plugin-nestedstructure/src/test/resources/test_customer_records.json - ranger - Git at Google

 {
   "name":     "test access control policies for nestedstructure",
   "comments": [
     "tests on authorizing access to customer Json records, along with fields masking and record filtering",
     "record structure:",
     " { ",
     "   id:           1,",
     "   name:         customerName,",
     "   phone:        phoneNumber,",
     "   email:        emailAddress,",
     "   address:      { line1: streetName, line2: landmark, city: myCity, state: myState, zipCode: myZipCode }",
     "   lastOrderDate: 2022/07/16,",
     "   recentOrders: [",
     "     {",
     "       orderId:     1,",
     "       orderDate:   2022/06/14,",
     "       orderAmount: 504.76",
     "     }",
     "     {",
     "       orderId:     2,",
     "       orderDate:   2022/06/06,",
     "       orderAmount: 321.98",
     "     }",
     "   ]",
     " }"
   ],
   "policies": {
     "serviceName":   "dev_nestedstructure",
     "serviceId":     1,
     "policyVersion": 1,
     "auditMode": "audit-none",
     "policies": [
       {
         "id": 1, "name":"ACCESS: schema=customer, field=*",
         "resources": { "schema": { "values": [ "customer" ] }, "field": { "values":  [ "*" ] } },
         "policyItems":[
           { "accesses": [ { "type": "read" } ], "users": [ "user1" ], "groups": [ "analysts" ] }
         ]
       },
       {
         "id": 2, "name":"ACCESS: schema=customer, field=id,name,lastOrderDate,recentOrders",
         "resources": { "schema": { "values": [ "customer" ] }, "field": { "values":  [ "id", "name", "lastOrderDate", "recentOrders.*" ] } },
         "policyItems":[
           { "accesses": [ { "type": "read" } ], "groups": [ "csr" ] }
         ]
       },
       {
         "id": 101, "name":"MASKING: schema=customer, field=lastOrderDate", "policyType": 1,
         "resources": { "schema": { "values": [ "customer" ] }, "field": { "values": [ "lastOrderDate"] } },
         "dataMaskPolicyItems":[
           { "accesses": [ { "type": "read" } ], "groups": [ "analysts" ], "dataMaskInfo": { "dataMaskType": "MASK_NULL" } },
           { "accesses": [ { "type": "read" } ], "groups": [ "csr" ],      "dataMaskInfo": { "dataMaskType": "MASK_DATE_SHOW_YEAR" } }
         ]
       },
       {
         "id": 102, "name":"MASKING: schema=customer, field=recentOrders.orderDate", "policyType": 1,
         "resources": { "schema": { "values": [ "customer" ] }, "field": { "values": [ "recentOrders.orderDate"] } },
         "dataMaskPolicyItems":[
           { "accesses": [ { "type": "read" } ], "groups": [ "analysts" ], "dataMaskInfo": { "dataMaskType": "MASK_NULL" } },
           { "accesses": [ { "type": "read" } ], "groups": [ "csr" ],      "dataMaskInfo": { "dataMaskType": "MASK_DATE_SHOW_YEAR" } }
         ]
       },
       {
         "id": 201, "name":"FILTER: schema=customer", "policyType": 2,
         "resources": { "schema": { "values": [ "customer" ] } },
         "rowFilterPolicyItems":[
           { "accesses": [ { "type": "read" } ], "groups": [ "region-ca" ], "rowFilterInfo": { "filterExpr": "jsonAttr.address.state == 'CA'" } },
