Google Git
Sign in
apache / ranger / 4bb2f6f81b6bf31e4b19f07e01e4355a76ab3e0f / . / agents-common / src / test / resources / policyengine / test_policyengine_temporary.json
blob: 17cf32238628277c54573fbad25854eb43d8e5b2 [file] [log] [blame]
{
"serviceName":"hdfsdev",
"serviceDef":{
"name":"hdfs",
"id":1,
"resources":[
{"name":"path","type":"path","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Resource Path","description":"HDFS file or directory path"}
],
"options": {
"enableDenyAndExceptionsInPolicies":"true"
},
"accessTypes":[
{"name":"read","label":"Read"},
{"name":"write","label":"Write"},
{"name":"execute","label":"Execute"}
]
},
"policies":[
{
"id": 99,
"name": "/resource: allow: groups=public",
"isEnabled": true,
"isAuditEnabled": true,
"resources": {
"path": { "values": [ "/resource" ], "isRecursive": true }
},
"policyItems": [
{
"accesses":[
{"type":"read"},
{"type": "execute" },
{"type":"write"}
],
"groups" : ["public"]
}
]
},
{
"id": 1,
"name": "/resource: allow: users=super; deny: user=user",
"isEnabled": true,
"isAuditEnabled": true,
"resources": {
"path": { "values": [ "/resource" ], "isRecursive": true }
},
"policyPriority":1,
"validitySchedules": [
{
"startTime": "2018/01/12 14:32:00",
"endTime": "2020/02/13 12:16:00",
"recurrences": [
{
"schedule": {
"minute": "0,10,20,30,40,50",
"hour": "*",
"dayOfMonth": "*",
"dayOfWeek": "5,7",
"month": "*",
"year": "2018"
},
"interval": {
"minutes": 4
}
}
]
}
],
"policyItems": [
{
"accesses":[
{"type":"read"},
{"type":"write"}
],
"users":["super"]
}
],
"allowExceptions":[ ],
"denyPolicyItems": [
{
"accesses": [
{ "type": "read" },
{ "type": "execute" },
{ "type": "write" }
],
"users": [ "user"]
}
],
"denyExceptions":[ ]
},
{
"id": 2,
"name": "/unaudited-resource: allow: users=super deny: user=user",
"isEnabled": true,
"isAuditEnabled": false,
"resources": {
"path": { "values": [ "/unaudited-resource" ], "isRecursive": true }
},
"validitySchedules": [],
"policyItems": [
{
"accesses":[
{"type":"read" },
{"type":"write" }
],
"users":["super"]
}
],
"allowExceptions":[ ],
"denyPolicyItems": [
{
"accesses": [
{ "type": "read" },
{ "type": "execute" },
{ "type": "write" }
],
"users": [ "user" ]
}
],
"denyExceptions":[ ]
}
],
"tagPolicyInfo": {
"serviceName":"tagdev",
"serviceDef": {
"name": "tag",
"id": 100,
"resources": [
{ "name": "tag", "type": "string", "level": 1, "mandatory": true, "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", "matcherOptions": { "wildCard": false, "ignoreCase": false }, "label": "TAG", "description": "TAG" }
],
"accessTypes": [
{ "name": "hdfs:read", "label": "hdfs:Read" },
{ "name": "hdfs:write", "label": "hdfs:Write" },
{ "name": "hdfs:execute", "label": "hdfs:Execute" }
],
"contextEnrichers": [ ],
"policyConditions": [ ]
},
"tagPolicies":[
{
"id":101,
"name":"PII",
"isEnabled":true,
"isAuditEnabled":true,
"resources":{"tag":{"values":["PII"],"isRecursive":false}},
"policyItems":[
{
"accesses":[
{"type":"hdfs:read", "isAllowed":true},
{"type":"hdfs:write", "isAllowed":true}
],
"users":["super"]
}
],
"allowExceptions":[ ],
"denyPolicyItems":[
{
"accesses":[
{"type":"hdfs:read" },
{"type":"hdfs:write" }
],
"users":["user"]
}
],
"denyExceptions":[ ],
"policyPriority":1,
"validitySchedules": [
{
"startTime": "2018/01/12 14:32:00",
"endTime": "2020/02/13 12:16:00",
"recurrences": [
{
"schedule": {
"minute": "0,10,20,30,40,50",
"hour": "*",
"dayOfMonth": "*",
"dayOfWeek": "5,7",
"month": "*",
"year": "2018"
},
"interval": {
"minutes": 5
}
}
]
}
]
},
{
"id":102,
"name":"Unaudited-TAG",
"isEnabled":true,
"isAuditEnabled":false,
"resources":{"tag":{"values":["Unaudited-TAG"],"isRecursive":false}},
"validitySchedules": [],
"policyItems":[
{
"accesses":[
{"type":"hdfs:read" },
{"type":"hdfs:write" }
],
"users":["super"]
}
],
"allowExceptions":[ ],
"denyPolicyItems":[
{
"accesses":[
