You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ranger.apache.org by pr...@apache.org on 2020/06/30 11:28:11 UTC

[ranger] branch master updated: RANGER-2872: The Ranger authentication group permission of the ES does not take effect

This is an automated email from the ASF dual-hosted git repository.

pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
     new 81dd0f6  RANGER-2872: The Ranger authentication group permission of the ES does not take effect
81dd0f6 is described below

commit 81dd0f650eb179d29b9d62a6e435fef00e944e40
Author: pradeep <pr...@apache.org>
AuthorDate: Wed Jun 24 13:44:42 2020 +0530

    RANGER-2872: The Ranger authentication group permission of the ES does not take effect
---
 .../elasticsearch/authorizer/RangerElasticsearchAuthorizer.java     | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/plugin-elasticsearch/src/main/java/org/apache/ranger/authorization/elasticsearch/authorizer/RangerElasticsearchAuthorizer.java b/plugin-elasticsearch/src/main/java/org/apache/ranger/authorization/elasticsearch/authorizer/RangerElasticsearchAuthorizer.java
index f5201ce..e72a158 100644
--- a/plugin-elasticsearch/src/main/java/org/apache/ranger/authorization/elasticsearch/authorizer/RangerElasticsearchAuthorizer.java
+++ b/plugin-elasticsearch/src/main/java/org/apache/ranger/authorization/elasticsearch/authorizer/RangerElasticsearchAuthorizer.java
@@ -17,11 +17,13 @@
 
 package org.apache.ranger.authorization.elasticsearch.authorizer;
 
+import java.util.ArrayList;
 import java.util.Date;
 import java.util.List;
 
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.lang.StringUtils;
+import org.apache.ranger.audit.provider.MiscUtil;
 import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler;
 import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
 import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
@@ -87,7 +89,9 @@ public class RangerElasticsearchAuthorizer implements RangerElasticsearchAccessC
 		boolean ret = false;
 
 		if (elasticsearchPlugin != null) {
-
+			if (null == groups) {
+				groups = new ArrayList <>(MiscUtil.getGroupsForRequestUser(user));
+			}
 			String privilege = IndexPrivilegeUtils.getPrivilegeFromAction(action);
 			RangerElasticsearchAccessRequest request = new RangerElasticsearchAccessRequest(user, groups, index,
 					privilege, clientIPAddress);