diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-abfs.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-abfs.json
index 5dc5fccca4..77f6578c60 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-abfs.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-abfs.json
@@ -1,127 +1,71 @@
{
- "id":103,
- "name": "abfs",
+ "id": 103,
+ "name": "abfs",
"displayName": "abfs",
- "implClass": "",
- "label": "Azure Blob File System",
+ "implClass": "",
+ "label": "Azure Blob File System",
"description": "Ranger plugin for ABFS",
- "guid":"",
- "options": { "enableDenyAndExceptionsInPolicies": "true" },
+ "guid": "",
+ "options": { "enableDenyAndExceptionsInPolicies": "true" },
"resources": [
{
- "itemId": 1,
- "name": "storageaccount",
- "type": "string",
- "parent": "",
- "level": 10,
- "mandatory": true,
- "lookupSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {"wildCard":true, "ignoreCase":false},
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Storage Account",
- "description": "Storage Account for the Path"
+ "itemId": 1,
+ "name": "storageaccount",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": false },
+ "label": "Storage Account",
+ "description": "Storage Account for the Path"
},
{
- "itemId":2,
- "name": "container",
- "type": "string",
- "parent": "storageaccount",
- "level":20,
- "mandatory": true,
- "lookupSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {"wildCard":true, "ignoreCase":false},
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Storage Account Container",
- "description": "Storage Account Container for the Path"
+ "itemId": 2,
+ "name": "container",
+ "parent": "storageaccount",
+ "level": 20,
+ "type": "string",
+ "mandatory": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": false },
+ "label": "Storage Account Container",
+ "description": "Storage Account Container for the Path"
},
{
- "itemId":3,
- "name": "relativepath",
- "type": "path",
- "parent": "container",
- "level":30,
- "mandatory": true,
- "lookupSupported": true,
+ "itemId": 3,
+ "name": "relativepath",
+ "parent": "container",
+ "level": 30,
+ "type": "path",
+ "mandatory": true,
+ "lookupSupported": true,
"recursiveSupported": true,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
- "matcherOptions": {"wildCard":true, "ignoreCase":false},
- "validationRegEx":"^[/*]$|^\/.*?[^\/]$",
- "validationMessage": "Relative Path must not end with a slash",
- "uiHint":"",
- "label": "Relative Path",
- "description": "Relative Path inside Storage Account Container"
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": false },
+ "validationRegEx": "^[/*]$|^\/.*?[^\/]$",
+ "validationMessage": "Relative Path must not end with a slash",
+ "label": "Relative Path",
+ "description": "Relative Path inside Storage Account Container"
}
],
- "accessTypes":
- [
- {
- "itemId": 1,
- "name": "read",
- "label": "Read",
- "category": "READ"
- },
- {
- "itemId": 2,
- "name": "write",
- "label": "Write",
- "category": "UPDATE"
- }
+ "accessTypes": [
+ { "itemId": 1, "name": "read", "label": "Read", "category": "READ" },
+ { "itemId": 2, "name": "write", "label": "Write", "category": "UPDATE" }
],
- "configs":
- [
- {
- "itemId": 1,
- "name": "username",
- "type": "string",
- "subType": "",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Username"
- },
- {
- "itemId": 2,
- "name": "password",
- "type": "string",
- "subType": "",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Password"
- },
- {
- "itemId":3,
- "name": "commonNameForCertificate",
- "type": "string",
- "subType": "",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Common Name for Certificate"
- }
+ "configs": [
+ { "itemId": 1, "name": "username", "type": "string", "mandatory": false, "label": "Username" },
+ { "itemId": 2, "name": "password", "type": "string", "mandatory": false, "label": "Password" },
+ { "itemId": 3, "name": "commonNameForCertificate", "type": "string", "mandatory": false, "label": "Common Name for Certificate" }
],
- "contextEnrichers": [],
- "policyConditions":
- [
+ "policyConditions": [
{
- "itemId": 1,
- "name": "ip-range",
- "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerIpMatcher",
- "label": "IP Address Range",
+ "itemId": 1,
+ "name": "ip-range",
+ "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerIpMatcher",
+ "label": "IP Address Range",
"description": "IP Address Range",
- "uiHint" : "{ \"isMultiValue\":true }"
+ "uiHint" : "{ \"isMultiValue\":true }"
}
]
-}
\ No newline at end of file
+}
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json
index e9edfd5ba9..5c52487dfc 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json
@@ -1,508 +1,293 @@
{
- "id": 15,
- "name": "atlas",
- "displayName": "atlas",
- "implClass": "org.apache.ranger.services.atlas.RangerServiceAtlas",
- "label": "Atlas Metadata Server",
- "description": "Atlas Metadata Server",
- "guid": "311a79b7-16f5-46f4-9829-a0224b9999c5",
- "resources": [
- {
- "itemId": 1,
- "name": "type-category",
- "type": "string",
- "level": 10,
- "mandatory": true,
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": "true",
- "ignoreCase": "true"
- },
- "label": "Type Category",
- "description": "Type Category"
- },
- {
- "itemId": 2,
- "name": "type",
- "type": "string",
- "level": 20,
- "mandatory": true,
- "parent": "type-category",
- "isValidLeaf": true,
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": "true",
- "ignoreCase": "false"
- },
- "label": "Type Name",
- "description": "Type Name",
- "accessTypeRestrictions": ["type-read" ,"type-create", "type-update", "type-delete" ]
- },
- {
- "itemId": 3,
- "name": "entity-type",
- "type": "string",
- "level": 10,
- "mandatory": true,
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": "true",
- "ignoreCase": "false"
- },
- "label": "Entity Type",
- "description": "Entity Type"
- },
- {
- "itemId": 4,
- "name": "entity-classification",
- "type": "string",
- "level": 20,
- "mandatory": true,
- "parent": "entity-type",
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": "true",
- "ignoreCase": "false"
- },
- "label": "Entity Classification",
- "description": "Entity Classification"
- },
- {
- "itemId": 5,
- "name": "entity",
- "type": "string",
- "level": 30,
- "mandatory": true,
- "parent": "entity-classification",
- "isValidLeaf": true,
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": "true",
- "ignoreCase": "true"
- },
- "label": "Entity ID",
- "description": "Entity ID",
- "accessTypeRestrictions": ["entity-read", "entity-create", "entity-update", "entity-delete"]
- },
- {
- "itemId": 6,
- "name": "atlas-service",
- "type": "string",
- "level": 10,
- "mandatory": true,
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": "true",
- "ignoreCase": "true"
- },
- "label": "Atlas Service",
- "description": "Atlas Service",
- "accessTypeRestrictions": ["admin-import", "admin-export", "admin-purge", "admin-audits"]
- },
- {
- "itemId": 7,
- "name": "relationship-type",
- "type": "string",
- "level": 10,
- "mandatory": true,
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": "true",
- "ignoreCase": "false"
- },
- "label": "Relationship Type",
- "description": "Relationship Type"
- },
- {
- "itemId": 8,
- "name": "end-one-entity-type",
- "type": "string",
- "level": 20,
- "mandatory": true,
- "parent": "relationship-type",
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": "true",
- "ignoreCase": "false"
- },
- "label": "End1 Entity Type",
- "description": "End1 Entity Type"
- },
- {
- "itemId": 9,
- "name": "end-one-entity-classification",
- "type": "string",
- "level": 30,
- "mandatory": true,
- "parent": "end-one-entity-type",
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": "true",
- "ignoreCase": "false"
- },
- "label": "End1 Entity Classification",
- "description": "End1 Entity Classification"
- },
- {
- "itemId": 10,
- "name": "end-one-entity",
- "type": "string",
- "level": 40,
- "mandatory": true,
- "parent": "end-one-entity-classification",
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": "true",
- "ignoreCase": "true"
- },
- "label": "End1 Entity ID",
- "description": "End1 Entity ID"
- },
- {
- "itemId": 11,
- "name": "end-two-entity-type",
- "type": "string",
- "level": 50,
- "mandatory": true,
- "parent": "end-one-entity",
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": "true",
- "ignoreCase": "false"
- },
- "label": "End2 Entity Type",
- "description": "End2 Entity Type"
- },
- {
- "itemId": 12,
- "name": "end-two-entity-classification",
- "type": "string",
- "level": 60,
- "mandatory": true,
- "parent": "end-two-entity-type",
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": "true",
- "ignoreCase": "false"
- },
- "label": "End2 Entity Classification",
- "description": "End2 Entity Classification"
- },
- {
- "itemId": 13,
- "name": "end-two-entity",
- "type": "string",
- "level": 70,
- "mandatory": true,
- "parent": "end-two-entity-classification",
- "isValidLeaf": true,
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": "true",
- "ignoreCase": "true"
- },
- "label": "End2 Entity ID",
- "description": "End2 Entity ID",
- "accessTypeRestrictions": [
- "add-relationship",
- "update-relationship",
- "remove-relationship"
- ]
- },
- {
- "itemId": 14,
- "name": "entity-label",
- "type": "string",
- "level": 40,
- "mandatory": true,
- "parent": "entity",
- "isValidLeaf": true,
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": "true",
- "ignoreCase": "true"
- },
- "label": "Label",
- "description": "Label",
- "accessTypeRestrictions": [
- "entity-add-label",
- "entity-remove-label"
- ]
- },
- {
- "itemId": 15,
- "name": "entity-business-metadata",
- "type": "string",
- "level": 40,
- "mandatory": true,
- "parent": "entity",
- "isValidLeaf": true,
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": "true",
- "ignoreCase": "true"
- },
- "label": "Business Metadata",
- "description": "Business Metadata",
- "accessTypeRestrictions": [
- "entity-update-business-metadata"
- ]
- },
- {
- "itemId": 16,
- "name": "classification",
- "type": "string",
- "level": 40,
- "mandatory": true,
- "parent": "entity",
- "isValidLeaf": true,
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": "true",
- "ignoreCase": "false"
- },
- "label": "Targetted classifications",
- "description": "Targetted classifications",
- "accessTypeRestrictions": [
- "entity-add-classification",
- "entity-update-classification",
- "entity-remove-classification"
- ]
- }
- ],
- "accessTypes": [
- {
- "itemId": 1,
- "name": "type-create",
- "label": "Create Type",
- "category": "MANAGE",
- "impliedGrants":
- [
- "type-read"
- ]
- },
- {
- "itemId": 2,
- "name": "type-update",
- "label": "Update Type",
- "category": "MANAGE",
- "impliedGrants":
- [
- "type-read"
- ]
- },
- {
- "itemId": 3,
- "name": "type-delete",
- "label": "Delete Type",
- "category": "MANAGE",
- "impliedGrants":
- [
- "type-read"
- ]
- },
- {
- "itemId": 4,
- "name": "entity-read",
- "label": "Read Entity",
- "category": "READ"
- },
- {
- "itemId": 5,
- "name": "entity-create",
- "label": "Create Entity",
- "category": "CREATE"
- },
- {
- "itemId": 6,
- "name": "entity-update",
- "label": "Update Entity",
- "category": "UPDATE"
- },
- {
- "itemId": 7,
- "name": "entity-delete",
- "label": "Delete Entity",
- "category": "DELETE"
- },
- {
- "itemId": 8,
- "name": "entity-add-classification",
- "label": "Add Classification",
- "category": "UPDATE"
- },
- {
- "itemId": 9,
- "name": "entity-update-classification",
- "label": "Update Classification",
- "category": "UPDATE"
- },
- {
- "itemId": 10,
- "name": "entity-remove-classification",
- "label": "Remove Classification",
- "category": "UPDATE"
- },
- {
- "itemId": 11,
- "name": "admin-export",
- "label": "Admin Export",
- "category": "MANAGE"
- },
- {
- "itemId": 12,
- "name": "admin-import",
- "label": "Admin Import",
- "category": "MANAGE"
- },
- {
- "itemId": 13,
- "name": "add-relationship",
- "label": "Add Relationship",
- "category": "UPDATE"
- },
- {
- "itemId": 14,
- "name": "update-relationship",
- "label": "Update Relationship",
- "category": "UPDATE"
- },
- {
- "itemId": 15,
- "name": "remove-relationship",
- "label": "Remove Relationship",
- "category": "UPDATE"
- },
- {
- "itemId": 16,
- "name": "admin-purge",
- "label": "Admin Purge",
- "category": "MANAGE"
- },
- {
- "itemId": 17,
- "name": "entity-add-label",
- "label": "Add Label",
- "category": "UPDATE"
- },
- {
- "itemId": 18,
- "name": "entity-remove-label",
- "label": "Remove Label",
- "category": "UPDATE"
- },
- {
- "itemId": 19,
- "name": "entity-update-business-metadata",
- "label": "Update Business Metadata",
- "category": "UPDATE"
- },
- {
- "itemId": 20,
- "name": "type-read",
- "label": "Read Type",
- "category": "READ"
- },
- {
- "itemId": 21,
- "name": "admin-audits",
- "label": "Admin Audits",
- "category": "MANAGE"
- }
- ],
- "configs": [
- {
- "itemId": 1,
- "name": "username",
- "type": "string",
- "mandatory": true,
- "label": "Username"
- },
- {
- "itemId": 2,
- "name": "password",
- "type": "password",
- "mandatory": true,
- "label": "Password"
- },
- {
- "itemId": 3,
- "name": "atlas.rest.address",
- "type": "string",
- "mandatory": true,
- "defaultValue": "http://localhost:21000"
- },
- {
- "itemId": 4,
- "name": "commonNameForCertificate",
- "type": "string",
- "mandatory": false,
- "label": "Common Name for Certificate"
- },
-
- {
- "itemId": 5,
- "name": "ranger.plugin.audit.filters",
- "type": "string",
- "subType": "",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Ranger Default Audit Filters",
- "defaultValue": "[ {'accessResult': 'DENIED', 'isAudited': true}, {'users':['atlas'] ,'isAudited':false}, {'accessResult':'ALLOWED', 'isAudited':false, 'actions':['entity-read'], 'accessTypes':['entity-read'], 'users':['nifi']} ]"
- }
- ],
- "options": {
- "enableDenyAndExceptionsInPolicies": "true",
- "enableTagBasedPolicies":"false"
- }
+ "id": 15,
+ "name": "atlas",
+ "displayName": "atlas",
+ "implClass": "org.apache.ranger.services.atlas.RangerServiceAtlas",
+ "label": "Atlas Metadata Server",
+ "description": "Atlas Metadata Server",
+ "guid": "311a79b7-16f5-46f4-9829-a0224b9999c5",
+ "options": { "enableDenyAndExceptionsInPolicies": "true", "enableTagBasedPolicies":"false" },
+ "resources": [
+ {
+ "itemId": 1,
+ "name": "type-category",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": "true", "ignoreCase": "true" },
+ "label": "Type Category",
+ "description": "Type Category"
+ },
+ {
+ "itemId": 2,
+ "name": "type",
+ "parent": "type-category",
+ "level": 20,
+ "type": "string",
+ "mandatory": true,
+ "isValidLeaf": true,
+ "lookupSupported": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": "true", "ignoreCase": "false" },
+ "label": "Type Name",
+ "description": "Type Name",
+ "accessTypeRestrictions": [
+ "type-read", "type-create", "type-update", "type-delete"
+ ]
+ },
+ {
+ "itemId": 3,
+ "name": "entity-type",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": "true", "ignoreCase": "false" },
+ "label": "Entity Type",
+ "description": "Entity Type"
+ },
+ {
+ "itemId": 4,
+ "name": "entity-classification",
+ "parent": "entity-type",
+ "level": 20,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": "true", "ignoreCase": "false" },
+ "label": "Entity Classification",
+ "description": "Entity Classification"
+ },
+ {
+ "itemId": 5,
+ "name": "entity",
+ "parent": "entity-classification",
+ "level": 30,
+ "type": "string",
+ "mandatory": true,
+ "isValidLeaf": true,
+ "lookupSupported": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": "true", "ignoreCase": "true" },
+ "label": "Entity ID",
+ "description": "Entity ID",
+ "accessTypeRestrictions": [
+ "entity-read", "entity-create", "entity-update", "entity-delete"
+ ]
+ },
+ {
+ "itemId": 6,
+ "name": "atlas-service",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": "true", "ignoreCase": "true" },
+ "label": "Atlas Service",
+ "description": "Atlas Service",
+ "accessTypeRestrictions": [
+ "admin-import", "admin-export", "admin-purge", "admin-audits"
+ ]
+ },
+ {
+ "itemId": 7,
+ "name": "relationship-type",
+ "type": "string",
+ "parent": "",
+ "level": 10,
+ "mandatory": true,
+ "lookupSupported": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": "true", "ignoreCase": "false" },
+ "label": "Relationship Type",
+ "description": "Relationship Type"
+ },
+ {
+ "itemId": 8,
+ "name": "end-one-entity-type",
+ "parent": "relationship-type",
+ "level": 20,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": "true", "ignoreCase": "false" },
+ "label": "End1 Entity Type",
+ "description": "End1 Entity Type"
+ },
+ {
+ "itemId": 9,
+ "name": "end-one-entity-classification",
+ "parent": "end-one-entity-type",
+ "level": 30,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": "true", "ignoreCase": "false" },
+ "label": "End1 Entity Classification",
+ "description": "End1 Entity Classification"
+ },
+ {
+ "itemId": 10,
+ "name": "end-one-entity",
+ "parent": "end-one-entity-classification",
+ "level": 40,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": "true", "ignoreCase": "true" },
+ "label": "End1 Entity ID",
+ "description": "End1 Entity ID"
+ },
+ {
+ "itemId": 11,
+ "name": "end-two-entity-type",
+ "parent": "end-one-entity",
+ "level": 50,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": "true", "ignoreCase": "false" },
+ "label": "End2 Entity Type",
+ "description": "End2 Entity Type"
+ },
+ {
+ "itemId": 12,
+ "name": "end-two-entity-classification",
+ "parent": "end-two-entity-type",
+ "level": 60,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": "true", "ignoreCase": "false" },
+ "label": "End2 Entity Classification",
+ "description": "End2 Entity Classification"
+ },
+ {
+ "itemId": 13,
+ "name": "end-two-entity",
+ "parent": "end-two-entity-classification",
+ "level": 70,
+ "type": "string",
+ "mandatory": true,
+ "isValidLeaf": true,
+ "lookupSupported": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": "true", "ignoreCase": "true" },
+ "label": "End2 Entity ID",
+ "description": "End2 Entity ID",
+ "accessTypeRestrictions": [
+ "add-relationship", "update-relationship", "remove-relationship"
+ ]
+ },
+ {
+ "itemId": 14,
+ "name": "entity-label",
+ "parent": "entity",
+ "level": 40,
+ "type": "string",
+ "mandatory": true,
+ "isValidLeaf": true,
+ "lookupSupported": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": "true", "ignoreCase": "true" },
+ "label": "Label",
+ "description": "Label",
+ "accessTypeRestrictions": [
+ "entity-add-label", "entity-remove-label"
+ ]
+ },
+ {
+ "itemId": 15,
+ "name": "entity-business-metadata",
+ "parent": "entity",
+ "level": 40,
+ "type": "string",
+ "mandatory": true,
+ "isValidLeaf": true,
+ "lookupSupported": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": "true", "ignoreCase": "true" },
+ "label": "Business Metadata",
+ "description": "Business Metadata",
+ "accessTypeRestrictions": [
+ "entity-update-business-metadata"
+ ]
+ },
+ {
+ "itemId": 16,
+ "name": "classification",
+ "parent": "entity",
+ "level": 40,
+ "type": "string",
+ "mandatory": true,
+ "isValidLeaf": true,
+ "lookupSupported": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": "true", "ignoreCase": "false" },
+ "label": "Targetted classifications",
+ "description": "Targetted classifications",
+ "accessTypeRestrictions": [
+ "entity-add-classification", "entity-update-classification", "entity-remove-classification"
+ ]
+ }
+ ],
+ "accessTypes": [
+ { "itemId": 1, "name": "type-create", "label": "Create Type", "category": "MANAGE", "impliedGrants": [ "type-read" ] },
+ { "itemId": 2, "name": "type-update", "label": "Update Type", "category": "MANAGE", "impliedGrants": [ "type-read" ] },
+ { "itemId": 3, "name": "type-delete", "label": "Delete Type", "category": "MANAGE", "impliedGrants": [ "type-read" ] },
+ { "itemId": 4, "name": "entity-read", "label": "Read Entity", "category": "READ" },
+ { "itemId": 5, "name": "entity-create", "label": "Create Entity", "category": "CREATE" },
+ { "itemId": 6, "name": "entity-update", "label": "Update Entity", "category": "UPDATE" },
+ { "itemId": 7, "name": "entity-delete", "label": "Delete Entity", "category": "DELETE" },
+ { "itemId": 8, "name": "entity-add-classification", "label": "Add Classification", "category": "UPDATE" },
+ { "itemId": 9, "name": "entity-update-classification", "label": "Update Classification", "category": "UPDATE" },
+ { "itemId": 10, "name": "entity-remove-classification", "label": "Remove Classification", "category": "UPDATE" },
+ { "itemId": 11, "name": "admin-export", "label": "Admin Export", "category": "MANAGE" },
+ { "itemId": 12, "name": "admin-import", "label": "Admin Import", "category": "MANAGE" },
+ { "itemId": 13, "name": "add-relationship", "label": "Add Relationship", "category": "UPDATE" },
+ { "itemId": 14, "name": "update-relationship", "label": "Update Relationship", "category": "UPDATE" },
+ { "itemId": 15, "name": "remove-relationship", "label": "Remove Relationship", "category": "UPDATE" },
+ { "itemId": 16, "name": "admin-purge", "label": "Admin Purge", "category": "MANAGE" },
+ { "itemId": 17, "name": "entity-add-label", "label": "Add Label", "category": "UPDATE" },
+ { "itemId": 18, "name": "entity-remove-label", "label": "Remove Label", "category": "UPDATE" },
+ { "itemId": 19, "name": "entity-update-business-metadata", "label": "Update Business Metadata", "category": "UPDATE" },
+ { "itemId": 20, "name": "type-read", "label": "Read Type", "category": "READ" },
+ { "itemId": 21, "name": "admin-audits", "label": "Admin Audits", "category": "MANAGE" }
+ ],
+ "configs": [
+ { "itemId": 1, "name": "username", "type": "string", "mandatory": true, "label": "Username" },
+ { "itemId": 2, "name": "password", "type": "password", "mandatory": true, "label": "Password" },
+ { "itemId": 3, "name": "atlas.rest.address", "type": "string", "mandatory": true, "label": "REST URL", "defaultValue": "http://localhost:21000" },
+ { "itemId": 4, "name": "commonNameForCertificate", "type": "string", "mandatory": false, "label": "Common Name for Certificate" },
+ { "itemId": 5, "name": "ranger.plugin.audit.filters", "type": "string", "mandatory": false, "label": "Ranger Default Audit Filters", "defaultValue": "[ {'accessResult': 'DENIED', 'isAudited': true}, {'users':['atlas'] ,'isAudited':false}, {'accessResult':'ALLOWED', 'isAudited':false, 'actions':['entity-read'], 'accessTypes':['entity-read'], 'users':['nifi']} ]" }
+ ]
}
