuthCheck(boolean skipAuthPolicyDeleteAuthCheck) {
+        this.skipAuthPolicyDeleteAuthCheck = skipAuthPolicyDeleteAuthCheck;
+    }
+
     public static long earliestActiveRequestTime() {
         long ret = System.currentTimeMillis();