Google Git
Sign in
apache / ranger / 4bb2f6f81b6bf31e4b19f07e01e4355a76ab3e0f / . / agents-common / src / test / resources / policyengine / test_policyengine_hdfs_allaudit.json
blob: 8686251f6af30041272884f4af682d357a2db575 [file] [log] [blame]
{
"serviceName":"hdfsdev",
"auditMode":"audit-all",
"serviceDef":{
"name":"hdfs",
"id":1,
"resources":[
{"name":"path","type":"path","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Resource Path","description":"HDFS file or directory path"}
],
"accessTypes":[
{"name":"read","label":"Read"},
{"name":"write","label":"Write"},
{"name":"execute","label":"Execute"}
],
"contextEnrichers":
[
{
"itemId":1,
"name" : "GeolocationEnricher",
"enricher" : "org.apache.ranger.plugin.contextenricher.RangerFileBasedGeolocationProvider",
"enricherOptions" : {
"FilePath":"/etc/ranger/geo/geo.txt", "ForceRead":"false", "IPInDotFormat":"true"
,"geolocation.meta.prefix": "TEST_"
}
}
],
"policyConditions": [
{
"itemId":1,
"name":"ScriptConditionEvaluator",
"evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerScriptConditionEvaluator",
"evaluatorOptions" : {"engineName":"JavaScript"},
"label":"Script",
"description": "Script to execute"
}
]
},
"policies":[
{"id":1,"name":"audit-all-access under /finance/restricted/","isEnabled":true,"isAuditEnabled":true,
"resources":{"path":{"values":["/finance/restricted/"],"isRecursive":true}},
"policyItems":[
{"accesses":[],"users":[],"groups":["public"],"delegateAdmin":false}
]
}
,
{"id":2,"name":"allow-read-to-all under /public/","isEnabled":true,"isAuditEnabled":false,
"resources":{"path":{"values":["/public/*"],"isRecursive":true}},
"policyItems":[
{"accesses":[{"type":"read","isAllowed":true},{"type":"execute","isAllowed":true}],"users":[],"groups":["public"],"delegateAdmin":false}
]
}
,
{"id":3,"name":"allow-read-to-finance under /finance/restricted","isEnabled":true,"isAuditEnabled":true,
"resources":{"path":{"values":["/finance/restricted"],"isRecursive":true}},
"policyItems":[
{"accesses":[{"type":"read","isAllowed":true}],"users":[],"groups":["finance"],"delegateAdmin":false,
"conditions":[{
"type":"ScriptConditionEvaluator",
"values":["var country_code = ctx.getRequestContextAttribute('LOCATION_TEST_COUNTRY_CODE'); ctx.result = !!country_code;"]
}]}
]
}
],
"tests":[
{"name":"ALLOW 'read /finance/restricted/sales.db' for g=finance; valid clientIPAddress",
"request":{
"resource":{"elements":{"path":"/finance/restricted/sales.db"}},
"accessType":"read","user":"user1","userGroups":["finance"],"requestData":"read /finance/restricted/sales.db",
"remoteIPAddress":"255.255.255.255"
},
"result":{"isAudited":true,"isAllowed":true,"policyId":3}
}
,
{"name":"DENY 'read /finance/restricted/sales.db' for g=finance; invalid clientIPAddress",
"request":{
"resource":{"elements":{"path":"/finance/restricted/sales.db"}},
"accessType":"read","user":"user1","userGroups":["finance"],"requestData":"read /finance/restricted/sales.db",
"remoteIPAddress":"128.101.101.99"
},
"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
}
,
{"name":"ALLOW 'read /finance/restricted/sales.db' for g=finance; no clientIPAddress",
"request":{
"resource":{"elements":{"path":"/finance/restricted/sales.db"}},
"accessType":"read","user":"user1","userGroups":["finance"],"requestData":"read /finance/restricted/sales.db"
},
"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
}
,
{"name":"ALLOW 'read /finance/restricted/hr/payroll.db' for g=finance",
"request":{
"resource":{"elements":{"path":"/finance/restricted/hr/payroll.db"}},
"accessType":"read","user":"user1","userGroups":["finance"],"requestData":"read /finance/restricted/hr/payroll.db",
"remoteIPAddress":"128.101.101.101"
},
"result":{"isAudited":true,"isAllowed":true,"policyId":3}
