You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2015/04/17 06:03:00 UTC

incubator-ranger git commit: RANGER-404: Fix for missed audit-log in HDFS plugin when mkdir fails

Repository: incubator-ranger
Updated Branches:
  refs/heads/master 6f888a61f -> b3e31fadd


RANGER-404: Fix for missed audit-log in HDFS plugin when mkdir fails


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/b3e31fad
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/b3e31fad
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/b3e31fad

Branch: refs/heads/master
Commit: b3e31fadd9fc35a4867d5bbbde0320ed791e0d1d
Parents: 6f888a6
Author: Madhan Neethiraj <ma...@apache.org>
Authored: Thu Apr 16 16:53:10 2015 -0700
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Thu Apr 16 21:01:41 2015 -0700

----------------------------------------------------------------------
 .../hadoop/RangerHdfsAuthorizer.java            | 52 ++++++++++++++++----
 1 file changed, 43 insertions(+), 9 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b3e31fad/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
----------------------------------------------------------------------
diff --git a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
index 61a95d2..55d8f73 100644
--- a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
+++ b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
@@ -286,7 +286,21 @@ public class RangerHdfsAuthorizer extends INodeAttributeProvider {
 						accessGranted = true;
 					} finally {
 						if(auditHandler != null) {
-							auditHandler.logHadoopEvent(path, access, accessGranted);
+							FsAction action = access;
+
+							if(action == null) {
+								if(parentAccess != null) {
+									action = parentAccess;
+								} else if(ancestorAccess != null) {
+									action = ancestorAccess;
+								} else if(subAccess != null) {
+									action = subAccess;
+								} else {
+									action = FsAction.NONE;
+								}
+							}
+
+							auditHandler.logHadoopEvent(path, action, accessGranted);
 						}
 					}
 				}
@@ -436,6 +450,10 @@ class RangerHdfsAuditHandler extends RangerDefaultAuditHandler {
 
 	@Override
 	public void logAudit(RangerAccessResult result) {
+		if(LOG.isDebugEnabled()) {
+			LOG.debug("==> RangerHdfsAuditHandler.logAudit(" + result + ")");
+		}
+
 		if(! isAuditEnabled && result.getIsAudited()) {
 			isAuditEnabled = true;
 		}
@@ -457,30 +475,46 @@ class RangerHdfsAuditHandler extends RangerDefaultAuditHandler {
 		auditEvent.setRepositoryType(result.getServiceType());
 		auditEvent.setRepositoryName(result.getServiceName());
 		auditEvent.setResultReason(resourcePath);
+
+		if(LOG.isDebugEnabled()) {
+			LOG.debug("<== RangerHdfsAuditHandler.logAudit(" + result + "): " + auditEvent);
+		}
 	}
 
 	public void logHadoopEvent(String path, FsAction action, boolean accessGranted) {
+		if(LOG.isDebugEnabled()) {
+			LOG.debug("==> RangerHdfsAuditHandler.logHadoopEvent(" + path + ", " + action + ", " + accessGranted + ")");
+		}
+
 		auditEvent.setResultReason(path);
 		auditEvent.setAccessResult((short) (accessGranted ? 1 : 0));
 		auditEvent.setAccessType(action == null ? null : action.toString());
 		auditEvent.setAclEnforcer(HadoopModuleName);
 		auditEvent.setPolicyId(-1);
+
+		if(LOG.isDebugEnabled()) {
+			LOG.debug("<== RangerHdfsAuditHandler.logHadoopEvent(" + path + ", " + action + ", " + accessGranted + "): " + auditEvent);
+		}
 	}
 
 	public void flushAudit() {
-		if(! isAuditEnabled || StringUtils.isEmpty(auditEvent.getAccessType())) {
-			return;
+		if(LOG.isDebugEnabled()) {
+			LOG.debug("==> RangerHdfsAuditHandler.flushAudit(" + isAuditEnabled + ", " + auditEvent + ")");
 		}
 
-		String username = auditEvent.getUser();
+		if(isAuditEnabled && !StringUtils.isEmpty(auditEvent.getAccessType())) {
+			String username = auditEvent.getUser();
 
-		boolean skipLog = (username != null && excludeUsers != null && excludeUsers.contains(username)) ;
-		
-		if (skipLog) {
-			return ;
+			boolean skipLog = (username != null && excludeUsers != null && excludeUsers.contains(username)) ;
+
+			if (! skipLog) {
+				super.logAuthzAudit(auditEvent);
+			}
 		}
 
-		super.logAuthzAudit(auditEvent);
+		if(LOG.isDebugEnabled()) {
+			LOG.debug("<== RangerHdfsAuditHandler.flushAudit(" + isAuditEnabled + ", " + auditEvent + ")");
+		}
 	}
 }