diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java index a69984589f..726b8180df 100755 --- a/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java @@ -49,7 +49,7 @@ public class EmbeddedServiceDefsUtil { private static final Logger LOG = LoggerFactory.getLogger(EmbeddedServiceDefsUtil.class); // following servicedef list should be reviewed/updated whenever a new embedded service-def is added - public static final String DEFAULT_BOOTSTRAP_SERVICEDEF_LIST = "tag,gds,hdfs,hbase,hive,kms,knox,storm,yarn,kafka,solr,atlas,nifi,nifi-registry,sqoop,kylin,elasticsearch,presto,trino,ozone,kudu,schema-registry,nestedstructure"; + public static final String DEFAULT_BOOTSTRAP_SERVICEDEF_LIST = "tag,gds,hdfs,hbase,hive,kms,knox,storm,yarn,kafka,solr,atlas,nifi,nifi-registry,sqoop,kylin,elasticsearch,presto,trino,ozone,kudu,schema-registry,nestedstructure,polaris"; public static final String EMBEDDED_SERVICEDEF_TAG_NAME = "tag"; public static final String EMBEDDED_SERVICEDEF_GDS_NAME = "gds"; public static final String EMBEDDED_SERVICEDEF_HDFS_NAME = "hdfs"; @@ -75,6 +75,7 @@ public class EmbeddedServiceDefsUtil { public static final String EMBEDDED_SERVICEDEF_OZONE_NAME = "ozone"; public static final String EMBEDDED_SERVICEDEF_KUDU_NAME = "kudu"; public static final String EMBEDDED_SERVICEDEF_NESTEDSTRUCTURE_NAME = "nestedstructure"; + public static final String EMBEDDED_SERVICEDEF_POLARIS_NAME = "polaris"; public static final String PROPERTY_CREATE_EMBEDDED_SERVICE_DEFS = "ranger.service.store.create.embedded.service-defs"; public static final String HDFS_IMPL_CLASS_NAME = "org.apache.ranger.services.hdfs.RangerServiceHdfs"; @@ -123,6 +124,7 @@ public class EmbeddedServiceDefsUtil { private RangerServiceDef ozoneServiceDef; private RangerServiceDef kuduServiceDef; private RangerServiceDef nestedStructureServiveDef; + private RangerServiceDef polarisServiceDef; private RangerServiceDef tagServiceDef; private RangerServiceDef gdsServiceDef; @@ -186,6 +188,7 @@ public void init(ServiceStore store) { ozoneServiceDef = getOrCreateServiceDef(store, EMBEDDED_SERVICEDEF_OZONE_NAME); kuduServiceDef = getOrCreateServiceDef(store, EMBEDDED_SERVICEDEF_KUDU_NAME); nestedStructureServiveDef = getOrCreateServiceDef(store, EMBEDDED_SERVICEDEF_NESTEDSTRUCTURE_NAME); + polarisServiceDef = getOrCreateServiceDef(store, EMBEDDED_SERVICEDEF_POLARIS_NAME); gdsServiceDef = getOrCreateServiceDef(store, EMBEDDED_SERVICEDEF_GDS_NAME); @@ -289,6 +292,10 @@ public long getNestedStructureServiceDefId() { return getId(nestedStructureServiveDef); } + public long getPolarisServiceDefId() { + return getId(polarisServiceDef); + } + public long getTagServiceDefId() { return getId(tagServiceDef); } diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-polaris.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-polaris.json new file mode 100644 index 0000000000..b0ad4c0c5f --- /dev/null +++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-polaris.json @@ -0,0 +1,199 @@ +{ + "name": "polaris", + "displayName": "Polaris (draft)", + "label": "Apache Polaris", + "description": "Apache Polaris", + "guid": "ca1b484b-e397-4ab4-b6e3-36a154662d7d", + "resources": [ + { + "itemId": 1, + "name": "root", + "label": "Root", + "description": "Root", + "parent": "", + "level": 10, + "isValidLeaf": true, + "accessTypeRestrictions": [ "service-access-manage", "catalog-create", "catalog-list", "principal-create", "principal-list", "principal-role-create", "principal-role-list" ] + }, + { + "itemId": 