Google Git
Sign in
apache / ranger / stack / . / agents-common / src / test / resources / policyengine / test_policyengine_hdfs.json
blob: 943fe80fa6c37678118d0f6d16e49cd74ccb82a6 [file] [log] [blame]
{
"serviceName":"hdfsdev",
"serviceDef":{
"name":"hdfs",
"id":1,
"resources":[
{"name":"path","type":"path","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Resource Path","description":"HDFS file or directory path"}
],
"accessTypes":[
{"name":"read","label":"Read"},
{"name":"write","label":"Write"},
{"name":"execute","label":"Execute"}
]
},
"policies":[
{"id":1,"name":"audit-all-access under /finance/restricted/","isEnabled":true,"isAuditEnabled":true,
"resources":{"path":{"values":["/finance/restricted/"],"isRecursive":true}},
"policyItems":[
{"accesses":[],"users":[],"groups":["public"],"delegateAdmin":false}
]
}
,
{"id":2,"name":"allow-read-to-all under /public/","isEnabled":true,"isAuditEnabled":false,
"resources":{"path":{"values":["/public/"],"isRecursive":true}},
"policyItems":[
{"accesses":[{"type":"read","isAllowed":true},{"type":"execute","isAllowed":true}],"users":[],"groups":["public"],"delegateAdmin":false}
]
}
,
{"id":3,"name":"allow-read-to-finance under /finance/restricted","isEnabled":true,"isAuditEnabled":true,
"resources":{"path":{"values":["/finance/restricted"],"isRecursive":true}},
"policyItems":[
{"accesses":[{"type":"read","isAllowed":true}],"users":[],"groups":["finance"],"delegateAdmin":false}
]
}
],
"tests":[
{"name":"ALLOW 'read /finance/restricted/sales.db' for g=finance",
"request":{
"resource":{"elements":{"path":"/finance/restricted/sales.db"}},
"accessType":"read","user":"user1","userGroups":["finance"],"requestData":"read /finance/restricted/sales.db"
},
"result":{"isAudited":true,"isAllowed":true,"policyId":3}
}
,
{"name":"ALLOW 'read /finance/restricted/hr/payroll.db' for g=finance",
"request":{
"resource":{"elements":{"path":"/finance/restricted/hr/payroll.db"}},
"accessType":"read","user":"user1","userGroups":["finance"],"requestData":"read /finance/restricted/hr/payroll.db"
},
"result":{"isAudited":true,"isAllowed":true,"policyId":3}
}
,
{"name":"DENY 'read /operations/visitors.db' for g=finance",
"request":{
"resource":{"elements":{"path":"/operations/visitors.db"}},
"accessType":"read","user":"user1","userGroups":["finance"],"requestData":"read /operations/visitors.db"
},
"result":{"isAudited":false,"isAllowed":false,"policyId":-1}
}
,
{"name":"ALLOW 'read /public/technology/blogs.db' for g=finance",
"request":{
"resource":{"elements":{"path":"/public/technology/blogs.db"}},
"accessType":"read","user":"user1","userGroups":["finance"],"requestData":"read /public/technology/blogs.db"
},
"result":{"isAudited":false,"isAllowed":true,"policyId":2}
}
,
{"name":"DENY 'read /finance/restricted/sales.db' for g=hr",
"request":{
"resource":{"elements":{"path":"/finance/restricted/sales.db"}},
"accessType":"read","user":"user1","userGroups":["hr"],"requestData":"read /finance/restricted/sales.db"
},
"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
}
,
{"name":"FALSE 'read /finance/restricted/hr/payroll.db' for g=hr",
"request":{
"resource":{"elements":{"path":"/finance/restricted/hr/payroll.db"}},
"accessType":"read","user":"user1","userGroups":["hr"],"requestData":"read /finance/restricted/hr/payroll.db"
},
"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
}
,
{"name":"DENY 'read /operations/visitors.db' for g=hr",
"request":{
"resource":{"elements":{"path":"/operations/visitors.db"}},
"accessType":"read","user":"user1","userGroups":["hr"],"requestData":"read /operations/visitors.db"
},
"result":{"isAudited":false,"isAllowed":false,"policyId":-1}
}
,
{"name":"ALLOW 'read /public/technology/blogs.db' for g=hr",
"request":{
"resource":{"elements":{"path":"/public/technology/blogs.db"}},
"accessType":"read","user":"user1","userGroups":["hr"],"requestData":"read /public/technology/blogs.db"
},
"result":{"isAudited":false,"isAllowed":true,"policyId":2}
}
,
{"name":"DENY 'read /finance/restricted/sales.db' for u=user1",
"request":{
"resource":{"elements":{"path":"/finance/restricted/sales.db"}},
"accessType":"read","user":"user1","userGroups":[],"requestData":"read /finance/restricted/sales.db"
},
"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
}
,
{"name":"DENY 'read /finance/restricted/hr/payroll.db' for u=user1",
"request":{
"resource":{"elements":{"path":"/finance/restricted/hr/payroll.db"}},
"accessType":"read","user":"user1","userGroups":[],"requestData":"read /finance/restricted/hr/payroll.db"
},
"result":{"isAudited":true,"isAllowed":false,"policyId":-1}
}
,
{"name":"DENY 'read /operations/visitors.db' for u=user1",
"request":{
"resource":{"elements":{"path":"/operations/visitors.db"}},
"accessType":"read","user":"user1","userGroups":[],"requestData":"read /operations/visitors.db"
},
"result":{"isAudited":false,"isAllowed":false,"policyId":-1}
}
,
{"name":"ALLOW 'read /public/technology/blogs.db' for u=user1",
"request":{
"resource":{"elements":{"path":"/public/technology/blogs.db"}},
"accessType":"read","user":"user1","userGroups":[],"requestData":"read /public/technology/blogs.db"
},
"result":{"isAudited":false,"isAllowed":true,"policyId":2}
}
,
{"name":"ALLOW 'read /public/technology' for u=user1",
"request":{
"resource":{"elements":{"path":"/public/technology/blogs.db"}},
"accessType":"read","user":"user1","userGroups":[],"requestData":"read /public/technology/blogs.db"
},
"result":{"isAudited":false,"isAllowed":true,"policyId":2}
}
,
{"name":"ALLOW 'read /public/technology' for u=user1",
"request":{
"resource":{"elements":{"path":"/public/technology/blogs.db"}},
"accessType":"execute","user":"user1","userGroups":[],"requestData":"read /public/technology/blogs.db"
},
"result":{"isAudited":false,"isAllowed":true,"policyId":2}
}
]
}