Google Git
Sign in
apache / ranger / 4bb2f6f81b6bf31e4b19f07e01e4355a76ab3e0f / . / agents-common / src / test / resources / policyengine / test_policyengine_tag_hive_mask.json
blob: a97bd2b77946812df113a05bd836b30fc8a22366 [file] [log] [blame]
{
"serviceName": "hivedev",
"serviceDef": {
"name": "hive",
"id": 3,
"resources": [
{
"name": "database",
"level": 1,
"mandatory": true,
"lookupSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": true,
"ignoreCase": true
},
"label": "Hive Database",
"description": "Hive Database"
},
{
"name": "table",
"level": 2,
"parent": "database",
"mandatory": true,
"lookupSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": true,
"ignoreCase": true
},
"label": "Hive Table",
"description": "Hive Table"
},
{
"name": "udf",
"level": 2,
"parent": "database",
"mandatory": true,
"lookupSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": true,
"ignoreCase": true
},
"label": "Hive UDF",
"description": "Hive UDF"
},
{
"name": "column",
"level": 3,
"parent": "table",
"mandatory": true,
"lookupSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": true,
"ignoreCase": true
},
"label": "Hive Column",
"description": "Hive Column"
}
],
"accessTypes": [
{
"name": "select",
"label": "Select"
},
{
"name": "update",
"label": "Update"
},
{
"name": "create",
"label": "Create"
},
{
"name": "grant",
"label": "Grant"
},
{
"name": "drop",
"label": "Drop"
},
{
"name": "alter",
"label": "Alter"
},
{
"name": "index",
"label": "Index"
},
{
"name": "lock",
"label": "Lock"
},
{
"name": "all",
"label": "All",
"impliedGrants": [
"select",
"update",
"create",
"grant",
"drop",
"alter",
"index",
"lock"
]
}
],
"dataMaskDef": {
"maskTypes": [
{
"itemId": 1,
"name": "MASK",
"label": "Mask",
"description": "Replace lowercase with 'x', uppercase with 'X', digits with '0'"
},
{
"itemId": 2,
"name": "SHUFFLE",
"label": "Shuffle",
"description": "Randomly shuffle the contents"
},
{
"itemId": 10,
"name": "NULL",
"label": "NULL",
"description": "Replace with NULL"
}
],
"accessTypes":[
{"name":"select","label":"Select"}
],
"resources":[
{"name":"database","matcherOptions":{"wildCard":false}},
{"name":"table","matcherOptions":{"wildCard":false}},
{"name":"column","matcherOptions":{"wildCard":false}}
]
},
"rowFilterDef": {
"accessTypes":[
{"name":"select","label":"Select"}
],
"resources":[
{"name":"database","matcherOptions":{"wildCard":false}},
{"name":"table","matcherOptions":{"wildCard":false}}
]
}
},
"policies": [
{
"id": 101,
"name": "db=*: audit-all-access",
"isEnabled": true,
"isAuditEnabled": true,
"resources": {
"database": {
"values": [
"*"
]
},
"table": {
"values": [
"*"
]
},
"column": {
"values": [
"*"
]
}
},
"policyItems": [
{
"accesses": [
{
"type": "all",
"isAllowed": true
}
],
"users": [
"hive",
"user1",
"user2"
],
"groups": [
"public"
],
"delegateAdmin": false
}
]
},
{
"id": 102,
"name": "db=*, udf=*: audit-all-access",
"isEnabled": true,
"isAuditEnabled": true,
"resources": {
"database": {
"values": [
"*"
]
},
"udf": {
"values": [
"*"
]
}
},
"policyItems": [
{
"accesses": [
{
"type": "all",
"isAllowed": true
}
],
"users": [
"hive",
"user1",
"user2"
],
"groups": [
"public"
],
"delegateAdmin": false
}
]
}
],
"tagPolicyInfo": {
"serviceName": "tagdev",
"serviceDef": {
"name": "tag",
"id": 100,
"resources": [
{
"itemId": 1,
"name": "tag",
"type": "string",
"level": 1,
"parent": "",
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": false,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": false,
"ignoreCase": false
},
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"label": "TAG",
"description": "TAG"
}
],
"accessTypes": [
{
"itemId": 1,
"name": "hive:select",
"label": "hive:select"
},
{
"itemId": 2,
"name": "hive:update",
"label": "hive:update"
},
{
"itemId": 3,
"name": "hive:create",
"label": "hive:create"
