You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by rm...@apache.org on 2019/06/18 17:22:34 UTC
[ranger] branch master updated: RANGER-2474:Policy version and
details in access audits wrong when deny condition added to policy
This is an automated email from the ASF dual-hosted git repository.
rmani pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new bf5f755 RANGER-2474:Policy version and details in access audits wrong when deny condition added to policy
bf5f755 is described below
commit bf5f75532923edd2feca16f9961744e486628bb8
Author: rmani <rm...@hortonworks.com>
AuthorDate: Mon Jun 17 23:04:58 2019 -0700
RANGER-2474:Policy version and details in access audits wrong when deny condition added to policy
Signed-off-by: rmani <rm...@hortonworks.com>
---
.../org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java | 1 -
.../ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java | 2 ++
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
index 73fd0c2..e0043ff 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
@@ -1399,7 +1399,6 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine {
}
if (ret.getIsAuditedDetermined() && ret.getIsAccessDetermined()) {
- ret.setPolicyVersion(evaluator.getPolicy().getVersion());
break; // Break out of policy-evaluation loop
}
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
index fc38a08..a0283c4 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
@@ -482,6 +482,7 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator
result.setPolicyPriority(getPolicyPriority());
result.setPolicyId(getId());
result.setReason(reason);
+ result.setPolicyVersion(getPolicy().getVersion());
}
} else {
if (!result.getIsAllowed()) { // if access is not yet allowed by another policy
@@ -489,6 +490,7 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator
result.setPolicyPriority(getPolicyPriority());
result.setPolicyId(getId());
result.setReason(reason);
+ result.setPolicyVersion(getPolicy().getVersion());
}
}
if (LOG.isDebugEnabled()) {