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-elasticsearch.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-elasticsearch.json
index 96cabe865b..90e214fc18 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-elasticsearch.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-elasticsearch.json
@@ -1,208 +1,45 @@
{
- "id":16,
- "name": "elasticsearch",
- "displayName": "elasticsearch",
- "implClass": "org.apache.ranger.services.elasticsearch.RangerServiceElasticsearch",
- "label": "ELASTICSEARCH",
- "description": "ELASTICSEARCH",
- "guid": "c0682ba7-7052-4c9c-a30e-84ccd5d98457",
- "resources":
- [
- {
- "itemId": 1,
- "name": "index",
- "type": "string",
- "level": 10,
- "parent": "",
- "mandatory": true,
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": { "wildCard":true, "ignoreCase":true},
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Index",
- "description": "Elasticsearch Index"
- }
- ],
-
- "accessTypes":
- [
- {
- "itemId": 1,
- "name": "all",
- "label": "all",
- "impliedGrants":
- [
- "monitor",
- "manage",
- "view_index_metadata",
- "read",
- "read_cross_cluster",
- "index",
- "create",
- "delete",
- "write",
- "delete_index",
- "create_index",
- "indices_put",
- "indices_search_shards",
- "indices_bulk",
- "indices_index"
- ]
- },
-
- {
- "itemId": 2,
- "name": "monitor",
- "label": "monitor",
- "category": "MANAGE"
- },
-
- {
- "itemId": 3,
- "name": "manage",
- "label": "manage",
- "category": "MANAGE",
- "impliedGrants":
- [
- "monitor"
- ]
- },
-
- {
- "itemId": 4,
- "name": "view_index_metadata",
- "label": "view_index_metadata",
- "category": "MANAGE",
- "impliedGrants":
- [
- "indices_search_shards"
- ]
- },
-
- {
- "itemId": 5,
- "name": "read",
- "label": "read",
- "category": "READ"
- },
-
- {
- "itemId": 6,
- "name": "read_cross_cluster",
- "label": "read_cross_cluster",
- "category": "READ",
- "impliedGrants":
- [
- "indices_search_shards"
- ]
- },
-
- {
- "itemId": 7,
- "name": "index",
- "label": "index",
- "category": "MANAGE",
- "impliedGrants":
- [
- "indices_put",
- "indices_bulk",
- "indices_index"
- ]
- },
-
- {
- "itemId": 8,
- "name": "create",
- "label": "create",
- "category": "CREATE",
- "impliedGrants":
- [
- "indices_put",
- "indices_bulk",
- "indices_index"
- ]
- },
-
- {
- "itemId": 9,
- "name": "delete",
- "label": "delete",
- "category": "DELETE",
- "impliedGrants":
- [
- "indices_bulk"
- ]
- },
-
- {
- "itemId": 10,
- "name": "write",
- "label": "write",
- "category": "UPDATE",
- "impliedGrants":
- [
- "indices_put"
- ]
- },
-
- {
- "itemId": 11,
- "name": "delete_index",
- "label": "delete_index",
- "category": "MANAGE"
- },
-
- {
- "itemId": 12,
- "name": "create_index",
- "label": "create_index",
- "category": "MANAGE"
- }
- ],
-
- "configs":
- [
- {
- "itemId": 1,
- "name": "username",
- "type": "string",
- "mandatory": true,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Username"
- },
-
- {
- "itemId": 2,
- "name": "elasticsearch.url",
- "type": "string",
- "mandatory": true,
- "defaultValue": "",
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"{\"TextFieldWithIcon\":true, \"info\": \"eg. 'http://<ipaddr>:9200'\"}",
- "label": "Elasticsearch URL"
- }
- ],
- "options": { "enableDenyAndExceptionsInPolicies": "false" },
-
- "enums":
- [
-
- ],
-
- "contextEnrichers":
- [
-
- ],
-
- "policyConditions":
- [
-
- ]
+ "id": 16,
+ "name": "elasticsearch",
+ "displayName": "elasticsearch",
+ "implClass": "org.apache.ranger.services.elasticsearch.RangerServiceElasticsearch",
+ "label": "ELASTICSEARCH",
+ "description": "ELASTICSEARCH",
+ "guid": "c0682ba7-7052-4c9c-a30e-84ccd5d98457",
+ "options": { "enableDenyAndExceptionsInPolicies": "false" },
+ "resources": [
+ {
+ "itemId": 1,
+ "name": "index",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true},
+ "label": "Index",
+ "description": "Elasticsearch Index"
+ }
+ ],
+
+ "accessTypes": [
+ { "itemId": 1, "name": "all", "label": "all", "impliedGrants": [ "monitor", "manage", "view_index_metadata", "read", "read_cross_cluster", "index", "create", "delete", "write", "delete_index", "create_index", "indices_put", "indices_search_shards", "indices_bulk", "indices_index" ] },
+ { "itemId": 2, "name": "monitor", "label": "monitor", "category": "MANAGE" },
+ { "itemId": 3, "name": "manage", "label": "manage", "category": "MANAGE", "impliedGrants": [ "monitor" ] },
+ { "itemId": 4, "name": "view_index_metadata", "label": "view_index_metadata", "category": "MANAGE", "impliedGrants": [ "indices_search_shards" ] },
+ { "itemId": 5, "name": "read", "label": "read", "category": "READ" },
+ { "itemId": 6, "name": "read_cross_cluster", "label": "read_cross_cluster", "category": "READ", "impliedGrants": [ "indices_search_shards" ] },
+ { "itemId": 7, "name": "index", "label": "index", "category": "MANAGE", "impliedGrants": [ "indices_put", "indices_bulk", "indices_index" ] },
+ { "itemId": 8, "name": "create", "label": "create", "category": "CREATE", "impliedGrants": [ "indices_put", "indices_bulk", "indices_index" ] },
+ { "itemId": 9, "name": "delete", "label": "delete", "category": "DELETE", "impliedGrants": [ "indices_bulk" ] },
+ { "itemId": 10, "name": "write", "label": "write", "category": "UPDATE", "impliedGrants": [ "indices_put" ] },
+ { "itemId": 11, "name": "delete_index", "label": "delete_index", "category": "MANAGE" },
+ { "itemId": 12, "name": "create_index", "label": "create_index", "category": "MANAGE" }
+ ],
+
+ "configs": [
+ { "itemId": 1, "name": "username", "type": "string", "mandatory": true, "label": "Username" },
+ { "itemId": 2, "name": "elasticsearch.url", "type": "string", "mandatory": true, "label": "Elasticsearch URL", "uiHint":"{\"TextFieldWithIcon\":true, \"info\": \"eg. 'http://<ipaddr>:9200'\"}" }
+ ]
}
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-gds.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-gds.json
index f3089bf30c..67fd238878 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-gds.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-gds.json
@@ -4,41 +4,33 @@
"implClass": "org.apache.ranger.services.gds.RangerServiceGds",
"label": "GDS",
"description": "GDS Service Definition",
- "options": {
- "enableDenyInPolicies": "false"
- },
+ "options": { "enableDenyInPolicies": "false" },
"resources": [
{
- "itemId": 1,
- "name": "dataset-id",
- "type": "string",
- "level": 1,
- "parent": "",
- "mandatory": true,
- "lookupSupported": false,
- "recursiveSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": { "wildCard": false, "ignoreCase": false },
- "uiHint": "{ \"singleValue\": true }",
- "label": "Dataset ID",
- "description": "Dataset ID"
+ "itemId": 1,
+ "name": "dataset-id",
+ "parent": "",
+ "level": 1,
+ "type": "string",
+ "mandatory": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": false, "ignoreCase": false },
+ "uiHint": "{ \"singleValue\": true }",
+ "label": "Dataset ID",
+ "description": "Dataset ID"
},
{
- "itemId": 2,
- "name": "project-id",
- "type": "string",
- "level": 1,
- "parent": "",
- "mandatory": true,
- "lookupSupported": false,
- "recursiveSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": { "wildCard": false, "ignoreCase": false },
- "uiHint": "{ \"singleValue\": true }",
- "label": "Project ID",
- "description": "Project ID"
+ "itemId": 2,
+ "name": "project-id",
+ "parent": "",
+ "level": 1,
+ "type": "string",
+ "mandatory": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": false, "ignoreCase": false },
+ "uiHint": "{ \"singleValue\": true }",
+ "label": "Project ID",
+ "description": "Project ID"
}
],
@@ -62,10 +54,6 @@
}
],
- "enums": [ ],
-
- "contextEnrichers": [ ],
-
"policyConditions":
[
{
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
index 7e5cfa1a6d..47f22045d8 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json
@@ -1,265 +1,85 @@
{
- "id":2,
- "name": "hbase",
- "displayName": "hbase",
- "implClass": "org.apache.ranger.services.hbase.RangerServiceHBase",
- "label": "HBase",
- "description": "HBase",
- "guid": "d6cea1f0-2509-4791-8fc1-7b092399ba3b",
- "resources":
- [
- {
- "itemId": 1,
- "name": "table",
- "type": "string",
- "level": 10,
- "parent": "",
- "mandatory": true,
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": { "wildCard":true, "ignoreCase":false },
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "HBase Table",
- "description": "HBase Table"
- },
-
- {
- "itemId": 2,
- "name": "column-family",
- "type": "string",
- "level": 20,
- "parent": "table",
- "mandatory": true,
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": { "wildCard":true, "ignoreCase":false },
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "HBase Column-family",
- "description": "HBase Column-family"
- },
-
- {
- "itemId": 3,
- "name": "column",
- "type": "string",
- "level": 30,
- "parent": "column-family",
- "mandatory": true,
- "lookupSupported": false,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": { "wildCard":true, "ignoreCase":false },
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "HBase Column",
- "description": "HBase Column"
- }
- ],
-
- "accessTypes":
- [
- {
- "itemId": 1,
- "name": "read",
- "label": "Read",
- "category": "READ"
- },
-
- {
- "itemId": 2,
- "name": "write",
- "label": "Write",
- "category": "UPDATE"
- },
-
- {
- "itemId": 3,
- "name": "create",
- "label": "Create",
- "category": "CREATE"
- },
-
- {
- "itemId": 4,
- "name": "admin",
- "label": "Admin",
- "category": "MANAGE",
- "impliedGrants":
- [
- "read",
- "write",
- "create"
- ]
- },
- {
- "itemId": 5,
- "name": "execute",
- "label": "Execute",
- "category": "READ"
- }
- ],
-
- "configs":
- [
- {
- "itemId": 1,
- "name": "username",
- "type": "string",
- "subType": "",
- "mandatory": true,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Username"
- },
-
- {
- "itemId": 2,
- "name": "password",
- "type": "password",
- "subType": "",
- "mandatory": true,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Password"
- },
-
- {
- "itemId": 3,
- "name": "hadoop.security.authentication",
- "type": "enum",
- "subType": "authnType",
- "mandatory": true,
- "defaultValue": "simple",
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":""
- },
-
- {
- "itemId": 4,
- "name": "hbase.master.kerberos.principal",
- "type": "string",
- "subType": "",
- "mandatory": false,
- "defaultValue": ""
- },
-
- {
- "itemId": 5,
- "name": "hbase.security.authentication",
- "type": "enum",
- "subType": "authnType",
- "mandatory": true,
- "defaultValue": "simple",
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":""
- },
-
- {
- "itemId": 6,
- "name": "hbase.zookeeper.property.clientPort",
- "type": "int",
- "subType": "",
- "mandatory": true,
- "defaultValue": "2181",
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":""
- },
-
- {
- "itemId": 7,
- "name": "hbase.zookeeper.quorum",
- "type": "string",
- "subType": "",
- "mandatory": true,
- "defaultValue": "",
- "validationRegEx":"",
- "validationMessage": ""
- },
-
- {
- "itemId": 8,
- "name": "zookeeper.znode.parent",
- "type": "string",
- "subType": "",
- "mandatory": true,
- "defaultValue": "/hbase",
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":""
- },
-
- {
- "itemId": 9,
- "name": "commonNameForCertificate",
- "type": "string",
- "subType": "",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Common Name for Certificate"
- },
-
- {
- "itemId": 10,
- "name": "ranger.plugin.audit.filters",
- "type": "string",
- "subType": "",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Ranger Default Audit Filters",
- "defaultValue": "[{'accessResult': 'DENIED', 'isAudited': true},{'resources':{'table':{'values':['*-ROOT-*','*.META.*', '*_acl_*', 'hbase:meta', 'hbase:acl', 'default', 'hbase']}}, 'users':['hbase'], 'isAudited': false }, {'resources':{'table':{'values':['atlas_janus','ATLAS_ENTITY_AUDIT_EVENTS']},'column-family':{'values':['*']},'column':{'values':['*']}},'users':['atlas', 'hbase'],'isAudited':false},{'users':['hbase'], 'actions':['balance'],'isAudited':false}]"
- }
- ],
-
- "enums":
- [
- {
- "itemId": 1,
- "name": "authnType",
- "elements":
- [
- {
- "itemId": 1,
- "name": "simple",
- "label": "Simple"
- },
-
- {
- "itemId": 2,
- "name": "kerberos",
- "label": "Kerberos"
- }
- ],
-
- "defaultIndex": 0
- }
- ],
-
- "contextEnrichers":
- [
-
- ],
-
- "policyConditions":
- [
-
- ]
+ "id": 2,
+ "name": "hbase",
+ "displayName": "hbase",
+ "implClass": "org.apache.ranger.services.hbase.RangerServiceHBase",
+ "label": "HBase",
+ "description": "HBase",
+ "guid": "d6cea1f0-2509-4791-8fc1-7b092399ba3b",
+ "resources": [
+ {
+ "itemId": 1,
+ "name": "table",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": false },
+ "label": "HBase Table",
+ "description": "HBase Table"
+ },
+
+ {
+ "itemId": 2,
+ "name": "column-family",
+ "parent": "table",
+ "level": 20,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": false },
+ "label": "HBase Column-family",
+ "description": "HBase Column-family"
+ },
+
+ {
+ "itemId": 3,
+ "name": "column",
+ "parent": "column-family",
+ "level": 30,
+ "type": "string",
+ "mandatory": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": false },
+ "label": "HBase Column",
+ "description": "HBase Column"
+ }
+ ],
+
+ "accessTypes": [
+ { "itemId": 1, "name": "read", "label": "Read", "category": "READ" },
+ { "itemId": 2, "name": "write", "label": "Write", "category": "UPDATE" },
+ { "itemId": 3, "name": "create", "label": "Create", "category": "CREATE" },
+ { "itemId": 4, "name": "admin", "label": "Admin", "category": "MANAGE", "impliedGrants": [ "read", "write", "create" ] },
+ { "itemId": 5, "name": "execute", "label": "Execute", "category": "READ" }
+ ],
+
+ "configs": [
+ { "itemId": 1, "name": "username", "type": "string", "mandatory": true, "label": "Username" },
+ { "itemId": 2, "name": "password", "type": "password", "mandatory": true, "label": "Password" },
+ { "itemId": 3, "name": "hadoop.security.authentication", "type": "enum", "mandatory": true, "subType": "authnType", "defaultValue": "simple" },
+ { "itemId": 4, "name": "hbase.master.kerberos.principal", "type": "string", "mandatory": false, "defaultValue": "" },
+ { "itemId": 5, "name": "hbase.security.authentication", "type": "enum", "mandatory": true, "subType": "authnType", "defaultValue": "simple" },
+ { "itemId": 6, "name": "hbase.zookeeper.property.clientPort", "type": "int", "mandatory": true, "defaultValue": "2181" },
+ { "itemId": 7, "name": "hbase.zookeeper.quorum", "type": "string", "mandatory": true, "defaultValue": "" },
+ { "itemId": 8, "name": "zookeeper.znode.parent", "type": "string", "mandatory": true, "defaultValue": "/hbase" },
+ { "itemId": 9, "name": "commonNameForCertificate", "type": "string", "mandatory": false, "label": "Common Name for Certificate" },
+ { "itemId": 10, "name": "ranger.plugin.audit.filters", "type": "string", "mandatory": false, "label": "Ranger Default Audit Filters", "defaultValue": "[{'accessResult': 'DENIED', 'isAudited': true},{'resources':{'table':{'values':['*-ROOT-*','*.META.*', '*_acl_*', 'hbase:meta', 'hbase:acl', 'default', 'hbase']}}, 'users':['hbase'], 'isAudited': false }, {'resources':{'table':{'values':['atlas_janus','ATLAS_ENTITY_AUDIT_EVENTS']},'column-family':{'values':['*']},'column':{'values':['*']}},'users':['atlas', 'hbase'],'isAudited':false},{'users':['hbase'], 'actions':['balance'],'isAudited':false}]"
+ }
+ ],
+ "enums": [
+ {
+ "itemId": 1, "name": "authnType", "defaultIndex": 0,
+ "elements": [
+ { "itemId": 1, "name": "simple", "label": "Simple" },
+ { "itemId": 2, "name": "kerberos", "label": "Kerberos" }
+ ]
+ }
+ ]
}
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json
index 91dd7a03b8..b95b187932 100755
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json
@@ -1,262 +1,63 @@
{
- "id":1,
- "name": "hdfs",
- "displayName": "hdfs",
- "implClass": "org.apache.ranger.services.hdfs.RangerServiceHdfs",
- "label": "HDFS Repository",
- "description": "HDFS Repository",
- "guid": "0d047247-bafe-4cf8-8e9b-d5d377284b2d",
- "resources":
- [
- {
- "itemId": 1,
- "name": "path",
- "type": "path",
- "level": 10,
- "parent": "",
- "mandatory": true,
- "lookupSupported": true,
- "recursiveSupported": true,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
- "matcherOptions": { "wildCard":true, "ignoreCase":false },
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Resource Path",
- "description": "HDFS file or directory path"
- }
- ],
-
- "accessTypes":
- [
- {
- "itemId": 1,
- "name": "read",
- "label": "Read",
- "category": "READ"
- },
-
- {
- "itemId": 2,
- "name": "write",
- "label": "Write",
- "category": "UPDATE"
- },
-
- {
- "itemId": 3,
- "name": "execute",
- "label": "Execute",
- "category": "READ"
- }
- ],
-
- "configs":
- [
- {
- "itemId": 1,
- "name": "username",
- "type": "string",
- "subType": "",
- "mandatory": true,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Username"
- },
-
- {
- "itemId": 2,
- "name": "password",
- "type": "password",
- "subType": "",
- "mandatory": true,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Password"
- },
-
- {
- "itemId": 3,
- "name": "fs.default.name",
- "type": "string",
- "subType": "",
- "mandatory": true,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"{\"TextFieldWithIcon\":true, \"info\": \"1. For a single NameNode URL, use:
hdfs://<host>:<port>
2. For HDFS High Availability (HA) setup, use the nameservice-based URL:
hdfs://<nameservice>
Note: Do not provide multiple NameNode URLs separated by commas. Instead, use the nameservice configured for your HDFS cluster.
You can confirm the correct value from the Hadoop configuration property fs.defaultFS in core-site.xml.\"}",
- "label": "Namenode URL"
- },
-
- {
- "itemId": 4,
- "name": "hadoop.security.authorization",
- "type": "bool",
- "subType": "YesTrue:NoFalse",
- "mandatory": true,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Authorization Enabled",
- "defaultValue": "false"
- },
-
- {
- "itemId": 5,
- "name": "hadoop.security.authentication",
- "type": "enum",
- "subType": "authnType",
- "mandatory": true,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Authentication Type",
- "defaultValue": "simple"
- },
-
- {
- "itemId": 6,
- "name": "hadoop.security.auth_to_local",
- "type": "string",
- "subType": "",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":""
- },
-
- {
- "itemId": 7,
- "name": "dfs.datanode.kerberos.principal",
- "type": "string",
- "subType": "",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":""
- },
-
- {
- "itemId": 8,
- "name": "dfs.namenode.kerberos.principal",
- "type": "string",
- "subType": "",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":""
- },
-
- {
- "itemId": 9,
- "name": "dfs.secondary.namenode.kerberos.principal",
- "type": "string",
- "subType": "",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":""
- },
-
- {
- "itemId": 10,
- "name": "hadoop.rpc.protection",
- "type": "enum",
- "subType": "rpcProtection",
- "mandatory": false,
- "label": "RPC Protection Type",
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "defaultValue": "authentication"
- },
-
- {
- "itemId": 11,
- "name": "commonNameForCertificate",
- "type": "string",
- "subType": "",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Common Name for Certificate"
- },
-
- {
- "itemId": 12,
- "name": "ranger.plugin.audit.filters",
- "type": "string",
- "subType": "",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Ranger Default Audit Filters",
- "defaultValue": "[{'accessResult': 'DENIED', 'isAudited': true}, {'actions':['delete','rename'],'isAudited':true}, {'users':['hdfs'], 'actions': ['listStatus', 'getfileinfo', 'listCachePools', 'listCacheDirectives', 'listCorruptFileBlocks', 'monitorHealth', 'rollEditLog', 'open'], 'isAudited': false}, {'users': ['oozie'],'resources': {'path': {'values': ['/user/oozie/share/lib'],'isRecursive': true}},'isAudited': false},{'users': ['spark'],'resources': {'path': {'values': ['/user/spark/applicationHistory'],'isRecursive': true}},'isAudited': false},{'users': ['hue'],'resources': {'path': {'values': ['/user/hue'],'isRecursive': true}},'isAudited': false},{'users': ['hbase'],'resources': {'path': {'values': ['/hbase'],'isRecursive': true}},'isAudited': false},{'users': ['mapred'],'resources': {'path': {'values': ['/user/history'],'isRecursive': true}},'isAudited': false}, {'actions': ['getfileinfo'], 'isAudited':false} ]"
- }
- ],
-
- "enums":
- [
- {
- "itemId": 1,
- "name": "authnType",
- "elements":
- [
- {
- "itemId": 1,
- "name": "simple",
- "label": "Simple"
- },
-
- {
- "itemId": 2,
- "name": "kerberos",
- "label": "Kerberos"
- }
- ],
-
- "defaultIndex": 0
- },
-
- {
- "itemId": 2,
- "name": "rpcProtection",
- "elements":
- [
- {
- "itemId": 1,
- "name": "authentication",
- "label": "Authentication"
- },
-
- {
- "itemId": 2,
- "name": "integrity",
- "label": "Integrity"
- },
-
- {
- "itemId": 3,
- "name": "privacy",
- "label": "Privacy"
- }
- ],
-
- "defaultIndex": 0
- }
- ],
-
- "contextEnrichers":
- [
-
- ],
-
- "policyConditions":
- [
-
- ]
+ "id": 1,
+ "name": "hdfs",
+ "displayName": "hdfs",
+ "implClass": "org.apache.ranger.services.hdfs.RangerServiceHdfs",
+ "label": "HDFS Repository",
+ "description": "HDFS Repository",
+ "guid": "0d047247-bafe-4cf8-8e9b-d5d377284b2d",
+ "resources": [
+ {
+ "itemId": 1,
+ "name": "path",
+ "parent": "",
+ "level": 10,
+ "type": "path",
+ "mandatory": true,
+ "lookupSupported": true,
+ "recursiveSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": false },
+ "label": "Resource Path",
+ "description": "HDFS file or directory path"
+ }
+ ],
+ "accessTypes": [
+ { "itemId": 1, "name": "read", "label": "Read", "category": "READ" },
+ { "itemId": 2, "name": "write", "label": "Write", "category": "UPDATE" },
+ { "itemId": 3, "name": "execute", "label": "Execute", "category": "READ" }
+ ],
+ "configs": [
+ { "itemId": 1, "name": "username", "type": "string", "label": "Username", "mandatory": true },
+ { "itemId": 2, "name": "password", "type": "password", "label": "Password", "mandatory": true },
+ { "itemId": 3, "name": "fs.default.name", "type": "string", "label": "Namenode URL","mandatory": true, "uiHint":"{\"TextFieldWithIcon\":true, \"info\": \"1. For a single NameNode URL, use:
hdfs://<host>:<port>
2. For HDFS High Availability (HA) setup, use the nameservice-based URL:
hdfs://<nameservice>
Note: Do not provide multiple NameNode URLs separated by commas. Instead, use the nameservice configured for your HDFS cluster.
