Google Git
Sign in
apache / ranger / refs/heads/master / . / ranger-tools / scripts / gen_service_policies.sh
blob: 3d05d9fed5f9937170c48ccb886926f618f66d65 [file] [log] [blame]
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
echo_stderr ()
{
echo "$@" >&2
}
if [ $# -ne 2 ]
then
echo_stderr "usage: $0 <service_name> <num_of_resource_policies>"
fi
service_name=cm_hive
num_of_resource_policies=1
if [ $# -eq 1 ]
then
service_name=$1
echo_stderr "service_name=${service_name}, num_of_resource_policies=${num_of_resource_policies}"
fi
if [ $# -eq 2 ]
then
num_of_resource_policies=$2
echo_stderr "service_name=${service_name}, num_of_resource_policies=${num_of_resource_policies}"
else
echo_stderr "Assuming service_name=${service_name}, num_of_resource_policies=${num_of_resource_policies}"
fi
echo "{
\"serviceName\": \"${service_name}\",
\"serviceId\": 2,
\"policies\": [
"
for ((i = 1; i <= $num_of_resource_policies; i++)); do
if [ $i -ne 1 ]
then
echo " ,"
fi
echo " {
\"name\": \"${service_name}-${i}\",
\"id\": ${i},
\"isEnabled\": true,
\"isAuditEnabled\": true,
\"resources\": {
\"database\": { \"values\": [ \"finance_${i}\" ], \"isExcludes\": false, \"isRecursive\": false },
\"table\": { \"values\": [ \"tax_2020_${i}\" ], \"isExcludes\": false, \"isRecursive\": false },
\"column\": { \"values\": [ \"*\" ], \"isExcludes\": false, \"isRecursive\": false }
},
\"policyItems\": [],
\"denyPolicyItems\": [
{ \"accesses\": [ { \"type\": \"all\", \"isAllowed\": true } ], \"users\": [ \"hrt_1\" ] }
]
}"
done
echo " ],"
echo "
\"serviceDef\": {
\"name\": \"hive\",
\"implClass\": \"org.apache.ranger.services.hive.RangerServiceHive\",
\"label\": \"Hive Server2\",
\"options\": {},
\"configs\": [
{
\"itemId\": 1,
\"name\": \"username\",
\"type\": \"string\",
\"mandatory\": true,
\"validationRegEx\": \"\",
\"validationMessage\": \"\",
\"uiHint\": \"\",
\"label\": \"Username\"
},
{
\"itemId\": 2,
\"name\": \"password\",
\"type\": \"password\",
\"mandatory\": true,
\"validationRegEx\": \"\",
\"validationMessage\": \"\",
\"uiHint\": \"\",
\"label\": \"Password\"
},
{
\"itemId\": 3,
\"name\": \"jdbc.driverClassName\",
\"type\": \"string\",
\"mandatory\": true,
\"defaultValue\": \"org.apache.hive.jdbc.HiveDriver\",
\"validationRegEx\": \"\",
\"validationMessage\": \"\",
\"uiHint\": \"\"
},
{
\"itemId\": 4,
\"name\": \"jdbc.url\",
\"type\": \"string\",
\"mandatory\": true,
\"defaultValue\": \"\",
\"validationRegEx\": \"\",
\"validationMessage\": \"\",
\"uiHint\": \"\"
},
{
\"itemId\": 5,
\"name\": \"commonNameForCertificate\",
\"type\": \"string\",
\"mandatory\": false,
\"validationRegEx\": \"\",
\"validationMessage\": \"\",
\"uiHint\": \"\",
\"label\": \"Common Name for Certificate\"
}
],
\"resources\": [
{
\"itemId\": 1,
\"name\": \"database\",
\"type\": \"string\",
\"level\": 10,
\"mandatory\": true,
\"lookupSupported\": true,
\"recursiveSupported\": false,
\"excludesSupported\": true,
\"matcher\": \"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher\",
\"matcherOptions\": {
