admin/mars-elt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2c225d68acce24ad3c8cce6311f151094ab9359e
mars-elt/python/devo_replicator/table_generator/ranger_test.py
Grzegorz Michalski 2c225d68ac init
2026-03-02 09:47:35 +01:00

70 lines
3.1 KiB
Python
Raw Blame History

## Step 3: Let's create a policy
from apache_ranger.model.ranger_service import *
from apache_ranger.client.ranger_client import *
from apache_ranger.model.ranger_policy import *
from mrds.utils.secrets import get_secret
## Step 1: create a client to connect to Apache Ranger admin
ranger_url ="https://devo-lab21-dl-gateway.devo-lab.om2y56.b0.cloudera.site:443/devo-lab21-dl/cdp-proxy-api/ranger"
password= get_secret("ocid1.vaultsecret.oc1.eu-frankfurt-1.amaaaaaa2ky4jjya3tsglrzfgiyfisxchref774l5y4nrler2vn54lr3li7q")
ranger_auth = ('ap-devo_lab-mrds', password)
# For Kerberos authentication
#
# from requests_kerberos import HTTPKerberosAuth
#
# ranger_auth = HTTPKerberosAuth()
ranger = RangerClient(ranger_url, ranger_auth)
ranger.session.verify = False
# to disable SSL certificate validation (not recommended for production use!)
#
# ranger.session.verify = False
## Step 2: Let's create a service
policy = RangerPolicy()
policy.service = "cm_hive" #da hardcodare
policy.name = 'cpo_crp_mopdb_sgroi_1' #corporatestore_table_accessType
policy.resources = { 'database': RangerPolicyResource({ 'values': ['crp_RQSD'] }),
'table': RangerPolicyResource({ 'values': ['ANNEX_1_1_ALL'] }),
'column': RangerPolicyResource({ 'values': ['*'] }) } #change with correct values
allowItem1 = RangerPolicyItem() #to try allowItem1.groups
allowItem1.groups = ["d_mopdb_mpec"]
#allowItem1.users = [] #to try for single users
allowItem1.accesses = [ RangerPolicyItemAccess({ 'type': 'create' }),
RangerPolicyItemAccess({ 'type': 'alter' }),
RangerPolicyItemAccess({ 'type': 'select' }),
RangerPolicyItemAccess({ 'type': 'drop' }) ]
"""denyItem1 = RangerPolicyItem()
denyItem1.users = [ 'admin' ] #does it make sense to deny and not allow?
denyItem1.accesses = [ RangerPolicyItemAccess({ 'type': 'drop' }) ]"""
policy.policyItems = [ allowItem1 ]
#policy.denyPolicyItems = [ denyItem1 ]
#policy2=ranger.get_policy_by_id(policyId=5086)
#print(ranger.get_policy(serviceName="cm_hive",policyName='crp_rar_testinternalTable_alcesso1'))
#print(ranger.find_policies({"service": "cm_hive", "resources": {"database": {"values": ["crp_rar"], "isExcludes": False , "isRecursive": False}, "column": {"values": ["*"], "isExcludes": False, "isRecursive": False}, "table": {"values": ["testInternalTable"], "isExcludes": False, "isRecursive": False}}}))
#print(ranger.delete_policy(serviceName="cm_hive",policyName="crp_rar_testinternalTable_alcesso1"))
#print(policy2)
#print('Creating policy: name=' + policy.name)
#created_policy = ranger.create_policy(policy)
#print(' created policy: name=' + created_policy.name + ', id=' + str(created_policy.id))
## Step 4: Delete policy and service created above
#print('Deleting policy: id=' + str(created_policy.id))
#ranger.delete_policy_by_id(created_policy.id)
data=ranger.get_policies_in_service(serviceName="cm_hive")
with open("output.txt", "w") as file:
for string in data:
file.write(str(string))
file.close()
Reference in New Issue View Git Blame Copy Permalink