Google Git
Sign in
apache / ranger / refs/heads/ranger-1.2 / . / agents-common / src / test / resources / policyengine / test_policydb_hdfs.json
blob: 8d45eb7918c60adc5bc2983b4b86e11615112238 [file] [log] [blame]
{
"servicePolicies":{
"serviceName":"hdfsdev",
"serviceId":1,
"policyVersion":1,
"serviceDef":{
"name":"hdfs",
"id":1,
"resources":[
{"name":"path","type":"path","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Resource Path","description":"HDFS file or directory path"}
],
"accessTypes":[
{"name":"read","label":"Read"},
{"name":"write","label":"Write"},
{"name":"execute","label":"Execute"}
]
},
"policies":[
{"id":1,"name":"entire file system","isEnabled":true,"isAuditEnabled":true,
"resources":{"path":{"values":["/*"],"isRecursive":true}},
"policyItems":[
{"accesses":[],"users":[],"groups":["cluster-admins"],"delegateAdmin":true}
]
}
,
{"id":11,"name":"/dept1 folder","isEnabled":true,"isAuditEnabled":false,
"resources":{"path":{"values":["/dept1/*"],"isRecursive":true}},
"policyItems":[
{"accesses":[{"type":"read","isAllowed":true},{"type":"write","isAllowed":true},{"type":"execute","isAllowed":true}],"users":[],"groups":["dept1-admins"],"delegateAdmin":true},
{"accesses":[{"type":"read","isAllowed":true},{"type":"execute","isAllowed":true}],"users":[],"groups":["dept1-users"],"delegateAdmin":false}
]
}
,
{"id":12,"name":"/dept1/wiki folder","isEnabled":true,"isAuditEnabled":false,
"resources":{"path":{"values":["/dept1/wiki/*"],"isRecursive":true}},
"policyItems":[
{"accesses":[{"type":"read","isAllowed":true},{"type":"write","isAllowed":true},{"type":"execute","isAllowed":true}],"users":["dept1-webmaster"],"groups":[],"delegateAdmin":false}
]
}
,
{"id":13,"name":"/dept1/review folder","isEnabled":true,"isAuditEnabled":false,
"resources":{"path":{"values":["/dept1/review/*"],"isRecursive":true}},
"policyItems":[
{"accesses":[{"type":"read","isAllowed":true},{"type":"write","isAllowed":true},{"type":"execute","isAllowed":true}],"users":["dept1-manager"],"groups":[],"delegateAdmin":false}
]
}
,
{"id":21,"name":"/dept2 folder","isEnabled":true,"isAuditEnabled":false,
"resources":{"path":{"values":["/dept2/*"],"isRecursive":true}},
"policyItems":[
{"accesses":[{"type":"read","isAllowed":true},{"type":"write","isAllowed":true},{"type":"execute","isAllowed":true}],"users":[],"groups":["dept2-admins"],"delegateAdmin":true},
{"accesses":[{"type":"read","isAllowed":true},{"type":"execute","isAllowed":true}],"users":[],"groups":["dept2-users"],"delegateAdmin":false}
]
}
,
{"id":22,"name":"/dept2/wiki folder","isEnabled":true,"isAuditEnabled":false,
"resources":{"path":{"values":["/dept2/wiki/*"],"isRecursive":true}},
"policyItems":[
{"accesses":[{"type":"read","isAllowed":true},{"type":"write","isAllowed":true},{"type":"execute","isAllowed":true}],"users":["dept2-webmaster"],"groups":[],"delegateAdmin":false}
]
}
,
{"id":23,"name":"/dept2/review folder","isEnabled":true,"isAuditEnabled":false,
"resources":{"path":{"values":["/dept2/review/*"],"isRecursive":true}},
"policyItems":[
{"accesses":[{"type":"read","isAllowed":true},{"type":"write","isAllowed":true},{"type":"execute","isAllowed":true}],"users":["dept2-manager"],"groups":[],"delegateAdmin":false}
]
}
]
},
"tests":[
{"name":"ALLOW '_admin access on any path' for g=cluster-admins",