},
{
"itemId": 4,
"name": "hive:grant",
"label": "hive:grant"
},
{
"itemId": 5,
"name": "hive:drop",
"label": "hive:drop"
},
{
"itemId": 6,
"name": "hive:alter",
"label": "hive:alter"
},
{
"itemId": 7,
"name": "hive:index",
"label": "hive:index"
},
{
"itemId": 8,
"name": "hive:lock",
"label": "hive:lock"
},
{
"itemId": 9,
"name": "hive:all",
"label": "hive:all",
"impliedGrants": [
"hive:select",
"hive:update",
"hive:create",
"hive:grant",
"hive:drop",
"hive:alter",
"hive:index",
"hive:lock"
]
}
],
"dataMaskDef": {
"maskTypes": [
{
"itemId": 1,
"name": "MASK",
"label": "Mask",
"description": "Replace lowercase with 'x', uppercase with 'X', digits with '0'"
},
{
"itemId": 2,
"name": "SHUFFLE",
"label": "Shuffle",
"description": "Randomly shuffle the contents"
},
{
"itemId": 10,
"name": "NULL",
"label": "NULL",
"description": "Replace with NULL"
}
],
"accessTypes":[
{"name":"hive:select","label":"hive:Select"}
],
"resources":[
{"name":"tag","matcherOptions":{"wildCard":false}}
]
},
"rowFilterDef": {
"accessTypes":[
{"name":"hive:select","label":"hive:Select"}
],
"resources":[
{"name":"tag","matcherOptions":{"wildCard":false}}
]
},
"contextEnrichers": [
],
"policyConditions": [
{
"itemId": 1,
"name": "expression",
"evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerScriptConditionEvaluator",
"evaluatorOptions": {
"engineName": "JavaScript",
"ui.isMultiline": "true"
},
"label": "Enter boolean expression",
"description": "Boolean expression"
},
{
"itemId": 2,
"name": "enforce-expiry",
"evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerScriptTemplateConditionEvaluator",
"evaluatorOptions": {
"scriptTemplate": "ctx.isAccessedAfter('expiry_date');"
},
"label": "Deny access after expiry_date?",
"description": "Deny access after expiry_date? (yes/no)"
}
]
},
"tagPolicies": [
{
"id": 1,
"name": "RESTRICTED_TAG_POLICY",
"isEnabled": true,
"isAuditEnabled": true,
"policyType": 1,
"resources": {
"tag": {
"values": [
"RESTRICTED"
],
"isRecursive": false
}
},
"dataMaskPolicyItems": [
{
"accesses": [
{
"type": "select",
"isAllowed": true
}
],
"users": [
"user1"
],
"groups": [],
"delegateAdmin": false,
"dataMaskInfo": {
"dataMaskType": "MASK"
}
},
{
"accesses": [
{
"type": "select",
"isAllowed": true
}
],
"users": [
"user2"
],
"groups": [],
"delegateAdmin": false,
"dataMaskInfo": {
"dataMaskType": "SHUFFLE"
}
}
]
}
]
},
"tests": [
{
"name": "'select ssn from employee.personal;' for user1 - maskType=MASK",
"request": {
"resource": {
"elements": {
"database": "employee",
"table": "personal",
"column": "ssn"
}
},
"accessType": "select",
"user": "user1",
"userGroups": [],
"requestData": "select ssn from employee.personal;' for user1",
"context": {
"TAGS": "[{\"type\":\"RESTRICTED\"}]"
}
},
"dataMaskResult":{"additionalInfo":{"maskType":"MASK","maskCondition":null,"maskValue":null},"policyId":1}
},
{
"name": "'select ssn from employee.personal;' for user2 - maskType=SHUFFLE",
"request": {
"resource": {
"elements": {
"database": "employee",
"table": "personal",
"column": "ssn"
}
},
"accessType": "select",
"user": "user2",
"userGroups": [],
"requestData": "select ssn from employee.personal;' for user2",
"context": {
"TAGS": "[{\"type\":\"RESTRICTED\"}]"
}
},
"dataMaskResult":{"additionalInfo":{"maskType":"SHUFFLE","maskCondition":null,"maskValue":null},"policyId":1}
},
{
"name": "'select ssn from employee.personal;' for hive - maskType=NONE",
"request": {
"resource": {
"elements": {
"database": "employee",
"table": "personal",
"column": "ssn"
}
},
"accessType": "select",
"user": "hive",
"userGroups": [],
"requestData": "select ssn from employee.personal;' for hive",
"context": {
"TAGS": "[{\"type\":\"RESTRICTED\"}]"
}
},
"dataMaskResult":{"additionalInfo":{"maskType":null,"maskCondition":null,"maskValue":null},"policyId":-1}
}
]
}