You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Ramesh Mani <rm...@hortonworks.com> on 2020/06/21 21:14:42 UTC
Review Request 72608: RANGER-2869: Ranger audit module to provide an
option to generate a UUID for each audit log
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72608/
-----------------------------------------------------------
Review request for ranger, Abhay Kulkarni and Madhan Neethiraj.
Bugs: RANGER-2869
https://issues.apache.org/jira/browse/RANGER-2869
Repository: ranger
Description
-------
RANGER-2869: Ranger audit module to provide an option to generate a UUID for each audit log
Diffs
-----
agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java b7315a9
agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java 137fd1f
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java b82ff29
Diff: https://reviews.apache.org/r/72608/diff/1/
Testing
-------
Verified in Local vm - Audit logs has the Strict UUID when "xasecure.audit.auditid.strict.uuid=true", else exisiting logic of appending the UUID with sequence is happening.
Thanks,
Ramesh Mani
Re: Review Request 72608: RANGER-2869: Ranger audit module to provide
an option to generate a UUID for each audit log
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72608/#review221040
-----------------------------------------------------------
agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
Line 76 (original), 77 (patched)
<https://reviews.apache.org/r/72608/#comment309822>
@Abhay - you are right. There is no need to instantiate RANDOM_HOLDER. Instead, #303 should directly reference RandomHolder.random, which will defer instantiation of RandomHolder.random until its first use.
agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
Lines 299 (patched)
<https://reviews.apache.org/r/72608/#comment309823>
SecureRandom implementation depends on various sources of entropy such as (keyboard/mouse/other i/o, ..), which makes it unpredictable. Depending upon the activities in the operating system, it might take multiple seconds to create a random number - which is not suitable for high volunme audit-log-id generation here.
- Madhan Neethiraj
On June 21, 2020, 9:14 p.m., Ramesh Mani wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72608/
> -----------------------------------------------------------
>
> (Updated June 21, 2020, 9:14 p.m.)
>
>
> Review request for ranger, Abhay Kulkarni and Madhan Neethiraj.
>
>
> Bugs: RANGER-2869
> https://issues.apache.org/jira/browse/RANGER-2869
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RANGER-2869: Ranger audit module to provide an option to generate a UUID for each audit log
>
>
> Diffs
> -----
>
> agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java b7315a9
> agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java 137fd1f
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java b82ff29
>
>
> Diff: https://reviews.apache.org/r/72608/diff/1/
>
>
> Testing
> -------
>
> Verified in Local vm - Audit logs has the Strict UUID when "xasecure.audit.auditid.strict.uuid=true", else exisiting logic of appending the UUID with sequence is happening.
>
>
> Thanks,
>
> Ramesh Mani
>
>
Re: Review Request 72608: RANGER-2869: Ranger audit module to provide
an option to generate a UUID for each audit log
Posted by Abhay Kulkarni <ak...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72608/#review221049
-----------------------------------------------------------
Ship it!
Ship It!
- Abhay Kulkarni
On June 22, 2020, 8:38 p.m., Ramesh Mani wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72608/
> -----------------------------------------------------------
>
> (Updated June 22, 2020, 8:38 p.m.)
>
>
> Review request for ranger, Abhay Kulkarni and Madhan Neethiraj.
>
>
> Bugs: RANGER-2869
> https://issues.apache.org/jira/browse/RANGER-2869
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RANGER-2869: Ranger audit module to provide an option to generate a UUID for each audit log
>
>
> Diffs
> -----
>
> agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java b7315a9
> agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java 137fd1f
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java b82ff29
>
>
> Diff: https://reviews.apache.org/r/72608/diff/2/
>
>
> Testing
> -------
>
> Verified in Local vm - Audit logs has the Strict UUID when "xasecure.audit.auditid.strict.uuid=true", else exisiting logic of appending the UUID with sequence is happening.
>
>
> Thanks,
>
> Ramesh Mani
>
>
Re: Review Request 72608: RANGER-2869: Ranger audit module to provide
an option to generate a UUID for each audit log
Posted by Ramesh Mani <rm...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72608/
-----------------------------------------------------------
(Updated June 22, 2020, 8:38 p.m.)