2, + "name": "catalog", + "label": "Catalog", + "description": "Catalog", + "parent": "root", + "level": 20, + "isValidLeaf": true, + "accessTypeRestrictions": [ "catalog-access-manage", "catalog-drop", "catalog-properties-read", "catalog-properties-write", "catalog-metadata-full", "catalog-metadata-manage", "catalog-content-manage", "catalog-grants-list", "catalog-grants-manage", "catalog-role-create", "catalog-role-list", "catalog-policy-attach", "catalog-policy-detach" ] + }, + { + "itemId": 3, + "name": "principal", + "label": "Principal", + "description": "Principal", + "parent": "root", + "level": 20, + "isValidLeaf": true, + "accessTypeRestrictions": [ "principal-grants-manage", "principal-grants-for-grantee-manage", "principal-grants-list", "principal-role-grants-list", "catalog-role-grants-list", "principal-drop", "principal-properties-read", "principal-properties-write", "principal-metadata-full", "principal-credentials-rotate", "principal-credentials-reset" ] + }, + { + "itemId": 4, + "name": "principal-role", + "label": "Principal Role", + "description": "Principal Role", + "parent": "root", + "level": 20, + "isValidLeaf": true, + "accessTypeRestrictions": [ "principal-role-usage", "principal-role-drop", "principal-role-properties-read", "principal-role-properties-write", "principal-role-metadata-full", "principal-role-grants-manage", "principal-role-grants-for-grantee-manage" ] + }, + { + "itemId": 5, + "name": "namespace", + "label": "Namespace", + "description": "Namespace", + "parent": "catalog", + "level": 30, + "isValidLeaf": true, + "accessTypeRestrictions": [ "namespace-create", "table-create", "view-create", "namespace-drop", "namespace-list", "table-list", "view-list", "namespace-properties-read", "namespace-properties-write", "namespace-metadata-full", "namespace-grants-list", "namespace-grants-manage", "policy-create", "policy-list", "namespace-policy-attach", "namespace-policy-detach" ] + }, + { + "itemId": 6, + "name": "catalog-role", + "label": "Catalog Role", + "description": "Catalog Role", + "parent": "catalog", + "level": 30, + "isValidLeaf": true, + "accessTypeRestrictions": [ "catalog-role-usage", "catalog-role-drop", "catalog-role-properties-read", "catalog-role-properties-write", "catalog-role-metadata-full", "catalog-role-grants-manage", "catalog-role-grants-for-grantee-manage" ] + }, + { + "itemId": 7, + "name": "table", + "label": "Table", + "description": "Table", + "parent": "namespace", + "level": 40, + "isValidLeaf": true, + "accessTypeRestrictions": [ "table-drop", "view-drop", "table-properties-read", "table-properties-write", "view-properties-read", "view-properties-write", "table-data-read", "table-data-write", "table-metadata-full", "view-metadata-full", "table-grants-list", "view-grants-list", "table-grants-manage", "view-grants-manage", "table-policy-attach", "table-policy-detach" ] + }, + { + "itemId": 8, + "name": "policy", + "label": "Policy", + "description": "Policy", + "parent": "namespace", + "level": 40, + "isValidLeaf": true, + "accessTypeRestrictions": [ "policy-read", "policy-drop", "policy-write", "policy-metadata-full", "policy-attach", "policy-detach", "policy-grants-manage" ] + } + ], + "accessTypes": [ + { "itemId": 1, "name": "service-access-manage", "label": "Service Manage Access", "category": "MANAGE" }, + + { "itemId": 2, "name": "catalog-create", "label": "Catalog Create", "category": "CREATE" }, + { "itemId": 3, "name": "catalog-drop", "label": "Catalog Drop", "category": "DELETE" }, + { "itemId": 4, "name": "catalog-list", "label": "Catalog