"resources":{"path":{"values":["/dept1/*","/dept2/*","/dept3/*","/dept4/*"]}},"user":"testuser","userGroups":["cluster-admins","users"],"accessType":"_admin",
"result":true
}
,
{"name":"DENY 'read access on any path' for g=cluster-admins",
"resources":{"path":{"values":["/dept1/*","/dept2/*","/dept3/*","/dept4/*"]}},"user":"testuser","userGroups":["cluster-admins","users"],"accessType":"read",
"result":false
}
,
{"name":"DENY 'write access on any path' for g=cluster-admins",
"resources":{"path":{"values":["/dept1/*","/dept2/*","/dept3/*","/dept4/*"]}},"user":"testuser","userGroups":["cluster-admins","users"],"accessType":"write",
"result":false
}
,
{"name":"DENY 'execute access on any path' for g=cluster-admins",
"resources":{"path":{"values":["/dept1/*","/dept2/*","/dept3/*","/dept4/*"]}},"user":"testuser","userGroups":["cluster-admins","users"],"accessType":"execute",
"result":false
}
,
{"name":"DENY '_admin access on any path' for g=dept1-admins",
"resources":{"path":{"values":["/dept1/*","/dept2/*","/dept3/*","/dept4/*"]}},"user":"testuser","userGroups":["dept1-admins","users"],"accessType":"_admin",
"result":false
}
,
{"name":"DENY '_admin access on any path' for u=dept1-webmaster",
"resources":{"path":{"values":["/dept1/*","/dept2/*","/dept3/*","/dept4/*"]}},"user":"dept1-webmaster","userGroups":["users"],"accessType":"_admin",
"result":false
}
,
{"name":"DENY '_admin access on any path' for u=dept1-manager",
"resources":{"path":{"values":["/dept1/*","/dept2/*","/dept3/*","/dept4/*"]}},"user":"dept1-manager","userGroups":["users"],"accessType":"_admin",
"result":false
}
,
{"name":"DENY '_admin access on any path' for g=dept2-admins",
"resources":{"path":{"values":["/dept1/*","/dept2/*","/dept3/*","/dept4/*"]}},"user":"testuser","userGroups":["dept2-admins","users"],"accessType":"_admin",
"result":false
}
,
{"name":"DENY '_admin access on any path' for u=dept2-webmaster",
"resources":{"path":{"values":["/dept1/*","/dept2/*","/dept3/*","/dept4/*"]}},"user":"dept2-webmaster","userGroups":["users"],"accessType":"_admin",
"result":false
}
,
{"name":"DENY '_admin access on any path' for u=dept2-manager",
"resources":{"path":{"values":["/dept1/*","/dept2/*","/dept3/*","/dept4/*"]}},"user":"dept2-manager","userGroups":["users"],"accessType":"_admin",
"result":false
}
,
{"name":"DENY '_admin access on any path' for g=public",
"resources":{"path":{"values":["/dept1/*","/dept2/*","/dept3/*","/dept4/*"]}},"user":"testuser","userGroups":["public","users"],"accessType":"_admin",
"result":false
}
,
{"name":"ALLOW '_admin access on path under /dept1' for g=dept1-admins",
"resources":{"path":{"values":["/dept1/wiki/*, /dept1/calender"]}},"user":"testuser","userGroups":["dept1-admins","users"],"accessType":"_admin",
"result":true
}
,
{"name":"ALLOW 'read access on path under /dept1' for g=dept1-admins",
"resources":{"path":{"values":["/dept1/wiki/*, /dept1/calender"]}},"user":"testuser","userGroups":["dept1-admins","users"],"accessType":"read",
"result":true
}
,
{"name":"ALLOW 'write access on path under /dept1' for g=dept1-admins",
"resources":{"path":{"values":["/dept1/wiki/*, /dept1/calender"]}},"user":"testuser","userGroups":["dept1-admins","users"],"accessType":"write",
"result":true
}
