> RANGER_STORM_POLICIES    

  This module will allow you to manage Storm policies in Apache Ranger. Please refer to Apache Ranger documentation for
  authorization policy concept and usage.

Options (= is mandatory):

= admin_password
        The password associated with the admin_username
        [Default: None]
= admin_url
        The Ranger base URL to access Ranger API. Same host:port as the Ranger Admin GUI. Typically
        http://myranger.server.com:6080 or https://myranger.server.com:6182
        [Default: None]
= admin_username
        The user name to log on the Ranger Admin. Must have enough rights to manage policies.
        [Default: None]
- ca_bundle_file
        Useful if Ranger Admin connection is using SSL. Allow to specify a CA_BUNDLE file, a file that contains root and
        intermediate certificates to validate the Ranger Admin certificate.
        In its simplest case, it could be a file containing the server certificate in .pem format.
        This file will be looked up on the remote system, on which this module will be executed.
        [Default: None]
= policies
        The list of policies you want to be defined by this operation.
        [Default: None]
- policies[0..n].audit
        Whether this policy is audited
        [Default: True]
- policies[0..n].enabled
        Whether this policy is enabled.
        [Default: True]
= policies[0..n].name
        The name of the policy. Must be unique across the system.
        [Default: None]
= policies[0..n].permissions
        A list of permissions associated to this policy
        [Default: None]
= policies[0..n].permissions[0..n].accesses
        A list of access right granted by this permission.
        [Default: None]
- policies[0..n].permissions[0..n].delegate_admin
        When a policy is assigned to a user or a group of users those users become the delegated admin. The delegated admin can
        update, delete the policies.
        [Default: False]
- policies[0..n].permissions[0..n].groups
        A list of groups this permission will apply on.
        [Default: None]
- policies[0..n].permissions[0..n].users
        A list of users this permission will apply on.
        [Default: None]
= policies[0..n].topologies
        A list of Storm topologies this policy will apply on. Accept wildcard characters '*' and '?'
        [Default: None]
- service_name
        In most cases, you should not need to set this parameter. It define the Ranger Admin Storm service, typically
        <yourClusterName>_storm.
        It must be set if there are several such services defined in your Ranger Admin configuration, to select the one you
        intend to use.
        [Default: None]
- state
        Whether to install (present) or remove (absent) these policies
        (Choices: present, absent)[Default: present]
- validate_certs
        Useful if Ranger Admin connection is using SSL. If no, SSL certificates will not be validated. This should only be used
        on personally controlled sites using self-signed certificates.
        [Default: True]
EXAMPLES:

- hosts: edge_node1
  vars: 
    stormAdminAccesses: 
      - 'submitTopology'
      - 'fileUpload'
      - 'fileDownload'
      - 'killTopology'
      - 'rebalance'
      - 'activate'
      - 'deactivate'
      - 'getTopologyConf'
      - 'getTopology'
      - 'getUserTopology'
      - 'getTopologyInfo'
      - 'uploadNewCredentials'
  roles:
  - ranger_modules
  tasks:
  - name: Copy ca_bundle
    copy: src=../hdp13_ranger_cert.pem dest=/etc/security/hdp13_ranger_cert.pem owner=root mode=0400
  
  - name: Test ranger_yarn
    ranger_storm_policies:
      state: present
      admin_url: https://ranger.mycompany.com:6182
      admin_username: admin
      admin_password: admin
      validate_certs: no
      policies:
      - name: test3
        topologies:
        - topology1
        audit: true
        enabled: true
        permissions:
        - users:
          - jim
          - john
          groups: 
          - grp1
          accesses:
          - submitTopology
          - killTopology
          - activate
          - deactivate
          - getTopology
        - users:
          - admin 
          accesses: "{{ stormAdminAccesses }}"
          delegate_admin: true
    no_log: True
      
          


MAINTAINERS: Serge ALEXANDRE

METADATA:
	Status: ['preview']
	Supported_by: community