           { "accesses": [ { "type": "read" } ], "groups": [ "region-wa" ], "rowFilterInfo": { "filterExpr": "jsonAttr.address.state == 'WA'" } }
         ]
       }
     ]
   },
   "tags": { },
   "roles": {
     "roleVersion": 1
   },
   "serviceDefFilename": "/servicedef-nestedstructure.json",
   "tests": [
     {
       "name":   "ALLOW user1 to read schema=customer, fields=[id,email,address,lastOrderDate]",
       "user":   "user1", "accessType": "read",
       "schema": "customer",
       "json":   "{\"id\":\"1\",\"name\":\"CA-Customer\",\"email\":\"name@domain.com\",\"address\":{\"state\":\"CA\"},\"lastOrderDate\":\"2022-07-16\"}",
       "result": {
         "hasAccess": true,
         "json":     "{\"id\":\"1\",\"name\":\"CA-Customer\",\"email\":\"name@domain.com\",\"address\":{\"state\":\"CA\"},\"lastOrderDate\":\"2022-07-16\"}",
         "errors":   [ ]
       }
     },
     {
       "name":   "ALLOW user in groups=[csr] to read schema=customer, with masked-year for lastOrderDate and recentOrders.orderDate",
       "user":   "some-user", "userGroups": [ "csr" ], "accessType": "read",
       "schema": "customer",
       "json":   "{\"id\":\"1\",\"name\":\"CA-Customer\",\"lastOrderDate\":\"2022-07-16\",\"recentOrders\":[{\"orderId\":1,\"orderDate\":\"2022-06-14\",\"orderAmount\":504.76},{\"orderId\":2,\"orderDate\":\"2022-06-06\",\"orderAmount\":321.98}]}",
       "result": {
         "hasAccess": true,
         "json":      "{\"id\":\"1\",\"name\":\"CA-Customer\",\"lastOrderDate\":\"2022\",\"recentOrders\":[{\"orderId\":1,\"orderDate\":\"2022\",\"orderAmount\":504.76},{\"orderId\":2,\"orderDate\":\"2022\",\"orderAmount\":321.98}]}",
         "errors":    [ ]
       }
     },
     {
       "name":   "DENY user in groups=[csr] to read schema=customer, fields=[email,address]",
       "user":   "some-user", "userGroups":  [ "csr" ], "accessType": "read",
       "schema": "customer",
       "json":   "{\"id\":\"1\",\"name\":\"CA-Customer\",\"email\":\"name@domain.com\",\"address\":{\"state\":\"CA\"},\"lastOrderDate\":\"2022-07-16\"}",
       "result": {
         "hasAccess": false,
         "json":      null,
         "errors":    [ ]
       }
     },
     {
       "name":   "ALLOW user in groups=[analysts, region-ca] to read schema=customer, having address.state=CA, with masked-null for lastOrderDate",
       "user":   "some-user", "userGroups": [ "analysts", "region-ca" ], "accessType": "read",
       "schema": "customer",
       "json":   "{\"id\":\"1\",\"name\":\"CA-Customer\",\"email\":\"name@domain.com\",\"address\":{\"state\":\"CA\"},\"lastOrderDate\":\"2022-07-16\",\"recentOrders\":[{\"orderId\":1,\"orderDate\":\"2022-06-14\",\"orderAmount\":504.76},{\"orderId\":2,\"orderDate\":\"2022-06-06\",\"orderAmount\":321.98}]}",
       "result": {
         "hasAccess": true,
         "json":      "{\"id\":\"1\",\"name\":\"CA-Customer\",\"email\":\"name@domain.com\",\"address\":{\"state\":\"CA\"},\"lastOrderDate\":null,\"recentOrders\":[{\"orderId\":1,\"orderDate\":null,\"orderAmount\":504.76},{\"orderId\":2,\"orderDate\":null,\"orderAmount\":321.98}]}",
         "errors":    [ ]
       }
     },
     {
