You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2020/06/30 11:28:11 UTC
[ranger] branch master updated: RANGER-2872: The Ranger
authentication group permission of the ES does not take effect
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 81dd0f6 RANGER-2872: The Ranger authentication group permission of the ES does not take effect
81dd0f6 is described below
commit 81dd0f650eb179d29b9d62a6e435fef00e944e40
Author: pradeep <pr...@apache.org>
AuthorDate: Wed Jun 24 13:44:42 2020 +0530
RANGER-2872: The Ranger authentication group permission of the ES does not take effect
---
.../elasticsearch/authorizer/RangerElasticsearchAuthorizer.java | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/plugin-elasticsearch/src/main/java/org/apache/ranger/authorization/elasticsearch/authorizer/RangerElasticsearchAuthorizer.java b/plugin-elasticsearch/src/main/java/org/apache/ranger/authorization/elasticsearch/authorizer/RangerElasticsearchAuthorizer.java
index f5201ce..e72a158 100644
--- a/plugin-elasticsearch/src/main/java/org/apache/ranger/authorization/elasticsearch/authorizer/RangerElasticsearchAuthorizer.java
+++ b/plugin-elasticsearch/src/main/java/org/apache/ranger/authorization/elasticsearch/authorizer/RangerElasticsearchAuthorizer.java
@@ -17,11 +17,13 @@
package org.apache.ranger.authorization.elasticsearch.authorizer;
+import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
+import org.apache.ranger.audit.provider.MiscUtil;
import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler;
import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
@@ -87,7 +89,9 @@ public class RangerElasticsearchAuthorizer implements RangerElasticsearchAccessC
boolean ret = false;
if (elasticsearchPlugin != null) {
-
+ if (null == groups) {
+ groups = new ArrayList <>(MiscUtil.getGroupsForRequestUser(user));
+ }
String privilege = IndexPrivilegeUtils.getPrivilegeFromAction(action);
RangerElasticsearchAccessRequest request = new RangerElasticsearchAccessRequest(user, groups, index,
privilege, clientIPAddress);