Merge pull request #14 from ing-bank/feature/home-read-policy

add a home-read policy

Author: arempter

airlock-dev-apache-ranger/resources/policy/ranger-policy-home-read-s3.json

@@ -0,0 +1,41 @@
+{
+  "service": "testservice",
+  "name": "home_read",
+  "description": "All user can read the home dir no recursive",
+  "isAuditEnabled": true,
+  "resources": {
+    "path": {
+      "values": [
+        "/home"
+      ],
+      "isExcludes": false,
+      "isRecursive": false
+    }
+  },
+  "policyItems": [
+    {
+      "accesses": [
+        {
+          "type": "read",
+          "isAllowed": true
+        }
+      ],
+      "users": [
+        "{USER}"
+      ],
+      "groups": [],
+      "conditions": [],
+      "delegateAdmin": false
+    }
+  ],
+  "denyPolicyItems": [],
+  "allowExceptions": [],
+  "denyExceptions": [],
+  "dataMaskPolicyItems": [],
+  "rowFilterPolicyItems": [],
+  "options": {},
+  "validitySchedules": [],
+  "policyLabels": [],
+  "isEnabled": true,
+  "version": 1
+}

airlock-dev-apache-ranger/setup-ranger.sh

@@ -39,6 +39,7 @@ if [ "$start_timeout_exceeded" = "false" ]; then
     curl -u admin:admin -d "@/tmp/resources/policy/ranger-policy-s3.json" -X POST -H "Accept: application/json" -H "Content-Type: application/json" http://localhost:6080/service/public/v2/api/policy
     curl -u admin:admin -d "@/tmp/resources/policy/ranger-policy-deny-subdir-s3.json" -X POST -H "Accept: application/json" -H "Content-Type: application/json" http://localhost:6080/service/public/v2/api/policy
     curl -u admin:admin -d "@/tmp/resources/policy/ranger-policy-homedirs-s3.json" -X POST -H "Accept: application/json" -H "Content-Type: application/json" http://localhost:6080/service/public/v2/api/policy
+    curl -u admin:admin -d "@/tmp/resources/policy/ranger-policy-home-read-s3.json" -X POST -H "Accept: application/json" -H "Content-Type: application/json" http://localhost:6080/service/public/v2/api/policy
     printf "\nPolicy created\n"
 
     echo "Done setting up Ranger for s3"