You can confirm the correct value from the Hadoop configuration property fs.defaultFS in core-site.xml.\"}" },
+ { "itemId": 4, "name": "hadoop.security.authorization", "type": "bool", "label": "Authorization Enabled", "mandatory": true, "defaultValue": "false", "subType": "YesTrue:NoFalse" },
+ { "itemId": 5, "name": "hadoop.security.authentication", "type": "enum", "label": "Authentication Type", "mandatory": true, "defaultValue": "simple", "subType": "authnType" },
+ { "itemId": 6, "name": "hadoop.security.auth_to_local", "type": "string" },
+ { "itemId": 7, "name": "dfs.datanode.kerberos.principal", "type": "string" },
+ { "itemId": 8, "name": "dfs.namenode.kerberos.principal", "type": "string" },
+ { "itemId": 9, "name": "dfs.secondary.namenode.kerberos.principal", "type": "string" },
+ { "itemId": 10, "name": "hadoop.rpc.protection", "type": "enum", "label": "RPC Protection Type", "defaultValue": "authentication", "subType": "rpcProtection" },
+ { "itemId": 11, "name": "commonNameForCertificate", "type": "string", "label": "Common Name for Certificate" },
+ { "itemId": 12, "name": "ranger.plugin.audit.filters", "type": "string", "label": "Ranger Default Audit Filters", "defaultValue": "[{'accessResult': 'DENIED', 'isAudited': true}, {'actions':['delete','rename'],'isAudited':true}, {'users':['hdfs'], 'actions': ['listStatus', 'getfileinfo', 'listCachePools', 'listCacheDirectives', 'listCorruptFileBlocks', 'monitorHealth', 'rollEditLog', 'open'], 'isAudited': false}, {'users': ['oozie'],'resources': {'path': {'values': ['/user/oozie/share/lib'],'isRecursive': true}},'isAudited': false},{'users': ['spark'],'resources': {'path': {'values': ['/user/spark/applicationHistory'],'isRecursive': true}},'isAudited': false},{'users': ['hue'],'resources': {'path': {'values': ['/user/hue'],'isRecursive': true}},'isAudited': false},{'users': ['hbase'],'resources': {'path': {'values': ['/hbase'],'isRecursive': true}},'isAudited': false},{'users': ['mapred'],'resources': {'path': {'values': ['/user/history'],'isRecursive': true}},'isAudited': false}, {'actions': ['getfileinfo'], 'isAudited':false} ]"
+ }
+ ],
+ "enums": [
+ {
+ "itemId": 1, "name": "authnType", "defaultIndex": 0,
+ "elements": [
+ { "itemId": 1, "name": "simple", "label": "Simple" },
+ { "itemId": 2, "name": "kerberos", "label": "Kerberos" }
+ ]
+ },
+
+ {
+ "itemId": 2, "name": "rpcProtection", "defaultIndex": 0,
+ "elements": [
+ { "itemId": 1, "name": "authentication", "label": "Authentication" },
+ { "itemId": 2, "name": "integrity", "label": "Integrity" },
+ { "itemId": 3, "name": "privacy", "label": "Privacy" }
+ ]
+ }
+ ]
}
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
index aa7cb3e777..8a8948c3cf 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
@@ -1,464 +1,204 @@
{
- "id":3,
- "name": "hive",
- "displayName": "Hadoop SQL",
- "implClass": "org.apache.ranger.services.hive.RangerServiceHive",
- "label": "Hive Server2",
- "description": "Hive Server2",
- "guid": "3e1afb5a-184a-4e82-9d9c-87a5cacc243c",
- "resources":
- [
- {
- "itemId": 1,
- "name": "database",
- "type": "string",
- "level": 10,
- "parent": "",
- "mandatory": true,
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": { "wildCard":true, "ignoreCase":true },
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Hive Database",
- "description": "Hive Database",
- "isValidLeaf": true
- },
-
- {
- "itemId": 2,
- "name": "table",
- "type": "string",
- "level": 20,
- "parent": "database",
- "mandatory": true,
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": { "wildCard":true, "ignoreCase":true },
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Hive Table",
- "description": "Hive Table",
- "isValidLeaf": true
- },
-
- {
- "itemId": 3,
- "name": "udf",
- "type": "string",
- "level": 20,
- "parent": "database",
- "mandatory": true,
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": { "wildCard":true, "ignoreCase":true },
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Hive UDF",
- "description": "Hive UDF"
- },
-
- {
- "itemId": 4,
- "name": "column",
- "type": "string",
- "level": 30,
- "parent": "table",
- "mandatory": true,
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": { "wildCard":true, "ignoreCase":true },
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Hive Column",
- "description": "Hive Column"
- },
-
- {
- "itemId": 5,
- "name": "url",
- "type": "string",
- "level": 10,
- "parent": "",
- "mandatory": true,
- "lookupSupported": false,
- "recursiveSupported": true,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerURLResourceMatcher",
- "matcherOptions": { "wildCard":true, "ignoreCase":false },
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "URL",
- "description": "URL"
- },
-
- {
- "itemId": 6,
- "name": "hiveservice",
- "type": "string",
- "level": 10,
- "parent": "",
- "mandatory": true,
- "lookupSupported": false,
- "recursiveSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": { "wildCard":true, "ignoreCase":false },
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Hive Service",
- "description": "Hive Service"
- },
- {
- "itemId": 7,
- "name": "global",
- "type": "string",
- "level": 10,
- "parent": "",
- "mandatory": true,
- "lookupSupported": false,
- "recursiveSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": true,
- "ignoreCase": false
- },
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Global",
- "description": "Global"
- }
- ],
-
- "accessTypes":
- [
- {
- "itemId": 1,
- "name": "select",
- "label": "select",
- "category": "READ"
- },
-
- {
- "itemId": 2,
- "name": "update",
- "label": "update",
- "category": "UPDATE"
- },
-
- {
- "itemId": 3,
- "name": "create",
- "label": "Create",
- "category": "CREATE"
- },
-
- {
- "itemId": 4,
- "name": "drop",
- "label": "Drop",
- "category": "DELETE"
- },
-
- {
- "itemId": 5,
- "name": "alter",
- "label": "Alter",
- "category": "CREATE"
- },
-
- {
- "itemId": 6,
- "name": "index",
- "label": "Index",
- "category": "MANAGE"
- },
-
- {
- "itemId": 7,
- "name": "lock",
- "label": "Lock",
- "category": "MANAGE"
- },
-
- {
- "itemId": 8,
- "name": "all",
- "label": "All",
- "impliedGrants":
- [
- "select",
- "update",
- "create",
- "drop",
- "alter",
- "index",
- "lock",
- "read",
- "write",
- "repladmin",
- "serviceadmin",
- "refresh"
- ]
- },
-
- {
- "itemId": 9,
- "name": "read",
- "label": "Read",
- "category": "READ"
- },
-
- {
- "itemId": 10,
- "name": "write",
- "label": "Write",
- "category": "UPDATE"
- },
-
- {
- "itemId": 11,
- "name": "repladmin",
- "label": "ReplAdmin",
- "category": "MANAGE"
- },
-
- {
- "itemId": 12,
- "name": "serviceadmin",
- "label": "Service Admin",
- "category": "MANAGE"
- },
-
- {
- "itemId": 13,
- "name": "tempudfadmin",
- "label": "Temporary UDF Admin",
- "category": "MANAGE"
- },
-
- {
- "itemId": 14,
- "name": "refresh",
- "label": "Refresh",
- "category": "MANAGE"
- }
- ],
-
- "configs":
- [
- {
- "itemId": 1,
- "name": "username",
- "type": "string",
- "mandatory": true,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Username"
- },
-
- {
- "itemId": 2,
- "name": "password",
- "type": "password",
- "mandatory": true,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Password"
- },
-
- {
- "itemId": 3,
- "name": "jdbc.driverClassName",
- "type": "string",
- "mandatory": true,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "defaultValue": "org.apache.hive.jdbc.HiveDriver"
- },
-
- {
- "itemId": 4,
- "name": "jdbc.url",
- "type": "string",
- "mandatory": true,
- "defaultValue": "",
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"{\"TextFieldWithIcon\":true, \"info\": \"1.For Remote Mode, eg.
jdbc:hive2://<host>:<port>
2.For Embedded Mode (no host or port), eg.
jdbc:hive2:///;initFile=<file>
3.For HTTP Mode, eg.
jdbc:hive2://<host>:<port>/;
transportMode=http;httpPath=<httpPath>
4.For SSL Mode, eg.
jdbc:hive2://<host>:<port>/;ssl=true;
sslTrustStore=tStore;trustStorePassword=pw
5.For ZooKeeper Mode, eg.
jdbc:hive2://<host>/;serviceDiscoveryMode=
zooKeeper;zooKeeperNamespace=hiveserver2
6.For Kerberos Mode, eg.
jdbc:hive2://<host>:<port>/;
principal=hive/domain@EXAMPLE.COM
\"}"
- },
-
- {
- "itemId": 5,
- "name": "commonNameForCertificate",
- "type": "string",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Common Name for Certificate"
- },
-
- {
- "itemId": 6,
- "name": "ranger.plugin.audit.filters",
- "type": "string",
- "subType": "",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Ranger Default Audit Filters",
- "defaultValue": "[ {'accessResult': 'DENIED', 'isAudited': true}, {'actions':['METADATA OPERATION'], 'isAudited': false}, {'users':['hive','hue'],'actions':['SHOW_ROLES'],'isAudited':false} ]"
- }
- ],
-
- "enums":
- [
-
- ],
-
- "contextEnrichers":
- [
- ],
-
- "policyConditions":
- [
- ],
- "dataMaskDef": {
- "accessTypes": [
- {
- "name": "select"
- }
- ],
- "resources": [
- {
- "name": "database",
- "matcherOptions": {
- "wildCard": "false"
- },
- "lookupSupported": true,
- "uiHint":"{ \"singleValue\":true }"
- },
- {
- "name": "table",
- "matcherOptions": {
- "wildCard": "false"
- },
- "lookupSupported": true,
- "uiHint":"{ \"singleValue\":true }"
- },
- {
- "name": "column",
- "matcherOptions": {
- "wildCard": "false"
- },
- "lookupSupported": true,
- "uiHint":"{ \"singleValue\":true }"
- }
- ],
- "maskTypes": [
- {
- "itemId": 1,
- "name": "MASK",
- "label": "Redact",
- "description": "Replace lowercase with 'x', uppercase with 'X', digits with '0'",
- "transformer": "mask({col})",
- "dataMaskOptions": {
- }
- },
- {
- "itemId": 2,
- "name": "MASK_SHOW_LAST_4",
- "label": "Partial mask: show last 4",
- "description": "Show last 4 characters; replace rest with 'x'",
- "transformer": "mask_show_last_n({col}, 4, 'x', 'x', 'x', -1, '1')"
- },
- {
- "itemId": 3,
- "name": "MASK_SHOW_FIRST_4",
- "label": "Partial mask: show first 4",
- "description": "Show first 4 characters; replace rest with 'x'",
- "transformer": "mask_show_first_n({col}, 4, 'x', 'x', 'x', -1, '1')"
- },
- {
- "itemId": 4,
- "name": "MASK_HASH",
- "label": "Hash",
- "description": "Hash the value",
- "transformer": "mask_hash({col})"
- },
- {
- "itemId": 5,
- "name": "MASK_NULL",
- "label": "Nullify",
- "description": "Replace with NULL"
- },
- {
- "itemId": 6,
- "name": "MASK_NONE",
- "label": "Unmasked (retain original value)",
- "description": "No masking"
- },
- {
- "itemId": 12,
- "name": "MASK_DATE_SHOW_YEAR",
- "label": "Date: show only year",
- "description": "Date: show only year",
- "transformer": "mask({col}, 'x', 'x', 'x', -1, '1', 1, 0, -1)"
- },
- {
- "itemId": 13,
- "name": "CUSTOM",
- "label": "Custom",
- "description": "Custom"
- }
- ]
- },
- "rowFilterDef": {
- "accessTypes": [
- {
- "name": "select"
- }
- ],
- "resources": [
- {
- "name": "database",
- "matcherOptions": {
- "wildCard": "false"
- },
- "lookupSupported": true,
- "mandatory": true,
- "uiHint": "{ \"singleValue\":true }"
- },
- {
- "name": "table",
- "matcherOptions": {
- "wildCard": "false"
- },
- "lookupSupported": true,
- "mandatory": true,
- "uiHint": "{ \"singleValue\":true }"
- }
- ]
- }
+ "id": 3,
+ "name": "hive",
+ "displayName": "Hadoop SQL",
+ "implClass": "org.apache.ranger.services.hive.RangerServiceHive",
+ "label": "Hive Server2",
+ "description": "Hive Server2",
+ "guid": "3e1afb5a-184a-4e82-9d9c-87a5cacc243c",
+ "resources": [
+ {
+ "itemId": 1,
+ "name": "database",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Hive Database",
+ "description": "Hive Database",
+ "isValidLeaf": true
+ },
+ {
+ "itemId": 2,
+ "name": "table",
+ "parent": "database",
+ "level": 20,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Hive Table",
+ "description": "Hive Table",
+ "isValidLeaf": true
+ },
+ {
+ "itemId": 3,
+ "name": "udf",
+ "parent": "database",
+ "level": 20,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Hive UDF",
+ "description": "Hive UDF"
+ },
+ {
+ "itemId": 4,
+ "name": "column",
+ "parent": "table",
+ "level": 30,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Hive Column",
+ "description": "Hive Column"
+ },
+ {
+ "itemId": 5,
+ "name": "url",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "recursiveSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerURLResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": false },
+ "label": "URL",
+ "description": "URL"
+ },
+ {
+ "itemId": 6,
+ "name": "hiveservice",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": false },
+ "label": "Hive Service",
+ "description": "Hive Service"
+ },
+ {
+ "itemId": 7,
+ "name": "global",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": false },
+ "label": "Global",
+ "description": "Global"
+ }
+ ],
+ "accessTypes": [
+ { "itemId": 1, "name": "select", "label": "select", "category": "READ" },
+ { "itemId": 2, "name": "update", "label": "update", "category": "UPDATE" },
+ { "itemId": 3, "name": "create", "label": "Create", "category": "CREATE" },
+ { "itemId": 4, "name": "drop", "label": "Drop", "category": "DELETE" },
+ { "itemId": 5, "name": "alter", "label": "Alter", "category": "CREATE" },
+ { "itemId": 6, "name": "index", "label": "Index", "category": "MANAGE" },
+ { "itemId": 7, "name": "lock", "label": "Lock", "category": "MANAGE" },
+ { "itemId": 9, "name": "read", "label": "Read", "category": "READ" },
+ { "itemId": 10, "name": "write", "label": "Write", "category": "UPDATE" },
+ { "itemId": 11, "name": "repladmin", "label": "ReplAdmin", "category": "MANAGE" },
+ { "itemId": 12, "name": "serviceadmin", "label": "Service Admin", "category": "MANAGE" },
+ { "itemId": 13, "name": "tempudfadmin", "label": "Temporary UDF Admin", "category": "MANAGE" },
+ { "itemId": 14, "name": "refresh", "label": "Refresh", "category": "MANAGE" },
+ { "itemId": 8, "name": "all", "label": "All", "impliedGrants": [ "select", "update", "create", "drop", "alter", "index", "lock", "read", "write", "repladmin", "serviceadmin", "refresh" ] }
+ ],
+ "configs": [
+ { "itemId": 1, "name": "username", "type": "string", "mandatory": true, "label": "Username" },
+ { "itemId": 2, "name": "password", "type": "password", "mandatory": true, "label": "Password" },
+ { "itemId": 3, "name": "jdbc.driverClassName", "type": "string", "mandatory": true, "defaultValue": "org.apache.hive.jdbc.HiveDriver" },
+ { "itemId": 4, "name": "jdbc.url", "type": "string", "mandatory": true, "defaultValue": "", "uiHint":"{\"TextFieldWithIcon\":true, \"info\": \"1.For Remote Mode, eg.
jdbc:hive2://<host>:<port>
2.For Embedded Mode (no host or port), eg.
jdbc:hive2:///;initFile=<file>
3.For HTTP Mode, eg.
jdbc:hive2://<host>:<port>/;
transportMode=http;httpPath=<httpPath>
4.For SSL Mode, eg.
jdbc:hive2://<host>:<port>/;ssl=true;
sslTrustStore=tStore;trustStorePassword=pw
5.For ZooKeeper Mode, eg.
jdbc:hive2://<host>/;serviceDiscoveryMode=
zooKeeper;zooKeeperNamespace=hiveserver2
6.For Kerberos Mode, eg.
jdbc:hive2://<host>:<port>/;
principal=hive/domain@EXAMPLE.COM
\"}" },
+ { "itemId": 5, "name": "commonNameForCertificate", "type": "string", "mandatory": false, "label": "Common Name for Certificate" },
+ { "itemId": 6, "name": "ranger.plugin.audit.filters", "type": "string", "mandatory": false, "label": "Ranger Default Audit Filters", "defaultValue": "[ {'accessResult': 'DENIED', 'isAudited': true}, {'actions':['METADATA OPERATION'], 'isAudited': false}, {'users':['hive','hue'],'actions':['SHOW_ROLES'],'isAudited':false} ]" }
+ ],
+ "dataMaskDef": {
+ "accessTypes": [
+ { "name": "select" }
+ ],
+ "resources": [
+ { "name": "database", "matcherOptions": { "wildCard": "false" }, "lookupSupported": true, "uiHint":"{ \"singleValue\":true }" },
+ { "name": "table", "matcherOptions": { "wildCard": "false" }, "lookupSupported": true, "uiHint":"{ \"singleValue\":true }" },
+ { "name": "column", "matcherOptions": { "wildCard": "false" }, "lookupSupported": true, "uiHint":"{ \"singleValue\":true }" }
+ ],
+ "maskTypes": [
+ {
+ "itemId": 1,
+ "name": "MASK",
+ "label": "Redact",
+ "description": "Replace lowercase with 'x', uppercase with 'X', digits with '0'",
+ "transformer": "mask({col})"
+ },
+ {
+ "itemId": 2,
+ "name": "MASK_SHOW_LAST_4",
+ "label": "Partial mask: show last 4",
+ "description": "Show last 4 characters; replace rest with 'x'",
+ "transformer": "mask_show_last_n({col}, 4, 'x', 'x', 'x', -1, '1')"
+ },
+ {
+ "itemId": 3,
+ "name": "MASK_SHOW_FIRST_4",
+ "label": "Partial mask: show first 4",
+ "description": "Show first 4 characters; replace rest with 'x'",
+ "transformer": "mask_show_first_n({col}, 4, 'x', 'x', 'x', -1, '1')"
+ },
+ {
+ "itemId": 4,
+ "name": "MASK_HASH",
+ "label": "Hash",
+ "description": "Hash the value",
+ "transformer": "mask_hash({col})"
+ },
+ {
+ "itemId": 5,
+ "name": "MASK_NULL",
+ "label": "Nullify",
+ "description": "Replace with NULL"
+ },
+ {
+ "itemId": 6,
+ "name": "MASK_NONE",
+ "label": "Unmasked (retain original value)",
+ "description": "No masking"
+ },
+ {
+ "itemId": 12,
+ "name": "MASK_DATE_SHOW_YEAR",
+ "label": "Date: show only year",
+ "description": "Date: show only year",
+ "transformer": "mask({col}, 'x', 'x', 'x', -1, '1', 1, 0, -1)"
+ },
+ {
+ "itemId": 13,
+ "name": "CUSTOM",
+ "label": "Custom",
+ "description": "Custom"
+ }
+ ]
+ },
+ "rowFilterDef": {
+ "accessTypes": [
+ { "name": "select" }
+ ],
+ "resources": [
+ { "name": "database", "matcherOptions": { "wildCard": "false" }, "lookupSupported": true, "mandatory": true, "uiHint": "{ \"singleValue\":true }" },
+ { "name": "table", "matcherOptions": { "wildCard": "false" }, "lookupSupported": true, "mandatory": true, "uiHint": "{ \"singleValue\":true }" }
+ ]
+ }
}
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-kafka.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-kafka.json
index d99819f555..b37b52a6c2 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-kafka.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-kafka.json
@@ -1,259 +1,122 @@
{
- "id":9,
- "name":"kafka",
- "displayName": "kafka",
- "implClass":"org.apache.ranger.services.kafka.RangerServiceKafka",
- "label":"Kafka",
- "description":"Apache Kafka",
- "resources":[
- {
- "itemId":1,
- "name":"topic",
- "type":"string",
- "level":1,
- "mandatory":true,
- "lookupSupported":true,
- "recursiveSupported":false,
- "excludesSupported":true,
- "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions":{
- "wildCard":true,
- "ignoreCase":true
- },
- "validationRegEx":"",
- "validationMessage":"",
- "uiHint":"",
- "label":"Topic",
- "description":"Topic",
- "accessTypeRestrictions": ["create", "delete", "configure", "alter", "alter_configs", "describe", "describe_configs", "consume", "publish"]
- },
- {
- "itemId":2,
- "name":"transactionalid",
- "type":"string",
- "level":1,
- "mandatory":true,
- "excludesSupported":true,
- "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions":{
- "wildCard":true,
- "ignoreCase":true
- },
- "label":"Transactional Id",
- "description":"Transactional Id",
- "accessTypeRestrictions": ["publish", "describe"]
- },
- {
- "itemId":3,
- "name":"cluster",
- "type":"string",
- "level":1,
- "mandatory":true,
- "excludesSupported":true,
- "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions":{
- "wildCard":true,
- "ignoreCase":true
- },
- "label":"Cluster",
- "description":"Cluster",
- "accessTypeRestrictions": ["create", "configure", "alter", "alter_configs", "describe", "describe_configs", "kafka_admin", "idempotent_write", "cluster_action"]
- },
- {
- "itemId":4,
- "name":"delegationtoken",
- "type":"string",
- "level":1,
- "mandatory":true,
- "excludesSupported":true,
- "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions":{
- "wildCard":true,
- "ignoreCase":true
- },
- "label":"Delegation Token",
- "description":"Delegation Token",
- "accessTypeRestrictions": ["describe"]
- },
- {
- "itemId":5,
- "name":"consumergroup",
- "type":"string",
- "level":1,
- "mandatory":true,
- "excludesSupported":true,
- "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions":{
- "wildCard":true,
- "ignoreCase":true
- },
- "label":"Consumer Group",
- "description":"Consumer Group",
- "accessTypeRestrictions": ["consume", "describe", "delete"]
- }
- ],
- "accessTypes":[
- {
- "itemId":1,
- "name":"publish",
- "label":"Publish",
- "category": "UPDATE",
- "impliedGrants":[
- "describe"
- ]
- },
- {
- "itemId":2,
- "name":"consume",
- "label":"Consume",
- "category": "READ",
- "impliedGrants":[
- "describe"
- ]
- },
- {
- "itemId":5,
- "name":"configure",
- "label":"Configure",
- "category": "MANAGE",
- "impliedGrants":[
- "describe"
- ]
- },
- {
- "itemId":6,
- "name":"describe",
- "label":"Describe",
- "category": "READ"
- },
- {
- "itemId":7,
- "name":"kafka_admin",
- "label":"Kafka Admin",
- "category": "MANAGE",
- "impliedGrants":[
- "publish",
- "consume",
- "configure",
- "describe",
- "create",
- "delete",
- "describe_configs",
- "alter_configs",
- "alter",
- "idempotent_write",
- "cluster_action"
- ]
- },
- {
- "itemId":8,
- "name":"create",
- "label":"Create",
- "category": "CREATE"
- },
- {
- "itemId":9,
- "name":"delete",
- "label":"Delete",
- "category": "DELETE",
- "impliedGrants":[
- "describe"
- ]
- },
- {
- "itemId":10,
- "name":"idempotent_write",
- "label":"Idempotent Write",
- "category": "UPDATE"
- },
- {
- "itemId":11,
- "name":"describe_configs",
- "label":"Describe Configs",
- "category": "READ"
- },
- {
- "itemId":12,
- "name":"alter_configs",
- "label":"Alter Configs",
- "category": "MANAGE",
- "impliedGrants":[
- "describe_configs"
- ]
- },
- {
- "itemId":13,
- "name":"cluster_action",
- "label":"Cluster Action",
- "category": "MANAGE"
- },
- {
- "itemId":14,
- "name":"alter",
- "label":"Alter",
- "category": "MANAGE"
- }
- ],
- "configs":[
- {
- "itemId":1,
- "name":"username",
- "type":"string",
- "mandatory":true,
- "label":"Username"
- },
- {
- "itemId":2,
- "name":"password",
- "type":"password",
- "mandatory":true,
- "label":"Password"
- },
- {
- "itemId":3,
- "name":"zookeeper.connect",
- "type":"string",
- "mandatory":true,
- "defaultValue":"localhost:2181",
- "label":"Zookeeper Connect String"
- },
- {
- "itemId":4,
- "name":"commonNameForCertificate",
- "type":"string",
- "mandatory":false,
- "label":"Ranger Plugin SSL CName"
- },
-
- {
- "itemId": 5,
- "name": "ranger.plugin.audit.filters",
- "type": "string",
- "subType": "",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Ranger Default Audit Filters",