,
{"name":"ALLOW 'execute access on path under /dept1' for g=dept1-admins",
"resources":{"path":{"values":["/dept1/wiki/*, /dept1/calender"]}},"user":"testuser","userGroups":["dept1-admins","users"],"accessType":"execute",
"result":true
}
,
{"name":"ALLOW 'read access on path under /dept1' for g=dept1-users",
"resources":{"path":{"values":["/dept1/wiki/*, /dept1/calender"]}},"user":"testuser","userGroups":["dept1-users","users"],"accessType":"read",
"result":true
}
,
{"name":"DENY 'write access on path under /dept1' for g=dept1-users",
"resources":{"path":{"values":["/dept1/wiki/*, /dept1/calender"]}},"user":"testuser","userGroups":["dept1-users","users"],"accessType":"write",
"result":false
}
,
{"name":"ALLOW 'execute access on path under /dept1' for g=dept1-users",
"resources":{"path":{"values":["/dept1/wiki/*, /dept1/calender"]}},"user":"testuser","userGroups":["dept1-users","users"],"accessType":"execute",
"result":true
}
,
{"name":"DENY '_admin access on path under /dept1' for g=dept2-admins",
"resources":{"path":{"values":["/dept1/wiki/*, /dept1/calender"]}},"user":"testuser","userGroups":["dept2-admins","users"],"accessType":"_admin",
"result":false
}
,
{"name":"DENY '_admin access on path under /dept1' for g=dept2-users",
"resources":{"path":{"values":["/dept1/wiki/*, /dept1/calender"]}},"user":"testuser","userGroups":["dept2-users","users"],"accessType":"_admin",
"result":false
}
,
{"name":"DENY 'read access on path under /dept1' for g=dept2-users",
"resources":{"path":{"values":["/dept1/wiki/*, /dept1/calender"]}},"user":"testuser","userGroups":["dept2-users","users"],"accessType":"read",
"result":false
}
,
{"name":"DENY 'write access on path under /dept1' for g=dept2-users",
"resources":{"path":{"values":["/dept1/wiki/*, /dept1/calender"]}},"user":"testuser","userGroups":["dept2-users","users"],"accessType":"write",
"result":false
}
,
{"name":"DENY 'execute access on path under /dept1' for g=dept2-users",
"resources":{"path":{"values":["/dept1/wiki/*, /dept1/calender"]}},"user":"testuser","userGroups":["dept2-users","users"],"accessType":"execute",
"result":false
}
,
{"name":"ALLOW '_admin access on path under /dept2' for g=dept2-admins",
"resources":{"path":{"values":["/dept2/wiki/*, /dept2/calender"]}},"user":"testuser","userGroups":["dept2-admins","users"],"accessType":"_admin",
"result":true
}
,
{"name":"DENY '_admin access on path under /dept2' for g=dept1-admins",
"resources":{"path":{"values":["/dept2/wiki/*, /dept2/calender"]}},"user":"testuser","userGroups":["dept1-admins","users"],"accessType":"_admin",
"result":false
}
,
{"name":"7 '_admin allowed policies' for g=cluster-admins",
"user":"testuser","userGroups":["cluster-admins","users"],"accessType":"_admin","allowedPolicies":[1, 11, 12, 13, 21, 22, 23]
}
,
{"name":"3 '_admin allowed policies' for g=dept1-admins",
"user":"testuser","userGroups":["dept1-admins","users"],"accessType":"_admin","allowedPolicies":[11, 12, 13]
}
,
{"name":"3 '_admin allowed policies' for g=dept2-admins",
"user":"testuser","userGroups":["dept2-admins","users"],"accessType":"_admin","allowedPolicies":[21, 22, 23]
}
,
{"name":"0 '_admin allowed policies' for g=public",
"user":"testuser","userGroups":["public","users"],"accessType":"_admin","allowedPolicies":[]
}
]
}