agents-common/src/test/resources/policyengine/test_policyengine_atlas.json - ranger - Git at Google

 {
   "serviceName":"atlasdev",

   "serviceDef":{
     "name":"atlas",
     "id":3,
     "resources":[
       {"name":"entity-type","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Entity Type","description":"Entity Type"},
       {"name":"entity-classification","level":2,"parent":"entity-type","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Entity Classification","description":"Entity Classification"},
       {"name":"entity","level":2,"parent":"entity-classification","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Entity ID","description":"Entity ID"}
     ],
     "accessTypes":[
       {"name":"entity-read","label":"Read Entity"},
       {"name":"entity-create","label":"Create Entity"},
       {"name":"entity-update","label":"Update Entity"},
       {"name":"entity-delete","label":"Delete Entity"},
       {"name":"entity-add-classification","label":"Add Entity Classification"},
       {"name":"entity-update-classification","label":"Update Entity Classification"},
       {"name":"entity-remove-classification","label":"Remove Entity Classification"}
     ]
   },

   "policies":[
     {"id":1,"name":"policy for DataSets","isEnabled":true,"isAuditEnabled":true,
      "resources":{"entity-type":{"values":["DataSet"]},"entity-classification":{"values":["*"]},"entity":{"values":["*"]}},
      "policyItems":[
        {"accesses":[{"type":"entity-read", "isAllowed":true}],"users":[],"groups":["data-stewards"],"delegateAdmin":false}
      ]
     }
     ,
     {"id":2,"name":"policy for hive_table","isEnabled":true,"isAuditEnabled":true,
       "resources":{"entity-type":{"values":["hive_table"]},"entity-classification":{"values":["*"]},"entity":{"values":["*"]}},
       "policyItems":[
         {"accesses":[{"type":"entity-read", "isAllowed":true}],"users":[],"groups":["hive-admins"],"delegateAdmin":false}
       ]
     }
     ,
     {"id":10,"name":"policy for PII classification","isEnabled":true,"isAuditEnabled":true,
       "resources":{"entity-type":{"values":["hive_table"]},"entity-classification":{"values":["PII"]},"entity":{"values":["*"]}},
       "policyItems":[
         {"accesses":[{"type":"entity-read", "isAllowed":true}],"users":[],"groups":["privacy-officers"],"delegateAdmin":false}
       ]
     }
     ,
     {"id":20,"name":"policy for EMAIL_PII classification","isEnabled":true,"isAuditEnabled":true,
       "resources":{"entity-type":{"values":["hive_table"]},"entity-classification":{"values":["EMAIL_PII"]},"entity":{"values":["*"]}},
       "policyItems":[
         {"accesses":[{"type":"entity-read", "isAllowed":true}],"users":[],"groups":["email-admins"],"delegateAdmin":false}
       ]
     }
   ],