- "defaultValue": "[{'accessResult': 'DENIED', 'isAudited': true},{'resources':{'topic':{'values':['ATLAS_ENTITIES','ATLAS_HOOK','ATLAS_SPARK_HOOK']}},'users':['atlas'],'actions':['describe','publish','consume'],'isAudited':false},{'resources':{'topic':{'values':['ATLAS_HOOK']}},'users':['hive','hbase','impala','nifi'],'actions':['publish','describe'],'isAudited':false},{'resources':{'topic':{'values':['ATLAS_ENTITIES']}},'users':['rangertagsync'],'actions':['consume','describe'],'isAudited':false},{'resources':{'consumergroup':{'values':['*']}},'users':['atlas','rangertagsync'],'actions':['consume'],'isAudited':false},{'users':['kafka'],'isAudited':false},{'resources':{'topic':{'values':['__CruiseControlMetrics']}},'users':['cc_metric_reporter'],'actions':['describe','publish','consume'],'isAudited':false}]"
- }
- ],
- "enums":[
- ],
- "contextEnrichers":[
- ],
- "policyConditions":[
- {
- "itemId":1,
- "name":"ip-range",
- "evaluator":"org.apache.ranger.plugin.conditionevaluator.RangerIpMatcher",
- "evaluatorOptions":{
- },
- "validationRegEx":"",
- "validationMessage":"",
- "label":"IP Address Range",
- "description":"IP Address Range",
- "uiHint" : "{ \"isMultiValue\":true }"
- }
- ]
+ "id": 9,
+ "name": "kafka",
+ "displayName": "kafka",
+ "implClass": "org.apache.ranger.services.kafka.RangerServiceKafka",
+ "label": "Kafka",
+ "description": "Apache Kafka",
+ "resources": [
+ {
+ "itemId": 1,
+ "name": "topic",
+ "parent": "",
+ "level": 1,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Topic",
+ "description": "Topic",
+ "accessTypeRestrictions": [
+ "create", "delete", "configure", "alter", "alter_configs", "describe", "describe_configs", "consume", "publish"
+ ]
+ },
+ {
+ "itemId": 2,
+ "name": "transactionalid",
+ "parent": "",
+ "level": 1,
+ "type": "string",
+ "mandatory": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Transactional Id",
+ "description": "Transactional Id",
+ "accessTypeRestrictions": [
+ "publish", "describe"
+ ]
+ },
+ {
+ "itemId": 3,
+ "name": "cluster",
+ "parent": "",
+ "level": 1,
+ "type": "string",
+ "mandatory": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Cluster",
+ "description": "Cluster",
+ "accessTypeRestrictions": [
+ "create", "configure", "alter", "alter_configs", "describe", "describe_configs", "kafka_admin", "idempotent_write", "cluster_action"
+ ]
+ },
+ {
+ "itemId": 4,
+ "name": "delegationtoken",
+ "parent": "",
+ "type": "string",
+ "level": 1,
+ "mandatory": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Delegation Token",
+ "description": "Delegation Token",
+ "accessTypeRestrictions": [
+ "describe"
+ ]
+ },
+ {
+ "itemId": 5,
+ "name": "consumergroup",
+ "parent": "",
+ "type": "string",
+ "level": 1,
+ "mandatory": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Consumer Group",
+ "description": "Consumer Group",
+ "accessTypeRestrictions": [
+ "consume", "describe", "delete"
+ ]
+ }
+ ],
+ "accessTypes": [
+ { "itemId": 1, "name": "publish", "label": "Publish", "category": "UPDATE", "impliedGrants": [ "describe" ] },
+ { "itemId": 2, "name": "consume", "label": "Consume", "category": "READ", "impliedGrants": [ "describe" ] },
+ { "itemId": 5, "name": "configure", "label": "Configure", "category": "MANAGE", "impliedGrants": [ "describe" ] },
+ { "itemId": 6, "name": "describe", "label": "Describe", "category": "READ" },
+ { "itemId": 7, "name": "kafka_admin", "label": "Kafka Admin", "category": "MANAGE", "impliedGrants": [ "publish", "consume", "configure", "describe", "create", "delete", "describe_configs", "alter_configs", "alter", "idempotent_write", "cluster_action" ] },
+ { "itemId": 8, "name": "create", "label": "Create", "category": "CREATE" },
+ { "itemId": 9, "name": "delete", "label": "Delete", "category": "DELETE", "impliedGrants": [ "describe" ] },
+ { "itemId": 10, "name": "idempotent_write", "label": "Idempotent Write", "category": "UPDATE" },
+ { "itemId": 11, "name": "describe_configs", "label": "Describe Configs", "category": "READ" },
+ { "itemId": 12, "name": "alter_configs", "label": "Alter Configs", "category": "MANAGE", "impliedGrants": [ "describe_configs" ] },
+ { "itemId": 13, "name": "cluster_action", "label": "Cluster Action", "category": "MANAGE" },
+ { "itemId": 14, "name": "alter", "label": "Alter", "category": "MANAGE" }
+ ],
+ "configs": [
+ { "itemId": 1, "name": "username", "type": "string", "mandatory": true, "label": "Username" },
+ { "itemId": 2, "name": "password", "type": "password", "mandatory": true, "label": "Password" },
+ { "itemId": 3, "name": "zookeeper.connect", "type": "string", "mandatory": true, "label": "Zookeeper Connect String", "defaultValue": "localhost:2181" },
+ { "itemId": 4, "name": "commonNameForCertificate", "type": "string", "mandatory": false, "label": "Ranger Plugin SSL CName" },
+ { "itemId": 5, "name": "ranger.plugin.audit.filters", "type": "string", "mandatory": false, "label": "Ranger Default Audit Filters", "defaultValue": "[{'accessResult': 'DENIED', 'isAudited': true},{'resources':{'topic':{'values':['ATLAS_ENTITIES','ATLAS_HOOK','ATLAS_SPARK_HOOK']}},'users':['atlas'],'actions':['describe','publish','consume'],'isAudited':false},{'resources':{'topic':{'values':['ATLAS_HOOK']}},'users':['hive','hbase','impala','nifi'],'actions':['publish','describe'],'isAudited':false},{'resources':{'topic':{'values':['ATLAS_ENTITIES']}},'users':['rangertagsync'],'actions':['consume','describe'],'isAudited':false},{'resources':{'consumergroup':{'values':['*']}},'users':['atlas','rangertagsync'],'actions':['consume'],'isAudited':false},{'users':['kafka'],'isAudited':false},{'resources':{'topic':{'values':['__CruiseControlMetrics']}},'users':['cc_metric_reporter'],'actions':['describe','publish','consume'],'isAudited':false}]" }
+ ],
+ "policyConditions": [
+ {
+ "itemId": 1,
+ "name": "ip-range",
+ "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerIpMatcher",
+ "label": "IP Address Range",
+ "description": "IP Address Range",
+ "uiHint" : "{ \"isMultiValue\":true }"
+ }
+ ]
}
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-kms.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-kms.json
index 48ba6b9d51..cf4c702c48 100755
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-kms.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-kms.json
@@ -1,154 +1,41 @@
{
- "id":7,
- "name": "kms",
- "displayName": "kms",
- "implClass": "org.apache.ranger.services.kms.RangerServiceKMS",
- "label": "KMS",
- "description": "KMS",
- "options":
+ "id": 7,
+ "name": "kms",
+ "displayName": "kms",
+ "implClass": "org.apache.ranger.services.kms.RangerServiceKMS",
+ "label": "KMS",
+ "description": "KMS",
+ "options": { "ui.pages":"encryption", "security.allowed.roles":"keyadmin" },
+ "resources": [
{
- "ui.pages":"encryption",
- "security.allowed.roles":"keyadmin"
- },
- "resources":
- [
- {
- "itemId": 1,
- "name": "keyname",
- "type": "string",
- "level": 10,
- "parent": "",
- "mandatory": true,
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": { "wildCard":true, "ignoreCase":false },
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Key Name",
- "description": "Key Name"
- }
- ],
-
- "accessTypes":
- [
- {
- "itemId": 1,
- "name": "create",
- "label": "Create",
- "category": "CREATE"
- },
-
- {
- "itemId": 2,
- "name": "delete",
- "label": "Delete",
- "category": "DELETE"
- },
-
- {
- "itemId": 3,
- "name": "rollover",
- "label": "Rollover",
- "category": "UPDATE"
- },
-
- {
- "itemId": 4,
- "name": "setkeymaterial",
- "label": "Set Key Material",
- "category": "UPDATE"
- },
-
- {
- "itemId": 5,
- "name": "get",
- "label": "Get",
- "category": "READ"
- },
-
- {
- "itemId": 6,
- "name": "getkeys",
- "label": "Get Keys",
- "category": "READ"
- },
-
- {
- "itemId": 7,
- "name": "getmetadata",
- "label": "Get Metadata",
- "category": "READ"
- },
-
- {
- "itemId": 8,
- "name": "generateeek",
- "label": "Generate EEK",
- "category": "UPDATE"
- },
-
- {
- "itemId": 9,
- "name": "decrypteek",
- "label": "Decrypt EEK",
- "category": "UPDATE"
- }
- ],
-
- "configs":
- [
- {
- "itemId": 1,
- "name": "provider",
- "type": "string",
- "mandatory": true,
- "label": "KMS URL"
- },
-
- {
- "itemId": 2,
- "name": "username",
- "type": "string",
- "mandatory": true,
- "label": "Username"
- },
-
- {
- "itemId": 3,
- "name": "password",
- "type": "password",
- "mandatory": true,
- "label": "Password"
- },
-
- {
- "itemId": 4,
- "name": "ranger.plugin.audit.filters",
- "type": "string",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage":"",
- "uiHint":"",
- "label": "Ranger Default Audit Filters",
- "defaultValue": "[ {'accessResult': 'DENIED', 'isAudited': true}, {'users':['keyadmin'] ,'isAudited':false} ]"
- }
- ],
-
- "enums":
- [
-
- ],
-
- "contextEnrichers":
- [
-
- ],
-
- "policyConditions":
- [
-
- ]
+ "itemId": 1,
+ "name": "keyname",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": false },
+ "label": "Key Name",
+ "description": "Key Name"
+ }
+ ],
+ "accessTypes": [
+ { "itemId": 1, "name": "create", "label": "Create", "category": "CREATE" },
+ { "itemId": 2, "name": "delete", "label": "Delete", "category": "DELETE" },
+ { "itemId": 3, "name": "rollover", "label": "Rollover", "category": "UPDATE" },
+ { "itemId": 4, "name": "setkeymaterial", "label": "Set Key Material", "category": "UPDATE" },
+ { "itemId": 5, "name": "get", "label": "Get", "category": "READ" },
+ { "itemId": 6, "name": "getkeys", "label": "Get Keys", "category": "READ" },
+ { "itemId": 7, "name": "getmetadata", "label": "Get Metadata", "category": "READ" },
+ { "itemId": 8, "name": "generateeek", "label": "Generate EEK", "category": "UPDATE" },
+ { "itemId": 9, "name": "decrypteek", "label": "Decrypt EEK", "category": "UPDATE" }
+ ],
+ "configs": [
+ { "itemId": 1, "name": "provider", "type": "string", "mandatory": true, "label": "KMS URL" },
+ { "itemId": 2, "name": "username", "type": "string", "mandatory": true, "label": "Username" },
+ { "itemId": 3, "name": "password", "type": "password", "mandatory": true, "label": "Password" },
+ { "itemId": 4, "name": "ranger.plugin.audit.filters", "type": "string", "mandatory": false, "label": "Ranger Default Audit Filters", "defaultValue": "[ {'accessResult': 'DENIED', 'isAudited': true}, {'users':['keyadmin'] ,'isAudited':false} ]" }
+ ]
}
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json
index d1832ecce2..5cd2dad6ee 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json
@@ -1,144 +1,59 @@
{
- "id":5,
- "name": "knox",
- "displayName": "knox",
- "implClass": "org.apache.ranger.services.knox.RangerServiceKnox",
- "label": "Knox Gateway",
- "description": "Knox Gateway",
- "guid": "84b481b5-f23b-4f71-b8b6-ab33977149ca",
- "resources":
- [
- {
- "itemId": 1,
- "name": "topology",
- "type": "string",
- "level": 10,
- "parent": "",
- "mandatory": true,
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": { "wildCard":true, "ignoreCase":false },
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Knox Topology",
- "description": "Knox Topology"
- },
-
- {
- "itemId": 2,
- "name": "service",
- "type": "string",
- "level": 20,
- "parent": "topology",
- "mandatory": true,
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": { "wildCard":true, "ignoreCase":false },
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Knox Service",
- "description": "Knox Service"
- }
- ],
-
- "accessTypes":
- [
- {
- "itemId": 1,
- "name": "allow",
- "label": "Allow",
- "category": "READ"
- }
- ],
-
- "configs":
- [
- {
- "itemId": 1,
- "name": "username",
- "type": "string",
- "mandatory": true,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Username"
- },
-
- {
- "itemId": 2,
- "name": "password",
- "type": "password",
- "mandatory": true,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Password"
- },
-
- {
- "itemId": 3,
- "name": "knox.url",
- "type": "string",
- "mandatory": true,
- "defaultValue": "",
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":""
- },
-
- {
- "itemId": 4,
- "name": "commonNameForCertificate",
- "type": "string",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Common Name for Certificate"
- },
-
- {
- "itemId":5,
- "name": "ranger.plugin.audit.filters",
- "type": "string",
- "subType": "",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Ranger Default Audit Filters",
- "defaultValue": "[ {'accessResult': 'DENIED', 'isAudited': true}, {'users':['knox'] ,'isAudited':false} ]"
- }
- ],
-
- "enums":
- [
-
- ],
-
- "contextEnrichers":
- [
-
- ],
-
- "policyConditions":
- [
- {
- "itemId": 1,
- "name": "ip-range",
- "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerIpMatcher",
- "evaluatorOptions": { },
- "validationRegEx":"",
- "validationMessage": "",
- "label": "IP Address Range",
- "description": "IP Address Range",
- "uiHint" : "{ \"isMultiValue\":true }"
- }
- ]
+ "id": 5,
+ "name": "knox",
+ "displayName": "knox",
+ "implClass": "org.apache.ranger.services.knox.RangerServiceKnox",
+ "label": "Knox Gateway",
+ "description": "Knox Gateway",
+ "guid": "84b481b5-f23b-4f71-b8b6-ab33977149ca",
+ "resources": [
+ {
+ "itemId": 1,
+ "name": "topology",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": false },
+ "label": "Knox Topology",
+ "description": "Knox Topology"
+ },
+ {
+ "itemId": 2,
+ "name": "service",
+ "parent": "topology",
+ "level": 20,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": false },
+ "label": "Knox Service",
+ "description": "Knox Service"
+ }
+ ],
+ "accessTypes": [
+ { "itemId": 1, "name": "allow", "label": "Allow", "category": "READ" }
+ ],
+ "configs": [
+ { "itemId": 1, "name": "username", "type": "string", "mandatory": true, "label": "Username" },
+ { "itemId": 2, "name": "password", "type": "password", "mandatory": true, "label": "Password" },
+ { "itemId": 3, "name": "knox.url", "type": "string", "mandatory": true, "defaultValue": "" },
+ { "itemId": 4, "name": "commonNameForCertificate", "type": "string", "mandatory": false, "label": "Common Name for Certificate" },
+ { "itemId":5, "name": "ranger.plugin.audit.filters", "type": "string", "mandatory": false, "label": "Ranger Default Audit Filters", "defaultValue": "[ {'accessResult': 'DENIED', 'isAudited': true}, {'users':['knox'] ,'isAudited':false} ]" }
+ ],
+ "policyConditions": [
+ {
+ "itemId": 1,
+ "name": "ip-range",
+ "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerIpMatcher",
+ "label": "IP Address Range",
+ "description": "IP Address Range",
+ "uiHint" : "{ \"isMultiValue\":true }"
+ }
+ ]
}
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-kudu.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-kudu.json
index 7143851d00..222882a31b 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-kudu.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-kudu.json
@@ -1,193 +1,68 @@
{
- "id":105,
- "name": "kudu",
- "implClass": "org.apache.ranger.services.kudu.RangerServiceKudu",
- "label": "Kudu",
+ "id": 105,
+ "name": "kudu",
+ "implClass": "org.apache.ranger.services.kudu.RangerServiceKudu",
+ "label": "Kudu",
"description": "Kudu",
- "guid": "",
- "resources":
- [
+ "guid": "",
+ "resources": [
{
- "itemId": 1,
- "name": "database",
- "type": "string",
- "level": 10,
- "parent": "",
- "mandatory": true,
- "lookupSupported": true,
- "recursiveSupported": false,
+ "itemId": 1,
+ "name": "database",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
"excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": { "wildCard":true, "ignoreCase":true },
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Database",
- "description": "Database",
- "isValidLeaf": true
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Database",
+ "description": "Database",
+ "isValidLeaf": true
},
-
{
- "itemId": 2,
- "name": "table",
- "type": "string",
- "level": 20,
- "parent": "database",
- "mandatory": true,
- "lookupSupported": true,
- "recursiveSupported": false,
+ "itemId": 2,
+ "name": "table",
+ "parent": "database",
+ "level": 20,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
"excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": { "wildCard":true, "ignoreCase":true },
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Table",
- "description": "Table",
- "isValidLeaf": true
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Table",
+ "description": "Table",
+ "isValidLeaf": true
},
{
- "itemId": 3,
- "name": "column",
- "type": "string",
- "level": 30,
- "parent": "table",
- "mandatory": true,
- "lookupSupported": true,
- "recursiveSupported": false,
+ "itemId": 3,
+ "name": "column",
+ "parent": "table",
+ "level": 30,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
"excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": { "wildCard":true, "ignoreCase":true },
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Column",
- "description": "Column"
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Column",
+ "description": "Column"
}
],
-
- "accessTypes":
- [
- {
- "itemId": 1,
- "name": "select",
- "label": "SELECT",
- "category": "READ",
- "impliedGrants":
- [
- "metadata"
- ]
- },
-
- {
- "itemId": 2,
- "name": "insert",
- "label": "INSERT",
- "category": "UPDATE",
- "impliedGrants":
- [
- "metadata"
- ]
- },
- {
- "itemId": 3,
- "name": "update",
- "label": "UPDATE",
- "category": "UPDATE",
- "impliedGrants":
- [
- "metadata"
- ]
- },
- {
- "itemId": 4,
- "name": "delete",
- "label": "DELETE",
- "category": "DELETE",
- "impliedGrants":
- [
- "metadata"
- ]
- },
- {
- "itemId": 5,
- "name": "alter",
- "label": "ALTER",
- "category": "CREATE",
- "impliedGrants":
- [
- "metadata"
- ]
- },
- {
- "itemId": 6,
- "name": "create",
- "label": "CREATE",
- "category": "CREATE",
- "impliedGrants":
- [
- "metadata"
- ]
- },
- {
- "itemId": 7,
- "name": "drop",
- "label": "DROP",
- "category": "DELETE",
- "impliedGrants":
- [
- "metadata"
- ]
- },
- {
- "itemId": 8,
- "name": "metadata",
- "label": "METADATA",
- "category": "MANAGE"
- },
- {
- "itemId": 9,
- "name": "all",
- "label": "ALL",
- "impliedGrants":
- [
- "select",
- "insert",
- "update",
- "delete",
- "alter",
- "create",
- "drop",
- "metadata"
- ]
- }
- ],
-
- "configs":
- [
- {
- "itemId": 1,
- "name": "ranger.plugin.audit.filters",
- "type": "string",
- "subType": "",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Ranger Default Audit Filters",
- "defaultValue": "[]"
- }
- ],
-
- "enums":
- [
- ],
-
- "contextEnrichers":
- [
+ "accessTypes": [
+ { "itemId": 1, "name": "select", "label": "SELECT", "category": "READ", "impliedGrants": [ "metadata" ] },
+ { "itemId": 2, "name": "insert", "label": "INSERT", "category": "UPDATE", "impliedGrants": [ "metadata" ] },
+ { "itemId": 3, "name": "update", "label": "UPDATE", "category": "UPDATE", "impliedGrants": [ "metadata" ] },
+ { "itemId": 4, "name": "delete", "label": "DELETE", "category": "DELETE", "impliedGrants": [ "metadata" ] },
+ { "itemId": 5, "name": "alter", "label": "ALTER", "category": "CREATE", "impliedGrants": [ "metadata" ] },
+ { "itemId": 6, "name": "create", "label": "CREATE", "category": "CREATE", "impliedGrants": [ "metadata" ] },
+ { "itemId": 7, "name": "drop", "label": "DROP", "category": "DELETE", "impliedGrants": [ "metadata" ] },
+ { "itemId": 8, "name": "metadata", "label": "METADATA", "category": "MANAGE" },
+ { "itemId": 9, "name": "all", "label": "ALL", "impliedGrants": [ "select", "insert", "update", "delete", "alter", "create", "drop", "metadata" ] }
],
-
- "policyConditions":
- [
+ "configs": [
+ { "itemId": 1, "name": "ranger.plugin.audit.filters", "type": "string", "mandatory": false, "label": "Ranger Default Audit Filters", "defaultValue": "[]" }
]
}
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-kylin.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-kylin.json
index f852947b5d..db2e580b6c 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-kylin.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-kylin.json
@@ -1,126 +1,37 @@
{
- "id":12,
- "name": "kylin",
- "displayName": "kylin",
- "implClass": "org.apache.ranger.services.kylin.RangerServiceKylin",
- "label": "KYLIN",
- "description": "KYLIN",
- "guid": "88ab8471-3e27-40c2-8bd8-458b5b1a9b25",
- "resources":
- [
- {
- "itemId": 1,
- "name": "project",
- "type": "string",
- "level": 10,
- "parent": "",
- "mandatory": true,
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": { "wildCard":true, "ignoreCase":true},
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Kylin Project",
- "description": "Kylin Project"
- }
- ],
-
- "accessTypes":
- [
- {
- "itemId": 1,
- "name": "QUERY",
- "label": "QUERY",
- "category": "READ"
- },
-
- {
- "itemId": 2,
- "name": "OPERATION",
- "label": "OPERATION",
- "category": "UPDATE"
- },
-
- {
- "itemId": 3,
- "name": "MANAGEMENT",
- "label": "MANAGEMENT",
- "category": "MANAGE"
- },
-
- {
- "itemId": 4,
- "name": "ADMIN",
- "label": "ADMIN",
- "category": "MANAGE"
- }
- ],
-
- "configs":
- [
- {
- "itemId": 1,
- "name": "username",
- "type": "string",
- "mandatory": true,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Username"
- },
-
- {
- "itemId": 2,
- "name": "password",
- "type": "password",
- "mandatory": true,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Password"
- },
-
- {
- "itemId": 3,
- "name": "kylin.url",
- "type": "string",
- "mandatory": true,
- "defaultValue": "",
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"{\"TextFieldWithIcon\":true, \"info\": \"1.For one url, eg.
'http://<ipaddr>:7070'
2.For multiple urls (use , or ; delimiter), eg.
'http://<ipaddr1>:7070,http://<ipaddr2>:7070'\"}",
- "label": "Kylin URL"
- },
-
- {
- "itemId": 4,
- "name": "commonNameForCertificate",
- "type": "string",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Common Name for Certificate"
- }
-
- ],
- "options": { "enableDenyAndExceptionsInPolicies": "false" },
-
- "enums":
- [
-
- ],
-
- "contextEnrichers":
- [
-
- ],
-
- "policyConditions":
- [
-
- ]
+ "id": 12,
+ "name": "kylin",
+ "displayName": "kylin",
+ "implClass": "org.apache.ranger.services.kylin.RangerServiceKylin",
+ "label": "KYLIN",
+ "description": "KYLIN",
+ "guid": "88ab8471-3e27-40c2-8bd8-458b5b1a9b25",
+ "options": { "enableDenyAndExceptionsInPolicies": "false" },
+ "resources": [
+ {
+ "itemId": 1,
+ "name": "project",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true},
+ "label": "Kylin Project",
+ "description": "Kylin Project"
+ }
+ ],
+ "accessTypes": [
+ { "itemId": 1, "name": "QUERY", "label": "QUERY", "category": "READ" },
+ { "itemId": 2, "name": "OPERATION", "label": "OPERATION", "category": "UPDATE" },
+ { "itemId": 3, "name": "MANAGEMENT", "label": "MANAGEMENT", "category": "MANAGE" },
+ { "itemId": 4, "name": "ADMIN", "label": "ADMIN", "category": "MANAGE" }
+ ],
+ "configs": [
+ { "itemId": 1, "name": "username", "type": "string", "mandatory": true, "label": "Username" },
+ { "itemId": 2, "name": "password", "type": "password", "mandatory": true, "label": "Password" },
+ { "itemId": 3, "name": "kylin.url", "type": "string", "mandatory": true, "label": "Kylin URL", "defaultValue": "", "uiHint":"{\"TextFieldWithIcon\":true, \"info\": \"1.For one url, eg.
'http://<ipaddr>:7070'
2.For multiple urls (use , or ; delimiter), eg.