}
,
{"name":"DENY 'read /operations/visitors.db' for g=finance",
"request":{
"resource":{"elements":{"path":"/operations/visitors.db"}},
"accessType":"read","user":"user1","userGroups":["finance"],"requestData":"read /operations/visitors.db",
"clientIPAddress":"128.101.101.99"
},
"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
}
,
{"name":"ALLOW 'read /public/technology/blogs.db' for g=finance",
"request":{
"resource":{"elements":{"path":"/public/technology/blogs.db"}},
"accessType":"read","user":"user1","userGroups":["finance"],"requestData":"read /public/technology/blogs.db"
},
"result":{"isAudited":true,"isAllowed":true,"policyId":2}
}
,
{"name":"DENY 'read /finance/restricted/sales.db' for g=hr",
"request":{
"resource":{"elements":{"path":"/finance/restricted/sales.db"}},
"accessType":"read","user":"user1","userGroups":["hr"],"requestData":"read /finance/restricted/sales.db"
},
"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
}
,
{"name":"FALSE 'read /finance/restricted/hr/payroll.db' for g=hr",
"request":{
"resource":{"elements":{"path":"/finance/restricted/hr/payroll.db"}},
"accessType":"read","user":"user1","userGroups":["hr"],"requestData":"read /finance/restricted/hr/payroll.db"
},
"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
}
,
{"name":"DENY 'read /operations/visitors.db' for g=hr",
"request":{
"resource":{"elements":{"path":"/operations/visitors.db"}},
"accessType":"read","user":"user1","userGroups":["hr"],"requestData":"read /operations/visitors.db"
},
"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
}
,
{"name":"ALLOW 'read /public/technology/blogs.db' for g=hr",
"request":{
"resource":{"elements":{"path":"/public/technology/blogs.db"}},
"accessType":"read","user":"user1","userGroups":["hr"],"requestData":"read /public/technology/blogs.db"
},
"result":{"isAudited":true,"isAllowed":true,"policyId":2}
}
,
{"name":"DENY 'read /finance/restricted/sales.db' for u=user1",
"request":{
"resource":{"elements":{"path":"/finance/restricted/sales.db"}},
"accessType":"read","user":"user1","userGroups":[],"requestData":"read /finance/restricted/sales.db"
},
"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
}
,
{"name":"DENY 'read /finance/restricted/hr/payroll.db' for u=user1",
"request":{
"resource":{"elements":{"path":"/finance/restricted/hr/payroll.db"}},
"accessType":"read","user":"user1","userGroups":[],"requestData":"read /finance/restricted/hr/payroll.db"
},
"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
}
,
{"name":"DENY 'read /operations/visitors.db' for u=user1",
"request":{
"resource":{"elements":{"path":"/operations/visitors.db"}},
"accessType":"read","user":"user1","userGroups":[],"requestData":"read /operations/visitors.db"
},
"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
}
,
{"name":"ALLOW 'read /public/technology/blogs.db' for u=user1",
"request":{
"resource":{"elements":{"path":"/public/technology/blogs.db"}},
"accessType":"read","user":"user1","userGroups":[],"requestData":"read /public/technology/blogs.db"
},
"result":{"isAudited":true,"isAllowed":true,"policyId":2}
}
,
{"name":"ALLOW 'read /public/technology' for u=user1",
"request":{
"resource":{"elements":{"path":"/public/technology/blogs.db"}},
"accessType":"read","user":"user1","userGroups":[],"requestData":"read /public/technology/blogs.db"
},
"result":{"isAudited":true,"isAllowed":true,"policyId":2}
}
,
{"name":"ALLOW 'read /public/technology' for u=user1",
"request":{
"resource":{"elements":{"path":"/public/technology/blogs.db"}},
"accessType":"execute","user":"user1","userGroups":[],"requestData":"read /public/technology/blogs.db"
},
"result":{"isAudited":true,"isAllowed":true,"policyId":2}
}
]
}