agents-common/src/test/resources/policyengine/test_policyengine_hive_mutex_conditions.json - ranger - Git at Google

 {
   "serviceName":"hivedev",

   "serviceDef":{
     "name":"hive",
     "id":3,
     "resources":[
       {"name":"database","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive Database","description":"Hive Database"},
       {"name":"table","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive Table","description":"Hive Table"},
       {"name":"udf","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive UDF","description":"Hive UDF"},
       {"name":"column","level":3,"parent":"table","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive Column","description":"Hive Column"}
     ],
     "accessTypes":[
       {"name":"select","label":"Select"},
       {"name":"update","label":"Update"},
       {"name":"create","label":"Create"},
       {"name":"drop","label":"Drop"},
       {"name":"alter","label":"Alter"},
       {"name":"index","label":"Index"},
       {"name":"lock","label":"Lock"},
       {"name":"all","label":"All"}
     ],
     "options": {
       "enableDenyAndExceptionsInPolicies":"true"
     },
     "policyConditions":[
       {
         "itemId":1,
         "name":"accessed-together",
         "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerHiveResourcesAccessedTogetherCondition",
         "evaluatorOptions" : {"ui.isMultiline":"false" },
         "label":"Accessed Together?",
         "description": "List of Hive resources"
       }
     ]
   },

   "policies":[
     {"id":1,"name":"db=default; allow select with mutual exclusion of col* only for user2, admin; deny for everyone else","isEnabled":true,"isAuditEnabled":true,
       "resources":{"database":{"values":["default"]},"table":{"values":["testTable"]},"column":{"values":["col*"]}},
       "policyItems":[
         {"accesses":[{"type":"select"}],"users":["user2", "admin"],"groups":[],"delegateAdmin":false}
       ],
       "denyPolicyItems":[
         {"accesses":[{"type":"select"}],"users":[],"groups":["public"],"delegateAdmin":false,"conditions":[{"type":"accessed-together","values":["default.testTable.col*"]}]}
       ],
       "denyExceptions":[
         {"accesses":[{"type":"select"}],"users":["user2","admin"],"groups":["admin"],"delegateAdmin":false}
       ]
     },
     {"id":2,"name":"db=default; deny select with mutual exclusion of col1, name for everone except admin","isEnabled":true,"isAuditEnabled":true,
       "resources":{"database":{"values":["default"]},"table":{"values":["testTable"]},"column":{"values":["col1"]}},
       "policyItems":[
         {"accesses":[{"type":"select"}],"users":["admin"],"groups":[],"delegateAdmin":false}
       ],
       "denyPolicyItems":[
         {"accesses":[{"type":"select"}],"users":[],"groups":["public"],"delegateAdmin":false,"conditions":[{"type":"accessed-together","values":["default.testTable.col1", "default.testTable.name"]}]}
       ],
       "denyExceptions":[
         {"accesses":[{"type":"select"}],"users":["admin"],"groups":[],"delegateAdmin":false}
       ]
     },
     {"id":3,"name":"db=default; table=testTable; column=*; allow access to everyone","isEnabled":true,"isAuditEnabled":true,
       "resources":{"database":{"values":["default"]},"table":{"values":["testTable"]},"column":{"values":["*"]}},
       "policyItems":[
         {"accesses":[{"type":"select"}],"users":[""],"groups":["public"],"delegateAdmin":false}
       ]
     }
   ],

   "tests":[
     {
       "name": "DENY 'select col1, col2 from default.testtable;' to user1",
       "request": {
         "resource": {
           "elements": {
             "database": "default",
             "table": "testTable",
             "column": "col1"
           }
         },
         "accessType": "select",
         "user": "user1",
         "userGroups": [

