Merge pull request #175 from ing-bank/feature/new-images

Upgrade images used in it tests

.github/workflows/it-tests.yml

@@ -16,7 +16,7 @@ jobs:
           java-version: "17"
           cache: sbt
       - name: "Starting dependent containers for testing"
-        run: docker-compose up -d keycloak ceph postgres-server mariadb ranger-admin rokku-sts
+        run: docker-compose up -d keycloak ceph postgres-server redis ranger-admin rokku-sts
       - name: "Install aws cli"
         run: pip install --user awscli==1.18.222
       - name: "Compile the project while containers are starting up"

dev-setup/ranger/resources/policy/bucket-create-s3.json

@@ -0,0 +1,41 @@
+{
+  "service": "testservice",
+  "name": "bucket management",
+  "description": "Create/Delete buckets",
+  "isAuditEnabled": true,
+  "resources": {
+    "path": {
+      "values": [
+        "/"
+      ],
+      "isExcludes": false,
+      "isRecursive": false
+    }
+  },
+  "policyItems": [
+    {
+      "accesses": [
+        {
+          "type": "write",
+          "isAllowed": true
+        }
+      ],
+      "users": [
+        "rokkuadmin"
+      ],
+      "groups": [],
+      "conditions": [],
+      "delegateAdmin": false
+    }
+  ],
+  "denyPolicyItems": [],
+  "allowExceptions": [],
+  "denyExceptions": [],
+  "dataMaskPolicyItems": [],
+  "rowFilterPolicyItems": [],
+  "options": {},
+  "validitySchedules": [],
+  "policyLabels": [],
+  "isEnabled": true,
+  "version": 1
+}

dev-setup/ranger/resources/policy/deny-subdir-s3.json

@@ -0,0 +1,45 @@
+{
+  "service": "testservice",
+  "name": "testuser_deny_subdir",
+  "description": "FOR TESTING PURPOSES, Deny access for testuser to subfolder of demobucket",
+  "isAuditEnabled": true,
+  "resources": {
+    "path": {
+      "values": [
+        "/demobucket/subdir"
+      ],
+      "isExcludes": false,
+      "isRecursive": true
+    }
+  },
+  "policyItems": [],
+  "denyPolicyItems": [
+    {
+      "accesses": [
+        {
+          "type": "read",
+          "isAllowed": true
+        },
+        {
+          "type": "write",
+          "isAllowed": true
+        }
+      ],
+      "users": [
+        "testuser"
+      ],
+      "groups": [],
+      "conditions": [],
+      "delegateAdmin": false
+    }
+  ],
+  "allowExceptions": [],
+  "denyExceptions": [],
+  "dataMaskPolicyItems": [],
+  "rowFilterPolicyItems": [],
+  "options": {},
+  "validitySchedules": [],
+  "policyLabels": [],
+  "isEnabled": true,
+  "version": 1
+}

dev-setup/ranger/resources/policy/home-read-s3.json

@@ -0,0 +1,41 @@
+{
+  "service": "testservice",
+  "name": "home_read",
+  "description": "All user can read the home dir no recursive",
+  "isAuditEnabled": true,
+  "resources": {
+    "path": {
+      "values": [
+        "/home"
+      ],
+      "isExcludes": false,
+      "isRecursive": false
+    }
+  },
+  "policyItems": [
+    {
+      "accesses": [
+        {
+          "type": "read",
+          "isAllowed": true
+        }
+      ],
+      "users": [
+        "{USER}"
+      ],
+      "groups": [],
+      "conditions": [],
+      "delegateAdmin": false
+    }
+  ],
+  "denyPolicyItems": [],
+  "allowExceptions": [],
+  "denyExceptions": [],
+  "dataMaskPolicyItems": [],
+  "rowFilterPolicyItems": [],
+  "options": {},
+  "validitySchedules": [],
+  "policyLabels": [],
+  "isEnabled": true,
+  "version": 1
+}