List", "category": "READ" }, + { "itemId": 5, "name": "catalog-access-manage", "label": "Catalog Manage Access", "category": "MANAGE" }, + { "itemId": 6, "name": "catalog-content-manage", "label": "Catalog Manage Content", "category": "MANAGE" }, + { "itemId": 7, "name": "catalog-grants-list", "label": "Catalog Grants List", "category": "READ" }, + { "itemId": 8, "name": "catalog-grants-manage", "label": "Catalog Grants Manage", "category": "MANAGE" }, + { "itemId": 9, "name": "catalog-metadata-full", "label": "Catalog Metadata Full", "category": "MANAGE" }, + { "itemId": 10, "name": "catalog-metadata-manage", "label": "Catalog Metadata Manage", "category": "MANAGE" }, + { "itemId": 11, "name": "catalog-policy-attach", "label": "Catalog Policy Attach", "category": "MANAGE" }, + { "itemId": 12, "name": "catalog-policy-detach", "label": "Catalog Policy Detach", "category": "MANAGE" }, + { "itemId": 13, "name": "catalog-properties-read", "label": "Catalog Properties Read", "category": "READ" }, + { "itemId": 14, "name": "catalog-properties-write", "label": "Catalog Properties Write", "category": "UPDATE" }, + { "itemId": 15, "name": "catalog-role-create", "label": "Catalog Role Create", "category": "CREATE" }, + { "itemId": 16, "name": "catalog-role-drop", "label": "Catalog Role Drop", "category": "DELETE" }, + { "itemId": 17, "name": "catalog-role-list", "label": "Catalog Role List", "category": "READ" }, + { "itemId": 18, "name": "catalog-role-usage", "label": "Catalog Role Usage", "category": "MANAGE" }, + { "itemId": 19, "name": "catalog-role-grants-for-grantee-manage", "label": "Catalog Role Grants-for-Grantee Manage", "category": "MANAGE" }, + { "itemId": 20, "name": "catalog-role-grants-list", "label": "Catalog Role Grants List", "category": "READ" }, + { "itemId": 21, "name": "catalog-role-grants-manage", "label": "Catalog Role Grants Manage", "category": "MANAGE" }, + { "itemId": 22, "name": "catalog-role-metadata-full", "label": "Catalog Role Metadata Full", "category": "MANAGE" }, + { "itemId": 23, "name": "catalog-role-properties-read", "label": "Catalog Role Properties Read", "category": "READ" }, + { "itemId": 24, "name": "catalog-role-properties-write", "label": "Catalog Role Properties Write", "category": "UPDATE" }, + + { "itemId": 25, "name": "namespace-create", "label": "Namespace Create", "category": "CREATE" }, + { "itemId": 26, "name": "namespace-drop", "label": "Namespace Drop", "category": "DELETE" }, + { "itemId": 27, "name": "namespace-list", "label": "Namespace List", "category": "READ" }, + { "itemId": 28, "name": "namespace-grants-list", "label": "Namespace Grants List", "category": "READ" }, + { "itemId": 29, "name": "namespace-grants-manage", "label": "Namespace Grants Manage", "category": "MANAGE" }, + { "itemId": 30, "name": "namespace-metadata-full", "label": "Namespace Metadata Full", "category": "MANAGE" }, + { "itemId": 31, "name": "namespace-policy-attach", "label": "Namespace Policy Attach", "category": "MANAGE" }, + { "itemId": 32, "name": "namespace-policy-detach", "label": "Namespace Policy Detach", "category": "MANAGE" }, + { "itemId": 33, "name": "namespace-properties-read", "label": "Namespace Properties Read", "category": "READ" }, + { "itemId": 34, "name": "namespace-properties-write", "label": "Namespace Properties Write", "category": "UPDATE" }, + + { "itemId": 35, "name": "policy-create", "label": "Policy Create", "category": "CREATE" }, + { "itemId": 36, "name": "policy-drop", "label": "Policy