         ],
         "requestData": "select col1,col2 from default.testtable",
         "context": {
           "REQUESTED_RESOURCES": "{\"requestedResources\":[ {\"elements\":{\"database\":\"default\",\"table\":\"testTable\",\"column\":\"col1\"} }, {\"elements\":{\"database\":\"default\",\"table\":\"testTable\",\"column\":\"col2\"} } ]}"
         }
       },
       "result": {
         "isAudited": true,
         "isAllowed": false,
         "policyId": 1
       }
     }
     ,
     {
       "name": "ALLOW 'select col1, col2 from default.testtable;' to admin",
       "request": {
         "resource": {
           "elements": {
             "database": "default",
             "table": "testTable",
             "column": "col1"
           }
         },
         "accessType": "select",
         "user": "admin",
         "userGroups": [
         ],
         "requestData": "select col1,col2 from default.testtable",
         "context": {
           "REQUESTED_RESOURCES": "{\"requestedResources\":[ {\"elements\":{\"database\":\"default\",\"table\":\"testTable\",\"column\":\"col1\"} }, {\"elements\":{\"database\":\"default\",\"table\":\"testTable\",\"column\":\"col2\"} } ]}"
         }
       },
       "result": {
         "isAudited": true,
         "isAllowed": true,
         "policyId": 1
       }
     }
     ,
 	{
       "name": "DENY 'select col1, name from default.testtable;' to user2",
       "request": {
         "resource": {
           "elements": {
             "database": "default",
             "table": "testTable",
             "column": "col1"
           }
         },
         "accessType": "select",
         "user": "user2",
         "userGroups": [
         ],
         "requestData": "select col1,name from default.testtable",
         "context": {
           "REQUESTED_RESOURCES": "{\"requestedResources\":[ {\"elements\":{\"database\":\"default\",\"table\":\"testTable\",\"column\":\"col1\"} }, {\"elements\":{\"database\":\"default\",\"table\":\"testTable\",\"column\":\"name\"} } ]}"
         }
       },
       "result": {
         "isAudited": true,
         "isAllowed": false,
         "policyId": 2
       }
     }
     ,
     {
       "name": "ALLOW 'select col2 from default.testtable;' to user1",
       "request": {
         "resource": {
           "elements": {
             "database": "default",
             "table": "testTable",
             "column": "col1"
           }
         },
         "accessType": "select",
         "user": "user1",
         "userGroups": [
           "public"
         ],
         "requestData": "select col2 from default.testtable",
         "context": {
           "REQUESTED_RESOURCES": "{\"requestedResources\":[ {\"elements\":{\"database\":\"default\",\"table\":\"testTable\",\"column\":\"col2\"} } ]}"
         }
       },
       "result": {
         "isAudited": true,
         "isAllowed": true,
         "policyId": 3
       }
     }
     ,
     {
       "name": "ALLOW 'select col2, name from default.testtable;' to user1",
       "request": {
         "resource": {
           "elements": {
             "database": "default",
             "table": "testTable",
             "column": "col1"
           }
         },
         "accessType": "select",
         "user": "user1",
         "userGroups": [
           "public"
         ],
         "requestData": "select col2,name from default.testtable",
         "context": {
           "REQUESTED_RESOURCES": "{\"requestedResources\":[ {\"elements\":{\"database\":\"default\",\"table\":\"testTable\",\"column\":\"col2\"} }, {\"elements\":{\"database\":\"default\",\"table\":\"testTable\",\"column\":\"name\"} } ]}"
         }
       },
       "result": {
         "isAudited": true,
         "isAllowed": true,
         "policyId": 3
       }
     }
   ]
 }
	{
	"serviceName":"hivedev",

	"serviceDef":{
	"name":"hive",
	"id":3,
	"resources":[
	{"name":"database","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive Database","description":"Hive Database"},
	{"name":"table","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive Table","description":"Hive Table"},
	{"name":"udf","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive UDF","description":"Hive UDF"},
	{"name":"column","level":3,"parent":"table","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":true, "ignoreCase":true},"label":"Hive Column","description":"Hive Column"}
	],
	"accessTypes":[
	{"name":"select","label":"Select"},
	{"name":"update","label":"Update"},
	{"name":"create","label":"Create"},
	{"name":"drop","label":"Drop"},
	{"name":"alter","label":"Alter"},
	{"name":"index","label":"Index"},
	{"name":"lock","label":"Lock"},
	{"name":"all","label":"All"}
	],
	"options": {
	"enableDenyAndExceptionsInPolicies":"true"
	},
	"policyConditions":[
	{
	"itemId":1,
	"name":"accessed-together",
	"evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerHiveResourcesAccessedTogetherCondition",
	"evaluatorOptions" : {"ui.isMultiline":"false" },
	"label":"Accessed Together?",
	"description": "List of Hive resources"
	}
	]
	},

	"policies":[
	{"id":1,"name":"db=default; allow select with mutual exclusion of col* only for user2, admin; deny for everyone else","isEnabled":true,"isAuditEnabled":true,
	"resources":{"database":{"values":["default"]},"table":{"values":["testTable"]},"column":{"values":["col*"]}},
	"policyItems":[
	{"accesses":[{"type":"select"}],"users":["user2", "admin"],"groups":[],"delegateAdmin":false}
	],
	"denyPolicyItems":[
	{"accesses":[{"type":"select"}],"users":[],"groups":["public"],"delegateAdmin":false,"conditions":[{"type":"accessed-together","values":["default.testTable.col*"]}]}
	],
	"denyExceptions":[
	{"accesses":[{"type":"select"}],"users":["user2","admin"],"groups":["admin"],"delegateAdmin":false}
	]
	},
	{"id":2,"name":"db=default; deny select with mutual exclusion of col1, name for everone except admin","isEnabled":true,"isAuditEnabled":true,
	"resources":{"database":{"values":["default"]},"table":{"values":["testTable"]},"column":{"values":["col1"]}},
	"policyItems":[
	{"accesses":[{"type":"select"}],"users":["admin"],"groups":[],"delegateAdmin":false}
	],
	"denyPolicyItems":[
	{"accesses":[{"type":"select"}],"users":[],"groups":["public"],"delegateAdmin":false,"conditions":[{"type":"accessed-together","values":["default.testTable.col1", "default.testTable.name"]}]}
	],
	"denyExceptions":[
	{"accesses":[{"type":"select"}],"users":["admin"],"groups":[],"delegateAdmin":false}
	]
	},
	{"id":3,"name":"db=default; table=testTable; column=*; allow access to everyone","isEnabled":true,"isAuditEnabled":true,
	"resources":{"database":{"values":["default"]},"table":{"values":["testTable"]},"column":{"values":["*"]}},
	"policyItems":[
	{"accesses":[{"type":"select"}],"users":[""],"groups":["public"],"delegateAdmin":false}
	]
	}
	],

