Google Git
Sign in
apache / ranger / 4bb2f6f81b6bf31e4b19f07e01e4355a76ab3e0f / . / agents-common / src / test / resources / policyengine / test_policyengine_geo.json
blob: 4249996b85aae0162bc95ef149b8f252a3b8edfc [file] [log] [blame]
{
"serviceName":"hdfsdev",
"serviceDef":{
"name":"hdfs",
"id":1,
"resources":[
{"name":"path","type":"path","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Resource Path","description":"HDFS file or directory path"}
],
"accessTypes":[
{"name":"read","label":"Read"},
{"name":"write","label":"Write"},
{"name":"execute","label":"Execute"}
],
"contextEnrichers":
[
{
"itemId":1,
"name" : "GeolocationEnricher_format_long",
"enricher" : "org.apache.ranger.plugin.contextenricher.RangerFileBasedGeolocationProvider",
"enricherOptions" : {
"FilePath":"/etc/ranger/geo/geo_long.txt", "ForceRead":"false", "IPInDotFormat":"false"
,"geolocation.meta.prefix": "FORMAT_LONG_"
}
},
{
"itemId":2,
"name" : "GeolocationEnricher_format_dot",
"enricher" : "org.apache.ranger.plugin.contextenricher.RangerFileBasedGeolocationProvider",
"enricherOptions" : {
"FilePath":"/etc/ranger/geo/geo.txt", "ForceRead":"false", "IPInDotFormat":"true"
,"geolocation.meta.prefix": "FORMAT_DOT_"
}
}
],
"policyConditions": [
{
"itemId":1,
"name":"ScriptConditionEvaluator",
"evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerScriptConditionEvaluator",
"evaluatorOptions" : {"engineName":"JavaScript"},
"label":"Script",
"description": "Script to execute"
}
]
},
"policies":[
{"id":1,"name":"audit-all-access under /finance/restricted/","isEnabled":true,"isAuditEnabled":true,
"resources":{"path":{"values":["/finance/restricted/"],"isRecursive":true}},
"policyItems":[
{"accesses":[],"users":[],"groups":["public"],"delegateAdmin":false}
]
}
,
{"id":2,"name":"allow-read-to-all under /public/","isEnabled":true,"isAuditEnabled":false,
"resources":{"path":{"values":["/public/*"],"isRecursive":true}},
"policyItems":[
{"accesses":[{"type":"read","isAllowed":true},{"type":"execute","isAllowed":true}],"users":[],"groups":["public"],"delegateAdmin":false}
]
}
,
{"id":3,"name":"allow-read-to-finance under /finance/restricted","isEnabled":true,"isAuditEnabled":true,
"resources":{"path":{"values":["/finance/restricted"],"isRecursive":true}},
"policyItems":[
{"accesses":[{"type":"read","isAllowed":true}],"users":[],"groups":["finance"],"delegateAdmin":false,
"conditions":[{
"type":"ScriptConditionEvaluator",
"values":["var country_code_format_long = ctx.getRequestContextAttribute('LOCATION_FORMAT_LONG_COUNTRY_CODE'); var country_code_format_dot = ctx.getRequestContextAttribute('LOCATION_FORMAT_DOT_COUNTRY_CODE');ctx.result = (!!country_code_format_long && !!country_code_format_dot && (country_code_format_long == country_code_format_dot));"]
}]}
]
}
],
"tests":[
{"name":"ALLOW 'read /finance/restricted/sales.db' for g=finance; valid clientIPAddress",
"request":{
"resource":{"elements":{"path":"/finance/restricted/sales.db"}},
"accessType":"read","user":"user1","userGroups":["finance"],"requestData":"read /finance/restricted/sales.db"
,"remoteIPAddress":"255.255.255.255"
,"forwardedAddresses":["1.0.32.1"]
},
"result":{"isAudited":true,"isAllowed":true,"policyId":3}
}
,
{"name":"DENY 'read /finance/restricted/sales.db' for g=finance; invalid clientIPAddress",
"request":{
"resource":{"elements":{"path":"/finance/restricted/sales.db"}},
"accessType":"read","user":"user1","userGroups":["finance"],"requestData":"read /finance/restricted/sales.db",
"remoteIPAddress":"128.101.101.99"
},
"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
}
,
{"name":"ALLOW 'read /finance/restricted/sales.db' for g=finance; no clientIPAddress",
"request":{
"resource":{"elements":{"path":"/finance/restricted/sales.db"}},
"accessType":"read","user":"user1","userGroups":["finance"],"requestData":"read /finance/restricted/sales.db"
},
"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
}
,
{"name":"ALLOW 'read /finance/restricted/hr/payroll.db' for g=finance",
"request":{
