Google Git
Sign in
apache/ranger/refs/heads/CodeStyleHbase/./agents-common/src/test/resources/policyengine/test_policyengine_aws.json
blob: 56e082ad8c4f20ad2b8f0392ea53828e1918b98f [file] [log] [blame]
{
"serviceName":"awsdev",
"serviceDef":{
"name":"hdfs",
"id":1,
"resources":[
{"name":"path","type":"path","level":1,"mandatory":true,"lookupSupported":true,"recursiveSupported": true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Resource Path","description":"HDFS file or directory path"}
],
"accessTypes":[
{"name":"read","label":"Read"},
{"name":"write","label":"Write"},
{"name":"execute","label":"Execute"}
],
"contextEnrichers": [],
"policyConditions": []
},
"policies":[
{"id":10,"name":"allow-all-to-user1 /","isEnabled":true,"isAuditEnabled":true,
"resources":{"path":{"values":["/"],"isRecursive":false}},
"policyItems":[
{"accesses":[{"type":"read","isAllowed":true}, {"type":"write","isAllowed":true}, {"type":"execute","isAllowed":true}],"users":["user1"],"groups":[],"delegateAdmin":false}
]
}
,
{"id":20,"name":"allow-all-to-user1 /home/","isEnabled":true,"isAuditEnabled":true,
"resources":{"path":{"values":["/home/"],"isRecursive":false}},
"policyItems":[
{"accesses":[{"type":"read","isAllowed":true}, {"type":"write","isAllowed":true}, {"type":"execute","isAllowed":true}],"users":["user1"],"groups":[],"delegateAdmin":false}
]
}
,
{"id":30,"name":"allow-all-to-user1 /tmpa/b","isEnabled":true,"isAuditEnabled":true,
"resources":{"path":{"values":["/tmpa/b"],"isRecursive":false}},
"policyItems":[
{"accesses":[{"type":"read","isAllowed":true}, {"type":"write","isAllowed":true}, {"type":"execute","isAllowed":true}],"users":["user1"],"groups":[],"delegateAdmin":false}
]
}
,
{"id":40,"name":"allow-all-to-user1 /tmp/ab","isEnabled":true,"isAuditEnabled":true,
"resources":{"path":{"values":["/tmp/ab"],"isRecursive":false}},
"policyItems":[
{"accesses":[{"type":"read","isAllowed":true}, {"type":"write","isAllowed":true}, {"type":"execute","isAllowed":true}],"users":["user1"],"groups":[],"delegateAdmin":false}
]
}
,
{"id":50,"name":"allow-all-to-user1 /tmp/a/b","isEnabled":true,"isAuditEnabled":true,
"resources":{"path":{"values":["/tmp/a/b"],"isRecursive":false}},
"policyItems":[
{"accesses":[{"type":"read","isAllowed":true}, {"type":"write","isAllowed":true}, {"type":"execute","isAllowed":true}],"users":["user1"],"groups":[],"delegateAdmin":false}
]
}
,
{"id":60,"name":"allow-all-to-user1 /tmp/ac/d/e/f","isEnabled":true,"isAuditEnabled":true,
"resources":{"path":{"values":["/tmp/ac/d/e/f"],"isRecursive":false}},
"policyItems":[
{"accesses":[{"type":"read","isAllowed":true}, {"type":"write","isAllowed":true}, {"type":"execute","isAllowed":true}],"users":["user1"],"groups":[],"delegateAdmin":false}
]
}
,
{"id":70,"name":"allow-all-to-user1 /tmpfile","isEnabled":true,"isAuditEnabled":true,
"resources":{"path":{"values":["/tmpfile"],"isRecursive":false}},
"policyItems":[
{"accesses":[{"type":"read","isAllowed":true}, {"type":"write","isAllowed":true}, {"type":"execute","isAllowed":true}],"users":["user1"],"groups":[],"delegateAdmin":false}
]
}
,
{"id":80,"name":"allow-all-to-user1 /tmp.txt","isEnabled":true,"isAuditEnabled":true,
"resources":{"path":{"values":["/tmp.txt"],"isRecursive":false}},
"policyItems":[
