Skip to content

Commit 34537ce

Browse files
authored
Merge pull request #3 from ing-bank/feature/cidr-range-addition
Add CIDR conditions to ranger and change implementing class
2 parents 141b3a2 + ded8f22 commit 34537ce

File tree

2 files changed

+30
-2
lines changed

2 files changed

+30
-2
lines changed

airlock-dev-apache-ranger/resources/policy/ranger-policy-s3.json

Lines changed: 29 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,14 @@
2626
"groups": [
2727
"testgroup"
2828
],
29-
"conditions": [],
29+
"conditions": [
30+
{
31+
"type": "cidr",
32+
"values": [
33+
"*"
34+
]
35+
}
36+
],
3037
"delegateAdmin": false
3138
}
3239
],
@@ -46,6 +53,27 @@
4653
],
4754
"conditions": [],
4855
"delegateAdmin": false
56+
},
57+
{
58+
"accesses": [
59+
{
60+
"type": "read",
61+
"isAllowed": true
62+
}
63+
],
64+
"users": [
65+
"testuser"
66+
],
67+
"groups": [],
68+
"conditions": [
69+
{
70+
"type": "cidr",
71+
"values": [
72+
"1.2.3.4/32"
73+
]
74+
}
75+
],
76+
"delegateAdmin": false
4977
}
5078
],
5179
"allowExceptions": [],

airlock-dev-apache-ranger/resources/servicedef/ranger-servicedef-s3.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -106,7 +106,7 @@
106106
"name": "cidr",
107107
"label": "IP address within cidr range?",
108108
"description": "Ip address within cidr range?",
109-
"evaluator": "com.ing.ranger.conditions.IpMatcher",
109+
"evaluator": "com.ing.wbaa.ranger.plugin.conditionevaluator.IpCidrMatcher",
110110
"evaluatorOptions": {}
111111
}
112112
]

0 commit comments

Comments
 (0)