"resource":{"elements":{"path":"/finance/restricted/hr/payroll.db"}},
"accessType":"read","user":"user1","userGroups":["finance"],"requestData":"read /finance/restricted/hr/payroll.db",
"remoteIPAddress":"128.101.101.101"
},
"result":{"isAudited":true,"isAllowed":true,"policyId":3}
}
,
{"name":"DENY 'read /operations/visitors.db' for g=finance",
"request":{
"resource":{"elements":{"path":"/operations/visitors.db"}},
"accessType":"read","user":"user1","userGroups":["finance"],"requestData":"read /operations/visitors.db",
"remoteIPAddress":"128.101.101.99"
},
"result":{"isAudited":false,"isAllowed":false,"policyId":-1}
}
,
{"name":"ALLOW 'read /public/technology/blogs.db' for g=finance",
"request":{
"resource":{"elements":{"path":"/public/technology/blogs.db"}},
"accessType":"read","user":"user1","userGroups":["finance"],"requestData":"read /public/technology/blogs.db"
},
"result":{"isAudited":false,"isAllowed":true,"policyId":2}
}
,
{"name":"DENY 'read /finance/restricted/sales.db' for g=hr",
"request":{
"resource":{"elements":{"path":"/finance/restricted/sales.db"}},
"accessType":"read","user":"user1","userGroups":["hr"],"requestData":"read /finance/restricted/sales.db"
},
"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
}
,
{"name":"FALSE 'read /finance/restricted/hr/payroll.db' for g=hr",
"request":{
"resource":{"elements":{"path":"/finance/restricted/hr/payroll.db"}},
"accessType":"read","user":"user1","userGroups":["hr"],"requestData":"read /finance/restricted/hr/payroll.db"
},
"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
}
,
{"name":"DENY 'read /operations/visitors.db' for g=hr",
"request":{
"resource":{"elements":{"path":"/operations/visitors.db"}},
"accessType":"read","user":"user1","userGroups":["hr"],"requestData":"read /operations/visitors.db"
},
"result":{"isAudited":false,"isAllowed":false,"policyId":-1}
}
,
{"name":"ALLOW 'read /public/technology/blogs.db' for g=hr",
"request":{
"resource":{"elements":{"path":"/public/technology/blogs.db"}},
"accessType":"read","user":"user1","userGroups":["hr"],"requestData":"read /public/technology/blogs.db"
},
"result":{"isAudited":false,"isAllowed":true,"policyId":2}
}
,
{"name":"DENY 'read /finance/restricted/sales.db' for u=user1",
"request":{
"resource":{"elements":{"path":"/finance/restricted/sales.db"}},
"accessType":"read","user":"user1","userGroups":[],"requestData":"read /finance/restricted/sales.db"
},
"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
}
,
{"name":"DENY 'read /finance/restricted/hr/payroll.db' for u=user1",
"request":{
"resource":{"elements":{"path":"/finance/restricted/hr/payroll.db"}},
"accessType":"read","user":"user1","userGroups":[],"requestData":"read /finance/restricted/hr/payroll.db"
},
"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
}
,
{"name":"DENY 'read /operations/visitors.db' for u=user1",
"request":{
"resource":{"elements":{"path":"/operations/visitors.db"}},
"accessType":"read","user":"user1","userGroups":[],"requestData":"read /operations/visitors.db"
},
"result":{"isAudited":false,"isAllowed":false,"policyId":-1}
}
,
{"name":"ALLOW 'read /public/technology/blogs.db' for u=user1",
"request":{
"resource":{"elements":{"path":"/public/technology/blogs.db"}},
"accessType":"read","user":"user1","userGroups":[],"requestData":"read /public/technology/blogs.db"
},
"result":{"isAudited":false,"isAllowed":true,"policyId":2}
}
,
{"name":"ALLOW 'read /public/technology' for u=user1",
"request":{
"resource":{"elements":{"path":"/public/technology/blogs.db"}},
"accessType":"read","user":"user1","userGroups":[],"requestData":"read /public/technology/blogs.db"
},
"result":{"isAudited":false,"isAllowed":true,"policyId":2}
}
,
{"name":"ALLOW 'read /public/technology' for u=user1",
"request":{
"resource":{"elements":{"path":"/public/technology/blogs.db"}},
"accessType":"execute","user":"user1","userGroups":[],"requestData":"read /public/technology/blogs.db"
},
"result":{"isAudited":false,"isAllowed":true,"policyId":2}
}
]
}