'http://<ipaddr1>:7070,http://<ipaddr2>:7070'\"}" },
+ { "itemId": 4, "name": "commonNameForCertificate", "type": "string", "mandatory": false, "label": "Common Name for Certificate" }
+ ]
}
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-nestedstructure.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-nestedstructure.json
index 8aa1b705bd..037c2c85c4 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-nestedstructure.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-nestedstructure.json
@@ -4,56 +4,58 @@
"implClass": "",
"label": "NestedStructure",
"description": "Plugin to enforce READ and WRITE access control on nested structures such as JSON response objects from microservice API resource calls",
- "options": {
- "enableDenyAndExceptionsInPolicies": "true"
- },
- "configs": [
- { "itemId": 1, "name": "commonNameForCertificate", "type": "string", "mandatory": false },
- { "itemId": 2, "name": "policy.download.auth.users", "type": "string", "mandatory": false }
- ],
+ "options": { "enableDenyAndExceptionsInPolicies": "true" },
"resources": [
{
- "itemId": 1,
- "name": "schema",
- "type": "string",
- "level": 10,
- "mandatory": true,
- "lookupSupported": false,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": { "wildCard": "true", "ignoreCase": "true" },
- "label": "NestedStructure Schema",
- "description": "Schema of the nested structure returned from Microservice GET, etc",
- "accessTypeRestrictions": [],
- "isValidLeaf": true
+ "itemId": 1,
+ "name": "schema",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": "true", "ignoreCase": "true" },
+ "label": "NestedStructure Schema",
+ "description": "Schema of the nested structure returned from Microservice GET, etc",
+ "isValidLeaf": true,
+ "accessTypeRestrictions": [
+ ]
},
{
- "itemId": 2,
- "name": "field",
- "type": "string",
- "level": 20,
- "parent": "schema",
- "mandatory": true,
- "lookupSupported": false,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": { "wildCard": "true", "ignoreCase": "true" },
- "label": "NestedStructure Schema Field",
- "description": "NestedStructure Schema Field",
- "accessTypeRestrictions": [],
- "isValidLeaf": true
+ "itemId": 2,
+ "name": "field",
+ "parent": "schema",
+ "level": 20,
+ "type": "string",
+ "mandatory": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": "true", "ignoreCase": "true" },
+ "label": "NestedStructure Schema Field",
+ "description": "NestedStructure Schema Field",
+ "isValidLeaf": true,
+ "accessTypeRestrictions": [
+
+ ]
}
],
"accessTypes": [
{ "itemId": 1, "name": "read", "label": "Read", "category": "READ" },
{ "itemId": 2, "name": "write", "label": "Write", "category": "UPDATE" }
],
- "policyConditions": [],
- "contextEnrichers": [],
- "enums": [],
+ "configs": [
+ { "itemId": 1, "name": "commonNameForCertificate", "type": "string", "mandatory": false },
+ { "itemId": 2, "name": "policy.download.auth.users", "type": "string", "mandatory": false }
+ ],
"dataMaskDef": {
+ "accessTypes": [
+ { "name": "read" }
+ ],
+ "resources": [
+ { "name": "schema", "excludesSupported": false, "matcherOptions": { "wildCard": "false", "ignoreCase": "true" }, "uiHint": "{ \"singleValue\":true }" },
+ { "name": "field", "excludesSupported": false, "matcherOptions": { "wildCard": "false", "ignoreCase": "true" }, "uiHint": "{ \"singleValue\":true }" }
+ ],
"maskTypes": [
{
"itemId": 1,
@@ -116,71 +118,15 @@
"description": "Custom",
"dataMaskOptions": {}
}
- ],
- "accessTypes": [
- { "itemId": 1, "name": "read", "label": "Read" }
- ],
- "resources": [
- {
- "itemId": 1,
- "name": "schema",
- "type": "string",
- "level": 10,
- "mandatory": true,
- "lookupSupported": false,
- "recursiveSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": { "wildCard": "false", "ignoreCase": "true" },
- "uiHint": "{ \"singleValue\":true }",
- "label": "NestedStructure Schema",
- "description": "NestedStructure Schema returned from Microservice GET, etc",
- "accessTypeRestrictions": [],
- "isValidLeaf": false
- },
- {
- "itemId": 2,
- "name": "field",
- "type": "string",
- "level": 20,
- "parent": "schema",
- "mandatory": true,
- "lookupSupported": false,
- "recursiveSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": { "wildCard": "false", "ignoreCase": "true" },
- "uiHint": "{ \"singleValue\":true }",
- "label": "NestedStructure Schema Field",
- "description": "NestedStructure Schema Field",
- "accessTypeRestrictions": [],
- "isValidLeaf": true
- }
]
},
"rowFilterDef": {
"accessTypes": [
- { "itemId": 1, "name": "read", "label": "Read" },
- { "itemId": 2, "name": "write", "label": "Write" }
+ { "name": "read" },
+ { "name": "write" }
],
"resources": [
- {
- "itemId": 1,
- "name": "schema",
- "type": "string",
- "level": 10,
- "mandatory": true,
- "lookupSupported": false,
- "recursiveSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": { "wildCard": "false", "ignoreCase": "true" },
- "uiHint": "{ \"singleValue\":true }",
- "label": "NestedStructure Schema",
- "description": "NestedStructure Schema returned from Microservice GET, etc",
- "accessTypeRestrictions": [],
- "isValidLeaf": true
- }
+ { "name": "schema", "excludesSupported": false, "matcherOptions": { "wildCard": "false", "ignoreCase": "true" }, "uiHint": "{ \"singleValue\":true }" }
]
}
-}
\ No newline at end of file
+}
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-nifi-registry.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-nifi-registry.json
index 60babc6f7a..39de303ff6 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-nifi-registry.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-nifi-registry.json
@@ -1,198 +1,50 @@
{
- "id":13,
- "name":"nifi-registry",
+ "id": 13,
+ "name": "nifi-registry",
"displayName": "nifi-registry",
- "implClass":"org.apache.ranger.services.nifi.registry.RangerServiceNiFiRegistry",
- "label":"NIFI Registry",
- "description":"NiFi Registry",
+ "implClass": "org.apache.ranger.services.nifi.registry.RangerServiceNiFiRegistry",
+ "label": "NIFI Registry",
+ "description": "NiFi Registry",
+ "options": { "enableDenyAndExceptionsInPolicies": "false" },
"resources":[
{
- "itemId":100,
- "name":"nifi-registry-resource",
- "type":"string",
- "level":10,
- "parent":"",
- "mandatory":true,
- "lookupSupported":true,
- "recursiveSupported":false,
- "excludesSupported":false,
- "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions":{
- "wildCard":true,
- "ignoreCase":true
- },
- "validationRegEx":"",
- "validationMessage":"",
- "uiHint":"",
- "label":"NiFi Registry Resource Identifier",
- "description":"NiFi Registry Resource"
+ "itemId": 100,
+ "name": "nifi-registry-resource",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "NiFi Registry Resource Identifier",
+ "description": "NiFi Registry Resource"
}
-
],
"accessTypes":[
- {
- "itemId":100,
- "name":"READ",
- "label":"Read",
- "category": "READ"
- },
- {
- "itemId":200,
- "name":"WRITE",
- "label":"Write",
- "category": "UPDATE"
- },
- {
- "itemId":300,
- "name":"DELETE",
- "label":"Delete",
- "category": "DELETE"
- }
+ { "itemId": 100, "name": "READ", "label": "Read", "category": "READ" },
+ { "itemId": 200, "name": "WRITE", "label": "Write", "category": "UPDATE" },
+ { "itemId": 300, "name": "DELETE", "label": "Delete", "category": "DELETE" }
],
"configs":[
- {
- "itemId":400,
- "name":"nifi.registry.url",
- "type":"string",
- "mandatory":true,
- "defaultValue":"http://localhost:18080/nifi-registry-api/policies/resources",
- "validationRegEx":"",
- "validationMessage":"",
- "uiHint":"{\"TextFieldWithIcon\":true, \"info\": \"The URL of the NiFi Registry REST API that provides the available resources.\"}",
- "label":"NiFi Registry URL"
- },
- {
- "itemId": 410,
- "name": "nifi.registry.authentication",
- "type": "enum",
- "subType": "authType",
- "mandatory": true,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Authentication Type",
- "defaultValue": "NONE"
- },
- {
- "itemId": 411,
- "name": "nifi.registry.ssl.use.default.context",
- "type": "bool",
- "subType": "YesTrue:NoFalse",
- "mandatory": true,
- "defaultValue": "false",
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "{\"TextFieldWithIcon\":true, \"info\": \"If true, then Ranger's keystore and truststore will be used to communicate with NiFi Registry. If false, the keystore and truststore properties must be provided.\"}",
- "label": "Use Ranger's Default SSL Context"
- },
- {
- "itemId":500,
- "name":"nifi.registry.ssl.keystore",
- "type":"string",
- "mandatory":false,
- "defaultValue":"",
- "validationRegEx":"",
- "validationMessage":"",
- "uiHint":"",
- "label":"Keystore"
- },
- {
- "itemId":510,
- "name":"nifi.registry.ssl.keystoreType",
- "type":"string",
- "mandatory":false,
- "defaultValue":"",
- "validationRegEx":"",
- "validationMessage":"",
- "uiHint":"",
- "label":"Keystore Type"
- },
- {
- "itemId":520,
- "name":"nifi.registry.ssl.keystorePassword",
- "type":"password",
- "mandatory":false,
- "defaultValue":"",
- "validationRegEx":"",
- "validationMessage":"",
- "uiHint":"",
- "label":"Keystore Password"
- },
- {
- "itemId":530,
- "name":"nifi.registry.ssl.truststore",
- "type":"string",
- "mandatory":false,
- "defaultValue":"",
- "validationRegEx":"",
- "validationMessage":"",
- "uiHint":"",
- "label":"Truststore"
- },
- {
- "itemId":540,
- "name":"nifi.registry.ssl.truststoreType",
- "type":"string",
- "mandatory":false,
- "defaultValue":"",
- "validationRegEx":"",
- "validationMessage":"",
- "uiHint":"",
- "label":"Truststore Type"
- },
- {
- "itemId":550,
- "name":"nifi.registry.ssl.truststorePassword",
- "type":"password",
- "mandatory":false,
- "defaultValue":"",
- "validationRegEx":"",
- "validationMessage":"",
- "uiHint":"",
- "label":"Truststore Password"
- },
- {
- "itemId": 560,
- "name": "ranger.plugin.audit.filters",
- "type": "string",
- "subType": "",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Ranger Default Audit Filters",
- "defaultValue": "[]"
- }
+ { "itemId": 400, "name": "nifi.registry.url", "type": "string", "mandatory": true, "label": "NiFi Registry URL", "defaultValue":"http://localhost:18080/nifi-registry-api/policies/resources", "uiHint":"{\"TextFieldWithIcon\":true, \"info\": \"The URL of the NiFi Registry REST API that provides the available resources.\"}" },
+ { "itemId": 410, "name": "nifi.registry.authentication", "type": "enum", "mandatory": true, "label": "Authentication Type", "defaultValue": "NONE", "subType": "authType" },
+ { "itemId": 411, "name": "nifi.registry.ssl.use.default.context", "type": "bool", "mandatory": true, "label": "Use Ranger's Default SSL Context", "defaultValue": "false", "subType": "YesTrue:NoFalse", "uiHint": "{\"TextFieldWithIcon\":true, \"info\": \"If true, then Ranger's keystore and truststore will be used to communicate with NiFi Registry. If false, the keystore and truststore properties must be provided.\"}" },
+ { "itemId": 500, "name": "nifi.registry.ssl.keystore", "type": "string", "mandatory": false, "label": "Keystore", "defaultValue":"" },
+ { "itemId": 510, "name": "nifi.registry.ssl.keystoreType", "type": "string", "mandatory": false, "label": "Keystore Type", "defaultValue":"" },
+ { "itemId": 520, "name": "nifi.registry.ssl.keystorePassword", "type": "password", "mandatory": false, "label": "Keystore Password", "defaultValue":"" },
+ { "itemId": 530, "name": "nifi.registry.ssl.truststore", "type": "string", "mandatory": false, "label": "Truststore", "defaultValue":"" },
+ { "itemId": 540, "name": "nifi.registry.ssl.truststoreType", "type": "string", "mandatory": false, "label": "Truststore Type", "defaultValue":"" },
+ { "itemId": 550, "name": "nifi.registry.ssl.truststorePassword", "type": "password", "mandatory": false, "label": "Truststore Password", "defaultValue":"" },
+ { "itemId": 560, "name": "ranger.plugin.audit.filters", "type": "string", "mandatory": false, "label": "Ranger Default Audit Filters", "defaultValue": "[]" }
],
- "enums":
- [
+ "enums": [
{
- "itemId": 1,
- "name": "authType",
- "elements":
- [
- {
- "itemId": 1,
- "name": "NONE",
- "label": "None"
- },
- {
- "itemId": 2,
- "name": "SSL",
- "label": "SSL"
- }
- ],
-
- "defaultIndex": 0
+ "itemId": 1, "name": "authType", "defaultIndex": 0,
+ "elements": [
+ { "itemId": 1, "name": "NONE", "label": "None" },
+ { "itemId": 2, "name": "SSL", "label": "SSL" }
+ ]
}
- ],
- "options": {
- "enableDenyAndExceptionsInPolicies": "false"
- },
- "contextEnrichers":[
-
- ],
- "policyConditions":[
-
]
}
\ No newline at end of file
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-nifi.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-nifi.json
index b481efd8ef..aba88bf731 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-nifi.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-nifi.json
@@ -1,192 +1,49 @@
{
- "id":10,
- "name":"nifi",
+ "id": 10,
+ "name": "nifi",
"displayName": "nifi",
- "implClass":"org.apache.ranger.services.nifi.RangerServiceNiFi",
- "label":"NIFI",
- "description":"NiFi",
+ "implClass": "org.apache.ranger.services.nifi.RangerServiceNiFi",
+ "label": "NIFI",
+ "description": "NiFi",
+ "options": { "enableDenyAndExceptionsInPolicies": "false" },
"resources":[
{
- "itemId":100,
- "name":"nifi-resource",
- "type":"string",
- "level":10,
- "parent":"",
- "mandatory":true,
- "lookupSupported":true,
- "recursiveSupported":false,
- "excludesSupported":false,
- "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions":{
- "wildCard":true,
- "ignoreCase":true
- },
- "validationRegEx":"",
- "validationMessage":"",
- "uiHint":"",
- "label":"NiFi Resource Identifier",
- "description":"NiFi Resource"
+ "itemId": 100,
+ "name": "nifi-resource",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "NiFi Resource Identifier",
+ "description": "NiFi Resource"
}
-
],
"accessTypes":[
- {
- "itemId":100,
- "name":"READ",
- "label":"Read",
- "category": "READ"
- },
- {
- "itemId":200,
- "name":"WRITE",
- "label":"Write",
- "category": "UPDATE"
- }
+ { "itemId":100, "name": "READ", "label": "Read", "category": "READ" },
+ { "itemId":200, "name": "WRITE", "label": "Write", "category": "UPDATE" }
],
"configs":[
- {
- "itemId":400,
- "name":"nifi.url",
- "type":"string",
- "mandatory":true,
- "defaultValue":"http://localhost:8080/nifi-api/resources",
- "validationRegEx":"",
- "validationMessage":"",
- "uiHint":"{\"TextFieldWithIcon\":true, \"info\": \"The URL of the NiFi REST API that provides the available resources.\"}",
- "label":"NiFi URL"
- },
- {
- "itemId": 410,
- "name": "nifi.authentication",
- "type": "enum",
- "subType": "authType",
- "mandatory": true,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Authentication Type",
- "defaultValue": "NONE"
- },
- {
- "itemId": 411,
- "name": "nifi.ssl.use.default.context",
- "type": "bool",
- "subType": "YesTrue:NoFalse",
- "mandatory": true,
- "defaultValue": "false",
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "{\"TextFieldWithIcon\":true, \"info\": \"If true, then Ranger's keystore and truststore will be used to communicate with NiFi. If false, the keystore and truststore properties must be provided.\"}",
- "label": "Use Ranger's Default SSL Context"
- },
- {
- "itemId":500,
- "name":"nifi.ssl.keystore",
- "type":"string",
- "mandatory":false,
- "defaultValue":"",
- "validationRegEx":"",
- "validationMessage":"",
- "uiHint":"",
- "label":"Keystore"
- },
- {
- "itemId":510,
- "name":"nifi.ssl.keystoreType",
- "type":"string",
- "mandatory":false,
- "defaultValue":"",
- "validationRegEx":"",
- "validationMessage":"",
- "uiHint":"",
- "label":"Keystore Type"
- },
- {
- "itemId":520,
- "name":"nifi.ssl.keystorePassword",
- "type":"password",
- "mandatory":false,
- "defaultValue":"",
- "validationRegEx":"",
- "validationMessage":"",
- "uiHint":"",
- "label":"Keystore Password"
- },
- {
- "itemId":530,
- "name":"nifi.ssl.truststore",
- "type":"string",
- "mandatory":false,
- "defaultValue":"",
- "validationRegEx":"",
- "validationMessage":"",
- "uiHint":"",
- "label":"Truststore"
- },
- {
- "itemId":540,
- "name":"nifi.ssl.truststoreType",
- "type":"string",
- "mandatory":false,
- "defaultValue":"",
- "validationRegEx":"",
- "validationMessage":"",
- "uiHint":"",
- "label":"Truststore Type"
- },
- {
- "itemId":550,
- "name":"nifi.ssl.truststorePassword",
- "type":"password",
- "mandatory":false,
- "defaultValue":"",
- "validationRegEx":"",
- "validationMessage":"",
- "uiHint":"",
- "label":"Truststore Password"
- },
- {
- "itemId": 560,
- "name": "ranger.plugin.audit.filters",
- "type": "string",
- "subType": "",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Ranger Default Audit Filters",
- "defaultValue": "[]"
- }
+ { "itemId": 400, "name": "nifi.url", "type": "string", "mandatory": true, "label": "NiFi URL", "defaultValue": "http://localhost:8080/nifi-api/resources", "uiHint": "{\"TextFieldWithIcon\":true, \"info\": \"The URL of the NiFi REST API that provides the available resources.\"}" },
+ { "itemId": 410, "name": "nifi.authentication", "type": "enum", "mandatory": true, "label": "Authentication Type", "defaultValue": "NONE", "subType": "authType" },
+ { "itemId": 411, "name": "nifi.ssl.use.default.context", "type": "bool", "mandatory": true, "label": "Use Ranger's Default SSL Context", "defaultValue": "false", "subType": "YesTrue:NoFalse", "uiHint": "{\"TextFieldWithIcon\":true, \"info\": \"If true, then Ranger's keystore and truststore will be used to communicate with NiFi. If false, the keystore and truststore properties must be provided.\"}" },
+ { "itemId": 500, "name": "nifi.ssl.keystore", "type": "string", "mandatory": false, "label": "Keystore", "defaultValue": "" },
+ { "itemId": 510, "name": "nifi.ssl.keystoreType", "type": "string", "mandatory": false, "label": "Keystore Type", "defaultValue": "" },
+ { "itemId": 520, "name": "nifi.ssl.keystorePassword", "type": "password", "mandatory": false, "label": "Keystore Password", "defaultValue": "" },
+ { "itemId": 530, "name": "nifi.ssl.truststore", "type": "string", "mandatory": false, "label": "Truststore", "defaultValue": "" },
+ { "itemId": 540, "name": "nifi.ssl.truststoreType", "type": "string", "mandatory": false, "label": "Truststore Type", "defaultValue": "" },
+ { "itemId": 550, "name": "nifi.ssl.truststorePassword", "type": "password", "mandatory": false, "label": "Truststore Password", "defaultValue": "" },
+ { "itemId": 560, "name": "ranger.plugin.audit.filters", "type": "string", "mandatory": false, "label": "Ranger Default Audit Filters", "defaultValue": "[]" }
],
- "enums":
- [
+ "enums": [
{
- "itemId": 1,
- "name": "authType",
- "elements":
- [
- {
- "itemId": 1,
- "name": "NONE",
- "label": "None"
- },
- {
- "itemId": 2,
- "name": "SSL",
- "label": "SSL"
- }
- ],
-
- "defaultIndex": 0
+ "itemId": 1, "name": "authType", "defaultIndex": 0,
+ "elements": [
+ { "itemId": 1, "name": "NONE", "label": "None" },
+ { "itemId": 2, "name": "SSL", "label": "SSL" }
+ ]
}
- ],
- "options": {
- "enableDenyAndExceptionsInPolicies": "false"
- },
- "contextEnrichers":[
-
- ],
- "policyConditions":[
-
]
-}
\ No newline at end of file
+}
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-ozone.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-ozone.json
index 025e5fa08e..9ea9d6b362 100755
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-ozone.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-ozone.json
@@ -1,295 +1,122 @@
{
- "id":201,
- "name": "ozone",
- "displayName": "ozone",
- "implClass": "org.apache.ranger.services.ozone.RangerServiceOzone",
- "label": "OZONE",
- "description": "Ozone Repository",
- "guid": "",
- "resources":
- [
- {
- "itemId": 1,
- "name": "volume",
- "type": "string",
- "level": 10,
- "parent": "",
- "mandatory": true,
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": { "wildCard":true, "ignoreCase":false },
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Ozone Volume",
- "description": "Ozone Volume",
- "accessTypeRestrictions": [ "read", "write", "create", "list", "delete", "read_acl", "write_acl", "all" ],
- "isValidLeaf": true
- },
- {
- "itemId": 2,
- "name": "bucket",
- "type": "string",
- "level": 20,
- "parent": "volume",
- "mandatory": true,
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": { "wildCard":true, "ignoreCase":true },
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Ozone Bucket",
- "description": "Ozone Bucket",
- "accessTypeRestrictions": [ "read", "write", "create", "list", "delete", "read_acl", "write_acl", "all" ],
- "isValidLeaf": true
- },
- {
- "itemId": 3,
- "name": "key",
- "type": "string",
- "level": 30,
- "parent": "bucket",
- "mandatory": true,
- "lookupSupported": true,
- "recursiveSupported": true,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": { "wildCard":true, "ignoreCase":true },
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Ozone Key",
- "description": "Ozone Key",
- "accessTypeRestrictions": [ "read", "write", "create", "list", "delete", "read_acl", "write_acl", "all" ],
- "isValidLeaf": true
- },
- {
- "itemId": 4,
- "name": "role",
- "type": "string",
- "level": 10,
- "parent": "",
- "mandatory": true,
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": { "wildCard":true, "ignoreCase":false },
- "label": "Role",
- "description": "Role",
- "accessTypeRestrictions": [ "assume_role" ],
- "isValidLeaf": true
- }
- ],
-
- "accessTypes":
- [
- {
- "itemId": 8,
- "name": "all",
- "label": "All",
- "impliedGrants":
- [
- "read",
- "write",
- "create",
- "list",
- "delete",
- "read_acl",
- "write_acl"
- ]
- },
- {
- "itemId": 1,
- "name": "read",
- "label": "Read",
- "category": "READ"
- },
-
- {
- "itemId": 2,
- "name": "write",
- "label": "Write",
- "category": "UPDATE"
- },
-
- {
- "itemId": 3,
- "name": "create",
- "label": "Create",
- "category": "CREATE"
- },
-
- {
- "itemId": 4,
- "name": "list",
- "label": "List",
- "category": "READ"
- },
-
- {
- "itemId": 5,
- "name": "delete",
- "label": "Delete",
- "category": "DELETE"
- },
- {
- "itemId": 6,
- "name": "read_acl",
- "label": "Read_ACL",
- "category": "READ"
- },
- {
- "itemId": 7,
- "name": "write_acl",
- "label": "Write_ACL",
- "category": "UPDATE"
- },
- {
- "itemId": 8,
- "name": "assume_role",
- "label": "Assume_Role",
- "category": "MANAGE"
- }
- ],
-
- "configs":
- [
- {
- "itemId": 1,
- "name": "username",
- "type": "string",
- "subType": "",
- "mandatory": true,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Username"
- },
-
- {
- "itemId": 2,
- "name": "password",
- "type": "password",
- "subType": "",
- "mandatory": true,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Password"
- },
-
- {
- "itemId": 3,
- "name": "ozone.om.http-address",
- "type": "string",
- "subType": "",
- "mandatory": true,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"{\"TextFieldWithIcon\":true, \"info\": \"For Ozone Url, eg.
<host>:<port>
\"}",
- "label": "Ozone URL"
- },
-
- {
- "itemId": 4,
- "name": "hadoop.security.authorization",
- "type": "bool",
- "subType": "YesTrue:NoFalse",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Authorization Enabled",
- "defaultValue": "false"
- },
-
- {
- "itemId": 5,
- "name": "hadoop.security.authentication",
- "type": "enum",
- "subType": "authnType",
- "mandatory": true,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Authentication Type",
- "defaultValue": "simple"
- },
-
- {
- "itemId": 6,
- "name": "hadoop.security.auth_to_local",
- "type": "string",
- "subType": "",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":""
- },
-
- {
- "itemId": 7,
- "name": "ranger.plugin.audit.filters",
- "type": "string",
- "subType": "",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Ranger Default Audit Filters",
- "defaultValue": "[ {'accessResult': 'DENIED', 'isAudited': true} ]"
- }
- ],
-
- "enums":
- [
- {
- "itemId": 1,
- "name": "authnType",
- "elements":
- [
- {
- "itemId": 1,
- "name": "simple",
- "label": "Simple"
- },
-
- {
- "itemId": 2,
- "name": "kerberos",
- "label": "Kerberos"
- }
- ],
-
- "defaultIndex": 0
- }
- ],
-
- "contextEnrichers":
- [
- ],
-
- "policyConditions":
-
- [
-
- {
- "itemId": 1,
- "name": "ip-range",
- "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerIpMatcher",
- "evaluatorOptions": { },
- "validationRegEx":"",
- "validationMessage": "",
- "label": "IP Address Range",
- "description": "IP Address Range",
- "uiHint" : "{ \"isMultiValue\":true }"
- }
-
- ]
+ "id": 201,
+ "name": "ozone",
+ "displayName": "ozone",
+ "implClass": "org.apache.ranger.services.ozone.RangerServiceOzone",
+ "label": "OZONE",
+ "description": "Ozone Repository",
+ "guid": "",
+ "resources": [
+ {
+ "itemId": 1,
+ "name": "volume",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": false },
+ "label": "Ozone Volume",
+ "description": "Ozone Volume",
+ "isValidLeaf": true,
+ "accessTypeRestrictions": [
+ "read", "write", "create", "list", "delete", "read_acl", "write_acl", "all"
+ ]
+ },
+ {
+ "itemId": 2,
+ "name": "bucket",
+ "parent": "volume",
+ "level": 20,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Ozone Bucket",
+ "description": "Ozone Bucket",
+ "isValidLeaf": true,
+ "accessTypeRestrictions": [
+ "read", "write", "create", "list", "delete", "read_acl", "write_acl", "all"
+ ]
+ },
+ {
+ "itemId": 3,
+ "name": "key",
+ "parent": "bucket",
+ "level": 30,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
+ "recursiveSupported": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Ozone Key",
+ "description": "Ozone Key",
+ "isValidLeaf": true,
+ "accessTypeRestrictions": [
+ "read", "write", "create", "list", "delete", "read_acl", "write_acl", "all"
+ ]
+ },
+ {
+ "itemId": 4,
+ "name": "role",
+ "type": "string",
+ "level": 10,
+ "parent": "",
+ "mandatory": true,
+ "lookupSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": false },
+ "label": "Role",
+ "description": "Role",
+ "isValidLeaf": true,
+ "accessTypeRestrictions": [
+ "assume_role"
+ ]
+ }
+ ],
+ "accessTypes": [
+ { "itemId": 8, "name": "all", "label": "All", "impliedGrants": [ "read", "write", "create", "list", "delete", "read_acl", "write_acl" ] },
+ { "itemId": 1, "name": "read", "label": "Read", "category": "READ" },
+ { "itemId": 2, "name": "write", "label": "Write", "category": "UPDATE" },
+ { "itemId": 3, "name": "create", "label": "Create", "category": "CREATE" },
+ { "itemId": 4, "name": "list", "label": "List", "category": "READ" },
+ { "itemId": 5, "name": "delete", "label": "Delete", "category": "DELETE" },
+ { "itemId": 6, "name": "read_acl", "label": "Read_ACL", "category": "READ" },
+ { "itemId": 7, "name": "write_acl", "label": "Write_ACL", "category": "UPDATE" },
+ { "itemId": 8, "name": "assume_role", "label": "Assume_Role", "category": "MANAGE" }
+ ],
+ "configs": [
+ { "itemId": 1, "name": "username", "type": "string", "mandatory": true, "label": "Username" },
+ { "itemId": 2, "name": "password", "type": "password", "mandatory": true, "label": "Password" },
+ { "itemId": 3, "name": "ozone.om.http-address", "type": "string", "mandatory": true, "label": "Ozone URL", "uiHint":"{\"TextFieldWithIcon\":true, \"info\": \"For Ozone Url, eg.