dev-setup/ranger/resources/policy/homedir-s3.json

@@ -0,0 +1,45 @@
+{
+  "service": "testservice",
+  "name": "home_dirs",
+  "description": "FOR TESTING PURPOSES, Allow access for testuser to home subfolder",
+  "isAuditEnabled": true,
+  "resources": {
+    "path": {
+      "values": [
+        "/home/{USER}"
+      ],
+      "isExcludes": false,
+      "isRecursive": true
+    }
+  },
+  "policyItems": [
+    {
+      "accesses": [
+        {
+          "type": "read",
+          "isAllowed": true
+        },
+        {
+          "type": "write",
+          "isAllowed": true
+        }
+      ],
+      "users": [
+        "{USER}"
+      ],
+      "groups": [],
+      "conditions": [],
+      "delegateAdmin": false
+    }
+  ],
+  "denyPolicyItems": [],
+  "allowExceptions": [],
+  "denyExceptions": [],
+  "dataMaskPolicyItems": [],
+  "rowFilterPolicyItems": [],
+  "options": {},
+  "validitySchedules": [],
+  "policyLabels": [],
+  "isEnabled": true,
+  "version": 1
+}

dev-setup/ranger/resources/policy/s3.json

@@ -0,0 +1,86 @@
+{
+  "service": "testservice",
+  "name": "testpolicy",
+  "description": "FOR TESTING PURPOSES, allow all access to demobucket for a test user",
+  "isAuditEnabled": true,
+  "resources": {
+    "path": {
+      "values": [
+        "/demobucket"
+      ],
+      "isExcludes": false,
+      "isRecursive": true
+    }
+  },
+  "policyItems": [
+    {
+      "accesses": [
+        {
+          "type": "read",
+          "isAllowed": true
+        }
+      ],
+      "users": [
+        "testuser"
+      ],
+      "groups": [
+        "testgroup"
+      ],
+      "conditions": [
+        {
+          "type": "cidrAllUserIPs",
+          "values": [
+            "*"
+          ]
+        }
+      ],
+      "delegateAdmin": false
+    }
+  ],
+  "denyPolicyItems": [
+    {
+      "accesses": [
+        {
+          "type": "write",
+          "isAllowed": true
+        }
+      ],
+      "users": [
+        "testuser"
+      ],
+      "groups": [
+        "testgroup"
+      ],
+      "conditions": [],
+      "delegateAdmin": false
+    },
+    {
+      "accesses": [
+        {
+          "type": "read",
+          "isAllowed": true
+        }
+      ],
+      "users": [
+        "testuser"
+      ],
+      "groups": [],
+      "conditions": [
+        {
+          "type": "cidrAnyUserIPs",
+          "values": [
+            "1.2.3.4/32"
+          ]
+        }
+      ],
+      "delegateAdmin": false
+    }
+  ],
+  "allowExceptions": [],
+  "denyExceptions": [],
+  "dataMaskPolicyItems": [],
+  "rowFilterPolicyItems": [],
+  "policyLabels": [],
+  "isEnabled": true,
+  "version": 1
+}

dev-setup/ranger/resources/policy/shared-s3.json

@@ -0,0 +1,50 @@
+{
+  "service": "testservice",
+  "name": "shared bucket",
+  "policyType": 0,
+  "policyPriority": 0,
+  "description": "",
+  "isAuditEnabled": true,
+  "resources": {
+    "path": {
+      "values": [
+        "/shared"
+      ],
+      "isExcludes": false,
+      "isRecursive": true
+    }
+  },
+  "policyItems": [
+    {
+      "accesses": [
+        {
+          "type": "read",
+          "isAllowed": true
+        },
+        {
+          "type": "write",
+          "isAllowed": true
+        }
+      ],
+      "users": [
+        "{USER}"
+      ],
+      "groups": [
+        "role_test"
+      ],
+      "conditions": [],
+      "delegateAdmin": false
+    }
+  ],
+  "denyPolicyItems": [],
+  "allowExceptions": [],
+  "denyExceptions": [],
+  "dataMaskPolicyItems": [],
+  "rowFilterPolicyItems": [],
+  "options": {},
+  "validitySchedules": [],
+  "policyLabels": [],
+  "id": 5,
+  "isEnabled": true,
+  "version": 5
+}

dev-setup/ranger/resources/service/s3.json

@@ -0,0 +1,12 @@
+{
+  "isEnabled": true,
+  "version": 1,
+  "type": "s3",
+  "name": "testservice",
+  "description": "FOR TESTING PURPOSES, test service",
+  "configs": {
+    "endpoint": "http://ceph:8010",
+    "password": "secretkey",
+    "accesskey": "accesskey"
+  }
+}