{"accesses":[{"type":"read","isAllowed":true}, {"type":"write","isAllowed":true}, {"type":"execute","isAllowed":true}],"users":["user1"],"groups":[],"delegateAdmin":false}
]
},
{"id":100,"name":"allow-read-to-/tmp/{USER}}", "isEnabled":true,"isAuditEnabled":true,
"resources":{"path":{"values":["/tmp/{USER}"],"isRecursive":true}},
"policyItems":[
{"accesses":[{"type":"read","isAllowed":true}],"users":["{USER}"],"groups":[],"delegateAdmin":false}
]
},
{"id":200,"name":"allow-all-to-/tmp/{USER}/subdir}","isEnabled":true,"isAuditEnabled":true,
"resources":{"path":{"values":["/tmp/{USER}/subdir"],"isRecursive":true}},
"policyItems":[
{"accesses":[{"type":"read","isAllowed":true}, {"type":"write","isAllowed":true}, {"type":"execute","isAllowed":true}],"users":["{USER}"],"groups":[],"delegateAdmin":false}
]
},
{"id":300,"name":"allow-read-to-/user/dir}","isEnabled":true,"isAuditEnabled":true,
"resources":{"path":{"values":["/user/dir"],"isRecursive":true}},
"policyItems":[
{"accesses":[{"type":"read","isAllowed":true}],"users":["scott"],"groups":[],"delegateAdmin":false}
]
},
{"id":400,"name":"allow-all-to-/user/dir/subdir}","isEnabled":true,"isAuditEnabled":true,
"resources":{"path":{"values":["/user/dir/subdir"],"isRecursive":true}},
"policyItems":[
{"accesses":[{"type":"read","isAllowed":true}, {"type":"write","isAllowed":true}, {"type":"execute","isAllowed":true}],"users":["scott"],"groups":[],"delegateAdmin":false}
]
},
{"id":500,"name":"allow-read-to-/user/{USER}/a*}", "isEnabled":true,"isAuditEnabled":true,
"resources":{"path":{"values":["/user/{USER}/*"],"isRecursive":true}},
"policyItems":[
{"accesses":[{"type":"read","isAllowed":true}],"users":["{USER}"],"groups":[],"delegateAdmin":false}
]
}
],
"tests":[
{"name":"ALLOW 'write /tmp/scott' for u=scott for scope SELF_OR_CHILD",
"request":{
"resource":{"elements":{"path":"/tmp/scott"}}, "resourceElementMatchingScopes": { "path": "SELF_OR_CHILD" },
"accessType":"write","user":"scott","userGroups":[],"requestData":"write /tmp/scott"
},
"result":{"isAudited":true,"isAllowed":true,"policyId": 200}
},
{"name":"DENY 'ANY /tmp/scott' for u=joe for scope SELF_OR_CHILD",
"request":{
"resource":{"elements":{"path":"/tmp/scott"}}, "resourceElementMatchingScopes": { "path": "SELF_OR_CHILD" },
"accessType":"","user":"joe","userGroups":[],"requestData":"ANY /tmp/scott"
},
"result":{"isAudited":false,"isAllowed":false,"policyId": -1}
},
{"name":"ALLOW 'ANY /tmp/scott' for u=scott for scope SELF",
"request":{
"resource":{"elements":{"path":"/tmp/scott"}},
"accessType":"","user":"scott","userGroups":[],"requestData":"ANY /tmp/scott"
},
"result":{"isAudited":true,"isAllowed":true,"policyId": 100}
},
{"name":"DENY 'ANY /tmp/scott' for u=joe for scope SELF",
"request":{
"resource":{"elements":{"path":"/tmp/scott"}},
"accessType":"","user":"joe","userGroups":[],"requestData":"ANY /tmp/scott"
},
"result":{"isAudited":false,"isAllowed":false,"policyId": -1}
},
{"name":"ALLOW 'write /user/dir' for u=scott for scope SELF_OR_CHILD",
"request":{
"resource":{"elements":{"path":"/user/dir"}}, "resourceElementMatchingScopes": { "path": "SELF_OR_CHILD" },
"accessType":"write","user":"scott","userGroups":[],"requestData":"write /user/dir"
},
"result":{"isAudited":true,"isAllowed":true,"policyId": 400}
},