<host>:<port>
\"}" },
+ { "itemId": 4, "name": "hadoop.security.authorization", "type": "bool", "mandatory": false, "label": "Authorization Enabled", "defaultValue": "false", "subType": "YesTrue:NoFalse" },
+ { "itemId": 5, "name": "hadoop.security.authentication", "type": "enum", "mandatory": true, "label": "Authentication Type", "defaultValue": "simple", "subType": "authnType" },
+ { "itemId": 6, "name": "hadoop.security.auth_to_local", "type": "string", "mandatory": false },
+ { "itemId": 7, "name": "ranger.plugin.audit.filters", "type": "string", "mandatory": false, "label": "Ranger Default Audit Filters", "defaultValue": "[ {'accessResult': 'DENIED', 'isAudited': true} ]" }
+ ],
+ "enums": [
+ {
+ "itemId": 1, "name": "authnType", "defaultIndex": 0,
+ "elements": [
+ { "itemId": 1, "name": "simple", "label": "Simple" },
+ { "itemId": 2, "name": "kerberos", "label": "Kerberos" }
+ ]
+ }
+ ],
+ "policyConditions": [
+ {
+ "itemId": 1,
+ "name": "ip-range",
+ "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerIpMatcher",
+ "label": "IP Address Range",
+ "description": "IP Address Range",
+ "uiHint" : "{ \"isMultiValue\":true }"
+ }
+ ]
}
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-presto.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-presto.json
index 330ff1485c..1c49071bf7 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-presto.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-presto.json
@@ -1,485 +1,246 @@
{
- "id": 17,
- "name": "presto",
+ "id": 17,
+ "name": "presto",
"displayName": "presto",
- "implClass": "org.apache.ranger.services.presto.RangerServicePresto",
- "label": "Presto",
+ "implClass": "org.apache.ranger.services.presto.RangerServicePresto",
+ "label": "Presto",
"description": "Presto",
- "guid": "379a9fe5-1b6e-4091-a584-4890e245e6c1",
+ "guid": "379a9fe5-1b6e-4091-a584-4890e245e6c1",
"resources": [
{
- "itemId": 1,
- "name": "catalog",
- "type": "string",
- "level": 10,
- "parent": "",
- "mandatory": true,
- "isValidLeaf": true,
- "lookupSupported": true,
- "recursiveSupported": false,
+ "itemId": 1,
+ "name": "catalog",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "isValidLeaf": true,
+ "lookupSupported": true,
"excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": true,
- "ignoreCase": true
- },
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Presto Catalog",
- "description": "Presto Catalog"
- },
- {
- "itemId": 2,
- "name": "schema",
- "type": "string",
- "level": 20,
- "parent": "catalog",
- "mandatory": true,
- "isValidLeaf": true,
- "lookupSupported": true,
- "recursiveSupported": false,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Presto Catalog",
+ "description": "Presto Catalog"
+ },
+ {
+ "itemId": 2,
+ "name": "schema",
+ "parent": "catalog",
+ "level": 20,
+ "type": "string",
+ "mandatory": true,
+ "isValidLeaf": true,
+ "lookupSupported": true,
"excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": true,
- "ignoreCase": true
- },
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Presto Schema",
- "description": "Presto Schema"
- },
- {
- "itemId": 3,
- "name": "table",
- "type": "string",
- "level": 30,
- "parent": "schema",
- "mandatory": true,
- "isValidLeaf": true,
- "lookupSupported": true,
- "recursiveSupported": false,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Presto Schema",
+ "description": "Presto Schema"
+ },
+ {
+ "itemId": 3,
+ "name": "table",
+ "parent": "schema",
+ "level": 30,
+ "type": "string",
+ "mandatory": true,
+ "isValidLeaf": true,
+ "lookupSupported": true,
"excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": true,
- "ignoreCase": true
- },
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Presto Table",
- "description": "Presto Table"
- },
- {
- "itemId": 4,
- "name": "column",
- "type": "string",
- "level": 40,
- "parent": "table",
- "mandatory": true,
- "lookupSupported": true,
- "recursiveSupported": false,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Presto Table",
+ "description": "Presto Table"
+ },
+ {
+ "itemId": 4,
+ "name": "column",
+ "parent": "table",
+ "level": 40,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
"excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": true,
- "ignoreCase": true
- },
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Presto Column",
- "description": "Presto Column"
- },
- {
- "itemId": 5,
- "name": "prestouser",
- "type": "string",
- "level": 10,
- "parent": "",
- "mandatory": true,
- "lookupSupported": false,
- "recursiveSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": true,
- "ignoreCase": true
- },
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Presto User",
- "description": "Presto User",
- "accessTypeRestrictions": ["impersonate"]
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Presto Column",
+ "description": "Presto Column"
+ },
+ {
+ "itemId": 5,
+ "name": "prestouser",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Presto User",
+ "description": "Presto User",
+ "accessTypeRestrictions": [
+ "impersonate"
+ ]
},
{
- "itemId": 6,
- "name": "systemproperty",
- "type": "string",
- "level": 10,
- "parent": "",
- "mandatory": true,
- "lookupSupported": false,
- "recursiveSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": true,
- "ignoreCase": true
- },
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "System Property",
- "description": "Presto System Property",
- "accessTypeRestrictions": ["alter"]
+ "itemId": 6,
+ "name": "systemproperty",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "System Property",
+ "description": "Presto System Property",
+ "accessTypeRestrictions": [
+ "alter"
+ ]
},
{
- "itemId": 7,
- "name": "sessionproperty",
- "type": "string",
- "level": 20,
- "parent": "catalog",
- "mandatory": true,
- "lookupSupported": false,
- "recursiveSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": true,
- "ignoreCase": true
- },
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Catalog Session Property",
- "description": "Presto Catalog Session Property",
- "accessTypeRestrictions": ["alter"]
+ "itemId": 7,
+ "name": "sessionproperty",
+ "parent": "catalog",
+ "level": 20,
+ "type": "string",
+ "mandatory": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Catalog Session Property",
+ "description": "Presto Catalog Session Property",
+ "accessTypeRestrictions": [
+ "alter"
+ ]
},
{
- "itemId": 8,
- "name": "function",
- "type": "string",
- "level": 10,
- "parent": "",
- "mandatory": true,
- "lookupSupported": false,
- "recursiveSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": true,
- "ignoreCase": true
- },
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Presto Function",
- "description": "Presto Function",
- "accessTypeRestrictions": ["execute", "grant"]
+ "itemId": 8,
+ "name": "function",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Presto Function",
+ "description": "Presto Function",
+ "accessTypeRestrictions": [
+ "execute",
+ "grant"
+ ]
},
{
- "itemId": 9,
- "name": "procedure",
- "type": "string",
- "level": 30,
- "parent": "schema",
- "mandatory": true,
- "lookupSupported": false,
- "recursiveSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": true,
- "ignoreCase": true
- },
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Schema Procedure",
- "description": "Schema Procedure",
- "accessTypeRestrictions": ["execute", "grant"]
+ "itemId": 9,
+ "name": "procedure",
+ "parent": "schema",
+ "level": 30,
+ "type": "string",
+ "mandatory": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Schema Procedure",
+ "description": "Schema Procedure",
+ "accessTypeRestrictions": [
+ "execute",
+ "grant"
+ ]
}
],
"accessTypes": [
- {
- "itemId": 1,
- "name": "select",
- "label": "Select",
- "category": "READ"
- },
- {
- "itemId": 2,
- "name": "insert",
- "label": "Insert",
- "category": "UPDATE"
- },
- {
- "itemId": 3,
- "name": "create",
- "label": "Create",
- "category": "CREATE"
- },
- {
- "itemId": 4,
- "name": "drop",
- "label": "Drop",
- "category": "DELETE"
- },
- {
- "itemId": 5,
- "name": "delete",
- "label": "Delete",
- "category": "DELETE"
- },
- {
- "itemId": 6,
- "name": "use",
- "label": "Use",
- "category": "READ"
- },
- {
- "itemId": 7,
- "name": "alter",
- "label": "Alter",
- "category": "CREATE"
- },
- {
- "itemId": 8,
- "name": "grant",
- "label": "Grant",
- "category": "MANAGE"
- },
- {
- "itemId": 9,
- "name": "revoke",
- "label": "Revoke",
- "category": "MANAGE"
- },
- {
- "itemId": 10,
- "name": "show",
- "label": "Show",
- "category": "READ"
- },
- {
- "itemId": 11,
- "name": "impersonate",
- "label": "Impersonate",
- "category": "READ"
- },
- {
- "itemId": 12,
- "name": "all",
- "label": "All",
- "impliedGrants": [
- "select",
- "insert",
- "create",
- "delete",
- "drop",
- "use",
- "alter",
- "grant",
- "revoke",
- "show",
- "impersonate",
- "execute"
- ]
- },
- {
- "itemId": 13,
- "name": "execute",
- "label": "execute",
- "category": "READ"
- }
+ { "itemId": 1, "name": "select", "label": "Select", "category": "READ" },
+ { "itemId": 2, "name": "insert", "label": "Insert", "category": "UPDATE" },
+ { "itemId": 3, "name": "create", "label": "Create", "category": "CREATE" },
+ { "itemId": 4, "name": "drop", "label": "Drop", "category": "DELETE" },
+ { "itemId": 5, "name": "delete", "label": "Delete", "category": "DELETE" },
+ { "itemId": 6, "name": "use", "label": "Use", "category": "READ" },
+ { "itemId": 7, "name": "alter", "label": "Alter", "category": "CREATE" },
+ { "itemId": 8, "name": "grant", "label": "Grant", "category": "MANAGE" },
+ { "itemId": 9, "name": "revoke", "label": "Revoke", "category": "MANAGE" },
+ { "itemId": 10, "name": "show", "label": "Show", "category": "READ" },
+ { "itemId": 11, "name": "impersonate", "label": "Impersonate", "category": "READ" },
+ { "itemId": 13, "name": "execute", "label": "execute", "category": "READ" },
+ { "itemId": 12, "name": "all", "label": "All", "impliedGrants": [ "select", "insert", "create", "delete", "drop", "use", "alter", "grant", "revoke", "show", "impersonate", "execute" ] }
],
"configs": [
- {
- "itemId": 1,
- "name": "username",
- "type": "string",
- "mandatory": true,
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Username"
- },
- {
- "itemId": 2,
- "name": "password",
- "type": "password",
- "mandatory": false,
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Password"
- },
- {
- "itemId": 3,
- "name": "jdbc.driverClassName",
- "type": "string",
- "mandatory": true,
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "defaultValue": "io.prestosql.jdbc.PrestoDriver"
- },
- {
- "itemId": 4,
- "name": "jdbc.url",
- "type": "string",
- "mandatory": true,
- "defaultValue": "",
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": ""
- }
- ],
- "enums": [
- ],
- "contextEnrichers": [
- ],
- "policyConditions":
- [
+ { "itemId": 1, "name": "username", "type": "string", "mandatory": true, "label": "Username" },
+ { "itemId": 2, "name": "password", "type": "password", "mandatory": false, "label": "Password" },
+ { "itemId": 3, "name": "jdbc.driverClassName", "type": "string", "mandatory": true, "defaultValue": "io.prestosql.jdbc.PrestoDriver" },
+ { "itemId": 4, "name": "jdbc.url", "type": "string", "mandatory": true, "defaultValue": "" }
],
"dataMaskDef": {
"accessTypes": [
- {
- "name": "select"
- }
+ { "name": "select" }
],
"resources": [
- {
- "name": "catalog",
- "matcherOptions": {
- "wildCard": "true"
- },
- "lookupSupported": true,
- "uiHint":"{ \"singleValue\":true }"
- },
- {
- "name": "schema",
- "matcherOptions": {
- "wildCard": "true"
- },
- "lookupSupported": true,
- "uiHint":"{ \"singleValue\":true }"
- },
- {
- "name": "table",
- "matcherOptions": {
- "wildCard": "true"
- },
- "lookupSupported": true,
- "uiHint":"{ \"singleValue\":true }"
- },
- {
- "name": "column",
- "matcherOptions": {
- "wildCard": "true"
- },
- "lookupSupported": true,
- "uiHint":"{ \"singleValue\":true }"
- }
+ { "name": "catalog", "matcherOptions": { "wildCard": "true" }, "lookupSupported": true, "uiHint":"{ \"singleValue\":true }" },
+ { "name": "schema", "matcherOptions": { "wildCard": "true" }, "lookupSupported": true, "uiHint":"{ \"singleValue\":true }" },
+ { "name": "table", "matcherOptions": { "wildCard": "true" }, "lookupSupported": true, "uiHint":"{ \"singleValue\":true }" },
+ { "name": "column", "matcherOptions": { "wildCard": "true" }, "lookupSupported": true, "uiHint":"{ \"singleValue\":true }" }
],
"maskTypes": [
{
- "itemId": 1,
- "name": "MASK",
- "label": "Redact",
- "description": "Replace lowercase with 'x', uppercase with 'X', digits with '0'",
- "transformer": "cast(regexp_replace(regexp_replace(regexp_replace({col},'([A-Z])', 'X'),'([a-z])','x'),'([0-9])','0') as {type})",
- "dataMaskOptions": {
- }
+ "itemId": 1,
+ "name": "MASK",
+ "label": "Redact",
+ "description": "Replace lowercase with 'x', uppercase with 'X', digits with '0'",
+ "transformer": "cast(regexp_replace(regexp_replace(regexp_replace({col},'([A-Z])', 'X'),'([a-z])','x'),'([0-9])','0') as {type})",
+ "dataMaskOptions": { }
},
{
- "itemId": 2,
- "name": "MASK_SHOW_LAST_4",
- "label": "Partial mask: show last 4",
+ "itemId": 2,
+ "name": "MASK_SHOW_LAST_4",
+ "label": "Partial mask: show last 4",
"description": "Show last 4 characters; replace rest with 'X'",
"transformer": "cast(regexp_replace({col}, '(.*)(.{4}$)', x -> regexp_replace(x[1], '.', 'X') || x[2]) as {type})"
},
{
- "itemId": 3,
- "name": "MASK_SHOW_FIRST_4",
- "label": "Partial mask: show first 4",
+ "itemId": 3,
+ "name": "MASK_SHOW_FIRST_4",
+ "label": "Partial mask: show first 4",
"description": "Show first 4 characters; replace rest with 'x'",
"transformer": "cast(regexp_replace({col}, '(^.{4})(.*)', x -> x[1] || regexp_replace(x[2], '.', 'X')) as {type})"
},
{
- "itemId": 4,
- "name": "MASK_HASH",
- "label": "Hash",
+ "itemId": 4,
+ "name": "MASK_HASH",
+ "label": "Hash",
"description": "Hash the value of a varchar with sha256",
"transformer": "cast(to_hex(sha256(to_utf8({col}))) as {type})"
},
{
- "itemId": 5,
- "name": "MASK_NULL",
- "label": "Nullify",
+ "itemId": 5,
+ "name": "MASK_NULL",
+ "label": "Nullify",
"description": "Replace with NULL"
},
{
- "itemId": 6,
- "name": "MASK_NONE",
- "label": "Unmasked (retain original value)",
+ "itemId": 6,
+ "name": "MASK_NONE",
+ "label": "Unmasked (retain original value)",
"description": "No masking"
},
{
- "itemId": 12,
- "name": "MASK_DATE_SHOW_YEAR",
- "label": "Date: show only year",
+ "itemId": 12,
+ "name": "MASK_DATE_SHOW_YEAR",
+ "label": "Date: show only year",
"description": "Date: show only year",
"transformer": "date_trunc('year', {col})"
},
{
- "itemId": 13,
- "name": "CUSTOM",
- "label": "Custom",
+ "itemId": 13,
+ "name": "CUSTOM",
+ "label": "Custom",
"description": "Custom"
}
]
},
"rowFilterDef": {
"accessTypes": [
- {
- "name": "select"
- }
+ { "name": "select" }
],
"resources": [
- {
- "name": "catalog",
- "matcherOptions": {
- "wildCard": "true"
- },
- "lookupSupported": true,
- "mandatory": true,
- "uiHint": "{ \"singleValue\":true }"
- },
- {
- "name": "schema",
- "matcherOptions": {
- "wildCard": "true"
- },
- "lookupSupported": true,
- "mandatory": true,
- "uiHint": "{ \"singleValue\":true }"
- },
- {
- "name": "table",
- "matcherOptions": {
- "wildCard": "true"
- },
- "lookupSupported": true,
- "mandatory": true,
- "uiHint": "{ \"singleValue\":true }"
- }
+ { "name": "catalog", "matcherOptions": { "wildCard": "true" }, "lookupSupported": true, "mandatory": true, "uiHint": "{ \"singleValue\":true }" },
+ { "name": "schema", "matcherOptions": { "wildCard": "true" }, "lookupSupported": true, "mandatory": true, "uiHint": "{ \"singleValue\":true }" },
+ { "name": "table", "matcherOptions": { "wildCard": "true" }, "lookupSupported": true, "mandatory": true, "uiHint": "{ \"singleValue\":true }" }
]
}
-}
\ No newline at end of file
+}
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-schema-registry.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-schema-registry.json
index 250f9da70d..4aa121d04f 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-schema-registry.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-schema-registry.json
@@ -1,277 +1,128 @@
{
- "id": 202,
- "name": "schema-registry",
- "implClass": "org.apache.ranger.services.schema.registry.RangerServiceSchemaRegistry",
- "label": "Schema Registry",
+ "id": 202,
+ "name": "schema-registry",
+ "implClass": "org.apache.ranger.services.schema.registry.RangerServiceSchemaRegistry",
+ "label": "Schema Registry",
"description": "Schema Registry",
- "resources":
- [
-
- {
- "itemId": 1,
- "name": "registry-service",
- "type": "string",
- "level": 10,
- "parent": "",
- "mandatory": true,
- "lookupSupported": true,
- "recursiveSupported": false,
+ "resources": [
+ {
+ "itemId": 1,
+ "name": "registry-service",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
"excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard":true,
- "ignoreCase":true
- },
- "validationRegEx": "^\\*$",
- "validationMessage": "",
- "uiHint":"",
- "label": "Schema Registry Service",
- "description": "Schema Registry Service"
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Schema Registry Service",
+ "description": "Schema Registry Service"
},
-
{
- "itemId": 2,
- "name": "schema-group",
- "type": "string",
- "level": 10,
- "parent": "",
- "mandatory": true,
- "lookupSupported": true,
- "recursiveSupported": false,
+ "itemId": 2,
+ "name": "schema-group",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
"excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard":true,
- "ignoreCase":true
- },
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Schema Group",
- "description": "Schema Group"
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Schema Group",
+ "description": "Schema Group"
},
-
{
- "itemId": 3,
- "name": "schema-metadata",
- "type": "string",
- "level": 20,
- "parent": "schema-group",
- "mandatory": true,
- "lookupSupported": true,
- "recursiveSupported": false,
+ "itemId": 3,
+ "name": "schema-metadata",
+ "parent": "schema-group",
+ "level": 20,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
"excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard":true,
- "ignoreCase":true
- },
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Schema Name",
- "description": "Schema Name",
- "isValidLeaf": "true"
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Schema Name",
+ "description": "Schema Name",
+ "isValidLeaf": "true"
},
-
-
{
- "itemId": 4,
- "name": "schema-branch",
- "type": "string",
- "level": 30,
- "parent": "schema-metadata",
- "mandatory": true,
- "lookupSupported": true,
- "recursiveSupported": false,
+ "itemId": 4,
+ "name": "schema-branch",
+ "parent": "schema-metadata",
+ "level": 30,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
"excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard":true,
- "ignoreCase":true
- },
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Schema Branch",
- "description": "Schema Branch",
- "isValidLeaf": "true"
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Schema Branch",
+ "description": "Schema Branch",
+ "isValidLeaf": "true"
},
-
{
- "itemId": 5,
- "name": "schema-version",
- "type": "string",
- "level": 40,
- "parent": "schema-branch",
- "mandatory": true,
- "lookupSupported": true,
- "recursiveSupported": false,
+ "itemId": 5,
+ "name": "schema-version",
+ "parent": "schema-branch",
+ "level": 40,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
"excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard":true,
- "ignoreCase":true
- },
- "validationRegEx": "^\\*$",
- "validationMessage": "",
- "uiHint":"",
- "label": "Schema Version",
- "description": "Schema Version"
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Schema Version",
+ "description": "Schema Version"
},
-
{
- "itemId": 6,
- "name": "serde",
- "type": "string",
- "level": 10,
- "parent": "",
- "mandatory": true,
- "lookupSupported": true,
- "recursiveSupported": false,
+ "itemId": 6,
+ "name": "serde",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
"excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard":true,
- "ignoreCase":true
- },
- "validationRegEx": "^\\*$",
- "validationMessage": "",
- "uiHint":"",
- "label": "Serializer/Deserializer",
- "description": "Serializer/Deserializer"
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Serializer/Deserializer",
+ "description": "Serializer/Deserializer"
}
-
],
-
- "accessTypes":
- [
- {
- "itemId": 1,
- "name": "create",
- "label": "Create",
- "category": "CREATE"
- },
-
- {
- "itemId": 2,
- "name": "read",
- "label": "Read",
- "category": "READ"
- },
-
- {
- "itemId": 3,
- "name": "update",
- "label": "Update",
- "category": "UPDATE"
- },
-
- {
- "itemId": 4,
- "name": "delete",
- "label": "Delete",
- "category": "DELETE"
- }
+ "accessTypes": [
+ { "itemId": 1, "name": "create", "label": "Create", "category": "CREATE" },
+ { "itemId": 2, "name": "read", "label": "Read", "category": "READ" },
+ { "itemId": 3, "name": "update", "label": "Update", "category": "UPDATE" },
+ { "itemId": 4, "name": "delete", "label": "Delete", "category": "DELETE" }
],
-
- "configs":
- [
- {
- "itemId": 1,
- "name": "schema.registry.url",
- "type": "string",
- "mandatory": true,
- "defaultValue": "",
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Schema Registry URL"
- },
-
- {
- "itemId": 2,
- "name": "schema-registry.authentication",
- "type": "enum",
- "subType": "authType",
- "mandatory": true,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Authentication Type",
- "defaultValue": "KERBEROS"
- },
-
- {
- "itemId": 3,
- "name": "commonNameForCertificate",
- "type": "string",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Ranger Plugin SSL CName"
- },
-
- {
- "itemId": 4,
- "name": "ranger.plugin.audit.filters",
- "type": "string",
- "subType": "",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Ranger Default Audit Filters",
- "defaultValue": "[]"
- }
-
+ "configs": [
+ { "itemId": 1, "name": "schema.registry.url", "type": "string", "mandatory": true, "label": "Schema Registry URL", "defaultValue": "" },
+ { "itemId": 2, "name": "schema-registry.authentication", "type": "enum", "mandatory": true, "label": "Authentication Type", "defaultValue": "KERBEROS", "subType": "authType" },
+ { "itemId": 3, "name": "commonNameForCertificate", "type": "string", "mandatory": false, "label": "Ranger Plugin SSL CName" },
+ { "itemId": 4, "name": "ranger.plugin.audit.filters", "type": "string", "mandatory": false, "label": "Ranger Default Audit Filters", "defaultValue": "[]" }
],
-
"enums":
[
{
- "itemId": 1,
- "name": "authType",
- "elements":
- [
- {
- "itemId": 1,
- "name": "NONE",
- "label": "None"
- },
- {
- "itemId": 2,
- "name": "KERBEROS",
- "label": "Kerberos"
- }
- ],
-
- "defaultIndex": 0
+ "itemId": 1, "name": "authType", "defaultIndex": 0,
+ "elements": [
+ { "itemId": 1, "name": "NONE", "label": "None" },
+ { "itemId": 2, "name": "KERBEROS", "label": "Kerberos" }
+ ]
}
],
-
- "contextEnrichers":
- [
-
- ],
-
"policyConditions":
[
-
{
- "itemId":1,
- "name":"ip-range",
- "evaluator":"org.apache.ranger.plugin.conditionevaluator.RangerIpMatcher",
- "evaluatorOptions":{
-
- },
- "validationRegEx":"",
- "validationMessage":"",
- "label":"IP Address Range",
- "description":"IP Address Range",
- "uiHint" : "{ \"isMultiValue\":true }"
+ "itemId": 1,
+ "name": "ip-range",
+ "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerIpMatcher",
+ "label": "IP Address Range",
+ "description": "IP Address Range",
+ "uiHint" : "{ \"isMultiValue\":true }"
}
-
]
}
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-solr.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-solr.json
