| { |
| "serviceDef": { |
| "name": "hive", |
| "id": 3, |
| "resources": [ |
| { |
| "name": "database", |
| "level": 1, |
| "mandatory": true, |
| "lookupSupported": true, |
| "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", |
| "matcherOptions": { |
| "wildCard": true, |
| "ignoreCase": true |
| }, |
| "label": "Hive Database", |
| "description": "Hive Database" |
| }, |
| { |
| "name": "table", |
| "level": 2, |
| "parent": "database", |
| "mandatory": true, |
| "lookupSupported": true, |
| "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", |
| "matcherOptions": { |
| "wildCard": true, |
| "ignoreCase": true |
| }, |
| "label": "Hive Table", |
| "description": "Hive Table" |
| }, |
| { |
| "name": "udf", |
| "level": 2, |
| "parent": "database", |
| "mandatory": true, |
| "lookupSupported": true, |
| "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", |
| "matcherOptions": { |
| "wildCard": true, |
| "ignoreCase": true |
| }, |
| "label": "Hive UDF", |
| "description": "Hive UDF" |
| }, |
| { |
| "name": "column", |
| "level": 3, |
| "parent": "table", |
| "mandatory": true, |
| "lookupSupported": true, |
| "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", |
| "matcherOptions": { |
| "wildCard": true, |
| "ignoreCase": true |
| }, |
| "label": "Hive Column", |
| "description": "Hive Column" |
| } |
| ], |
| "accessTypes": [ |
| { |
| "name": "select", |
| "label": "Select" |
| }, |
| { |
| "name": "update", |
| "label": "Update" |
| }, |
| { |
| "name": "create", |
| "label": "Create" |
| }, |
| { |
| "name": "drop", |
| "label": "Drop" |
| }, |
| { |
| "name": "alter", |
| "label": "Alter" |
| }, |
| { |
| "name": "index", |
| "label": "Index" |
| }, |
| { |
| "name": "lock", |
| "label": "Lock" |
| }, |
| { |
| "name": "all", |
| "label": "All" |
| } |
| ] |
| }, |
| "testCases": [ |
| { |
| "name": "database=*:table=*", |
| "policyResources": { |
| "database": {"values": ["*"]}, |
| "table": {"values": ["*"]} |
| }, |
| "tests": [ |
| { |
| "name": "NO MATCH for invalid resource level", |
| "type": "anyMatch", |
| "resource" : { |
| "elements" : { "database":"finance", "invalid-resource-name":"any"} |
| }, |
| "evalContext": {}, |
| "result" : false |
| } |
| , |
| { |
| "name": "NO MATCH for resource from different hierarchy 'finance:udf=some_udf", |
| "type": "anyMatch", |
| "resource" : { |
| "elements" : { "database":"finance", "udf":"some_udf"} |
| }, |
| "evalContext": {}, |
| "result" : false |
| } |
| , |
| { |
| "name": "MATCH for parent 'finance.tax.ssn'", |
| "type": "ancestorMatch", |
| "resource": { |
| "elements": {"database": "finance", "table":"tax", "column":"ssn"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "MATCH for exact 'finance:tax'", |
| "type": "exactMatch", |
| "resource": { |
| "elements": {"database": "finance","table": "tax"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "MATCH for parent 'finance'", |
| "type": "ancestorMatch", |
| "resource": { |
| "elements": {"database": "finance"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "MATCH for exact ''", |
| "type": "exactMatch", |
| "resource": { |
| "elements": {} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| ] |
| }, |
| { |
| "name": "database=finance:table=tax", |
| "policyResources": { |
| "database": {"values": ["finance"]}, |
| "table": {"values": ["tax"]} |
| }, |
| "tests": [ |
| { |
| "name": "MATCH for parent 'finance.tax.ssn'", |
| "type": "ancestorMatch", |
| "resource": { |
| "elements": {"database": "finance", "table":"tax", "column":"ssn"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "MATCH for exact 'finance:tax'", |
| "type": "exactMatch", |
| "resource": { |
| "elements": {"database": "finance","table": "tax"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "MATCH for child 'finance'", |
| "type": "descendantMatch", |
| "resource": { |
| "elements": {"database": "finance"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "MATCH for child ''", |
