You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by zs...@apache.org on 2019/10/07 14:19:06 UTC
[ranger] branch master updated: RANGER-2599. Add more audit data to
HBase grant/revoke events
This is an automated email from the ASF dual-hosted git repository.
zsombor pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 0011a44 RANGER-2599. Add more audit data to HBase grant/revoke events
0011a44 is described below
commit 0011a441d0151c9eeec78ab1e5b9e3e3262129b8
Author: Andor Molnar <an...@cloudera.com>
AuthorDate: Tue Oct 1 15:28:20 2019 +0200
RANGER-2599. Add more audit data to HBase grant/revoke events
Signed-off-by: Zsombor Gegesy <zs...@apache.org>
---
.../authorization/hbase/RangerAuthorizationCoprocessor.java | 3 ++-
security-admin/src/main/webapp/scripts/utils/XAViewUtils.js | 13 +++++++++----
2 files changed, 11 insertions(+), 5 deletions(-)
diff --git a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
index 364a415..311d3eb 100644
--- a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
+++ b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
@@ -1497,6 +1497,7 @@ public class RangerAuthorizationCoprocessor implements AccessControlService.Inte
ret.setClientIPAddress(getRemoteAddress());
ret.setForwardedAddresses(null);//TODO: Need to check with Knox proxy how they handle forwarded add.
ret.setRemoteIPAddress(getRemoteAddress());
+ ret.setRequestData(up.toString());
if(userName.startsWith(GROUP_PREFIX)) {
ret.getGroups().add(userName.substring(GROUP_PREFIX.length()));
@@ -1604,7 +1605,7 @@ public class RangerAuthorizationCoprocessor implements AccessControlService.Inte
ret.setClientIPAddress(getRemoteAddress());
ret.setForwardedAddresses(null);//TODO: Need to check with Knox proxy how they handle forwarded add.
ret.setRemoteIPAddress(getRemoteAddress());
-
+ ret.setRequestData(up.toString());
if(userName.startsWith(GROUP_PREFIX)) {
ret.getGroups().add(userName.substring(GROUP_PREFIX.length()));
diff --git a/security-admin/src/main/webapp/scripts/utils/XAViewUtils.js b/security-admin/src/main/webapp/scripts/utils/XAViewUtils.js
index 6ef3343..9c2af5f 100644
--- a/security-admin/src/main/webapp/scripts/utils/XAViewUtils.js
+++ b/security-admin/src/main/webapp/scripts/utils/XAViewUtils.js
@@ -31,7 +31,8 @@ define(function(require) {
XAViewUtil.resourceTypeFormatter = function(rawValue, model){
var resourcePath = _.isUndefined(model.get('resourcePath')) ? undefined : model.get('resourcePath');
var resourceType = _.isUndefined(model.get('resourceType')) ? undefined : model.get('resourceType');
- if(model.get('serviceType') == XAEnums.ServiceType.Service_HIVE.label && model.get('aclEnforcer') == "ranger-acl"
+ if((model.get('serviceType') === XAEnums.ServiceType.Service_HIVE.label || model.get('serviceType') === XAEnums.ServiceType.Service_HBASE.label)
+ && model.get('aclEnforcer') === "ranger-acl"
&& model.get('requestData')){
if(resourcePath && !_.isEmpty(model.get('requestData'))) {
return '<div class="clearfix">\
@@ -64,18 +65,22 @@ define(function(require) {
};
XAViewUtil.showQueryPopup = function(model, that){
- if(model.get('serviceType') == XAEnums.ServiceType.Service_HIVE.label && model.get('aclEnforcer') == "ranger-acl"
+ if((model.get('serviceType') === XAEnums.ServiceType.Service_HIVE.label || model.get('serviceType') === XAEnums.ServiceType.Service_HBASE.label)
+ && model.get('aclEnforcer') === "ranger-acl"
&& model.get('requestData') && !_.isEmpty(model.get('requestData'))){
+ var titleMap = {};
+ titleMap[XAEnums.ServiceType.Service_HIVE.label] = 'Hive Query';
+ titleMap[XAEnums.ServiceType.Service_HBASE.label] = 'HBase Audit Data';
var msg = '<div class="pull-right link-tag query-icon copyQuery btn btn-mini" title="Copy Query"><i class="icon-copy"></i></div><div class="query-content">'+model.get('requestData')+'</div>';
var $elements = that.$el.find('table [data-name = "queryInfo"][data-id = "'+model.id+'"]');
$elements.popover({
html: true,
- title:'<b> Hive Query </b>'+
+ title:'<b>' + (titleMap[model.get('serviceType')] || 'Request Data') + '</b>' +
'<button type="button" id="queryInfoClose" class="close closeBtn" onclick="$(".queryInfo").popover("hide");">×</button>',
content: msg,
selector : true,
container:'body',
- placement: 'top',
+ placement: 'top'
}).on("click", function(e){
e.stopPropagation();
if($(e.target).data('toggle') !== 'popover' && $(e.target).parents('.popover.in').length === 0){