You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by Abhay Kulkarni <ak...@hortonworks.com> on 2018/03/23 18:09:16 UTC

Re: Review Request 66251: Avoid creation of spurious audit record in HDFS 2.8.0 and later versions

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66251/
-----------------------------------------------------------

(Updated March 23, 2018, 6:09 p.m.)


Review request for ranger and Madhan Neethiraj.


Summary (updated)
-----------------

Avoid creation of spurious audit record in HDFS 2.8.0 and later versions


Bugs: RANGER-2037
    https://issues.apache.org/jira/browse/RANGER-2037


Repository: ranger


Description
-------

HDFS 2.8.0 calls authorizer twice for each access request; first for traverse-only check and second for specific access permission check. Currently, first check produces an audit record which is unnecessary and confusing as it seems to suggest that Ranger authorizer denied the request.


Diffs (updated)
-----

  hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java 59cf6b12f 


Diff: https://reviews.apache.org/r/66251/diff/2/

Changes: https://reviews.apache.org/r/66251/diff/1-2/


Testing (updated)
-------

Tested in a local VM.


Thanks,

Abhay Kulkarni

Re: Review Request 66251: Avoid creation of spurious audit record in HDFS 2.8.0 and later versions

Posted by Zsombor Gegesy <zs...@apache.org>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66251/#review199907
-----------------------------------------------------------


Ship it!




Ship It!

- Zsombor Gegesy


On March 23, 2018, 6:09 p.m., Abhay Kulkarni wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66251/
> -----------------------------------------------------------
> 
> (Updated March 23, 2018, 6:09 p.m.)
> 
> 
> Review request for ranger and Madhan Neethiraj.
> 
> 
> Bugs: RANGER-2037
>     https://issues.apache.org/jira/browse/RANGER-2037
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> HDFS 2.8.0 calls authorizer twice for each access request; first for traverse-only check and second for specific access permission check. Currently, first check produces an audit record which is unnecessary and confusing as it seems to suggest that Ranger authorizer denied the request.
> 
> 
> Diffs
> -----
> 
>   hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java 59cf6b12f 
> 
> 
> Diff: https://reviews.apache.org/r/66251/diff/2/
> 
> 
> Testing
> -------
> 
> Tested in a local VM.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>