|
17 | 17 | root_user_all_privileges = set() |
18 | 18 | admin_role_platform_privileges = set() |
19 | 19 | admin_role_all_privileges = set() |
| 20 | +reader_role_all_privileges = set() |
| 21 | +editor_role_all_privileges = set() |
20 | 22 | for policy in all_policies: |
21 | 23 | urn = policy["urn"] |
22 | 24 | if urn == "urn:li:dataHubPolicy:0": |
|
33 | 35 | editor_platform_policy_privileges = policy["info"]["privileges"] |
34 | 36 | elif urn == "urn:li:dataHubPolicy:7": |
35 | 37 | all_user_platform_policy_privileges = policy["info"]["privileges"] |
| 38 | + elif urn.startswith("urn:li:dataHubPolicy:reader-"): |
| 39 | + reader_role_all_privileges.update(set(policy["info"]["privileges"])) |
| 40 | + elif urn.startswith("urn:li:dataHubPolicy:editor-"): |
| 41 | + editor_role_all_privileges.update(set(policy["info"]["privileges"])) |
36 | 42 | try: |
37 | 43 | doc_type = policy["info"]["type"] |
38 | 44 | privileges = policy["info"]["privileges"] |
|
61 | 67 | """ |
62 | 68 | ) |
63 | 69 |
|
| 70 | +# Root user has all privileges |
64 | 71 | diff_policies = set(platform_privileges).difference( |
65 | 72 | set(root_user_platform_policy_privileges) |
66 | 73 | ) |
67 | 74 | assert len(diff_policies) == 0, f"Missing privileges for root user are {diff_policies}" |
68 | 75 |
|
69 | | -diff_root_user_admin_role = set( |
70 | | - root_user_platform_policy_privileges |
71 | | -).difference(set(admin_role_platform_privileges)) |
72 | | -assert len(diff_root_user_admin_role) == 0, f"Missing privileges for admin role are {diff_root_user_admin_role}" |
| 76 | +# admin role and root user have same platform privileges |
| 77 | +diff_root_missing_from_admin = set(root_user_platform_policy_privileges).difference(set(admin_role_platform_privileges)) |
| 78 | +diff_admin_missing_from_root = set(admin_role_platform_privileges).difference(set(root_user_platform_policy_privileges)) |
73 | 79 |
|
74 | | -diff_root_user_admin_role_all = set( |
75 | | - root_user_all_privileges |
76 | | -).difference(set(admin_role_all_privileges)) |
77 | | -assert len(diff_root_user_admin_role_all) == 0, f"Missing privileges for admin role are {diff_root_user_admin_role_all}" |
| 80 | +assert len(diff_root_missing_from_admin) == 0, f"Admin role missing: {diff_root_missing_from_admin}" |
| 81 | +assert len(diff_admin_missing_from_root) == 0, f"Root user missing: {diff_admin_missing_from_root}" |
| 82 | + |
| 83 | +# admin role and root user have same privileges |
| 84 | +diff_root_missing_from_admin_all = set(root_user_all_privileges).difference(set(admin_role_all_privileges)) |
| 85 | +diff_admin_missing_from_root_all = set(admin_role_all_privileges).difference(set(root_user_all_privileges)) |
| 86 | +## Admin user has EDIT_ENTITY privilege which is super privilege for editing entities |
| 87 | +diff_admin_missing_from_root_all_new = set() |
| 88 | +for privilege in diff_admin_missing_from_root_all: |
| 89 | + if privilege.startswith("EDIT_"): |
| 90 | + continue |
| 91 | + diff_admin_missing_from_root_all_new.add(privilege) |
| 92 | +diff_admin_missing_from_root_all = diff_admin_missing_from_root_all_new |
| 93 | + |
| 94 | +assert len(diff_root_missing_from_admin_all) == 0, f"Admin role missing: {diff_root_missing_from_admin_all}" |
| 95 | +assert len(diff_admin_missing_from_root_all) == 0, f"Root user missing: {diff_admin_missing_from_root_all}" |
| 96 | + |
| 97 | +# Editor role has all privielges of Reader |
| 98 | +diff_reader_missing_from_editor = set(reader_role_all_privileges).difference(set(editor_role_all_privileges)) |
| 99 | +assert len(diff_reader_missing_from_editor) == 0, f"Editor role missing: {diff_reader_missing_from_editor}" |
| 100 | + |
| 101 | +# Admin role has all privileges of editor |
| 102 | +diff_editor_missing_from_admin = set(editor_role_all_privileges).difference(set(admin_role_all_privileges)) |
| 103 | +assert len(diff_editor_missing_from_admin) == 0, f"Admin role missing: {diff_editor_missing_from_admin}" |
78 | 104 |
|
79 | 105 | # All users privileges checks |
80 | 106 | assert "MANAGE_POLICIES" not in all_user_platform_policy_privileges |
|
0 commit comments