| "type": "descendantMatch", |
| "resource": { |
| "elements": {} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| ] |
| }, |
| { |
| "name": "database=*:table=tax", |
| "policyResources": { |
| "database": {"values": ["*"]}, |
| "table": {"values": ["tax"]} |
| }, |
| "tests": [ |
| { |
| "name": "MATCH for parent 'finance.tax.ssn'", |
| "type": "ancestorMatch", |
| "resource": { |
| "elements": {"database": "finance", "table":"tax", "column":"ssn"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "MATCH for exact 'finance:tax'", |
| "type": "exactMatch", |
| "resource": { |
| "elements": {"database": "finance","table": "tax"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "MATCH for child 'finance'", |
| "type": "descendantMatch", |
| "resource": { |
| "elements": {"database": "finance"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "MATCH for child ''", |
| "type": "descendantMatch", |
| "resource": { |
| "elements": {} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| ] |
| }, |
| { |
| "name": "database=finance:table=*", |
| "policyResources": { |
| "database": {"values": ["finance"]}, |
| "table": {"values": ["*"]} |
| }, |
| "tests": [ |
| { |
| "name": "MATCH for parent 'finance.tax.ssn'", |
| "type": "ancestorMatch", |
| "resource": { |
| "elements": {"database": "finance", "table":"tax", "column":"ssn"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "MATCH for exact 'finance:tax'", |
| "type": "exactMatch", |
| "resource": { |
| "elements": {"database": "finance","table": "tax"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "MATCH for parent 'finance'", |
| "type": "ancestorMatch", |
| "resource": { |
| "elements": {"database": "finance"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "MATCH for child ''", |
| "type": "descendantMatch", |
| "resource": { |
| "elements": {} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| ] |
| }, |
| { |
| "name": "database=finance", |
| "policyResources": { |
| "database": {"values": ["finance"]} |
| }, |
| "tests": [ |
| { |
| "name": "MATCH for parent 'finance.tax.ssn'", |
| "type": "ancestorMatch", |
| "resource": { |
| "elements": {"database": "finance", "table":"tax", "column":"ssn"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "MATCH for parent 'finance:tax'", |
| "type": "ancestorMatch", |
| "resource": { |
| "elements": {"database": "finance","table": "tax"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "MATCH for parent 'finance:udf=compute_tax'", |
| "type": "ancestorMatch", |
| "resource": { |
| "elements": {"database": "finance","udf": "compute_tax"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "MATCH for exact 'finance'", |
| "type": "exactMatch", |
| "resource": { |
| "elements": {"database": "finance"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "MATCH for child ''", |
| "type": "descendantMatch", |
| "resource": { |
| "elements": {} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| ] |
| }, |
| { |
| "name": "database=*", |
| "policyResources": { |
| "database": {"values": ["*"]} |
| }, |
| "tests": [ |
| { |
| "name": "NO MATCH for invalid resource level", |
| "type": "anyMatch", |
| "resource" : { |
| "elements" : { "database":"finance", "invalid-resource-name":"any"} |
| }, |
| "evalContext": {}, |
| "result" : false |
| } |
| , |
| { |
| "name": "MATCH for parent 'finance.tax.ssn'", |
| "type": "ancestorMatch", |
| "resource": { |
| "elements": {"database": "finance", "table":"tax", "column":"ssn"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "MATCH for parent 'finance:tax'", |
| "type": "ancestorMatch", |
| "resource": { |
| "elements": {"database": "finance","table": "tax"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "MATCH for parent 'finance:udf=compute_tax'", |
| "type": "ancestorMatch", |
| "resource": { |
| "elements": {"database": "finance","udf": "compute_tax"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "MATCH for exact 'finance'", |