index 315c03803d..e899b07789 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-solr.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-solr.json
@@ -1,199 +1,88 @@
{
- "id":8,
- "name":"solr",
- "displayName": "solr",
- "implClass":"org.apache.ranger.services.solr.RangerServiceSolr",
- "label":"SOLR",
- "description":"Solr",
- "resources":[
- {
- "itemId":100,
- "name":"collection",
- "type":"string",
- "level":10,
- "parent":"",
- "mandatory":true,
- "lookupSupported":true,
- "recursiveSupported":false,
- "excludesSupported":true,
- "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions":{
- "wildCard":true,
- "ignoreCase":true
- },
- "validationRegEx":"",
- "validationMessage":"",
- "uiHint":"",
- "label":"Solr Collection",
- "description":"Solr Collection"
- },
- {
- "itemId":101,
- "name":"config",
- "type":"string",
- "level":10,
- "parent":"",
- "mandatory":true,
- "lookupSupported":true,
- "recursiveSupported":false,
- "excludesSupported":true,
- "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions":{
- "wildCard":true,
- "ignoreCase":true
- },
- "validationRegEx":"",
- "validationMessage":"",
- "uiHint":"",
- "label":"Solr Config",
- "description":"Solr Config"
- },
- {
- "itemId":102,
- "name":"schema",
- "type":"string",
- "level":10,
- "parent":"",
- "mandatory":true,
- "lookupSupported":true,
- "recursiveSupported":false,
- "excludesSupported":true,
- "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions":{
- "wildCard":true,
- "ignoreCase":true
- },
- "validationRegEx":"",
- "validationMessage":"",
- "uiHint":"",
- "label":"Schema of a collection",
- "description":"The schema of a collection"
- },
- {
- "itemId":103,
- "name":"admin",
- "type":"string",
- "level":10,
- "parent":"",
- "mandatory":true,
- "lookupSupported":true,
- "recursiveSupported":false,
- "excludesSupported":true,
- "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions":{
- "wildCard":true,
- "ignoreCase":true
- },
- "validationRegEx":"",
- "validationMessage":"",
- "uiHint":"",
- "label":"Solr Admin",
- "description":"Solr Admin"
- }
-
- ],
- "accessTypes":[
- {
- "itemId":100,
- "name":"query",
- "label":"Query",
- "category": "READ"
- },
- {
- "itemId":200,
- "name":"update",
- "label":"Update",
- "category": "UPDATE"
- }
- ],
- "configs":[
- {
- "itemId":100,
- "name":"username",
- "type":"string",
- "mandatory":true,
- "validationRegEx":"",
- "validationMessage":"",
- "uiHint":"",
- "label":"Username"
- },
- {
- "itemId":200,
- "name":"password",
- "type":"password",
- "mandatory":true,
- "validationRegEx":"",
- "validationMessage":"",
- "uiHint":"",
- "label":"Password"
- },
- {
- "itemId":300,
- "name":"solr.zookeeper.quorum",
- "type":"string",
- "mandatory":false,
- "defaultValue":"",
- "validationRegEx":"",
- "validationMessage":"",
- "uiHint":"",
- "label":"Solr Zookeeper Quorum"
- },
- {
- "itemId":400,
- "name":"solr.url",
- "type":"string",
- "mandatory":true,
- "defaultValue":"",
- "validationRegEx":"",
- "validationMessage":"",
- "uiHint":"",
- "label":"Solr URL"
- },
- {
- "itemId":500,
- "name":"commonNameForCertificate",
- "type":"string",
- "mandatory":false,
- "validationRegEx":"",
- "validationMessage":"",
- "uiHint":"",
- "label":"Ranger Plugin SSL CName"
- },
-
- {
- "itemId":600,
- "name": "ranger.plugin.audit.filters",
- "type": "string",
- "subType": "",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Ranger Default Audit Filters",
- "defaultValue": "[ {'accessResult': 'DENIED', 'isAudited': true}, {'users':['hive','hdfs','kafka','hbase','solr','rangerraz','knox','atlas','yarn','impala'] ,'isAudited':false} ]"
- }
-
- ],
- "enums":[
-
- ],
- "contextEnrichers":[
-
- ],
- "policyConditions":[
- {
- "itemId":100,
- "name":"ip-range",
- "evaluator":"org.apache.ranger.plugin.conditionevaluator.RangerIpMatcher",
- "evaluatorOptions":{
-
- },
- "validationRegEx":"",
- "validationMessage":"",
- "label":"IP Address Range",
- "description":"IP Address Range",
- "uiHint" : "{ \"isMultiValue\":true }"
- }
-
- ]
-}
\ No newline at end of file
+ "id": 8,
+ "name": "solr",
+ "displayName": "solr",
+ "implClass": "org.apache.ranger.services.solr.RangerServiceSolr",
+ "label": "SOLR",
+ "description": "Solr",
+ "resources": [
+ {
+ "itemId": 100,
+ "name": "collection",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Solr Collection",
+ "description": "Solr Collection"
+ },
+ {
+ "itemId": 101,
+ "name": "config",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Solr Config",
+ "description": "Solr Config"
+ },
+ {
+ "itemId": 102,
+ "name": "schema",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Schema of a collection",
+ "description": "The schema of a collection"
+ },
+ {
+ "itemId": 103,
+ "name": "admin",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Solr Admin",
+ "description": "Solr Admin"
+ }
+ ],
+ "accessTypes":[
+ { "itemId":100, "name":"query", "label":"Query", "category": "READ" },
+ { "itemId":200, "name":"update", "label":"Update", "category": "UPDATE" }
+ ],
+ "configs":[
+ { "itemId": 100, "name": "username", "type": "string", "mandatory": true, "label": "Username" },
+ { "itemId": 200, "name": "password", "type": "password", "mandatory": true, "label": "Password" },
+ { "itemId": 300, "name": "solr.zookeeper.quorum", "type": "string", "mandatory": false, "label": "Solr Zookeeper Quorum", "defaultValue":"" },
+ { "itemId": 400, "name": "solr.url", "type": "string", "mandatory": true, "label": "Solr URL", "defaultValue":"" },
+ { "itemId": 500, "name": "commonNameForCertificate", "type": "string", "mandatory": false, "label": "Ranger Plugin SSL CName" },
+ { "itemId": 600, "name": "ranger.plugin.audit.filters", "type": "string", "mandatory": false, "label": "Ranger Default Audit Filters", "defaultValue": "[ {'accessResult': 'DENIED', 'isAudited': true}, {'users':['hive','hdfs','kafka','hbase','solr','rangerraz','knox','atlas','yarn','impala'] ,'isAudited':false} ]" }
+ ],
+ "policyConditions":[
+ {
+ "itemId": 100,
+ "name": "ip-range",
+ "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerIpMatcher",
+ "label": "IP Address Range",
+ "description": "IP Address Range",
+ "uiHint": "{ \"isMultiValue\":true }"
+ }
+ ]
+}
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-sqoop.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-sqoop.json
index edbb619b2b..1085053b07 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-sqoop.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-sqoop.json
@@ -1,139 +1,61 @@
{
- "id":14,
- "name": "sqoop",
- "displayName": "sqoop",
- "implClass": "org.apache.ranger.services.sqoop.RangerServiceSqoop",
- "label": "SQOOP",
- "description": "SQOOP",
- "guid": "6c63d385-5876-4a4c-ac4a-3b99b50ed600",
- "resources":
- [
- {
- "itemId": 1,
- "name": "connector",
- "type": "string",
- "level": 10,
- "parent": "",
- "mandatory": true,
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": { "wildCard":true, "ignoreCase":true},
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Connector",
- "description": "Sqoop Connector"
- },
-
- {
- "itemId": 2,
- "name": "link",
- "type": "string",
- "level": 10,
- "parent": "",
- "mandatory": true,
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": { "wildCard":true, "ignoreCase":true},
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Link",
- "description": "Sqoop Link"
- },
-
- {
- "itemId": 3,
- "name": "job",
- "type": "string",
- "level": 10,
- "parent": "",
- "mandatory": true,
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": { "wildCard":true, "ignoreCase":true},
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Job",
- "description": "Sqoop Job"
- }
- ],
-
- "accessTypes":
- [
- {
- "itemId": 1,
- "name": "READ",
- "label": "READ",
- "category": "READ"
- },
-
- {
- "itemId": 2,
- "name": "WRITE",
- "label": "WRITE",
- "category": "UPDATE"
- }
- ],
-
- "configs":
- [
- {
- "itemId": 1,
- "name": "username",
- "type": "string",
- "mandatory": true,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Username"
- },
-
- {
- "itemId": 2,
- "name": "sqoop.url",
- "type": "string",
- "mandatory": true,
- "defaultValue": "",
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"{\"TextFieldWithIcon\":true, \"info\": \"eg. 'http://<ipaddr>:12000'\"}",
- "label": "Sqoop URL"
- },
-
- {
- "itemId": 3,
- "name": "commonNameForCertificate",
- "type": "string",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Common Name for Certificate"
- }
-
- ],
- "options": { "enableDenyAndExceptionsInPolicies": "false" },
-
- "enums":
- [
-
- ],
-
- "contextEnrichers":
- [
-
- ],
-
- "policyConditions":
- [
-
- ]
+ "id": 14,
+ "name": "sqoop",
+ "displayName": "sqoop",
+ "implClass": "org.apache.ranger.services.sqoop.RangerServiceSqoop",
+ "label": "SQOOP",
+ "description": "SQOOP",
+ "guid": "6c63d385-5876-4a4c-ac4a-3b99b50ed600",
+ "options": { "enableDenyAndExceptionsInPolicies": "false" },
+ "resources":
+ [
+ {
+ "itemId": 1,
+ "name": "connector",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Connector",
+ "description": "Sqoop Connector"
+ },
+ {
+ "itemId": 2,
+ "name": "link",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Link",
+ "description": "Sqoop Link"
+ },
+ {
+ "itemId": 3,
+ "name": "job",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Job",
+ "description": "Sqoop Job"
+ }
+ ],
+ "accessTypes": [
+ { "itemId": 1, "name": "READ", "label": "READ", "category": "READ" },
+ { "itemId": 2, "name": "WRITE", "label": "WRITE", "category": "UPDATE" }
+ ],
+ "configs": [
+ { "itemId": 1, "name": "username", "type": "string", "mandatory": true, "label": "Username" },
+ { "itemId": 2, "name": "sqoop.url", "type": "string", "mandatory": true, "label": "Sqoop URL", "defaultValue": "", "uiHint": "{\"TextFieldWithIcon\":true, \"info\": \"eg. 'http://<ipaddr>:12000'\"}" },
+ { "itemId": 3, "name": "commonNameForCertificate", "type": "string", "mandatory": false, "label": "Common Name for Certificate" }
+ ]
}
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-storm.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-storm.json
index cbe8812c83..172a363696 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-storm.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-storm.json
@@ -1,184 +1,45 @@
{
- "id":6,
- "name": "storm",
- "displayName": "storm",
- "implClass": "org.apache.ranger.services.storm.RangerServiceStorm",
- "label": "Storm",
- "description": "Storm",
- "guid": "2a60f427-edcf-4e20-834c-a9a267b5b963",
- "resources":
- [
- {
- "itemId": 1,
- "name": "topology",
- "type": "string",
- "level": 10,
- "mandatory": true,
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": { "wildCard":true, "ignoreCase":false },
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Storm Topology",
- "description": "Storm Topology"
- }
- ],
-
- "accessTypes":
- [
- {
- "itemId": 1,
- "name": "submitTopology",
- "label": "Submit Topology",
- "category": "UPDATE",
- "impliedGrants":
- [
- "fileUpload",
- "fileDownload"
- ]
- },
-
- {
- "itemId": 2,
- "name": "fileUpload",
- "label": "File Upload",
- "category": "UPDATE"
- },
-
- {
- "itemId": 5,
- "name": "fileDownload",
- "label": "File Download",
- "category": "READ"
- },
-
- {
- "itemId": 6,
- "name": "killTopology",
- "label": "Kill Topology",
- "category": "MANAGE"
- },
-
- {
- "itemId": 7,
- "name": "rebalance",
- "label": "Rebalance",
- "category": "MANAGE"
- },
-
- {
- "itemId": 8,
- "name": "activate",
- "label": "Activate",
- "category": "MANAGE"
- },
-
- {
- "itemId": 9,
- "name": "deactivate",
- "label": "Deactivate",
- "category": "MANAGE"
- },
-
- {
- "itemId": 10,
- "name": "getTopologyConf",
- "label": "Get Topology Conf",
- "category": "READ"
- },
-
- {
- "itemId": 11,
- "name": "getTopology",
- "label": "Get Topology",
- "category": "READ"
- },
-
- {
- "itemId": 12,
- "name": "getUserTopology",
- "label": "Get User Topology",
- "category": "READ"
- },
-
- {
- "itemId": 13,
- "name": "getTopologyInfo",
- "label": "Get Topology Info",
- "category": "READ"
- },
-
- {
- "itemId": 14,
- "name": "uploadNewCredentials",
- "label": "Upload New Credential",
- "category": "MANAGE"
- }
- ],
-
- "configs":
- [
- {
- "itemId": 1,
- "name": "username",
- "type": "string",
- "mandatory": true,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Username"
- },
-
- {
- "itemId": 2,
- "name": "password",
- "type": "password",
- "mandatory": true,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Password"
- },
-
- {
- "itemId": 3,
- "name": "nimbus.url",
- "type": "string",
- "mandatory": true,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Nimbus URL",
- "defaultValue": ""
- },
-
- {
- "itemId": 4,
- "name": "commonNameForCertificate",
- "type": "string",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Common Name for Certificate"
- }
- ],
-
- "enums":
- [
-
- ],
-
- "contextEnrichers":
- [
-
- ],
-
- "policyConditions":
- [
-
- ]
+ "id": 6,
+ "name": "storm",
+ "displayName": "storm",
+ "implClass": "org.apache.ranger.services.storm.RangerServiceStorm",
+ "label": "Storm",
+ "description": "Storm",
+ "guid": "2a60f427-edcf-4e20-834c-a9a267b5b963",
+ "resources": [
+ {
+ "itemId": 1,
+ "name": "topology",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
+ "excludesSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard":true, "ignoreCase":false },
+ "label": "Storm Topology",
+ "description": "Storm Topology"
+ }
+ ],
+ "accessTypes": [
+ { "itemId": 1, "name": "submitTopology", "label": "Submit Topology", "category": "UPDATE", "impliedGrants": [ "fileUpload", "fileDownload" ] },
+ { "itemId": 2, "name": "fileUpload", "label": "File Upload", "category": "UPDATE" },
+ { "itemId": 5, "name": "fileDownload", "label": "File Download", "category": "READ" },
+ { "itemId": 6, "name": "killTopology", "label": "Kill Topology", "category": "MANAGE" },
+ { "itemId": 7, "name": "rebalance", "label": "Rebalance", "category": "MANAGE" },
+ { "itemId": 8, "name": "activate", "label": "Activate", "category": "MANAGE" },
+ { "itemId": 9, "name": "deactivate", "label": "Deactivate", "category": "MANAGE" },
+ { "itemId": 10, "name": "getTopologyConf", "label": "Get Topology Conf", "category": "READ" },
+ { "itemId": 11, "name": "getTopology", "label": "Get Topology", "category": "READ" },
+ { "itemId": 12, "name": "getUserTopology", "label": "Get User Topology", "category": "READ" },
+ { "itemId": 13, "name": "getTopologyInfo", "label": "Get Topology Info", "category": "READ" },
+ { "itemId": 14, "name": "uploadNewCredentials", "label": "Upload New Credential", "category": "MANAGE" }
+ ],
+ "configs": [
+ { "itemId": 1, "name": "username", "type": "string", "mandatory": true, "label": "Username" },
+ { "itemId": 2, "name": "password", "type": "password", "mandatory": true, "label": "Password" },
+ { "itemId": 3, "name": "nimbus.url", "type": "string", "mandatory": true, "label": "Nimbus URL", "defaultValue": "" },
+ { "itemId": 4, "name": "commonNameForCertificate", "type": "string", "mandatory": false, "label": "Common Name for Certificate" }
+ ]
}
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-tag.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-tag.json
index add29feed4..e8526dfff9 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-tag.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-tag.json
@@ -1,95 +1,64 @@
{
- "id":100,
- "name": "tag",
+ "id": 100,
+ "name": "tag",
"displayName": "tag",
- "implClass": "org.apache.ranger.services.tag.RangerServiceTag",
- "label": "TAG",
+ "implClass": "org.apache.ranger.services.tag.RangerServiceTag",
+ "label": "TAG",
"description": "TAG Service Definition",
- "guid": "0d047248-baff-4cf9-8e9e-d5d377284b2e",
- "options":
- {
- "ui.pages":"tag-based-policies"
- },
- "resources":
- [
+ "guid": "0d047248-baff-4cf9-8e9e-d5d377284b2e",
+ "options": { "ui.pages":"tag-based-policies" },
+ "resources": [
{
- "itemId":1,
- "name": "tag",
- "type": "string",
- "level": 1,
- "parent": "",
- "mandatory": true,
+ "itemId": 1,
+ "name": "tag",
+ "type": "string",
+ "level": 1,
+ "parent": "",
+ "mandatory": true,
"lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": { "wildCard":false, "ignoreCase":false },
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"{ \"singleValue\":true }",
- "label": "TAG",
- "description": "TAG"
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": false, "ignoreCase": false },
+ "uiHint": "{ \"singleValue\":true }",
+ "label": "TAG",
+ "description": "TAG"
}
],
-
- "accessTypes":
- [
-
+ "accessTypes": [
],
-
- "configs":
- [
- {
- "itemId":1,
- "name": "ranger.plugin.audit.filters",
- "type": "string",
- "subType": "",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Ranger Default Audit Filters",
- "defaultValue": "[ {'accessResult': 'DENIED', 'isAudited': true} ]"
- }
- ],
-
- "enums":
- [
-
+ "configs": [
+ { "itemId":1, "name": "ranger.plugin.audit.filters", "type": "string", "mandatory": false, "label": "Ranger Default Audit Filters", "defaultValue": "[ {'accessResult': 'DENIED', 'isAudited': true} ]" }
],
-
"contextEnrichers":
[
{
- "itemId": 1,
- "name" : "TagEnricher",
+ "itemId": 1,
+ "name" : "TagEnricher",
"enricher" : "org.apache.ranger.plugin.contextenricher.RangerTagEnricher",
"enricherOptions" : {
- "tagRetrieverClassName": "org.apache.ranger.plugin.contextenricher.RangerAdminTagRetriever",
+ "tagRetrieverClassName": "org.apache.ranger.plugin.contextenricher.RangerAdminTagRetriever",
"tagRefresherPollingInterval": 60000
}
}
],
-
"policyConditions":
[
{
- "itemId":1,
- "name":"accessed-after-expiry",
- "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerScriptTemplateConditionEvaluator",
- "evaluatorOptions" : { "scriptTemplate":"ctx.isAccessedAfter('expiry_date');" },
- "uiHint": "{ \"singleValue\":true }",
- "label":"Accessed after expiry_date (yes/no)?",
- "description": "Accessed after expiry_date? (yes/no)"
+ "itemId": 1,
+ "name": "accessed-after-expiry",
+ "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerScriptTemplateConditionEvaluator",
+ "evaluatorOptions": { "scriptTemplate":"ctx.isAccessedAfter('expiry_date');" },
+ "uiHint": "{ \"singleValue\":true }",
+ "label": "Accessed after expiry_date (yes/no)?",
+ "description": "Accessed after expiry_date? (yes/no)"
},
{
- "itemId":2,
- "name":"expression",
- "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerScriptConditionEvaluator",
- "evaluatorOptions" : {"engineName":"JavaScript", "ui.isMultiline":"true"},
- "label":"Enter boolean expression",
- "description": "Boolean expression",
- "uiHint" : "{ \"isMultiline\":true }"
+ "itemId": 2,
+ "name": "expression",
+ "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerScriptConditionEvaluator",
+ "evaluatorOptions" : { "engineName":"JavaScript", "ui.isMultiline":"true" },
+ "label": "Enter boolean expression",
+ "description": "Boolean expression",
+ "uiHint": "{ \"isMultiline\":true }"
}
]
}
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-trino.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-trino.json
index 352b26f101..bc2bd5f2c2 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-trino.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-trino.json
@@ -8,594 +8,305 @@
"guid": "379a9fe5-1b6e-4091-a584-4890e245e6c1",
"resources": [
{
- "itemId": 1,
- "name": "catalog",
- "type": "string",
- "level": 10,
- "parent": "",
- "mandatory": true,
- "isValidLeaf": true,
- "lookupSupported": true,
- "recursiveSupported": false,
+ "itemId": 1,
+ "name": "catalog",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "isValidLeaf": true,
+ "lookupSupported": true,
"excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": true,
- "ignoreCase": true
- },
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Trino Catalog",
- "description": "Trino Catalog"
- },
- {
- "itemId": 2,
- "name": "schema",
- "type": "string",
- "level": 20,
- "parent": "catalog",
- "mandatory": true,
- "isValidLeaf": true,
- "lookupSupported": true,
- "recursiveSupported": false,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Trino Catalog",
+ "description": "Trino Catalog"
+ },
+ {
+ "itemId": 2,
+ "name": "schema",
+ "parent": "catalog",
+ "level": 20,
+ "type": "string",
+ "mandatory": true,
+ "isValidLeaf": true,
+ "lookupSupported": true,
"excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": true,
- "ignoreCase": true
- },
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Trino Schema",
- "description": "Trino Schema"
- },
- {
- "itemId": 3,
- "name": "table",
- "type": "string",
- "level": 30,
- "parent": "schema",
- "mandatory": true,
- "isValidLeaf": true,
- "lookupSupported": true,
- "recursiveSupported": false,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Trino Schema",
+ "description": "Trino Schema"
+ },
+ {
+ "itemId": 3,
+ "name": "table",
+ "parent": "schema",
+ "level": 30,
+ "type": "string",
+ "mandatory": true,
+ "isValidLeaf": true,
+ "lookupSupported": true,
"excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": true,
- "ignoreCase": true
- },
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Trino Table",
- "description": "Trino Table"
- },
- {
- "itemId": 4,
- "name": "column",
- "type": "string",
- "level": 40,
- "parent": "table",
- "mandatory": true,
- "lookupSupported": true,
- "recursiveSupported": false,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Trino Table",
+ "description": "Trino Table"
+ },
+ {
+ "itemId": 4,
+ "name": "column",
+ "parent": "table",
+ "level": 40,
+ "type": "string",
+ "mandatory": true,
+ "lookupSupported": true,
"excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": true,
- "ignoreCase": true
- },
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Trino Column",
- "description": "Trino Column"
- },
- {
- "itemId": 5,
- "name": "trinouser",
- "type": "string",
- "level": 10,
- "parent": "",
- "mandatory": true,
- "lookupSupported": false,
- "recursiveSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": true,
- "ignoreCase": true
- },
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Trino User",
- "description": "Trino User",
- "accessTypeRestrictions": ["impersonate"]
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Trino Column",
+ "description": "Trino Column"
+ },
+ {
+ "itemId": 5,
+ "name": "trinouser",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Trino User",
+ "description": "Trino User",
+ "accessTypeRestrictions": [
+ "impersonate"
+ ]
},
{
- "itemId": 6,
- "name": "systemproperty",
- "type": "string",
- "level": 10,
- "parent": "",
- "mandatory": true,
- "lookupSupported": false,
- "recursiveSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": true,
- "ignoreCase": true
- },
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "System Property",
- "description": "Trino System Property",
- "accessTypeRestrictions": ["alter"]
+ "itemId": 6,
+ "name": "systemproperty",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "System Property",
+ "description": "Trino System Property",
+ "accessTypeRestrictions": [
+ "alter"
+ ]
},
{
- "itemId": 7,
- "name": "sessionproperty",
- "type": "string",
- "level": 20,
- "parent": "catalog",
- "mandatory": true,
- "lookupSupported": false,
- "recursiveSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": true,
- "ignoreCase": true
- },
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Catalog Session Property",
- "description": "Trino Catalog Session Property",
- "accessTypeRestrictions": ["alter"]
+ "itemId": 7,
+ "name": "sessionproperty",
+ "parent": "catalog",
+ "level": 20,
+ "type": "string",
+ "mandatory": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Catalog Session Property",
+ "description": "Trino Catalog Session Property",