{"type":"hdfs:read" },
{"type":"hdfs:write" }
],
"users":["user"]
}
],
"denyExceptions":[ ]
}
]
},
"tests":[
{
"name": "ALLOW 'read /resource' for u=user no tag temporarily",
"request": {
"resource": {
"elements": {
"path": "/resource"
}
},
"accessType": "read",
"user": "user",
"userGroups": [],
"requestData": "read /resource for u=user no tag temporarily",
"context": {
"TAGS": "[{\"type\":\"PII\",\"options\":{\"TAG_VALIDITY_PERIODS\":\"[{\\\"startTime\\\":\\\"2018/01/12 14:32:00\\\",\\\"endTime\\\":\\\"2020/02/13 12:16:00\\\",\\\"recurrences\\\":[{\\\"schedule\\\":{\\\"minute\\\":\\\"0,10,20,30,40,50\\\",\\\"hour\\\":\\\"*\\\",\\\"dayOfMonth\\\":\\\"*\\\",\\\"dayOfWeek\\\":\\\"5,7\\\",\\\"month\\\":\\\"*\\\",\\\"year\\\":\\\"2018\\\"},\\\"interval\\\":{\\\"days\\\":0,\\\"hours\\\":0,\\\"minutes\\\":4}}]}]\"}}]"
},
"accessTime": "20180127-10:06:00.000-0800"
},
"result": {"isAudited": true, "isAllowed": true, "policyId": 99}
},
{
"name": "DENY 'read /resource' for u=user tag temporarily",
"request": {
"resource": {
"elements": {
"path": "/resource"
}
},
"accessType": "read",
"user": "user",
"userGroups": [],
"requestData": "read /resource for u=user tag temporarily",
"context": {
"TAGS": "[{\"type\":\"PII\",\"options\":{\"TAG_VALIDITY_PERIODS\":\"[{\\\"startTime\\\":\\\"2018/01/12 14:32:00\\\",\\\"endTime\\\":\\\"2020/02/13 12:16:00\\\",\\\"recurrences\\\":[{\\\"schedule\\\":{\\\"minute\\\":\\\"0,10,20,30,40,50\\\",\\\"hour\\\":\\\"*\\\",\\\"dayOfMonth\\\":\\\"*\\\",\\\"dayOfWeek\\\":\\\"5,7\\\",\\\"month\\\":\\\"*\\\",\\\"year\\\":\\\"2018\\\"},\\\"interval\\\":{\\\"days\\\":0,\\\"hours\\\":0,\\\"minutes\\\":7}}]}]\"}}]"
},
"accessTime": "20180127-10:05:00.000-0800"
},
"result": {"isAudited": true, "isAllowed": false, "policyId": 101}
},
{
"name": "ALLOW 'read /resource' for u=user temporarily",
"request": {
"resource": {
"elements": {
"path": "/resource"
}
},
"accessType": "read",
"user": "user",
"userGroups": [],
"requestData": "read /resource temporarily",
"accessTime": "20180127-10:06:00.000-0800"
},
"result": {"isAudited": true, "isAllowed": true, "policyId": 99}
},
{
"name": "DENY 'read /resource' for u=user temporarily",
"request": {
"resource": {
"elements": {
"path": "/resource"
}
},
"accessType": "read",
"user": "user",
"userGroups": [],
"requestData": "read /resource temporarily",
"accessTime": "20180127-10:03:00.000-0800"
},
"result": {"isAudited": true, "isAllowed": false, "policyId": 1}
},
{
"name": "DENY 'read /resource' for u=user",
"request": {
"resource": { "elements": { "path": "/resource" } },
"accessType": "read",
"user": "user",
"userGroups": [ ],
"requestData": "read /resource for u=user",
"accessTime": "20180127-10:03:00.000-0800",
"context": {
"TAGS": "[{\"type\":\"PII\"}]"
}
},
"result": { "isAudited": true, "isAllowed": false, "policyId": 101 }
},
{
"name": "ALLOW 'read /resource' for u=super",
"request": {
"resource": { "elements": { "path": "/resource" } },
"accessType": "read",
"user": "super",
"userGroups": [ ],
"requestData": "read /resource for u=super",
"accessTime": "20180127-10:03:00.000-0800",
"context": {
"TAGS": "[{\"type\":\"PII\"}]"
}
},
"result": { "isAudited": true, "isAllowed": true, "policyId": 101 }
}
,
{
"name": "ALLOW 'read /resource' for u=super",
"request": {
"resource": { "elements": { "path": "/resource" } },
"accessType": "read",
"user": "super",
"userGroups": [ ],
"requestData": "read /resource for u=super",
"accessTime": "20180127-10:03:00.000-0800"
},
"result": { "isAudited": true, "isAllowed": true, "policyId": 1 }
},
{
"name": "ALLOW 'read /resource' for u=any",
"request": {
"resource": { "elements": { "path": "/resource" } },
"accessType": "read",
"user": "any",
"userGroups": [ ],
"requestData": "read /resource for u=any"
},
"result": { "isAudited": true, "isAllowed": true, "policyId": 99 }
}
]
}