| "type": "exactMatch", |
| "resource": { |
| "elements": {"database": "finance"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "MATCH for exact ''", |
| "type": "exactMatch", |
| "resource": { |
| "elements": {} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| ] |
| }, |
| { |
| "name": "database=*:table=*:column=*", |
| "policyResources": { |
| "database": {"values": [ "*"] }, |
| "table": {"values": ["*"]}, |
| "column": {"values": ["*"]} |
| }, |
| "tests": [ |
| { |
| "name": "MATCH for exact 'finance.tax.ssn'", |
| "type": "exactMatch", |
| "resource": { |
| "elements": {"database": "finance", "table":"tax", "column":"ssn"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "MATCH for parent 'finance:tax'", |
| "type": "ancestorMatch", |
| "resource": { |
| "elements": {"database": "finance","table": "tax"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "MATCH for parent 'finance'", |
| "type": "ancestorMatch", |
| "resource": { |
| "elements": {"database": "finance"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "MATCH for exact ''", |
| "type": "exactMatch", |
| "resource": { |
| "elements": {} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "NO MATCH for any 'finance::ssn'", |
| "type": "anyMatch", |
| "resource": { |
| "elements": { |
| "database": "finance","column":"ssn" |
| } |
| }, |
| "evalContext": {}, |
| "result": false |
| } |
| ] |
| } |
| , |
| { |
| "name": "database=finance:table=tax:column=ssn", |
| "policyResources": { |
| "database": {"values": [ "finance"] }, |
| "table": {"values": ["tax"]}, |
| "column": {"values": ["ssn"]} |
| }, |
| "tests": [ |
| { |
| "name": "MATCH for exact 'finance.tax.ssn'", |
| "type": "exactMatch", |
| "resource": { |
| "elements": {"database": "finance", "table":"tax", "column":"ssn"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "MATCH for child 'finance:tax'", |
| "type": "descendantMatch", |
| "resource": { |
| "elements": {"database": "finance","table": "tax"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "MATCH for child 'finance'", |
| "type": "descendantMatch", |
| "resource": { |
| "elements": {"database": "finance"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "MATCH for child ''", |
| "type": "descendantMatch", |
| "resource": { |
| "elements": {} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "NO MATCH for any 'finance:udf=tax'", |
| "type": "anyMatch", |
| "resource": { |
| "elements": { |
| "database": "finance","udf":"tax" |
| } |
| }, |
| "evalContext": {}, |
| "result": false |
| } |
| ] |
| } |
| , |
| |
| { |
| "name": "database=*:table=*:column=ssn", |
| "policyResources": { |
| "database": {"values": [ "*"] }, |
| "table": {"values": ["*"]}, |
| "column": {"values": ["ssn"]} |
| }, |
| "tests": [ |
| { |
| "name": "MATCH for exact 'finance.tax.ssn'", |
| "type": "exactMatch", |
| "resource": { |
| "elements": {"database": "finance", "table":"tax", "column":"ssn"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "MATCH for child 'finance:tax'", |
| "type": "descendantMatch", |
| "resource": { |
| "elements": {"database": "finance","table": "tax"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "MATCH for child 'finance'", |
| "type": "descendantMatch", |
| "resource": { |
| "elements": {"database": "finance"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| ] |
| } |
| , |
| |
| { |
| "name": "database=finance:table=*:column=*", |
| "policyResources": { |
| "database": {"values": [ "finance"] }, |
| "table": {"values": ["*"]}, |
| "column": {"values": ["*"]} |
| }, |
| "tests": [ |
| { |
| "name": "MATCH for exact 'finance.tax.ssn'", |
| "type": "exactMatch", |
| "resource": { |
| "elements": {"database": "finance", "table":"tax", "column":"ssn"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "MATCH for parent 'finance:tax'", |
| "type": "ancestorMatch", |
| "resource": { |
