## Step 3: Let's create a policy

from apache_ranger.model.ranger_service import *
from apache_ranger.client.ranger_client import *
from apache_ranger.model.ranger_policy  import *
from  mrds.utils.secrets import  get_secret

## Step 1: create a client to connect to Apache Ranger admin
ranger_url  ="https://devo-lab21-dl-gateway.devo-lab.om2y56.b0.cloudera.site:443/devo-lab21-dl/cdp-proxy-api/ranger"
password= get_secret("ocid1.vaultsecret.oc1.eu-frankfurt-1.amaaaaaa2ky4jjya3tsglrzfgiyfisxchref774l5y4nrler2vn54lr3li7q")
ranger_auth = ('ap-devo_lab-mrds', password)

# For Kerberos authentication
#
# from requests_kerberos import HTTPKerberosAuth
#
# ranger_auth = HTTPKerberosAuth()

ranger = RangerClient(ranger_url, ranger_auth)
ranger.session.verify = False

# to disable SSL certificate validation (not recommended for production use!)
#
# ranger.session.verify = False


## Step 2: Let's create a service

policy           = RangerPolicy()
policy.service   = "cm_hive" #da hardcodare 
policy.name      = 'cpo_crp_mopdb_sgroi_1' #corporatestore_table_accessType
policy.resources = { 'database': RangerPolicyResource({ 'values': ['crp_RQSD'] }), 
                     'table':    RangerPolicyResource({ 'values': ['ANNEX_1_1_ALL'] }),
                     'column':   RangerPolicyResource({ 'values': ['*'] }) } #change with correct values
allowItem1          = RangerPolicyItem() #to try allowItem1.groups
allowItem1.groups   = ["d_mopdb_mpec"]
#allowItem1.users    = [] #to try for single users 
allowItem1.accesses = [ RangerPolicyItemAccess({ 'type': 'create' }),
                        RangerPolicyItemAccess({ 'type': 'alter' }),
                          RangerPolicyItemAccess({ 'type': 'select' }),
                              RangerPolicyItemAccess({ 'type': 'drop' }) ]

"""denyItem1          = RangerPolicyItem()
denyItem1.users    = [ 'admin' ] #does it make sense to deny and not allow?
denyItem1.accesses = [ RangerPolicyItemAccess({ 'type': 'drop' }) ]"""

policy.policyItems     = [ allowItem1 ] 
#policy.denyPolicyItems = [ denyItem1 ]
#policy2=ranger.get_policy_by_id(policyId=5086)
#print(ranger.get_policy(serviceName="cm_hive",policyName='crp_rar_testinternalTable_alcesso1'))
#print(ranger.find_policies({"service": "cm_hive",  "resources": {"database": {"values": ["crp_rar"], "isExcludes": False , "isRecursive": False}, "column": {"values": ["*"], "isExcludes": False, "isRecursive": False}, "table": {"values": ["testInternalTable"], "isExcludes": False, "isRecursive": False}}}))
#print(ranger.delete_policy(serviceName="cm_hive",policyName="crp_rar_testinternalTable_alcesso1"))
#print(policy2)
#print('Creating policy: name=' + policy.name)
#created_policy = ranger.create_policy(policy)

#print('    created policy: name=' + created_policy.name + ', id=' + str(created_policy.id))

## Step 4: Delete policy and service created above
#print('Deleting policy: id=' + str(created_policy.id))

#ranger.delete_policy_by_id(created_policy.id)

data=ranger.get_policies_in_service(serviceName="cm_hive")
with open("output.txt", "w") as file:
    for string in data:
        file.write(str(string))
    file.close()