       "name":   "DENY user in groups=[analysts, region-ca] to read schema=customer, having address.state=WA",
       "user":   "some-user", "userGroups": [ "analysts", "region-ca" ], "accessType": "read",
       "schema": "customer",
       "json":   "{\"id\":\"2\",\"name\":\"WA-Customer\",\"email\":\"name@domain.com\",\"address\":{\"state\":\"WA\"},\"lastOrderDate\":\"2022-07-16\"}",
       "result": {
         "hasAccess": false,
         "json":      null,
         "errors":    [ ]
       }
     },
     {
       "name":   "ALLOW user in groups=[analysts, region-wa] to read schema=customer, having address.state=WA, with masked-null for lastOrderDate",
       "user":   "some-user", "userGroups": [ "analysts", "region-wa" ], "accessType": "read",
       "schema": "customer",
       "json":   "{\"id\":\"2\",\"name\":\"WA-Customer\",\"email\":\"name@domain.com\",\"address\":{\"state\":\"WA\"},\"lastOrderDate\":\"2022-07-16\",\"recentOrders\":[{\"orderId\":1,\"orderDate\":\"2022-06-14\",\"orderAmount\":504.76},{\"orderId\":2,\"orderDate\":\"2022-06-06\",\"orderAmount\":321.98}]}",
       "result": {
         "hasAccess": true,
         "json":      "{\"id\":\"2\",\"name\":\"WA-Customer\",\"email\":\"name@domain.com\",\"address\":{\"state\":\"WA\"},\"lastOrderDate\":null,\"recentOrders\":[{\"orderId\":1,\"orderDate\":null,\"orderAmount\":504.76},{\"orderId\":2,\"orderDate\":null,\"orderAmount\":321.98}]}",
         "errors":    [ ]
       }
     },
     {
       "name":   "DENY user in groups=[analysts, region-wa] to read schema=customer, having address.state=CA",
       "user":   "some-user", "userGroups": [ "analysts", "region-wa" ], "accessType": "read",
       "schema": "customer",
       "json":   "{\"id\":\"1\",\"name\":\"CA-Customer\",\"email\":\"name@domain.com\",\"address\":{\"state\":\"CA\"},\"lastOrderDate\":\"2022-07-16\"}",
       "result": {
         "hasAccess": false,
         "json":      null,
         "errors":    [ ]
       }
     },
     {
       "name":   "DENY user1 to read schema=employee, field=id",
       "user":   "user1", "accessType": "read",
       "schema": "employee",
       "json":   "{\"id\":\"1\"}",
       "result": { "hasAccess":  false, "json": null, "errors": [ ] }
     }
   ]
 }
	{
	"name": "test access control policies for nestedstructure",
	"comments": [
	"tests on authorizing access to customer Json records, along with fields masking and record filtering",
	"record structure:",
	" { ",
	" id: 1,",
	" name: customerName,",
	" phone: phoneNumber,",
	" email: emailAddress,",
	" address: { line1: streetName, line2: landmark, city: myCity, state: myState, zipCode: myZipCode }",
	" lastOrderDate: 2022/07/16,",
	" recentOrders: [",
	" {",
	" orderId: 1,",
	" orderDate: 2022/06/14,",
	" orderAmount: 504.76",
	" }",
	" {",
	" orderId: 2,",
	" orderDate: 2022/06/06,",
	" orderAmount: 321.98",
	" }",
	" ]",
	" }"
	],
	"policies": {
	"serviceName": "dev_nestedstructure",
	"serviceId": 1,
	"policyVersion": 1,
	"auditMode": "audit-none",
	"policies": [
	{
	"id": 1, "name":"ACCESS: schema=customer, field=*",
	"resources": { "schema": { "values": [ "customer" ] }, "field": { "values": [ "*" ] } },
	"policyItems":[
