You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by rm...@apache.org on 2019/09/12 18:59:24 UTC
[ranger] branch master updated: RANGER-2564:Avoid recursive audit
log in Solr Plugin by user solr when plugin is enabled for ranger_audits
collection-addon to exclude deny also from loging for user SOLR
This is an automated email from the ASF dual-hosted git repository.
rmani pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 11c9556 RANGER-2564:Avoid recursive audit log in Solr Plugin by user solr when plugin is enabled for ranger_audits collection-addon to exclude deny also from loging for user SOLR
11c9556 is described below
commit 11c9556c40964cc697e5995e966c9b482482ee48
Author: rmani <rm...@hortonworks.com>
AuthorDate: Thu Sep 12 11:53:38 2019 -0700
RANGER-2564:Avoid recursive audit log in Solr Plugin by user solr when plugin is enabled for ranger_audits collection-addon to exclude deny also from loging for user SOLR
---
.../ranger/authorization/solr/authorizer/RangerSolrAuditHandler.java | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuditHandler.java b/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuditHandler.java
index c6e7beb..96f6d49 100644
--- a/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuditHandler.java
+++ b/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuditHandler.java
@@ -44,7 +44,7 @@ public class RangerSolrAuditHandler extends RangerMultiResourceAuditHandler {
@Override
public void processResult(RangerAccessResult result) {
- // We don't audit "allowed" operation for user "solr" on collection "ranger_audits" to avoid recursive
+ // We don't audit operation for user "solr" on collection "ranger_audits" to avoid recursive
// loging due to updated of ranger_audits collection by solr plugin's audit creation.
if (!isAuditingNeeded(result)) {
return;
@@ -55,12 +55,11 @@ public class RangerSolrAuditHandler extends RangerMultiResourceAuditHandler {
private boolean isAuditingNeeded(final RangerAccessResult result) {
boolean ret = true;
- boolean isAllowed = result.getIsAllowed();
RangerAccessRequest request = result.getAccessRequest();
RangerAccessResourceImpl resource = (RangerAccessResourceImpl) request.getResource();
String resourceName = (String) resource.getValue(RangerSolrAuthorizer.KEY_COLLECTION);
String requestUser = request.getUser();
- if (resourceName != null && resourceName.equals(RANGER_AUDIT_COLLECTION) && excludeUsers.contains(requestUser) && isAllowed) {
+ if (resourceName != null && resourceName.equals(RANGER_AUDIT_COLLECTION) && excludeUsers.contains(requestUser)) {
ret = false;
}
return ret;