\"wildCard\": \"true\",
\"ignoreCase\": \"true\"
},
\"validationRegEx\": \"\",
\"validationMessage\": \"\",
\"uiHint\": \"\",
\"label\": \"Hive Database\"
},
{
\"itemId\": 2,
\"name\": \"table\",
\"type\": \"string\",
\"level\": 20,
\"parent\": \"database\",
\"mandatory\": true,
\"lookupSupported\": true,
\"recursiveSupported\": false,
\"excludesSupported\": true,
\"matcher\": \"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher\",
\"matcherOptions\": {
\"wildCard\": \"true\",
\"ignoreCase\": \"true\"
},
\"validationRegEx\": \"\",
\"validationMessage\": \"\",
\"uiHint\": \"\",
\"label\": \"Hive Table\"
},
{
\"itemId\": 3,
\"name\": \"udf\",
\"type\": \"string\",
\"level\": 20,
\"parent\": \"database\",
\"mandatory\": true,
\"lookupSupported\": true,
\"recursiveSupported\": false,
\"excludesSupported\": true,
\"matcher\": \"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher\",
\"matcherOptions\": {
\"wildCard\": \"true\",
\"ignoreCase\": \"true\"
},
\"validationRegEx\": \"\",
\"validationMessage\": \"\",
\"uiHint\": \"\",
\"label\": \"Hive UDF\"
},
{
\"itemId\": 4,
\"name\": \"column\",
\"type\": \"string\",
\"level\": 30,
\"parent\": \"table\",
\"mandatory\": true,
\"lookupSupported\": true,
\"recursiveSupported\": false,
\"excludesSupported\": true,
\"matcher\": \"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher\",
\"matcherOptions\": {
\"wildCard\": \"true\",
\"ignoreCase\": \"true\"
},
\"validationRegEx\": \"\",
\"validationMessage\": \"\",
\"uiHint\": \"\",
\"label\": \"Hive Column\"
}
],
\"accessTypes\": [
{
\"itemId\": 1,
\"name\": \"select\",
\"label\": \"select\",
\"impliedGrants\": []
},
{
\"itemId\": 2,
\"name\": \"update\",
\"label\": \"update\",
\"impliedGrants\": []
},
{
\"itemId\": 3,
\"name\": \"create\",
\"label\": \"Create\",
\"impliedGrants\": []
},
{
\"itemId\": 4,
\"name\": \"drop\",
\"label\": \"Drop\",
\"impliedGrants\": []
},
{
\"itemId\": 5,
\"name\": \"alter\",
\"label\": \"Alter\",
\"impliedGrants\": []
},
{
\"itemId\": 6,
\"name\": \"index\",
\"label\": \"Index\",
\"impliedGrants\": []
},
{
\"itemId\": 7,
\"name\": \"lock\",
\"label\": \"Lock\",
\"impliedGrants\": []
},
{
\"itemId\": 8,
\"name\": \"all\",
\"label\": \"All\",
\"impliedGrants\": [
\"select\",
\"update\",
\"create\",
\"drop\",
\"alter\",
\"index\",
\"lock\"
]
}
],
\"policyConditions\": [
{
\"itemId\": 1,
\"name\": \"resources-accessed-together\",
\"evaluator\": \"org.apache.ranger.plugin.conditionevaluator.RangerHiveResourcesAccessedTogetherCondition\",
\"evaluatorOptions\": {},
\"label\": \"Hive Resources Accessed Together?\"
}
],
\"contextEnrichers\": [],
\"enums\": [],
\"id\": 3,
\"isEnabled\": true
},
\"tagPolicies\": {
\"serviceName\": \"tagdev\",
\"serviceId\": 3,
\"policyVersion\": 1,
\"policies\": [
{
\"service\": \"tagdev\",
\"name\": \"tagdev-EXPIRES_ON\",
\"isAuditEnabled\": true,
\"resources\": {
\"tag\": {
\"values\": [
\"EXPIRES_ON\"
],
\"isExcludes\": false,
\"isRecursive\": false
}
},
\"policyItems\": [],
\"denyPolicyItems\": [
{
\"accesses\": [
