You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ranger.apache.org by rm...@apache.org on 2019/09/12 18:59:24 UTC

[ranger] branch master updated: RANGER-2564:Avoid recursive audit log in Solr Plugin by user solr when plugin is enabled for ranger_audits collection-addon to exclude deny also from loging for user SOLR

This is an automated email from the ASF dual-hosted git repository.

rmani pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
     new 11c9556  RANGER-2564:Avoid recursive audit log in Solr Plugin by user solr when plugin is enabled for ranger_audits collection-addon to exclude deny also from loging for user SOLR
11c9556 is described below

commit 11c9556c40964cc697e5995e966c9b482482ee48
Author: rmani <rm...@hortonworks.com>
AuthorDate: Thu Sep 12 11:53:38 2019 -0700

    RANGER-2564:Avoid recursive audit log in Solr Plugin by user solr when plugin is enabled for ranger_audits collection-addon to exclude deny also from loging for user SOLR
---
 .../ranger/authorization/solr/authorizer/RangerSolrAuditHandler.java | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuditHandler.java b/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuditHandler.java
index c6e7beb..96f6d49 100644
--- a/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuditHandler.java
+++ b/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuditHandler.java
@@ -44,7 +44,7 @@ public class RangerSolrAuditHandler extends RangerMultiResourceAuditHandler {
 
     @Override
     public void processResult(RangerAccessResult result) {
-        // We don't audit "allowed" operation for user "solr" on collection "ranger_audits" to avoid recursive
+        // We don't audit operation for user "solr" on collection "ranger_audits" to avoid recursive
         // loging due to updated of ranger_audits collection by solr plugin's audit creation.
         if (!isAuditingNeeded(result)) {
             return;
@@ -55,12 +55,11 @@ public class RangerSolrAuditHandler extends RangerMultiResourceAuditHandler {
 
     private boolean isAuditingNeeded(final RangerAccessResult result) {
         boolean                  ret       = true;
-        boolean                  isAllowed = result.getIsAllowed();
         RangerAccessRequest      request   = result.getAccessRequest();
         RangerAccessResourceImpl resource  = (RangerAccessResourceImpl) request.getResource();
         String resourceName                = (String) resource.getValue(RangerSolrAuthorizer.KEY_COLLECTION);
         String requestUser                 = request.getUser();
-        if (resourceName != null && resourceName.equals(RANGER_AUDIT_COLLECTION) && excludeUsers.contains(requestUser) && isAllowed) {
+        if (resourceName != null && resourceName.equals(RANGER_AUDIT_COLLECTION) && excludeUsers.contains(requestUser)) {
            ret = false;
         }
         return ret;