Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GEN-927 - Add bot default roles #18256

Merged
merged 3 commits into from
Oct 21, 2024
Merged

GEN-927 - Add bot default roles #18256

merged 3 commits into from
Oct 21, 2024

Conversation

pmbrull
Copy link
Collaborator

@pmbrull pmbrull commented Oct 14, 2024

Describe your changes:

Fixes GEN-927

  • Create DefaultBotRole that is added to any bot created. It contains the DefaultBotPolicy and DataConsumerPolicy. Without it, newly created bots did not have any kind of access to the data on a default installation of OM.
  • If bots are created with a Domain, the bot user will also have the DomainOnlyAccessRole so that unless admins change it, that bot can only access its own data

Type of change:

  • Bug fix
  • Improvement
  • New feature
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation

Checklist:

  • I have read the CONTRIBUTING document.
  • My PR title is Fixes <issue-number>: <short explanation>
  • I have commented on my code, particularly in hard-to-understand areas.
  • For JSON Schema changes: I updated the migration scripts or explained why it is not needed.

@pmbrull pmbrull requested a review from a team as a code owner October 14, 2024 13:49
Copy link

Bots Domain RBAC

@@ -1488,8 +1495,9 @@ && userHasRelationshipWithAnyBot(original, bot)) {
original.getAuthenticationMechanism());
user.setRoles(original.getRoles());
}
// TODO remove this
// TODO remove this -> Still valid TODO?
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@harshach not sure what was the context on this TODO. Is it still valid?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lets remove it

authMechanism = original.getAuthenticationMechanism();
}
}
case SSO -> {
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

since we now only support the UI to create JWT bots, took the chance to remove this case

@github-actions github-actions bot added Ingestion safe to test Add this label to run secure Github workflows on PRs labels Oct 14, 2024
Copy link

@pmbrull pmbrull merged commit 93b4c66 into open-metadata:main Oct 21, 2024
16 of 19 checks passed
harshach pushed a commit that referenced this pull request Nov 3, 2024
* GEN-927 - Add bot default roles

* GEN-927 - Add bot default roles
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Ingestion safe to test Add this label to run secure Github workflows on PRs
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants