You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by rm...@apache.org on 2019/08/31 00:48:20 UTC
[ranger] branch master updated: RANGER-2556:RangerHivePlugin Row filtering and Column Masking auditing gives inconsistent audit information - addon

This is an automated email from the ASF dual-hosted git repository.

rmani pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
     new f570226  RANGER-2556:RangerHivePlugin Row filtering and Column Masking auditing gives inconsistent audit information - addon
f570226 is described below

commit f57022645db36054d2c63f1af503b82363999b47
Author: rmani <rm...@hortonworks.com>
AuthorDate: Fri Aug 30 13:38:27 2019 -0700

    RANGER-2556:RangerHivePlugin Row filtering and Column Masking auditing gives inconsistent audit information - addon
---
 .../authorization/hive/authorizer/RangerHiveAuditHandler.java     | 2 +-
 .../authorization/hive/authorizer/RangerHiveAuthorizer.java       | 8 ++------
 2 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java
index bf4d6c1..765da59 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java
@@ -108,7 +108,7 @@ public class RangerHiveAuditHandler extends RangerDefaultAuditHandler {
 		    ret = createAuditEvent(result, result.getMaskType(), resourcePath);
         } else if (policyType == RangerPolicy.POLICY_TYPE_ROWFILTER) {
             ret = createAuditEvent(result, ACCESS_TYPE_ROWFILTER, resourcePath);
-		} else {
+		} else if (policyType == RangerPolicy.POLICY_TYPE_ACCESS) {
 			String accessType = null;
 
 			if (request instanceof RangerHiveAccessRequest) {
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
index dec39e4..bb015c5 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
@@ -1064,11 +1064,9 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
 
 			if(isRowFilterEnabled(result)) {
 				ret = result.getFilterExpr();
-				auditHandler.flushAudit();
 			}
-		} catch (Exception e){
+		} finally {
 			auditHandler.flushAudit();
-			LOG.error("RangerHiveAuthoriser.applyRowFilterAndColumnMasking() failed...", e);
 		}
 
 		if(LOG.isDebugEnabled()) {
@@ -1129,7 +1127,6 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
 					columnTransformer = transformer.replace("{col}", columnName);
 				}
 
-				auditHandler.flushAudit();
 				/*
 				String maskCondition = result.getMaskCondition();
 
@@ -1138,9 +1135,8 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
 				}
 				*/
 			}
-		} catch (Exception e){
+		} finally {
 			auditHandler.flushAudit();
-			LOG.error("RangerHiveAuthoriser.applyRowFilterAndColumnMasking() failed...", e);
 		}
 
 		columnTransformers.add(columnTransformer);