| "elements": {"database": "finance","table": "tax"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "MATCH for parent 'finance'", |
| "type": "ancestorMatch", |
| "resource": { |
| "elements": {"database": "finance"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| ] |
| } |
| , |
| |
| { |
| "name": "database=*:table=tax:column=*", |
| "policyResources": { |
| "database": {"values": [ "*"] }, |
| "table": {"values": ["tax"]}, |
| "column": {"values": ["*"]} |
| }, |
| "tests": [ |
| { |
| "name": "MATCH for exact 'finance.tax.ssn'", |
| "type": "exactMatch", |
| "resource": { |
| "elements": {"database": "finance", "table":"tax", "column":"ssn"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "MATCH for parent 'finance:tax'", |
| "type": "ancestorMatch", |
| "resource": { |
| "elements": {"database": "finance","table": "tax"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "MATCH for child 'finance'", |
| "type": "descendantMatch", |
| "resource": { |
| "elements": {"database": "finance"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| ] |
| } |
| , |
| { |
| "name": "database=*:table=tax:column=ssn", |
| "policyResources": { |
| "database": {"values": [ "*"] }, |
| "table": {"values": ["tax"]}, |
| "column": {"values": ["ssn"]} |
| }, |
| "tests": [ |
| { |
| "name": "MATCH for exact 'finance.tax.ssn'", |
| "type": "exactMatch", |
| "resource": { |
| "elements": {"database": "finance", "table":"tax", "column":"ssn"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "MATCH for child 'finance:tax'", |
| "type": "descendantMatch", |
| "resource": { |
| "elements": {"database": "finance","table": "tax"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "MATCH for child 'finance'", |
| "type": "descendantMatch", |
| "resource": { |
| "elements": {"database": "finance"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| ] |
| } |
| , |
| { |
| "name": "database=finance:table=*:column=ssn", |
| "policyResources": { |
| "database": {"values": [ "finance"] }, |
| "table": {"values": ["*"]}, |
| "column": {"values": ["ssn"]} |
| }, |
| "tests": [ |
| { |
| "name": "MATCH for exact 'finance.tax.ssn'", |
| "type": "exactMatch", |
| "resource": { |
| "elements": {"database": "finance", "table":"tax", "column":"ssn"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "MATCH for child 'finance:tax'", |
| "type": "descendantMatch", |
| "resource": { |
| "elements": {"database": "finance","table": "tax"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "MATCH for child 'finance'", |
| "type": "descendantMatch", |
| "resource": { |
| "elements": {"database": "finance"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| ] |
| } |
| , |
| { |
| "name": "database=finance:table=tax:column=*", |
| "policyResources": { |
| "database": {"values": [ "finance"] }, |
| "table": {"values": ["tax"]}, |
| "column": {"values": ["*"]} |
| }, |
| "tests": [ |
| { |
| "name": "MATCH for exact 'finance.tax.ssn'", |
| "type": "exactMatch", |
| "resource": { |
| "elements": {"database": "finance", "table":"tax", "column":"ssn"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "MATCH for parent 'finance:tax'", |
| "type": "ancestorMatch", |
| "resource": { |
| "elements": {"database": "finance","table": "tax"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "MATCH for child 'finance'", |
| "type": "descendantMatch", |
| "resource": { |
| "elements": {"database": "finance"} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| ] |
| } |
| , |
| { |
| "name": "empty policyresources", |
| "policyResources": { |
| }, |
| "tests": [ |
| { |
| "name": "MATCH for exact ''", |
| "type": "exactMatch", |
| "resource": { |
| "elements": {} |
| }, |
| "evalContext": {}, |
| "result": true |
| } |
| , |
| { |
| "name": "MATCH for parent 'default'", |
| "type": "anyMatch", |
| "resource": { |
| "elements": {"database": "default"} |
| }, |
| "evalContext": {}, |
| "result": false |
| } |
| ] |
| } |
| ] |
| } |