{"name":"ALLOW 'ANY /user/dir' for u=scott for scope SELF",
"request":{
"resource":{"elements":{"path":"/user/dir"}},
"accessType":"","user":"scott","userGroups":[],"requestData":"ANY /user/dir"
},
"result":{"isAudited":true,"isAllowed":true,"policyId": 300}
},
{"name":"DENY 'ANY /user/dir' for u=joe for scope SELF_OR_CHILD",
"request":{
"resource":{"elements":{"path":"/user/dir"}}, "resourceElementMatchingScopes": { "path": "SELF_OR_CHILD" },
"accessType":"","user":"joe","userGroups":[],"requestData":"ANY /user/dir"
},
"result":{"isAudited":true,"isAllowed":false,"policyId": -1}
},
{"name":"ALLOW 'read /user/scott' for u=scott for scope SELF_OR_CHILD",
"request":{
"resource":{"elements":{"path":"/user/scott"}}, "resourceElementMatchingScopes": { "path": "SELF_OR_CHILD" },
"accessType":"read","user":"scott","userGroups":[],"requestData":"read /tmp/scott"
},
"result":{"isAudited":true,"isAllowed":true,"policyId": 500}
},
{"name":"DENY 'read /user/scott' for u=scott for scope SELF",
"request":{
"resource":{"elements":{"path":"/user/scott"}},
"accessType":"read","user":"scott","userGroups":[],"requestData":"read /tmp/scott"
},
"result":{"isAudited":false,"isAllowed":false,"policyId": -1}
},
{"name":"ALLOW 'ANY /' for u=user1",
"request":{
"resource":{"elements":{"path":"/"}}, "resourceElementMatchingScopes": { "path": "SELF_OR_CHILD" },
"accessType":"","user":"user1","userGroups":[],"requestData":"ANY /"
},
"result":{"isAudited":true,"isAllowed":true,"policyId":20}
}
,
{"name":"ALLOW 'ANY /tmp' for u=user1",
"request":{
"resource":{"elements":{"path":"/tmp"}}, "resourceElementMatchingScopes": { "path": "SELF_OR_CHILD" },
"accessType":"","user":"user1","userGroups":[],"requestData":"ANY /tmp"
},
"result":{"isAudited":true,"isAllowed":true,"policyId":40}
}
,
{"name":"ALLOW 'ANY /tmp/' for u=user1",
"request":{
"resource":{"elements":{"path":"/tmp/"}}, "resourceElementMatchingScopes": { "path": "SELF_OR_CHILD" },
"accessType":"","user":"user1","userGroups":[],"requestData":"ANY /tmp/"
},
"result":{"isAudited":true,"isAllowed":true,"policyId":40}
}
,
{"name":"ALLOW 'ANY /tmp/a' for u=user1",
"request":{
"resource":{"elements":{"path":"/tmp/a"}}, "resourceElementMatchingScopes": { "path": "SELF_OR_CHILD" },
"accessType":"","user":"user1","userGroups":[],"requestData":"ANY /tmp/a"
},
"result":{"isAudited":true,"isAllowed":true,"policyId":50}
}
,
{"name":"DENY 'ANY /tmp/ac' for u=user1",
"request":{
"resource":{"elements":{"path":"/tmp/ac"}}, "resourceElementMatchingScopes": { "path": "SELF_OR_CHILD" },
"accessType":"","user":"user1","userGroups":[],"requestData":"ANY /tmp/ac"
},
"result":{"isAudited":false,"isAllowed":false,"policyId":-1}
}
,
{"name":"DENY 'ANY /tmp/ac/d' for u=user1",
"request":{
"resource":{"elements":{"path":"/tmp/ac/d"}}, "resourceElementMatchingScopes": { "path": "SELF_OR_CHILD" },
"accessType":"","user":"user1","userGroups":[],"requestData":"ANY /tmp/ac/d"
},
"result":{"isAudited":false,"isAllowed":false,"policyId":-1}
}
,
{"name":"ALLOW 'ANY /tmp/ac/d/e' for u=user1",
"request":{
"resource":{"elements":{"path":"/tmp/ac/d/e"}}, "resourceElementMatchingScopes": { "path": "SELF_OR_CHILD" },
"accessType":"","user":"user1","userGroups":[],"requestData":"ANY /tmp/ac/d/e"
},
"result":{"isAudited":true,"isAllowed":true,"policyId":10}
}
]
}