Drop", "category": "DELETE" }, + { "itemId": 37, "name": "policy-list", "label": "Policy List", "category": "READ" }, + { "itemId": 38, "name": "policy-read", "label": "Policy Read", "category": "READ" }, + { "itemId": 39, "name": "policy-write", "label": "Policy Write", "category": "UPDATE" }, + { "itemId": 40, "name": "policy-attach", "label": "Policy Attach", "category": "MANAGE" }, + { "itemId": 41, "name": "policy-detach", "label": "Policy Detach", "category": "MANAGE" }, + { "itemId": 42, "name": "policy-grants-manage", "label": "Policy Grants Manage", "category": "MANAGE" }, + { "itemId": 43, "name": "policy-metadata-full", "label": "Policy Metadata Full", "category": "MANAGE" }, + + { "itemId": 44, "name": "principal-create", "label": "Principal Create", "category": "CREATE" }, + { "itemId": 45, "name": "principal-drop", "label": "Principal Drop", "category": "DELETE" }, + { "itemId": 46, "name": "principal-list", "label": "Principal List", "category": "READ" }, + { "itemId": 47, "name": "principal-credentials-reset", "label": "Principal Credentials Reset", "category": "MANAGE" }, + { "itemId": 48, "name": "principal-credentials-rotate", "label": "Principal Credentials Rotate", "category": "MANAGE" }, + { "itemId": 49, "name": "principal-grants-list", "label": "Principal Grants List", "category": "READ" }, + { "itemId": 50, "name": "principal-grants-manage", "label": "Principal Grants Manage", "category": "MANAGE" }, + { "itemId": 51, "name": "principal-grants-for-grantee-manage", "label": "Principal Grants-for-Grantee Manage", "category": "MANAGE" }, + { "itemId": 52, "name": "principal-metadata-full", "label": "Principal Metadata Full", "category": "MANAGE" }, + { "itemId": 53, "name": "principal-properties-read", "label": "Principal Properties Read", "category": "READ" }, + { "itemId": 54, "name": "principal-properties-write", "label": "Principal Properties Write", "category": "UPDATE" }, + { "itemId": 55, "name": "principal-role-create", "label": "Principal Role Create", "category": "CREATE" }, + { "itemId": 56, "name": "principal-role-drop", "label": "Principal Role Drop", "category": "DELETE" }, + { "itemId": 57, "name": "principal-role-list", "label": "Principal Role List", "category": "READ" }, + { "itemId": 58, "name": "principal-role-usage", "label": "Principal Role Usage", "category": "MANAGE" }, + { "itemId": 59, "name": "principal-role-grants-list", "label": "Principal Role Grants List", "category": "READ" }, + { "itemId": 60, "name": "principal-role-grants-manage", "label": "Principal Role Grants Manage", "category": "MANAGE" }, + { "itemId": 61, "name": "principal-role-grants-for-grantee-manage", "label": "Principal Role Grants-for-Grantee Manage", "category": "MANAGE" }, + { "itemId": 62, "name": "principal-role-metadata-full", "label": "Principal Role Metadata Full", "category": "MANAGE" }, + { "itemId": 63, "name": "principal-role-properties-read", "label": "Principal Role Properties Read", "category": "READ" }, + { "itemId": 64, "name": "principal-role-properties-write", "label": "Principal Role Properties Write", "category": "UPDATE" }, + + { "itemId": 65, "name": "table-create", "label": "Table Create", "category": "CREATE" }, + { "itemId": 66, "name": "table-drop", "label": "Table Drop", "category": "DELETE" }, + { "itemId": 67, "name": "table-list", "label": "Table List", "category": "READ" }, + { "itemId": 68, "name": "table-data-read", "label": "Table Data Read", "category": "READ" }, + { "itemId": 69, "name": "table-data-write", "label": "Table Data