Merge pull request #4 from ing-bank/feature/update-ip-policy-matcher

kr7ysztof · web-flow · commit 3badcac4d1e4 · 2018-11-13T11:59:04.000+01:00
Update servicedef and policy for new IpCidrMatchers
diff --git a/airlock-dev-apache-ranger/resources/policy/ranger-policy-s3.json b/airlock-dev-apache-ranger/resources/policy/ranger-policy-s3.json
@@ -28,7 +28,7 @@
       ],
       "conditions": [
         {
-          "type": "cidr",
+          "type": "cidrAllUserIPs",
           "values": [
             "*"
           ]
@@ -67,7 +67,7 @@
       "groups": [],
       "conditions": [
         {
-          "type": "cidr",
+          "type": "cidrAnyUserIPs",
           "values": [
             "1.2.3.4/32"
           ]
diff --git a/airlock-dev-apache-ranger/resources/servicedef/ranger-servicedef-s3.json b/airlock-dev-apache-ranger/resources/servicedef/ranger-servicedef-s3.json
@@ -103,10 +103,18 @@
     [
       {
         "itemId": 1,
-        "name": "cidr",
-        "label": "IP address within cidr range?",
-        "description": "Ip address within cidr range?",
-        "evaluator": "com.ing.wbaa.ranger.plugin.conditionevaluator.IpCidrMatcher",
+        "name": "cidrAllUserIPs",
+        "label": "All user IP addresses within any cidr range?",
+        "description": "All user IP addresses within any cidr range?",
+        "evaluator": "com.ing.wbaa.ranger.plugin.conditionevaluator.AllIpCidrMatcher",
+        "evaluatorOptions": {}
+      },
+      {
+        "itemId": 2,
+        "name": "cidrAnyUserIPs",
+        "label": "Any user IP address within any cidr range?",
+        "description": "Any user IP address within any cidr range?",
+        "evaluator": "com.ing.wbaa.ranger.plugin.conditionevaluator.AnyIpCidrMatcher",
         "evaluatorOptions": {}
       }
     ]

Original file line number	Diff line number	Diff line change
`@@ -28,7 +28,7 @@`
`28`	`28`	`],`
`29`	`29`	`"conditions": [`
`30`	`30`	`{`
`31`		`- "type": "cidr",`
	`31`	`+ "type": "cidrAllUserIPs",`
`32`	`32`	`"values": [`
`33`	`33`	`"*"`
`34`	`34`	`]`
`@@ -67,7 +67,7 @@`
`67`	`67`	`"groups": [],`
`68`	`68`	`"conditions": [`
`69`	`69`	`{`
`70`		`- "type": "cidr",`
	`70`	`+ "type": "cidrAnyUserIPs",`
`71`	`71`	`"values": [`
`72`	`72`	`"1.2.3.4/32"`
`73`	`73`	`]`
Original file line number	Diff line number	Diff line change
`@@ -103,10 +103,18 @@`
`103`	`103`	`[`
`104`	`104`	`{`
`105`	`105`	`"itemId": 1,`
`106`		`- "name": "cidr",`
`107`		`- "label": "IP address within cidr range?",`
`108`		`- "description": "Ip address within cidr range?",`
`109`		`- "evaluator": "com.ing.wbaa.ranger.plugin.conditionevaluator.IpCidrMatcher",`
	`106`	`+ "name": "cidrAllUserIPs",`
	`107`	`+ "label": "All user IP addresses within any cidr range?",`
	`108`	`+ "description": "All user IP addresses within any cidr range?",`
	`109`	`+ "evaluator": "com.ing.wbaa.ranger.plugin.conditionevaluator.AllIpCidrMatcher",`
	`110`	`+ "evaluatorOptions": {}`
	`111`	`+ },`
	`112`	`+ {`
	`113`	`+ "itemId": 2,`
	`114`	`+ "name": "cidrAnyUserIPs",`
	`115`	`+ "label": "Any user IP address within any cidr range?",`
	`116`	`+ "description": "Any user IP address within any cidr range?",`
	`117`	`+ "evaluator": "com.ing.wbaa.ranger.plugin.conditionevaluator.AnyIpCidrMatcher",`
`110`	`118`	`"evaluatorOptions": {}`
`111`	`119`	`}`
`112`	`120`	`]`