Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GEN-927 - Add bot default roles #18256

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

GEN-927 - Add bot default roles #18256

wants to merge 3 commits into from
+104 −51

Conversation

pmbrull
Copy link
Collaborator

@pmbrull pmbrull commented Oct 14, 2024

Describe your changes:

Fixes GEN-927

  • Create DefaultBotRole that is added to any bot created. It contains the DefaultBotPolicy and DataConsumerPolicy. Without it, newly created bots did not have any kind of access to the data on a default installation of OM.
  • If bots are created with a Domain, the bot user will also have the DomainOnlyAccessRole so that unless admins change it, that bot can only access its own data

Type of change:

  • Bug fix
  • Improvement
  • New feature
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation

Checklist:

  • I have read the CONTRIBUTING document.
  • My PR title is Fixes <issue-number>: <short explanation>
  • I have commented on my code, particularly in hard-to-understand areas.
  • For JSON Schema changes: I updated the migration scripts or explained why it is not needed.

@pmbrull pmbrull requested a review from a team as a code owner October 14, 2024 13:49
@notion-workspace Notion Workspace
Copy link

Bots Domain RBAC

pmbrull
pmbrull commented Oct 14, 2024
View reviewed changes
openmetadata-service/src/main/java/org/openmetadata/service/resources/teams/UserResource.java
@@ -1488,8 +1495,9 @@ && userHasRelationshipWithAnyBot(original, bot)) {
original.getAuthenticationMechanism());
user.setRoles(original.getRoles());
}
// TODO remove this
// TODO remove this -> Still valid TODO?
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@harshach not sure what was the context on this TODO. Is it still valid?

pmbrull
pmbrull commented Oct 14, 2024
View reviewed changes
openmetadata-service/src/main/java/org/openmetadata/service/resources/teams/UserResource.java
authMechanism = original.getAuthenticationMechanism();
}
}
case SSO -> {
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

since we now only support the UI to create JWT bots, took the chance to remove this case

@github-actions github-actions bot added Ingestion safe to test Add this label to run secure Github workflows on PRs labels Oct 14, 2024
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Oct 15, 2024

Quality Gate Passed Quality Gate passed for 'open-metadata-ingestion'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Ingestion safe to test Add this label to run secure Github workflows on PRs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@pmbrull