Review request for ranger, Abhay Kulkarni and Madhan Neethiraj.
Changes
-------
Fixed review comments
Bugs: RANGER-2869
https://issues.apache.org/jira/browse/RANGER-2869
Repository: ranger
Description
-------
RANGER-2869: Ranger audit module to provide an option to generate a UUID for each audit log
Diffs (updated)
-----
agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java b7315a9
agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java 137fd1f
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java b82ff29
Diff: https://reviews.apache.org/r/72608/diff/2/
Changes: https://reviews.apache.org/r/72608/diff/1-2/
Testing
-------
Verified in Local vm - Audit logs has the Strict UUID when "xasecure.audit.auditid.strict.uuid=true", else exisiting logic of appending the UUID with sequence is happening.
Thanks,
Ramesh Mani
Re: Review Request 72608: RANGER-2869: Ranger audit module to provide
an option to generate a UUID for each audit log
Posted by Ramesh Mani <rm...@hortonworks.com>.
> On June 21, 2020, 10:37 p.m., Abhay Kulkarni wrote:
> > agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
> > Lines 299 (patched)
> > <https://reviews.apache.org/r/72608/diff/1/?file=2234815#file2234815line299>
> >
> > Although secureRandom object can be slow at times, the black-duck scan may flag this as a security issue.
When every audit log needs a new UUID, we shall stick to random() as secureRandom() will be very slow and will block the operation done.
- Ramesh
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72608/#review221039
-----------------------------------------------------------
On June 22, 2020, 8:38 p.m., Ramesh Mani wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72608/
> -----------------------------------------------------------
>
> (Updated June 22, 2020, 8:38 p.m.)
>
>
> Review request for ranger, Abhay Kulkarni and Madhan Neethiraj.
>
>
> Bugs: RANGER-2869
> https://issues.apache.org/jira/browse/RANGER-2869
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RANGER-2869: Ranger audit module to provide an option to generate a UUID for each audit log
>
>
> Diffs
> -----
>
> agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java b7315a9
> agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java 137fd1f
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java b82ff29
>
>
> Diff: https://reviews.apache.org/r/72608/diff/2/
>
>
> Testing
> -------
>
> Verified in Local vm - Audit logs has the Strict UUID when "xasecure.audit.auditid.strict.uuid=true", else exisiting logic of appending the UUID with sequence is happening.
>
>
> Thanks,
>
> Ramesh Mani
>
>
Re: Review Request 72608: RANGER-2869: Ranger audit module to provide
an option to generate a UUID for each audit log
Posted by Abhay Kulkarni <ak...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72608/#review221039
-----------------------------------------------------------
agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
Line 76 (original), 77 (patched)
<https://reviews.apache.org/r/72608/#comment309820>
Given that the static final RANDOM_HOLDER is created here, how is the initialization deferred to the time of first use as indicated in the comment at line 871?
agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
Lines 299 (patched)
<https://reviews.apache.org/r/72608/#comment309821>
Although secureRandom object can be slow at times, the black-duck scan may flag this as a security issue.
agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java
Lines 293 (patched)
<https://reviews.apache.org/r/72608/#comment309819>
This may cause a log of warning messages. Please review.
- Abhay Kulkarni
On June 21, 2020, 9:14 p.m., Ramesh Mani wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72608/
> -----------------------------------------------------------
>
> (Updated June 21, 2020, 9:14 p.m.)
>
>
> Review request for ranger, Abhay Kulkarni and Madhan Neethiraj.
>
>
> Bugs: RANGER-2869
> https://issues.apache.org/jira/browse/RANGER-2869
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RANGER-2869: Ranger audit module to provide an option to generate a UUID for each audit log
>
>
> Diffs
> -----
>
> agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java b7315a9
> agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java 137fd1f
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java b82ff29
>
>
> Diff: https://reviews.apache.org/r/72608/diff/1/
>
>
> Testing
> -------
>
> Verified in Local vm - Audit logs has the Strict UUID when "xasecure.audit.auditid.strict.uuid=true", else exisiting logic of appending the UUID with sequence is happening.
>
>
> Thanks,
>
> Ramesh Mani
>
>