Write", "category": "UPDATE" }, + { "itemId": 70, "name": "table-grants-list", "label": "Table Grants List", "category": "READ" }, + { "itemId": 71, "name": "table-grants-manage", "label": "Table Grants Manage", "category": "MANAGE" }, + { "itemId": 72, "name": "table-metadata-full", "label": "Table Metadata Full", "category": "MANAGE" }, + { "itemId": 73, "name": "table-policy-attach", "label": "Table Policy Attach", "category": "MANAGE" }, + { "itemId": 74, "name": "table-policy-detach", "label": "Table Policy Detach", "category": "MANAGE" }, + { "itemId": 75, "name": "table-properties-read", "label": "Table Properties Read", "category": "READ" }, + { "itemId": 76, "name": "table-properties-write", "label": "Table Properties Write", "category": "UPDATE" }, + { "itemId": 77, "name": "table-properties-set", "label": "Table Properties Set", "category": "MANAGE" }, + { "itemId": 78, "name": "table-properties-remove", "label": "Table Properties Remove", "category": "MANAGE" }, + { "itemId": 79, "name": "table-uuid-assign", "label": "Table UUID Assign", "category": "MANAGE" }, + { "itemId": 80, "name": "table-format-version-upgrade", "label": "Table Format Version Upgrade", "category": "MANAGE" }, + { "itemId": 81, "name": "table-schema-add", "label": "Table Schema Add", "category": "MANAGE" }, + { "itemId": 82, "name": "table-schema-set-current", "label": "Table Schema Set Current", "category": "MANAGE" }, + { "itemId": 83, "name": "table-partition-spec-add", "label": "Table Partition Spec Add", "category": "MANAGE" }, + { "itemId": 84, "name": "table-partition-specs-remove", "label": "Table Partition Specs Remove", "category": "MANAGE" }, + { "itemId": 85, "name": "table-sort-order-add", "label": "Table Sort Order Add", "category": "MANAGE" }, + { "itemId": 86, "name": "table-sort-order-set-default", "label": "Table Sort Order Set Default", "category": "MANAGE" }, + { "itemId": 87, "name": "table-snapshot-add", "label": "Table Snapshot Add", "category": "MANAGE" }, + { "itemId": 88, "name": "table-snapshots-remove", "label": "Table Snapshots Remove", "category": "MANAGE" }, + { "itemId": 89, "name": "table-snapshot-ref-set", "label": "Table Snapshot-ref Set", "category": "MANAGE" }, + { "itemId": 90, "name": "table-snapshot-ref-remove", "label": "Table Snapshot-ref Remove", "category": "MANAGE" }, + { "itemId": 91, "name": "table-location-set", "label": "Table Location Set", "category": "MANAGE" }, + { "itemId": 92, "name": "table-statistics-set", "label": "Table Statistics Set", "category": "MANAGE" }, + { "itemId": 93, "name": "table-statistics-remove", "label": "Table Statistics Remove", "category": "MANAGE" }, + { "itemId": 94, "name": "table-structure-manage", "label": "Table Structure Manage", "category": "MANAGE" }, + + { "itemId": 95, "name": "view-create", "label": "View Create", "category": "CREATE" }, + { "itemId": 96, "name": "view-drop", "label": "View Drop", "category": "DELETE" }, + { "itemId": 97, "name": "view-list", "label": "View List", "category": "READ" }, + { "itemId": 98, "name": "view-grants-list", "label": "View Grants List", "category": "READ" }, + { "itemId": 99, "name": "view-grants-manage", "label": "View Grants Manage", "category": "MANAGE" }, + { "itemId": 100, "name": "view-metadata-full", "label": "View Metadata Full", "category": "MANAGE" }, + { "itemId": 101, "name": "view-properties-read", "label": "View Properties Read", "category": "READ" }, + { "itemId": 102, "name": "view-properties-write", "label": "View Properties Write", "category": "UPDATE" } + ] +}