You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Ramesh Mani <rm...@hortonworks.com> on 2020/11/29 21:30:01 UTC
Re: Review Request 72969: RANGER-3000:Implement AuditFilters to
include or exclude audit logs
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72969/
-----------------------------------------------------------
(Updated Nov. 29, 2020, 9:29 p.m.)
Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, and Velmurugan Periasamy.
Changes
-------
Updated Patch
Bugs: RANGER-3000
https://issues.apache.org/jira/browse/RANGER-3000
Repository: ranger
Description
-------
RANGER-3000:Implement AuditFilters to include or exclude audit logs
Diffs (updated)
-----
agents-common/src/main/java/org/apache/ranger/authorization/utils/JsonUtils.java 994d3944d
agents-common/src/main/java/org/apache/ranger/plugin/model/AuditFilter.java PRE-CREATION
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java 04c6e75c4
agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java 0d9a346d4
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java c54ef1704
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java 4e41adcea
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java b66d5a1ce
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java 169ed0f5d
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAuditPolicyEvaluator.java PRE-CREATION
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 07fb63872
agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java 979488181
agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java 2d9bc7382
agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java 6ab068f6f
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java 63fccd0b3
agents-common/src/test/resources/policyengine/test_policyengine_audit_filter_hdfs.json PRE-CREATION
agents-common/src/test/resources/policyengine/test_policyengine_audit_filter_hive.json PRE-CREATION
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 520258715
Diff: https://reviews.apache.org/r/72969/diff/3/
Changes: https://reviews.apache.org/r/72969/diff/2-3/
Testing
-------
- Testing done in local VM.
Thanks,
Ramesh Mani
Re: Review Request 72969: RANGER-3000:Implement AuditFilters to
include or exclude audit logs
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72969/#review222246
-----------------------------------------------------------
Fix it, then Ship it!
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAuditPolicyEvaluator.java
Lines 280 (patched)
<https://reviews.apache.org/r/72969/#comment311302>
Consider moving this block, #280 - #284, to after #269 which checks for request.user:
if (!ret && hasResourceOwner) {
String owner = request.getResource() != null ? request.getResource().getOwnerUser() : null;
ret = request.getUser().equals(owner);
}
- Madhan Neethiraj
On Nov. 30, 2020, 12:14 a.m., Ramesh Mani wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72969/
> -----------------------------------------------------------
>
> (Updated Nov. 30, 2020, 12:14 a.m.)
>
>
> Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-3000
> https://issues.apache.org/jira/browse/RANGER-3000
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RANGER-3000:Implement AuditFilters to include or exclude audit logs
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/authorization/utils/JsonUtils.java 994d3944d
> agents-common/src/main/java/org/apache/ranger/plugin/model/AuditFilter.java PRE-CREATION
> agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java 04c6e75c4
> agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java 0d9a346d4
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java c54ef1704
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java 4e41adcea
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java b66d5a1ce
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java 169ed0f5d
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAuditPolicyEvaluator.java PRE-CREATION
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 07fb63872
> agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java 979488181
> agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java 2d9bc7382
> agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java 6ab068f6f
> agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java 63fccd0b3
> agents-common/src/test/resources/policyengine/test_policyengine_audit_filter_hdfs.json PRE-CREATION
> agents-common/src/test/resources/policyengine/test_policyengine_audit_filter_hive.json PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 520258715
>
>
> Diff: https://reviews.apache.org/r/72969/diff/4/
>
>
> Testing
> -------
>
> - Testing done in local VM.
>
>
> Thanks,
>
> Ramesh Mani
>
>
Re: Review Request 72969: RANGER-3000:Audit-filter feature
implementation to help reduce volume of audit logs generated
Posted by Ramesh Mani <rm...@hortonworks.com>.
> On Nov. 30, 2020, 4 a.m., Don Bosco Durai wrote:
> > agents-common/src/main/java/org/apache/ranger/authorization/utils/JsonUtils.java
> > Lines 128 (patched)
> > <https://reviews.apache.org/r/72969/diff/4/?file=2242444#file2242444line128>
> >
> > We are returning null. I assume we are handling it where it is been called. Should we just throw the exception and let it get handle where it is called?
Bosco, when auditFilters are null, resulting auditPolicyEvaluators are going to be Empty and won't get evaluated. Existing auditing decision by the resource / tag policies will be the one used.
- Ramesh
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72969/#review222247
-----------------------------------------------------------
On Nov. 30, 2020, 6:21 a.m., Ramesh Mani wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72969/
> -----------------------------------------------------------
>
> (Updated Nov. 30, 2020, 6:21 a.m.)
>
>
> Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-3000
> https://issues.apache.org/jira/browse/RANGER-3000
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RANGER-3000:Audit-filter feature implementation to help reduce volume of audit logs generated
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/authorization/utils/JsonUtils.java 994d3944d
> agents-common/src/main/java/org/apache/ranger/plugin/model/AuditFilter.java PRE-CREATION
> agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java 04c6e75c4
> agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java 0d9a346d4
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java c54ef1704
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java 4e41adcea
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java b66d5a1ce
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java 169ed0f5d
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAuditPolicyEvaluator.java PRE-CREATION
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 07fb63872
> agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java 979488181
> agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java 2d9bc7382
> agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java 6ab068f6f
> agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java 63fccd0b3
> agents-common/src/test/resources/policyengine/test_policyengine_audit_filter_hdfs.json PRE-CREATION
> agents-common/src/test/resources/policyengine/test_policyengine_audit_filter_hive.json PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 520258715
>
>
> Diff: https://reviews.apache.org/r/72969/diff/6/
>
>
> Testing
> -------
>
> - Testing done in local VM.
>
>
> Thanks,
>
> Ramesh Mani
>
>
Re: Review Request 72969: RANGER-3000:Audit-filter feature
implementation to help reduce volume of audit logs generated
Posted by Don Bosco Durai <bo...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72969/#review222247
-----------------------------------------------------------
agents-common/src/main/java/org/apache/ranger/authorization/utils/JsonUtils.java
Lines 128 (patched)
<https://reviews.apache.org/r/72969/#comment311303>
We are returning null. I assume we are handling it where it is been called. Should we just throw the exception and let it get handle where it is called?
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
Lines 907 (patched)
<https://reviews.apache.org/r/72969/#comment311304>
Should this be accessTime and not accessType?
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAuditPolicyEvaluator.java
Lines 74 (patched)
<https://reviews.apache.org/r/72969/#comment311305>
Let's make sure ++ doesn't mess the passed value. It might be better to increment in a new statement to be safe
- Don Bosco Durai
On Nov. 30, 2020, 3:42 a.m., Ramesh Mani wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72969/
> -----------------------------------------------------------
>
> (Updated Nov. 30, 2020, 3:42 a.m.)
>
>
> Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-3000
> https://issues.apache.org/jira/browse/RANGER-3000
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RANGER-3000:Audit-filter feature implementation to help reduce volume of audit logs generated
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/authorization/utils/JsonUtils.java 994d3944d
> agents-common/src/main/java/org/apache/ranger/plugin/model/AuditFilter.java PRE-CREATION
> agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java 04c6e75c4
> agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java 0d9a346d4
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java c54ef1704
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java 4e41adcea
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java b66d5a1ce
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java 169ed0f5d
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAuditPolicyEvaluator.java PRE-CREATION
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 07fb63872
> agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java 979488181
> agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java 2d9bc7382
> agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java 6ab068f6f
> agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java 63fccd0b3
> agents-common/src/test/resources/policyengine/test_policyengine_audit_filter_hdfs.json PRE-CREATION
> agents-common/src/test/resources/policyengine/test_policyengine_audit_filter_hive.json PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 520258715
>
>
> Diff: https://reviews.apache.org/r/72969/diff/5/
>
>
> Testing
> -------
>
> - Testing done in local VM.
>
>
> Thanks,
>
> Ramesh Mani
>
>
Re: Review Request 72969: RANGER-3000:Audit-filter feature
implementation to help reduce volume of audit logs generated
Posted by Ramesh Mani <rm...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72969/
-----------------------------------------------------------
(Updated Nov. 30, 2020, 6:21 a.m.)
Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, and Velmurugan Periasamy.
Changes
-------
review comment addressed
Bugs: RANGER-3000
https://issues.apache.org/jira/browse/RANGER-3000
Repository: ranger
Description
-------
RANGER-3000:Audit-filter feature implementation to help reduce volume of audit logs generated
Diffs (updated)
-----
agents-common/src/main/java/org/apache/ranger/authorization/utils/JsonUtils.java 994d3944d
agents-common/src/main/java/org/apache/ranger/plugin/model/AuditFilter.java PRE-CREATION
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java 04c6e75c4
agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java 0d9a346d4
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java c54ef1704
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java 4e41adcea
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java b66d5a1ce
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java 169ed0f5d
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAuditPolicyEvaluator.java PRE-CREATION
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 07fb63872
agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java 979488181
agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java 2d9bc7382
agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java 6ab068f6f
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java 63fccd0b3
agents-common/src/test/resources/policyengine/test_policyengine_audit_filter_hdfs.json PRE-CREATION
agents-common/src/test/resources/policyengine/test_policyengine_audit_filter_hive.json PRE-CREATION
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 520258715
Diff: https://reviews.apache.org/r/72969/diff/6/
Changes: https://reviews.apache.org/r/72969/diff/5-6/
Testing
-------
- Testing done in local VM.
Thanks,
Ramesh Mani
Re: Review Request 72969: RANGER-3000:Audit-filter feature
implementation to help reduce volume of audit logs generated
Posted by Ramesh Mani <rm...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72969/
-----------------------------------------------------------
(Updated Nov. 30, 2020, 3:42 a.m.)
Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, and Velmurugan Periasamy.
Changes
-------
RANGER-3000:Audit-filter feature implementation to help reduce volume of audit logs generated
Summary (updated)
-----------------
RANGER-3000:Audit-filter feature implementation to help reduce volume of audit logs generated
Bugs: RANGER-3000
https://issues.apache.org/jira/browse/RANGER-3000
Repository: ranger
Description (updated)
-------
RANGER-3000:Audit-filter feature implementation to help reduce volume of audit logs generated
Diffs (updated)
-----
agents-common/src/main/java/org/apache/ranger/authorization/utils/JsonUtils.java 994d3944d
agents-common/src/main/java/org/apache/ranger/plugin/model/AuditFilter.java PRE-CREATION
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java 04c6e75c4
agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java 0d9a346d4
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java c54ef1704
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java 4e41adcea
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java b66d5a1ce
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java 169ed0f5d
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAuditPolicyEvaluator.java PRE-CREATION
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 07fb63872
agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java 979488181
agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java 2d9bc7382
agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java 6ab068f6f
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java 63fccd0b3
agents-common/src/test/resources/policyengine/test_policyengine_audit_filter_hdfs.json PRE-CREATION
agents-common/src/test/resources/policyengine/test_policyengine_audit_filter_hive.json PRE-CREATION
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 520258715
Diff: https://reviews.apache.org/r/72969/diff/5/
Changes: https://reviews.apache.org/r/72969/diff/4-5/
Testing
-------
- Testing done in local VM.
Thanks,
Ramesh Mani
Re: Review Request 72969: RANGER-3000:Implement AuditFilters to
include or exclude audit logs
Posted by Ramesh Mani <rm...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72969/
-----------------------------------------------------------
(Updated Nov. 30, 2020, 12:14 a.m.)
Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, and Velmurugan Periasamy.
Changes
-------
review comment fixed
Bugs: RANGER-3000
https://issues.apache.org/jira/browse/RANGER-3000
Repository: ranger
Description
-------
RANGER-3000:Implement AuditFilters to include or exclude audit logs
Diffs (updated)
-----
agents-common/src/main/java/org/apache/ranger/authorization/utils/JsonUtils.java 994d3944d
agents-common/src/main/java/org/apache/ranger/plugin/model/AuditFilter.java PRE-CREATION
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java 04c6e75c4
agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java 0d9a346d4
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java c54ef1704
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java 4e41adcea
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java b66d5a1ce
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java 169ed0f5d
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAuditPolicyEvaluator.java PRE-CREATION
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 07fb63872
agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java 979488181
agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java 2d9bc7382
agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java 6ab068f6f
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java 63fccd0b3
agents-common/src/test/resources/policyengine/test_policyengine_audit_filter_hdfs.json PRE-CREATION
agents-common/src/test/resources/policyengine/test_policyengine_audit_filter_hive.json PRE-CREATION
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 520258715
Diff: https://reviews.apache.org/r/72969/diff/4/
Changes: https://reviews.apache.org/r/72969/diff/3-4/
Testing
-------
- Testing done in local VM.
Thanks,
Ramesh Mani
Re: Review Request 72969: RANGER-3000:Implement AuditFilters to
include or exclude audit logs
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72969/#review222245
-----------------------------------------------------------
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
Lines 899 (patched)
<https://reviews.apache.org/r/72969/#comment311299>
return value from evaluateTagAuditPolicies() is unused. Consider replacing boolean with void.
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAuditPolicyEvaluator.java
Lines 101 (patched)
<https://reviews.apache.org/r/72969/#comment311300>
Consider removing this debug() if block, since the is available from #107.
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAuditPolicyEvaluator.java
Lines 267 (patched)
<https://reviews.apache.org/r/72969/#comment311301>
Consider handling {OWNER} as well here, similar to in RangerDefaultPolicyItemEvaluator.matchUserGroupAndOwner():
if (!ret && hasResourceOwner) {
String owner = request.getResource().getOwnerUser();
ret = owner != null && user.equals(owner);
}
- Madhan Neethiraj
On Nov. 29, 2020, 9:29 p.m., Ramesh Mani wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72969/
> -----------------------------------------------------------
>
> (Updated Nov. 29, 2020, 9:29 p.m.)
>
>
> Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-3000
> https://issues.apache.org/jira/browse/RANGER-3000
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RANGER-3000:Implement AuditFilters to include or exclude audit logs
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/authorization/utils/JsonUtils.java 994d3944d
> agents-common/src/main/java/org/apache/ranger/plugin/model/AuditFilter.java PRE-CREATION
> agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java 04c6e75c4
> agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java 0d9a346d4
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java c54ef1704
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java 4e41adcea
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java b66d5a1ce
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java 169ed0f5d
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAuditPolicyEvaluator.java PRE-CREATION
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 07fb63872
> agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java 979488181
> agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java 2d9bc7382
> agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java 6ab068f6f
> agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java 63fccd0b3
> agents-common/src/test/resources/policyengine/test_policyengine_audit_filter_hdfs.json PRE-CREATION
> agents-common/src/test/resources/policyengine/test_policyengine_audit_filter_hive.json PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 520258715
>
>
> Diff: https://reviews.apache.org/r/72969/diff/3/
>
>
> Testing
> -------
>
> - Testing done in local VM.
>
>
> Thanks,
>
> Ramesh Mani
>
>