Merge pull request #8 from ing-bank/feature/add-homedir-policy

added additional policy to allow generic access to home directories

Author: arempter

airlock-dev-apache-ranger/resources/policy/ranger-policy-homedirs-s3.json

@@ -0,0 +1,45 @@
+{
+  "service": "testservice",
+  "name": "home_dirs",
+  "description": "FOR TESTING PURPOSES, Allow access for testuser to home subfolder",
+  "isAuditEnabled": true,
+  "resources": {
+    "path": {
+      "values": [
+        "/home/{USER}"
+      ],
+      "isExcludes": false,
+      "isRecursive": true
+    }
+  },
+  "policyItems": [
+    {
+      "accesses": [
+        {
+          "type": "read",
+          "isAllowed": true
+        },
+        {
+          "type": "write",
+          "isAllowed": true
+        }
+      ],
+      "users": [
+        "{USER}"
+      ],
+      "groups": [],
+      "conditions": [],
+      "delegateAdmin": false
+    }
+  ],
+  "denyPolicyItems": [],
+  "allowExceptions": [],
+  "denyExceptions": [],
+  "dataMaskPolicyItems": [],
+  "rowFilterPolicyItems": [],
+  "options": {},
+  "validitySchedules": [],
+  "policyLabels": [],
+  "isEnabled": true,
+  "version": 1
+}

airlock-dev-apache-ranger/setup-ranger.sh

@@ -38,6 +38,7 @@ if [ "$start_timeout_exceeded" = "false" ]; then
     printf "Creating policy... \n"
     curl -u admin:admin -d "@/tmp/resources/policy/ranger-policy-s3.json" -X POST -H "Accept: application/json" -H "Content-Type: application/json" http://localhost:6080/service/public/v2/api/policy
     curl -u admin:admin -d "@/tmp/resources/policy/ranger-policy-deny-subdir-s3.json" -X POST -H "Accept: application/json" -H "Content-Type: application/json" http://localhost:6080/service/public/v2/api/policy
+    curl -u admin:admin -d "@/tmp/resources/policy/ranger-policy-homedirs-s3.json" -X POST -H "Accept: application/json" -H "Content-Type: application/json" http://localhost:6080/service/public/v2/api/policy
     printf "\nPolicy created\n"
 
     echo "Done setting up Ranger for s3"