	"tests":[
	{
	"name": "DENY 'select col1, col2 from default.testtable;' to user1",
	"request": {
	"resource": {
	"elements": {
	"database": "default",
	"table": "testTable",
	"column": "col1"
	}
	},
	"accessType": "select",
	"user": "user1",
	"userGroups": [

	],
	"requestData": "select col1,col2 from default.testtable",
	"context": {
	"REQUESTED_RESOURCES": "{\"requestedResources\":[ {\"elements\":{\"database\":\"default\",\"table\":\"testTable\",\"column\":\"col1\"} }, {\"elements\":{\"database\":\"default\",\"table\":\"testTable\",\"column\":\"col2\"} } ]}"
	}
	},
	"result": {
	"isAudited": true,
	"isAllowed": false,
	"policyId": 1
	}
	}
	,
	{
	"name": "ALLOW 'select col1, col2 from default.testtable;' to admin",
	"request": {
	"resource": {
	"elements": {
	"database": "default",
	"table": "testTable",
	"column": "col1"
	}
	},
	"accessType": "select",
	"user": "admin",
	"userGroups": [
	],
	"requestData": "select col1,col2 from default.testtable",
	"context": {
	"REQUESTED_RESOURCES": "{\"requestedResources\":[ {\"elements\":{\"database\":\"default\",\"table\":\"testTable\",\"column\":\"col1\"} }, {\"elements\":{\"database\":\"default\",\"table\":\"testTable\",\"column\":\"col2\"} } ]}"
	}
	},
	"result": {
	"isAudited": true,
	"isAllowed": true,
	"policyId": 1
	}
	}
	,
	{
	"name": "DENY 'select col1, name from default.testtable;' to user2",
	"request": {
	"resource": {
	"elements": {
	"database": "default",
	"table": "testTable",
	"column": "col1"
	}
	},
	"accessType": "select",
	"user": "user2",
	"userGroups": [
	],
	"requestData": "select col1,name from default.testtable",
	"context": {
	"REQUESTED_RESOURCES": "{\"requestedResources\":[ {\"elements\":{\"database\":\"default\",\"table\":\"testTable\",\"column\":\"col1\"} }, {\"elements\":{\"database\":\"default\",\"table\":\"testTable\",\"column\":\"name\"} } ]}"
	}
	},
	"result": {
	"isAudited": true,
	"isAllowed": false,
	"policyId": 2
	}
	}
	,
	{
	"name": "ALLOW 'select col2 from default.testtable;' to user1",
	"request": {
	"resource": {
	"elements": {
	"database": "default",
	"table": "testTable",
	"column": "col1"
	}
	},
	"accessType": "select",
	"user": "user1",
	"userGroups": [
	"public"
	],
	"requestData": "select col2 from default.testtable",
	"context": {
	"REQUESTED_RESOURCES": "{\"requestedResources\":[ {\"elements\":{\"database\":\"default\",\"table\":\"testTable\",\"column\":\"col2\"} } ]}"
	}
	},
	"result": {
	"isAudited": true,
	"isAllowed": true,
	"policyId": 3
	}
	}
	,
	{
	"name": "ALLOW 'select col2, name from default.testtable;' to user1",
	"request": {
	"resource": {
	"elements": {
	"database": "default",
	"table": "testTable",
	"column": "col1"
	}
	},
	"accessType": "select",
	"user": "user1",
	"userGroups": [
	"public"
	],
	"requestData": "select col2,name from default.testtable",
	"context": {
	"REQUESTED_RESOURCES": "{\"requestedResources\":[ {\"elements\":{\"database\":\"default\",\"table\":\"testTable\",\"column\":\"col2\"} }, {\"elements\":{\"database\":\"default\",\"table\":\"testTable\",\"column\":\"name\"} } ]}"
	}
	},
	"result": {
	"isAudited": true,
	"isAllowed": true,
	"policyId": 3
	}
	}
	]
	}