	{ "accesses": [ { "type": "read" } ], "users": [ "user1" ], "groups": [ "analysts" ] }
	]
	},
	{
	"id": 2, "name":"ACCESS: schema=customer, field=id,name,lastOrderDate,recentOrders",
	"resources": { "schema": { "values": [ "customer" ] }, "field": { "values": [ "id", "name", "lastOrderDate", "recentOrders.*" ] } },
	"policyItems":[
	{ "accesses": [ { "type": "read" } ], "groups": [ "csr" ] }
	]
	},
	{
	"id": 101, "name":"MASKING: schema=customer, field=lastOrderDate", "policyType": 1,
	"resources": { "schema": { "values": [ "customer" ] }, "field": { "values": [ "lastOrderDate"] } },
	"dataMaskPolicyItems":[
	{ "accesses": [ { "type": "read" } ], "groups": [ "analysts" ], "dataMaskInfo": { "dataMaskType": "MASK_NULL" } },
	{ "accesses": [ { "type": "read" } ], "groups": [ "csr" ], "dataMaskInfo": { "dataMaskType": "MASK_DATE_SHOW_YEAR" } }
	]
	},
	{
	"id": 102, "name":"MASKING: schema=customer, field=recentOrders.orderDate", "policyType": 1,
	"resources": { "schema": { "values": [ "customer" ] }, "field": { "values": [ "recentOrders.orderDate"] } },
	"dataMaskPolicyItems":[
	{ "accesses": [ { "type": "read" } ], "groups": [ "analysts" ], "dataMaskInfo": { "dataMaskType": "MASK_NULL" } },
	{ "accesses": [ { "type": "read" } ], "groups": [ "csr" ], "dataMaskInfo": { "dataMaskType": "MASK_DATE_SHOW_YEAR" } }
	]
	},
	{
	"id": 201, "name":"FILTER: schema=customer", "policyType": 2,
	"resources": { "schema": { "values": [ "customer" ] } },
	"rowFilterPolicyItems":[
	{ "accesses": [ { "type": "read" } ], "groups": [ "region-ca" ], "rowFilterInfo": { "filterExpr": "jsonAttr.address.state == 'CA'" } },
	{ "accesses": [ { "type": "read" } ], "groups": [ "region-wa" ], "rowFilterInfo": { "filterExpr": "jsonAttr.address.state == 'WA'" } }
	]
	}
	]
	},
	"tags": { },
	"roles": {
	"roleVersion": 1
	},
	"serviceDefFilename": "/servicedef-nestedstructure.json",
	"tests": [
	{
	"name": "ALLOW user1 to read schema=customer, fields=[id,email,address,lastOrderDate]",
	"user": "user1", "accessType": "read",
	"schema": "customer",
	"json": "{\"id\":\"1\",\"name\":\"CA-Customer\",\"email\":\"name@domain.com\",\"address\":{\"state\":\"CA\"},\"lastOrderDate\":\"2022-07-16\"}",
	"result": {
	"hasAccess": true,
	"json": "{\"id\":\"1\",\"name\":\"CA-Customer\",\"email\":\"name@domain.com\",\"address\":{\"state\":\"CA\"},\"lastOrderDate\":\"2022-07-16\"}",
	"errors": [ ]
	}
	},
	{
	"name": "ALLOW user in groups=[csr] to read schema=customer, with masked-year for lastOrderDate and recentOrders.orderDate",
	"user": "some-user", "userGroups": [ "csr" ], "accessType": "read",
	"schema": "customer",
	"json": "{\"id\":\"1\",\"name\":\"CA-Customer\",\"lastOrderDate\":\"2022-07-16\",\"recentOrders\":[{\"orderId\":1,\"orderDate\":\"2022-06-14\",\"orderAmount\":504.76},{\"orderId\":2,\"orderDate\":\"2022-06-06\",\"orderAmount\":321.98}]}",
	"result": {
	"hasAccess": true,
	"json": "{\"id\":\"1\",\"name\":\"CA-Customer\",\"lastOrderDate\":\"2022\",\"recentOrders\":[{\"orderId\":1,\"orderDate\":\"2022\",\"orderAmount\":504.76},{\"orderId\":2,\"orderDate\":\"2022\",\"orderAmount\":321.98}]}",
	"errors": [ ]
	}
	},
	{
	"name": "DENY user in groups=[csr] to read schema=customer, fields=[email,address]",
