You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by rm...@apache.org on 2019/08/31 00:48:20 UTC
[ranger] branch master updated: RANGER-2556:RangerHivePlugin Row
filtering and Column Masking auditing gives inconsistent audit information
- addon
This is an automated email from the ASF dual-hosted git repository.
rmani pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new f570226 RANGER-2556:RangerHivePlugin Row filtering and Column Masking auditing gives inconsistent audit information - addon
f570226 is described below
commit f57022645db36054d2c63f1af503b82363999b47
Author: rmani <rm...@hortonworks.com>
AuthorDate: Fri Aug 30 13:38:27 2019 -0700
RANGER-2556:RangerHivePlugin Row filtering and Column Masking auditing gives inconsistent audit information - addon
---
.../authorization/hive/authorizer/RangerHiveAuditHandler.java | 2 +-
.../authorization/hive/authorizer/RangerHiveAuthorizer.java | 8 ++------
2 files changed, 3 insertions(+), 7 deletions(-)
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java
index bf4d6c1..765da59 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java
@@ -108,7 +108,7 @@ public class RangerHiveAuditHandler extends RangerDefaultAuditHandler {
ret = createAuditEvent(result, result.getMaskType(), resourcePath);
} else if (policyType == RangerPolicy.POLICY_TYPE_ROWFILTER) {
ret = createAuditEvent(result, ACCESS_TYPE_ROWFILTER, resourcePath);
- } else {
+ } else if (policyType == RangerPolicy.POLICY_TYPE_ACCESS) {
String accessType = null;
if (request instanceof RangerHiveAccessRequest) {
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
index dec39e4..bb015c5 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
@@ -1064,11 +1064,9 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
if(isRowFilterEnabled(result)) {
ret = result.getFilterExpr();
- auditHandler.flushAudit();
}
- } catch (Exception e){
+ } finally {
auditHandler.flushAudit();
- LOG.error("RangerHiveAuthoriser.applyRowFilterAndColumnMasking() failed...", e);
}
if(LOG.isDebugEnabled()) {
@@ -1129,7 +1127,6 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
columnTransformer = transformer.replace("{col}", columnName);
}
- auditHandler.flushAudit();
/*
String maskCondition = result.getMaskCondition();
@@ -1138,9 +1135,8 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
}
*/
}
- } catch (Exception e){
+ } finally {
auditHandler.flushAudit();
- LOG.error("RangerHiveAuthoriser.applyRowFilterAndColumnMasking() failed...", e);
}
columnTransformers.add(columnTransformer);