   "tests":[
     {"name":"DataSet read by a data-steward",
       "request":{
         "resource":{"elements":{"entity-type":"DataSet", "entity-classification":[]}, "entity":"default@cl1"},
         "accessType":"entity-read","user":"user1","userGroups":["data-stewards"]
       },
       "result":{"isAudited":true,"isAllowed":true,"policyId":1}
     }
     ,
     {"name":"DataSet read by a hive-admin",
       "request":{
         "resource":{"elements":{"entity-type":"DataSet", "entity-classification":""}, "entity":"default@cl1"},
         "accessType":"entity-read","user":"user1","userGroups":["hive-admins"]
       },
       "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
     }
     ,
     {"name":"hive_table read by a data-steward",
       "request":{
         "resource":{"elements":{"entity-type":["hive_table", "DataSet"], "entity-classification":""}, "entity":"default.testtable@cl1"},
         "accessType":"entity-read","user":"user1","userGroups":["data-stewards"]
       },
       "result":{"isAudited":true,"isAllowed":true,"policyId":1}
     }
     ,
     {"name":"hive_table read by a hive-admin",
       "request":{
         "resource":{"elements":{"entity-type":["hive_table", "DataSet"], "entity-classification":""}, "entity":"default.testtable@cl1"},
         "accessType":"entity-read","user":"user1","userGroups":["hive-admins"]
       },
       "result":{"isAudited":true,"isAllowed":true,"policyId":2}
     }
     ,
     {"name":"PII hive_table read by a privacy-officer",
       "request":{
         "resource":{"elements":{"entity-type":["hive_table", "DataSet"], "entity-classification":["PII"]}, "entity":"default.testtable@cl1"},
         "accessType":"entity-read","user":"user1","userGroups":["privacy-officers"]
       },
       "result":{"isAudited":true,"isAllowed":true,"policyId":10}
     }
     ,
     {"name":"PII hive_table read by a email-admin",
       "request":{
         "resource":{"elements":{"entity-type":["hive_table", "DataSet"], "entity-classification":["PII"]}, "entity":"default.testtable@cl1"},
         "accessType":"entity-read","user":"user1","userGroups":["email-admins"]
       },
       "result":{"isAudited":true,"isAllowed":false,"policyId":-1}
     }
     ,
     {"name":"EMAIL_PII hive_table read by a privacy-officer",
       "request":{
         "resource":{"elements":{"entity-type":["hive_table", "DataSet"], "entity-classification":["PII", "EMAIL_PII"]}, "entity":"default.testtable@cl1"},
         "accessType":"entity-read","user":"user1","userGroups":["privacy-officers"]
       },
       "result":{"isAudited":true,"isAllowed":true,"policyId":10}
     }
     ,
     {"name":"EMAIL_PII hive_table read by a email-admin",
       "request":{
         "resource":{"elements":{"entity-type":["hive_table", "DataSet"], "entity-classification":["PII", "EMAIL_PII"]}, "entity":"default.testtable@cl1"},
         "accessType":"entity-read","user":"user1","userGroups":["email-admins"]
       },
       "result":{"isAudited":true,"isAllowed":true,"policyId":20}
     }
   ]
 }
	{
	"serviceName":"atlasdev",

	"serviceDef":{
	"name":"atlas",
	"id":3,
	"resources":[
	{"name":"entity-type","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Entity Type","description":"Entity Type"},
	{"name":"entity-classification","level":2,"parent":"entity-type","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Entity Classification","description":"Entity Classification"},
	{"name":"entity","level":2,"parent":"entity-classification","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Entity ID","description":"Entity ID"}
	],
	"accessTypes":[
	{"name":"entity-read","label":"Read Entity"},
	{"name":"entity-create","label":"Create Entity"},
	{"name":"entity-update","label":"Update Entity"},
	{"name":"entity-delete","label":"Delete Entity"},
	{"name":"entity-add-classification","label":"Add Entity Classification"},
	{"name":"entity-update-classification","label":"Update Entity Classification"},
	{"name":"entity-remove-classification","label":"Remove Entity Classification"}
	]
	},

	"policies":[
	{"id":1,"name":"policy for DataSets","isEnabled":true,"isAuditEnabled":true,
	"resources":{"entity-type":{"values":["DataSet"]},"entity-classification":{"values":[""]},"entity":{"values":[""]}},
	"policyItems":[
	{"accesses":[{"type":"entity-read", "isAllowed":true}],"users":[],"groups":["data-stewards"],"delegateAdmin":false}
	]
	}
	,
	{"id":2,"name":"policy for hive_table","isEnabled":true,"isAuditEnabled":true,
	"resources":{"entity-type":{"values":["hive_table"]},"entity-classification":{"values":[""]},"entity":{"values":[""]}},
	"policyItems":[
	{"accesses":[{"type":"entity-read", "isAllowed":true}],"users":[],"groups":["hive-admins"],"delegateAdmin":false}
	]
	}
	,
	{"id":10,"name":"policy for PII classification","isEnabled":true,"isAuditEnabled":true,
	"resources":{"entity-type":{"values":["hive_table"]},"entity-classification":{"values":["PII"]},"entity":{"values":["*"]}},
	"policyItems":[
	{"accesses":[{"type":"entity-read", "isAllowed":true}],"users":[],"groups":["privacy-officers"],"delegateAdmin":false}
	]
	}
	,
	{"id":20,"name":"policy for EMAIL_PII classification","isEnabled":true,"isAuditEnabled":true,
	"resources":{"entity-type":{"values":["hive_table"]},"entity-classification":{"values":["EMAIL_PII"]},"entity":{"values":["*"]}},
	"policyItems":[
	{"accesses":[{"type":"entity-read", "isAllowed":true}],"users":[],"groups":["email-admins"],"delegateAdmin":false}
	]
	}
	],