{
\"type\": \"hive:select\",
\"isAllowed\": true
},
{
\"type\": \"hive:update\",
\"isAllowed\": true
},
{
\"type\": \"hive:create\",
\"isAllowed\": true
},
{
\"type\": \"hive:drop\",
\"isAllowed\": true
},
{
\"type\": \"hive:alter\",
\"isAllowed\": true
},
{
\"type\": \"hive:index\",
\"isAllowed\": true
},
{
\"type\": \"hive:lock\",
\"isAllowed\": true
},
{
\"type\": \"hive:all\",
\"isAllowed\": true
}
],
\"users\": [],
\"groups\": [
\"public\"
],
\"conditions\": [
{
\"type\": \"accessed-after-expiry\",
\"values\": [
\"yes\"
]
}
],
\"isEnabled\": true
}
],
\"allowExceptions\": [],
\"denyExceptions\": [],
\"id\": 4,
\"isEnabled\": true
}
],
\"serviceDef\": {
\"name\": \"tag\",
\"implClass\": \"org.apache.ranger.services.tag.RangerServiceTag\",
\"label\": \"TAG\",
\"options\": {
\"ui.pages\": \"tag-based-policies\"
},
\"configs\": [],
\"resources\": [
{
\"itemId\": 1,
\"name\": \"tag\",
\"type\": \"string\",
\"level\": 1,
\"mandatory\": true,
\"lookupSupported\": true,
\"recursiveSupported\": false,
\"excludesSupported\": false,
\"matcher\": \"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher\",
\"matcherOptions\": {
\"wildCard\": \"false\",
\"ignoreCase\": \"false\"
},
\"validationRegEx\": \"\",
\"validationMessage\": \"\",
\"uiHint\": \"{ \\\"singleValue\\\":true }\",
\"label\": \"TAG\"
}
],
\"accessTypes\": [
{
\"itemId\": 3004,
\"name\": \"hive:select\",
\"label\": \"select\",
\"impliedGrants\": []
},
{
\"itemId\": 3005,
\"name\": \"hive:update\",
\"label\": \"update\",
\"impliedGrants\": []
},
{
\"itemId\": 3006,
\"name\": \"hive:create\",
\"label\": \"Create\",
\"impliedGrants\": []
},
{
\"itemId\": 3007,
\"name\": \"hive:drop\",
\"label\": \"Drop\",
\"impliedGrants\": []
},
{
\"itemId\": 3008,
\"name\": \"hive:alter\",
\"label\": \"Alter\",
\"impliedGrants\": []
},
{
\"itemId\": 3009,
\"name\": \"hive:index\",
\"label\": \"Index\",
\"impliedGrants\": []
},
{
\"itemId\": 3010,
\"name\": \"hive:lock\",
\"label\": \"Lock\",
\"impliedGrants\": []
},
{
\"itemId\": 3011,
\"name\": \"hive:all\",
\"label\": \"All\",
\"impliedGrants\": [
\"hive:select\",
\"hive:update\",
\"hive:create\",
\"hive:drop\",
\"hive:alter\",
\"hive:index\",
\"hive:lock\"
]
}
],
\"policyConditions\": [
{
\"itemId\": 1,
\"name\": \"accessed-after-expiry\",
\"evaluator\": \"org.apache.ranger.plugin.conditionevaluator.RangerScriptTemplateConditionEvaluator\",
\"evaluatorOptions\": {
\"scriptTemplate\": \"ctx.isAccessedAfter(\u0027expiry_date\u0027);\"
},
\"uiHint\": \"{ \\\"singleValue\\\":true }\",
\"label\": \"Accessed after expiry_date (yes/no)?\"
}
],
\"contextEnrichers\": [
{
\"itemId\": 1,
\"name\": \"TagEnricher\",
\"enricher\": \"org.apache.ranger.plugin.contextenricher.RangerTagEnricher\",
\"enricherOptions\": {
\"tagRetrieverClassName\": \"org.apache.ranger.plugin.contextenricher.RangerFileBasedTagRetriever\",
\"tagRefresherPollingInterval\": \"60000\",
\"serviceTagsFileName\":\"/testdata/test_servicetags_hive.json\"
}
}
],
\"enums\": [],
\"id\": 100,
\"isEnabled\": true
}
}
}"