+ "accessTypeRestrictions": [
+ "alter"
+ ]
},
{
- "itemId": 8,
- "name": "function",
- "type": "string",
- "level": 10,
- "parent": "",
- "mandatory": true,
- "lookupSupported": false,
- "recursiveSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": true,
- "ignoreCase": true
- },
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Trino Function",
- "description": "Trino Function",
- "accessTypeRestrictions": ["execute", "grant"]
+ "itemId": 8,
+ "name": "function",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Trino Function",
+ "description": "Trino Function",
+ "accessTypeRestrictions": [
+ "execute", "grant"
+ ]
},
{
- "itemId": 9,
- "name": "procedure",
- "type": "string",
- "level": 30,
- "parent": "schema",
- "mandatory": true,
- "lookupSupported": false,
- "recursiveSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": true,
- "ignoreCase": true
- },
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Schema Procedure",
- "description": "Schema Procedure",
- "accessTypeRestrictions": ["execute", "grant"]
+ "itemId": 9,
+ "name": "procedure",
+ "parent": "schema",
+ "level": 30,
+ "type": "string",
+ "mandatory": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Schema Procedure",
+ "description": "Schema Procedure",
+ "accessTypeRestrictions": [
+ "execute", "grant"
+ ]
},
{
- "itemId": 10,
- "name": "schemafunction",
- "type": "string",
- "level": 30,
- "parent": "schema",
- "mandatory": true,
- "lookupSupported": false,
- "recursiveSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": { "wildCard": true, "ignoreCase": true },
- "label": "Schema Function",
- "description": "Schema Function",
- "accessTypeRestrictions": [ "create", "drop", "show" ]
+ "itemId": 10,
+ "name": "schemafunction",
+ "parent": "schema",
+ "level": 30,
+ "type": "string",
+ "mandatory": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Schema Function",
+ "description": "Schema Function",
+ "accessTypeRestrictions": [
+ "create", "drop", "show"
+ ]
},
{
- "itemId": 11,
- "name": "queryid",
- "type": "string",
- "level": 10,
- "parent": "",
- "mandatory": true,
- "lookupSupported": false,
- "recursiveSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": { "wildCard": true, "ignoreCase": true },
- "label": "Query ID",
- "description": "Query ID",
- "accessTypeRestrictions": [ "execute" ]
+ "itemId": 11,
+ "name": "queryid",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Query ID",
+ "description": "Query ID",
+ "accessTypeRestrictions": [
+ "execute"
+ ]
},
{
- "itemId": 12,
- "name": "sysinfo",
- "type": "string",
- "level": 10,
- "parent": "",
- "mandatory": true,
- "lookupSupported": false,
- "recursiveSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": { "wildCard": true, "ignoreCase": true },
- "label": "System Information",
- "description": "Trino System Information",
- "accessTypeRestrictions": [ "read_sysinfo", "write_sysinfo" ]
+ "itemId": 12,
+ "name": "sysinfo",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "System Information",
+ "description": "Trino System Information",
+ "accessTypeRestrictions": [
+ "read_sysinfo", "write_sysinfo"
+ ]
},
{
- "itemId": 13,
- "name": "role",
- "type": "string",
- "level": 10,
- "parent": "",
- "mandatory": true,
- "lookupSupported": false,
- "recursiveSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": { "wildCard": true, "ignoreCase": true },
- "label": "Role",
- "description": "Trino Role",
- "accessTypeRestrictions": [ "create", "drop", "show", "grant", "revoke" ]
+ "itemId": 13,
+ "name": "role",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": true },
+ "label": "Role",
+ "description": "Trino Role",
+ "accessTypeRestrictions": [
+ "create", "drop", "show", "grant", "revoke"
+ ]
}
],
"accessTypes": [
- {
- "itemId": 1,
- "name": "select",
- "label": "Select",
- "category": "READ"
- },
- {
- "itemId": 2,
- "name": "insert",
- "label": "Insert",
- "category": "UPDATE"
- },
- {
- "itemId": 3,
- "name": "create",
- "label": "Create",
- "category": "CREATE"
- },
- {
- "itemId": 4,
- "name": "drop",
- "label": "Drop",
- "category": "DELETE"
- },
- {
- "itemId": 5,
- "name": "delete",
- "label": "Delete",
- "category": "DELETE"
- },
- {
- "itemId": 6,
- "name": "use",
- "label": "Use",
- "category": "READ"
- },
- {
- "itemId": 7,
- "name": "alter",
- "label": "Alter",
- "category": "CREATE"
- },
- {
- "itemId": 8,
- "name": "grant",
- "label": "Grant",
- "category": "MANAGE"
- },
- {
- "itemId": 9,
- "name": "revoke",
- "label": "Revoke",
- "category": "MANAGE"
- },
- {
- "itemId": 10,
- "name": "show",
- "label": "Show",
- "category": "READ"
- },
- {
- "itemId": 11,
- "name": "impersonate",
- "label": "Impersonate",
- "category": "READ"
- },
- {
- "itemId": 12,
- "name": "all",
- "label": "All",
- "impliedGrants": [
- "select",
- "insert",
- "create",
- "delete",
- "drop",
- "use",
- "alter",
- "grant",
- "revoke",
- "show",
- "impersonate",
- "execute",
- "read_sysinfo",
- "write_sysinfo"
- ]
- },
- {
- "itemId": 13,
- "name": "execute",
- "label": "Execute",
- "category": "READ"
- },
- {
- "itemId": 14,
- "name": "read_sysinfo",
- "label": "Read System Information",
- "category": "MANAGE"
- },
- {
- "itemId": 15,
- "name": "write_sysinfo",
- "label": "Write System Information",
- "category": "MANAGE"
+ { "itemId": 1, "name": "select", "label": "Select", "category": "READ" },
+ { "itemId": 2, "name": "insert", "label": "Insert", "category": "UPDATE" },
+ { "itemId": 3, "name": "create", "label": "Create", "category": "CREATE" },
+ { "itemId": 4, "name": "drop", "label": "Drop", "category": "DELETE" },
+ { "itemId": 5, "name": "delete", "label": "Delete", "category": "DELETE" },
+ { "itemId": 6, "name": "use", "label": "Use", "category": "READ" },
+ { "itemId": 7, "name": "alter", "label": "Alter", "category": "CREATE" },
+ { "itemId": 8, "name": "grant", "label": "Grant", "category": "MANAGE" },
+ { "itemId": 9, "name": "revoke", "label": "Revoke", "category": "MANAGE" },
+ { "itemId": 10, "name": "show", "label": "Show", "category": "READ" },
+ { "itemId": 11, "name": "impersonate", "label": "Impersonate", "category": "READ" },
+ { "itemId": 13, "name": "execute", "label": "Execute", "category": "READ" },
+ { "itemId": 14, "name": "read_sysinfo", "label": "Read System Information", "category": "MANAGE" },
+ { "itemId": 15, "name": "write_sysinfo", "label": "Write System Information", "category": "MANAGE" },
+ { "itemId": 12, "name": "all", "label": "All", "impliedGrants": [
+ "select", "insert", "create", "delete", "drop", "use", "alter", "grant", "revoke", "show", "impersonate", "execute", "read_sysinfo", "write_sysinfo" ]
}
],
"configs": [
- {
- "itemId": 1,
- "name": "username",
- "type": "string",
- "mandatory": true,
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Username"
- },
- {
- "itemId": 2,
- "name": "password",
- "type": "password",
- "mandatory": false,
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Password"
- },
- {
- "itemId": 3,
- "name": "jdbc.driverClassName",
- "type": "string",
- "mandatory": true,
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "defaultValue": "io.trino.jdbc.TrinoDriver"
- },
- {
- "itemId": 4,
- "name": "jdbc.url",
- "type": "string",
- "mandatory": true,
- "defaultValue": "",
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": ""
- },
- {
- "itemId": 5,
- "name": "ranger.plugin.audit.filters",
- "type": "string",
- "defaultValue": "[{'accessResult':'DENIED','isAudited':true},{'isAudited':false,'resources':{'queryid':{'values':['*']}},'accessTypes':['execute']},{'isAudited':false,'resources':{'trinouser':{'values':['{USER}']}},'accessTypes':['impersonate']}]"
- },
- {
- "itemId": 6,
- "name": "ranger.plugin.super.users",
- "label": "Superusers",
- "description": "Superusers will have full access to all resources in this Trino instance",
- "type": "string",
- "defaultValue": "trino"
- },
- {
- "itemId": 7,
- "name": "ranger.plugin.super.groups",
- "label": "Superuser groups",
- "description": "Users in superuser groups will have full access to all resources in this Trino instance",
- "type": "string",
- "defaultValue": "trino"
- },
- {
- "itemId": 8,
- "name": "service.admin.users",
- "label": "Service admin users",
- "description": "Service admin users can create policies for any resource in this Trino instance",
- "type": "string",
- "defaultValue": "trino"
- },
- {
- "itemId": 9,
- "name": "service.admin.groups",
- "label": "Service admin usergroups",
- "description": "Users in service admin usergroups can create policies for any resource in this Trino instance",
- "type": "string",
- "defaultValue": "trino"
- }
- ],
- "enums": [
- ],
- "contextEnrichers": [
- ],
- "policyConditions":
- [
+ { "itemId": 1, "name": "username", "type": "string", "mandatory": true, "label": "Username" },
+ { "itemId": 2, "name": "password", "type": "password", "mandatory": false, "label": "Password" },
+ { "itemId": 3, "name": "jdbc.driverClassName", "type": "string", "defaultValue": "io.trino.jdbc.TrinoDriver", "mandatory": true },
+ { "itemId": 4, "name": "jdbc.url", "type": "string", "defaultValue": "", "mandatory": true },
+ { "itemId": 5, "name": "ranger.plugin.audit.filters", "type": "string", "defaultValue": "[{'accessResult':'DENIED','isAudited':true},{'isAudited':false,'resources':{'queryid':{'values':['*']}},'accessTypes':['execute']},{'isAudited':false,'resources':{'trinouser':{'values':['{USER}']}},'accessTypes':['impersonate']}]" },
+ { "itemId": 6, "name": "ranger.plugin.super.users", "type": "string", "defaultValue": "trino", "label": "Superusers", "description": "Superusers will have full access to all resources in this Trino instance" },
+ { "itemId": 7, "name": "ranger.plugin.super.groups", "type": "string", "defaultValue": "trino", "label": "Superuser groups", "description": "Users in superuser groups will have full access to all resources in this Trino instance" },
+ { "itemId": 8, "name": "service.admin.users", "type": "string", "defaultValue": "trino", "label": "Service admin users", "description": "Service admin users can create policies for any resource in this Trino instance" },
+ { "itemId": 9, "name": "service.admin.groups", "type": "string", "defaultValue": "trino", "label": "Service admin usergroups", "description": "Users in service admin usergroups can create policies for any resource in this Trino instance" }
],
"dataMaskDef": {
"accessTypes": [
- {
- "name": "select"
- }
+ { "name": "select" }
],
"resources": [
- {
- "name": "catalog",
- "matcherOptions": {
- "wildCard": "true"
- },
- "lookupSupported": true,
- "uiHint":"{ \"singleValue\":true }"
- },
- {
- "name": "schema",
- "matcherOptions": {
- "wildCard": "true"
- },
- "lookupSupported": true,
- "uiHint":"{ \"singleValue\":true }"
- },
- {
- "name": "table",
- "matcherOptions": {
- "wildCard": "true"
- },
- "lookupSupported": true,
- "uiHint":"{ \"singleValue\":true }"
- },
- {
- "name": "column",
- "matcherOptions": {
- "wildCard": "true"
- },
- "lookupSupported": true,
- "uiHint":"{ \"singleValue\":true }"
- }
+ { "name": "catalog", "matcherOptions": { "wildCard": "true" }, "lookupSupported": true, "uiHint":"{ \"singleValue\":true }" },
+ { "name": "schema", "matcherOptions": { "wildCard": "true" }, "lookupSupported": true, "uiHint":"{ \"singleValue\":true }" },
+ { "name": "table", "matcherOptions": { "wildCard": "true" }, "lookupSupported": true, "uiHint":"{ \"singleValue\":true }" },
+ { "name": "column", "matcherOptions": { "wildCard": "true" }, "lookupSupported": true, "uiHint":"{ \"singleValue\":true }" }
],
"maskTypes": [
{
- "itemId": 1,
- "name": "MASK",
- "label": "Redact",
- "description": "Replace lowercase with 'x', uppercase with 'X', digits with '0'",
- "transformer": "cast(regexp_replace(regexp_replace(regexp_replace({col},'([A-Z])', 'X'),'([a-z])','x'),'([0-9])','0') as {type})",
- "dataMaskOptions": {
- }
+ "itemId": 1,
+ "name": "MASK",
+ "label": "Redact",
+ "description": "Replace lowercase with 'x', uppercase with 'X', digits with '0'",
+ "transformer": "cast(regexp_replace(regexp_replace(regexp_replace({col},'([A-Z])', 'X'),'([a-z])','x'),'([0-9])','0') as {type})",
+ "dataMaskOptions": { }
},
{
- "itemId": 2,
- "name": "MASK_SHOW_LAST_4",
- "label": "Partial mask: show last 4",
+ "itemId": 2,
+ "name": "MASK_SHOW_LAST_4",
+ "label": "Partial mask: show last 4",
"description": "Show last 4 characters; replace rest with 'X'",
"transformer": "cast(regexp_replace({col}, '(.*)(.{4}$)', x -> regexp_replace(x[1], '.', 'X') || x[2]) as {type})"
},
{
- "itemId": 3,
- "name": "MASK_SHOW_FIRST_4",
- "label": "Partial mask: show first 4",
+ "itemId": 3,
+ "name": "MASK_SHOW_FIRST_4",
+ "label": "Partial mask: show first 4",
"description": "Show first 4 characters; replace rest with 'x'",
"transformer": "cast(regexp_replace({col}, '(^.{4})(.*)', x -> x[1] || regexp_replace(x[2], '.', 'X')) as {type})"
},
{
- "itemId": 4,
- "name": "MASK_HASH",
- "label": "Hash",
+ "itemId": 4,
+ "name": "MASK_HASH",
+ "label": "Hash",
"description": "Hash the value of a varchar with sha256",
"transformer": "cast(to_hex(sha256(to_utf8({col}))) as {type})"
},
{
- "itemId": 5,
- "name": "MASK_NULL",
- "label": "Nullify",
+ "itemId": 5,
+ "name": "MASK_NULL",
+ "label": "Nullify",
"description": "Replace with NULL"
},
{
- "itemId": 6,
- "name": "MASK_NONE",
- "label": "Unmasked (retain original value)",
+ "itemId": 6,
+ "name": "MASK_NONE",
+ "label": "Unmasked (retain original value)",
"description": "No masking"
},
{
- "itemId": 12,
- "name": "MASK_DATE_SHOW_YEAR",
- "label": "Date: show only year",
+ "itemId": 12,
+ "name": "MASK_DATE_SHOW_YEAR",
+ "label": "Date: show only year",
"description": "Date: show only year",
"transformer": "date_trunc('year', {col})"
},
{
- "itemId": 13,
- "name": "CUSTOM",
- "label": "Custom",
+ "itemId": 13,
+ "name": "CUSTOM",
+ "label": "Custom",
"description": "Custom"
}
]
},
"rowFilterDef": {
"accessTypes": [
- {
- "name": "select"
- }
+ { "name": "select" }
],
"resources": [
- {
- "name": "catalog",
- "matcherOptions": {
- "wildCard": "true"
- },
- "lookupSupported": true,
- "mandatory": true,
- "uiHint": "{ \"singleValue\":true }"
- },
- {
- "name": "schema",
- "matcherOptions": {
- "wildCard": "true"
- },
- "lookupSupported": true,
- "mandatory": true,
- "uiHint": "{ \"singleValue\":true }"
- },
- {
- "name": "table",
- "matcherOptions": {
- "wildCard": "true"
- },
- "lookupSupported": true,
- "mandatory": true,
- "uiHint": "{ \"singleValue\":true }"
- }
+ { "name": "catalog", "matcherOptions": { "wildCard": "true" }, "lookupSupported": true, "mandatory": true, "uiHint": "{ \"singleValue\":true }" },
+ { "name": "schema", "matcherOptions": { "wildCard": "true" }, "lookupSupported": true, "mandatory": true, "uiHint": "{ \"singleValue\":true }" },
+ { "name": "table", "matcherOptions": { "wildCard": "true" }, "lookupSupported": true, "mandatory": true, "uiHint": "{ \"singleValue\":true }" }
]
}
-
}
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-wasb.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-wasb.json
index b8e55c8a40..5f416aa0bc 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-wasb.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-wasb.json
@@ -1,109 +1,60 @@
{
- "id":101,
- "name": "wasb",
+ "id": 101,
+ "name": "wasb",
"displayName": "wasb",
- "implClass": "",
- "label": "WASB File System",
+ "implClass": "",
+ "label": "WASB File System",
"description": "Ranger plugin for WASB File System",
- "guid":"",
+ "guid": "",
+ "options": { "enableDenyAndExceptionsInPolicies": "true" },
"resources": [
{
- "itemId":1,
- "name": "storageaccount",
- "type": "string",
- "parent": "",
- "level":10,
- "mandatory": true,
- "lookupSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {"wildCard":true, "ignoreCase":false},
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Storage Account",
- "description": "Storage Account for the Path"
+ "itemId": 1,
+ "name": "storageaccount",
+ "parent": "",
+ "level": 10,
+ "type": "string",
+ "mandatory": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": false },
+ "label": "Storage Account",
+ "description": "Storage Account for the Path"
},
{
- "itemId":2,
- "name": "container",
- "type": "string",
- "parent": "storageaccount",
- "level":20,
- "mandatory": true,
- "lookupSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {"wildCard":true, "ignoreCase":false},
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Storage Account Container",
- "description": "Storage Account Container for the Path"
+ "itemId": 2,
+ "name": "container",
+ "parent": "storageaccount",
+ "level": 20,
+ "type": "string",
+ "mandatory": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": false },
+ "label": "Storage Account Container",
+ "description": "Storage Account Container for the Path"
},
{
- "itemId":3,
- "name": "relativepath",
- "type": "path",
- "parent": "container",
- "level":30,
- "mandatory": true,
- "lookupSupported": true,
+ "itemId": 3,
+ "name": "relativepath",
+ "parent": "container",
+ "level": 30,
+ "type": "path",
+ "mandatory": true,
+ "lookupSupported": true,
"recursiveSupported": true,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
- "matcherOptions": {"wildCard":true, "ignoreCase":false},
- "validationRegEx":"^[/*]$|^\/.*?[^\/]$",
- "validationMessage": "Relative Path must not end with a slash",
- "uiHint":"",
- "label": "Relative Path",
- "description": "Relative Path inside Storage Account Container"
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
+ "matcherOptions": { "wildCard": true, "ignoreCase": false },
+ "validationRegEx": "^[/*]$|^\/.*?[^\/]$",
+ "validationMessage": "Relative Path must not end with a slash",
+ "label": "Relative Path",
+ "description": "Relative Path inside Storage Account Container"
}
],
-
- "accessTypes":
- [
- {
- "itemId": 1,
- "name": "read",
- "label": "Read",
- "category": "READ"
- },
-
- {
- "itemId": 2,
- "name": "write",
- "label": "Write",
- "category": "UPDATE"
- }
- ],
-
- "configs":
- [
- {
- "itemId": 1,
- "name": "username",
- "type": "string",
- "subType": "",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Username"
- },
- {
- "itemId":2,
- "name": "commonNameForCertificate",
- "type": "string",
- "subType": "",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Common Name for Certificate"
- }
+ "accessTypes": [
+ { "itemId": 1, "name": "read", "label": "Read", "category": "READ" },
+ { "itemId": 2, "name": "write", "label": "Write", "category": "UPDATE" }
],
- "options": { "enableDenyAndExceptionsInPolicies": "true" },
- "contextEnrichers": [],
- "policyConditions": []
+ "configs": [
+ { "itemId": 1, "name": "username", "type": "string", "mandatory": false, "label": "Username" },
+ { "itemId": 2, "name": "commonNameForCertificate", "type": "string", "mandatory": false, "label": "Common Name for Certificate" }
+ ]
}
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-yarn.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-yarn.json
index fd78e284a1..2c6711999c 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-yarn.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-yarn.json
@@ -1,158 +1,46 @@
{
- "id":4,
- "name": "yarn",
- "displayName": "yarn",
- "implClass": "org.apache.ranger.services.yarn.RangerServiceYarn",
- "label": "YARN",
- "description": "YARN",
- "guid": "5b710438-edcf-4e20-834c-a9a267b5b963",
- "resources":
- [
- {
- "itemId": 1,
- "name": "queue",
- "type": "string",
- "level": 10,
- "mandatory": true,
- "lookupSupported": true,
- "recursiveSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
- "matcherOptions": { "wildCard":true, "ignoreCase":false, "pathSeparatorChar":"." },
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Queue",
- "description": "Queue"
- }
- ],
-
- "accessTypes":
- [
- {
- "itemId": 1,
- "name": "submit-app",
- "label": "submit-app",
- "category": "UPDATE"
- },
-
- {
- "itemId": 2,
- "name": "admin-queue",
- "label": "admin-queue",
- "category": "MANAGE",
- "impliedGrants":
- [
- "submit-app"
- ]
- }
- ],
-
- "configs":
- [
- {
- "itemId": 1,
- "name": "username",
- "type": "string",
- "mandatory": true,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Username"
- },
-
- {
- "itemId": 2,
- "name": "password",
- "type": "password",
- "mandatory": true,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Password"
- },
-
- {
- "itemId": 3,
- "name": "yarn.url",
- "type": "string",
- "mandatory": true,
- "defaultValue": "",
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"{\"TextFieldWithIcon\":true, \"info\": \"1.For one url, eg.
'http or https://<ipaddr>:8088'
2.For multiple urls (use , or ; delimiter), eg.
'http://<ipaddr1>:8088,http://<ipaddr2>:8088'\"}",
- "label": "YARN REST URL"
- },
-
- {
- "itemId": 4,
- "name": "hadoop.security.authentication",
- "type": "enum",
- "subType": "authnType",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Authentication Type",
- "defaultValue": "simple"
- },
-
- {
- "itemId": 5,
- "name": "commonNameForCertificate",
- "type": "string",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Common Name for Certificate"
- },
-
- {
- "itemId": 6,
- "name": "ranger.plugin.audit.filters",
- "type": "string",
- "subType": "",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Ranger Default Audit Filters",
- "defaultValue": "[]"
- }
-
- ],
-
- "enums":
- [
- {
- "itemId": 1,
- "name": "authnType",
- "elements":
- [
- {
- "itemId": 1,
- "name": "simple",
- "label": "Simple"
- },
-
- {
- "itemId": 2,
- "name": "kerberos",
- "label": "Kerberos"
- }
- ],
-
- "defaultIndex": 0
- }
- ],
-
- "contextEnrichers":
- [
-
- ],
-
- "policyConditions":
- [
-
- ]
+ "id": 4,
+ "name": "yarn",
+ "displayName": "yarn",
+ "implClass": "org.apache.ranger.services.yarn.RangerServiceYarn",
+ "label": "YARN",
+ "description": "YARN",
+ "guid": "5b710438-edcf-4e20-834c-a9a267b5b963",
+ "resources": [
+ {
+ "itemId": 1,
+ "name": "queue",
+ "type": "string",
+ "level": 10,
+ "mandatory": true,
+ "lookupSupported": true,
+ "recursiveSupported": true,
+ "matcher": "org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
+ "matcherOptions": { "wildCard":true, "ignoreCase":false, "pathSeparatorChar":"." },
+ "label": "Queue",
+ "description": "Queue"
+ }
+ ],
+ "accessTypes":
+ [
+ { "itemId": 1, "name": "submit-app", "label": "submit-app", "category": "UPDATE" },
+ { "itemId": 2, "name": "admin-queue", "label": "admin-queue", "category": "MANAGE", "impliedGrants": [ "submit-app" ] }
+ ],
+ "configs": [
+ { "itemId": 1, "name": "username", "type": "string", "mandatory": true, "label": "Username" },
+ { "itemId": 2, "name": "password", "type": "password", "mandatory": true, "label": "Password" },
+ { "itemId": 3, "name": "yarn.url", "type": "string", "mandatory": true, "label": "YARN REST URL", "defaultValue": "", "uiHint":"{\"TextFieldWithIcon\":true, \"info\": \"1.For one url, eg.
'http or https://<ipaddr>:8088'
2.For multiple urls (use , or ; delimiter), eg.
'http://<ipaddr1>:8088,http://<ipaddr2>:8088'\"}" },
+ { "itemId": 4, "name": "hadoop.security.authentication", "type": "enum", "mandatory": false, "label": "Authentication Type", "defaultValue": "simple", "subType": "authnType" },
+ { "itemId": 5, "name": "commonNameForCertificate", "type": "string", "mandatory": false, "label": "Common Name for Certificate" },
+ { "itemId": 6, "name": "ranger.plugin.audit.filters", "type": "string", "mandatory": false, "label": "Ranger Default Audit Filters", "defaultValue": "[]" }
+ ],
+ "enums": [
+ {
+ "itemId": 1, "name": "authnType", "defaultIndex": 0,
+ "elements": [
+ { "itemId": 1, "name": "simple", "label": "Simple" },
+ { "itemId": 2, "name": "kerberos", "label": "Kerberos" }
+ ]
+ }
+ ]
}