	"tests":[
	{"name":"DataSet read by a data-steward",
	"request":{
	"resource":{"elements":{"entity-type":"DataSet", "entity-classification":[]}, "entity":"default@cl1"},
	"accessType":"entity-read","user":"user1","userGroups":["data-stewards"]
	},
	"result":{"isAudited":true,"isAllowed":true,"policyId":1}
	}
	,
	{"name":"DataSet read by a hive-admin",
	"request":{
	"resource":{"elements":{"entity-type":"DataSet", "entity-classification":""}, "entity":"default@cl1"},
	"accessType":"entity-read","user":"user1","userGroups":["hive-admins"]
	},
	"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
	}
	,
	{"name":"hive_table read by a data-steward",
	"request":{
	"resource":{"elements":{"entity-type":["hive_table", "DataSet"], "entity-classification":""}, "entity":"default.testtable@cl1"},
	"accessType":"entity-read","user":"user1","userGroups":["data-stewards"]
	},
	"result":{"isAudited":true,"isAllowed":true,"policyId":1}
	}
	,
	{"name":"hive_table read by a hive-admin",
	"request":{
	"resource":{"elements":{"entity-type":["hive_table", "DataSet"], "entity-classification":""}, "entity":"default.testtable@cl1"},
	"accessType":"entity-read","user":"user1","userGroups":["hive-admins"]
	},
	"result":{"isAudited":true,"isAllowed":true,"policyId":2}
	}
	,
	{"name":"PII hive_table read by a privacy-officer",
	"request":{
	"resource":{"elements":{"entity-type":["hive_table", "DataSet"], "entity-classification":["PII"]}, "entity":"default.testtable@cl1"},
	"accessType":"entity-read","user":"user1","userGroups":["privacy-officers"]
	},
	"result":{"isAudited":true,"isAllowed":true,"policyId":10}
	}
	,
	{"name":"PII hive_table read by a email-admin",
	"request":{
	"resource":{"elements":{"entity-type":["hive_table", "DataSet"], "entity-classification":["PII"]}, "entity":"default.testtable@cl1"},
	"accessType":"entity-read","user":"user1","userGroups":["email-admins"]
	},
	"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
	}
	,
	{"name":"EMAIL_PII hive_table read by a privacy-officer",
	"request":{
	"resource":{"elements":{"entity-type":["hive_table", "DataSet"], "entity-classification":["PII", "EMAIL_PII"]}, "entity":"default.testtable@cl1"},
	"accessType":"entity-read","user":"user1","userGroups":["privacy-officers"]
	},
	"result":{"isAudited":true,"isAllowed":true,"policyId":10}
	}
	,
	{"name":"EMAIL_PII hive_table read by a email-admin",
	"request":{
	"resource":{"elements":{"entity-type":["hive_table", "DataSet"], "entity-classification":["PII", "EMAIL_PII"]}, "entity":"default.testtable@cl1"},
	"accessType":"entity-read","user":"user1","userGroups":["email-admins"]
	},
	"result":{"isAudited":true,"isAllowed":true,"policyId":20}
	}
	]
	}