	"user": "some-user", "userGroups": [ "csr" ], "accessType": "read",
	"schema": "customer",
	"json": "{\"id\":\"1\",\"name\":\"CA-Customer\",\"email\":\"name@domain.com\",\"address\":{\"state\":\"CA\"},\"lastOrderDate\":\"2022-07-16\"}",
	"result": {
	"hasAccess": false,
	"json": null,
	"errors": [ ]
	}
	},
	{
	"name": "ALLOW user in groups=[analysts, region-ca] to read schema=customer, having address.state=CA, with masked-null for lastOrderDate",
	"user": "some-user", "userGroups": [ "analysts", "region-ca" ], "accessType": "read",
	"schema": "customer",
	"json": "{\"id\":\"1\",\"name\":\"CA-Customer\",\"email\":\"name@domain.com\",\"address\":{\"state\":\"CA\"},\"lastOrderDate\":\"2022-07-16\",\"recentOrders\":[{\"orderId\":1,\"orderDate\":\"2022-06-14\",\"orderAmount\":504.76},{\"orderId\":2,\"orderDate\":\"2022-06-06\",\"orderAmount\":321.98}]}",
	"result": {
	"hasAccess": true,
	"json": "{\"id\":\"1\",\"name\":\"CA-Customer\",\"email\":\"name@domain.com\",\"address\":{\"state\":\"CA\"},\"lastOrderDate\":null,\"recentOrders\":[{\"orderId\":1,\"orderDate\":null,\"orderAmount\":504.76},{\"orderId\":2,\"orderDate\":null,\"orderAmount\":321.98}]}",
	"errors": [ ]
	}
	},
	{
	"name": "DENY user in groups=[analysts, region-ca] to read schema=customer, having address.state=WA",
	"user": "some-user", "userGroups": [ "analysts", "region-ca" ], "accessType": "read",
	"schema": "customer",
	"json": "{\"id\":\"2\",\"name\":\"WA-Customer\",\"email\":\"name@domain.com\",\"address\":{\"state\":\"WA\"},\"lastOrderDate\":\"2022-07-16\"}",
	"result": {
	"hasAccess": false,
	"json": null,
	"errors": [ ]
	}
	},
	{
	"name": "ALLOW user in groups=[analysts, region-wa] to read schema=customer, having address.state=WA, with masked-null for lastOrderDate",
	"user": "some-user", "userGroups": [ "analysts", "region-wa" ], "accessType": "read",
	"schema": "customer",
	"json": "{\"id\":\"2\",\"name\":\"WA-Customer\",\"email\":\"name@domain.com\",\"address\":{\"state\":\"WA\"},\"lastOrderDate\":\"2022-07-16\",\"recentOrders\":[{\"orderId\":1,\"orderDate\":\"2022-06-14\",\"orderAmount\":504.76},{\"orderId\":2,\"orderDate\":\"2022-06-06\",\"orderAmount\":321.98}]}",
	"result": {
	"hasAccess": true,
	"json": "{\"id\":\"2\",\"name\":\"WA-Customer\",\"email\":\"name@domain.com\",\"address\":{\"state\":\"WA\"},\"lastOrderDate\":null,\"recentOrders\":[{\"orderId\":1,\"orderDate\":null,\"orderAmount\":504.76},{\"orderId\":2,\"orderDate\":null,\"orderAmount\":321.98}]}",
	"errors": [ ]
	}
	},
	{
	"name": "DENY user in groups=[analysts, region-wa] to read schema=customer, having address.state=CA",
	"user": "some-user", "userGroups": [ "analysts", "region-wa" ], "accessType": "read",
	"schema": "customer",
	"json": "{\"id\":\"1\",\"name\":\"CA-Customer\",\"email\":\"name@domain.com\",\"address\":{\"state\":\"CA\"},\"lastOrderDate\":\"2022-07-16\"}",
	"result": {
	"hasAccess": false,
	"json": null,
	"errors": [ ]
	}
	},
	{
	"name": "DENY user1 to read schema=employee, field=id",
	"user": "user1", "accessType": "read",
	"schema": "employee",
	"json": "{\"id\":\"1\"}",
	"result": { "hasAccess": false, "json": null, "errors": [ ] }
	}
	]
	}