Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(access control): Fine-Grained Access Control M1 #3182

Merged
merged 76 commits into from
Sep 3, 2021
Merged

feat(access control): Fine-Grained Access Control M1 #3182

merged 76 commits into from
Sep 3, 2021

Conversation

jjoyce0510
Copy link
Collaborator

@jjoyce0510 jjoyce0510 commented Sep 2, 2021
edited
Loading

Status
Ready

Summary
This PR implements the first milestone of Fine-Grained Access Control, which was demo'd in Townhall for August: https://www.youtube.com/watch?v=3joZINi3ti4, along with other misc. cleanup and refactoring.

In a nutshell, fine grained access control allows DataHub admins to declare access policies defining who can do what on the platform. This experience is available via the UI on a new left side slide out panel, which we are calling the "Control Center".

Much of what you find implemented is based on the Fine Grained Access Control RFC, which was published at the beginning of summer. To come to this implementation, we synthesized feedback from the community around that RFC. Many of the concepts remain, most notably: Resources, Actors, Privileges (formerly actions), Policies, and Authorizers.

For more information about the Policies feature, see the new Policies Guide. Note that in future releases, Policies will be enabled by default (though they can be disabled).

Changes

  • New DataHubPolicy Entity for representing DataHub policies. As usual, you can programmatically ingest and consume these as they change for free.
  • New Authorizer interface for authorizing particular actions using DataHub policies.
  • Added Control Center left-side UI panel
  • Added Policy Builder UI Interface for constructing new DataHub policies.
  • Added Policy List View for editing, deleting, activating and deactivating policies.
  • Defined and implemented set of default privileges for DataHub, both Platform and Metadata. Includes:
    - Metadata: edit owners, edit tags, edit documentation, edit links, edit entire entity, etc.
    - Platform: manage policies, view analytics, coming soon manage users and groups.
  • Corresponding tests.
  • Support passing custom GraphQL error codes & handling in React UI
  • Misc refactoring, such as supporting EntityKey instead of an urn in MetadataChangeProposal event.

Compatibility
These changes should be fully backwards compatible. Note that the Analytics view is now located in the left side slide out menu, and users must have the 'VIEW_ANALYTICS' privilege to see it in their UI.

Screenshots

Screen Shot 2021-09-01 at 8 54 07 PM

Screen Shot 2021-09-01 at 8 54 20 PM

Screen Shot 2021-09-01 at 8 54 47 PM

Screen Shot 2021-09-01 at 8 55 06 PM

Screen Shot 2021-09-01 at 8 55 13 PM

Screen Shot 2021-09-01 at 8 55 27 PM

Checklist

  • The PR conforms to DataHub's Contributing Guideline (particularly Commit Message Format)
  • Links to related issues (if applicable)
  • Tests for the changes have been added/updated (if applicable)
  • Docs related to the changes have been added/updated (if applicable)

@jjoyce0510
Merging in from GraphQL branch
1e34f75
@jjoyce0510
Finally merging
642bad8
@jjoyce0510
Removing unnecessary files
dfe92c9
@jjoyce0510
Completing migration of GraphQL API
bc028db
@jjoyce0510
Fix checkstyle
e6808bd
@jjoyce0510
Fixing some things up
fd519ac
@jjoyce0510
Updating container values
d015b77
@jjoyce0510
Rebranding to metadat-service
d2fb643
@jjoyce0510
pleasing docusauraus
238a58a
@jjoyce0510
Merging in SSO
84ef751
@jjoyce0510
Merging in changes from other branch
9931b33
@jjoyce0510
remove unnecessary file
57d169d
@jjoyce0510
merging in policies gql
e0b6839
@jjoyce0510
Adding me resolver
1ec7a4d
@jjoyce0510
Adding slide out panel
95bd14f
@jjoyce0510
Adding policies first pass
bd37465
@jjoyce0510
Policies
5d49419
@jjoyce0510
Policies
0493cd0
@jjoyce0510
Adding a new file
1982e0b
@jjoyce0510
Adding policy builder updates
b27fb8f
@jjoyce0510
adding untracked files
ce8e421
@jjoyce0510
Adding files
4ee99c0
@jjoyce0510
Adding AuthorizationManager
9c04f9d
@jjoyce0510
Finalizing some things
4a565da
@jjoyce0510
Policies
aafd4b8
@jjoyce0510
Removing unnecessary var
27f156a
@jjoyce0510
Disabling warning notices
92af050
@jjoyce0510
Adding file
507e10b
@jjoyce0510
Adding policy config resolver
be519ce
@jjoyce0510
Improving policies by adding bootstrap manager
3bc520d
@jjoyce0510
Adding a super policy for all users
0fa51ee
@jjoyce0510
Adding app config and more
e585118
@jjoyce0510
Refactoring GraphQL land
21ef446
@jjoyce0510
Disabling edit and delete for built in policies
8154d56
@jjoyce0510
clean up
bb7b6a1
@jjoyce0510
Adjust testIngestTemporalAspect
6a451ca
@jjoyce0510
Adding policies doc
d4d19e5
@jjoyce0510
Controls
c9a2ffe
@jjoyce0510
Policies guide
b0b08a6
@jjoyce0510
EntityKeyUtilsTest
51fb9c6
@jjoyce0510
adding smoke tests
d776ac9
@jjoyce0510
test me query
bb5f455
@jjoyce0510
Adding policy engine test
484a77f
@jjoyce0510
Adding authorization manager test
1415444
@jjoyce0510
Additional tests
fffa9e1
@jjoyce0510
Fix checkstyle and more
1b9ec63
@jjoyce0510
Merging master
683219e
@jjoyce0510
More refactoring
89e6e29
@jjoyce0510
Actors should be urns for now
819853e
@jjoyce0510
Refactoring Entity Key work on MCP path
f3ecbdc
@jjoyce0510
Fixing entity key ingest
be278e2
@jjoyce0510
Making Side slide visible
6868f7b
@jjoyce0510
Final pass
2005b10
@jjoyce0510
Updating GMS docs
d4a2e22
@jjoyce0510
Fixing NPE from model groups.
042f19b
@jjoyce0510
Fixing error handling in UI
b877ddc
@jjoyce0510
Adding back seeded policies
d003978
@jjoyce0510
Revert doc changes
e397374
shirshanka
shirshanka approved these changes Sep 3, 2021
View reviewed changes
Copy link
Contributor

@shirshanka shirshanka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Excited for this :)

@shirshanka shirshanka merged commit ccb09a6 into datahub-project:master Sep 3, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shirshanka shirshanka shirshanka approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jjoyce0510 @shirshanka