You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ab...@apache.org on 2018/04/09 22:33:33 UTC
ranger git commit: RANGER-2063: Audit log shows multiple table names
when only one table is accessed
Repository: ranger
Updated Branches:
refs/heads/master 3b510f8c0 -> 6cb7e82f4
RANGER-2063: Audit log shows multiple table names when only one table is accessed
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/6cb7e82f
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/6cb7e82f
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/6cb7e82f
Branch: refs/heads/master
Commit: 6cb7e82f4926c407028cd9374001e7059a4c5a43
Parents: 3b510f8
Author: Abhay Kulkarni <ak...@hortonworks.com>
Authored: Mon Apr 9 15:15:23 2018 -0700
Committer: Abhay Kulkarni <ak...@hortonworks.com>
Committed: Mon Apr 9 15:15:23 2018 -0700
----------------------------------------------------------------------
.../hbase/HbaseAuditHandlerImpl.java | 15 +++++
.../hbase/RangerHBaseResource.java | 65 ++++++++++++--------
2 files changed, 54 insertions(+), 26 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/6cb7e82f/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuditHandlerImpl.java
----------------------------------------------------------------------
diff --git a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuditHandlerImpl.java b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuditHandlerImpl.java
index 1dc06eb..bbf7db3 100644
--- a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuditHandlerImpl.java
+++ b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuditHandlerImpl.java
@@ -25,6 +25,7 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.audit.model.AuthzAuditEvent;
import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler;
+import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
import org.apache.ranger.plugin.policyengine.RangerAccessResult;
public class HbaseAuditHandlerImpl extends RangerDefaultAuditHandler implements HbaseAuditHandler {
@@ -42,6 +43,7 @@ public class HbaseAuditHandlerImpl extends RangerDefaultAuditHandler implements
LOG.debug("==> HbaseAuditHandlerImpl.getAuthzEvents(" + result + ")");
}
+ resetResourceForAudit(result.getAccessRequest());
AuthzAuditEvent event = super.getAuthzEvents(result);
// first accumulate last set of events and then capture these as the most recent ones
if (_mostRecentEvent != null) {
@@ -147,4 +149,17 @@ public class HbaseAuditHandlerImpl extends RangerDefaultAuditHandler implements
LOG.debug("<== HbaseAuditHandlerImpl.applySuperUserOverride(...)");
}
}
+
+ private void resetResourceForAudit(RangerAccessRequest request) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==> HbaseAuditHandlerImpl.resetResourceForAudit(" + request + ")");
+ }
+ if (request != null && request.getResource() instanceof RangerHBaseResource) {
+ RangerHBaseResource hbaseResource = (RangerHBaseResource) request.getResource();
+ hbaseResource.resetValue(RangerHBaseResource.KEY_TABLE);
+ }
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== HbaseAuditHandlerImpl.resetResourceForAudit(" + request + ")");
+ }
+ }
}
http://git-wip-us.apache.org/repos/asf/ranger/blob/6cb7e82f/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerHBaseResource.java
----------------------------------------------------------------------
diff --git a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerHBaseResource.java b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerHBaseResource.java
index e705d97..1055618 100644
--- a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerHBaseResource.java
+++ b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerHBaseResource.java
@@ -39,40 +39,53 @@ public class RangerHBaseResource extends RangerAccessResourceImpl {
public RangerHBaseResource() {
}
- public RangerHBaseResource(Map<String, Object> elements) {
- super(elements);
- setValue(KEY_TABLE, getValue(KEY_TABLE));
- }
+ public RangerHBaseResource(Map<String, Object> elements) {
+ super(elements);
+ setValue(KEY_TABLE, getValue(KEY_TABLE));
+ }
- public RangerHBaseResource(Map<String, Object> elements, String ownerUser) {
- super(elements, ownerUser);
- setValue(KEY_TABLE, getValue(KEY_TABLE));
- }
+ public RangerHBaseResource(Map<String, Object> elements, String ownerUser) {
+ super(elements, ownerUser);
+ setValue(KEY_TABLE, getValue(KEY_TABLE));
+ }
@Override
public void setValue(String key, Object value) {
- // special handling for tables in 'default' namespace
- if (StringUtils.equals(key, KEY_TABLE)) {
- if (value != null && value instanceof String) {
- String tableName = (String) value;
+ // special handling for tables in 'default' namespace
+ if (StringUtils.equals(key, KEY_TABLE)) {
+ if (value instanceof String) {
+ String tableName = (String) value;
- if (!tableName.contains(NAMESPACE_SEPARATOR)) {
- List<String> tableNames = new ArrayList<>(2);
+ if (!tableName.contains(NAMESPACE_SEPARATOR)) {
+ List<String> tableNames = new ArrayList<>(2);
- tableNames.add(tableName);
- tableNames.add(DEFAULT_NAMESPACE + tableName);
+ tableNames.add(tableName);
+ tableNames.add(DEFAULT_NAMESPACE + tableName);
- value = tableNames;
- } else if (StringUtils.startsWith(tableName, DEFAULT_NAMESPACE)) {
- List<String> tableNames = new ArrayList<>(2);
+ value = tableNames;
+ } else if (StringUtils.startsWith(tableName, DEFAULT_NAMESPACE)) {
+ List<String> tableNames = new ArrayList<>(2);
- tableNames.add(tableName.substring(DEFAULT_NAMESPACE.length()));
- tableNames.add(tableName);
+ tableNames.add(tableName);
+ tableNames.add(tableName.substring(DEFAULT_NAMESPACE.length()));
+
+ value = tableNames;
+ }
+ }
+ }
+ super.setValue(key, value);
+ }
- value = tableNames;
- }
- }
- }
- super.setValue(key, value);
+ void resetValue(String key) {
+ // Undo special handling for tables in 'default' namespace
+ if (StringUtils.equals(key, KEY_TABLE)) {
+ Object value = getValue(key);
+ if (value instanceof List) {
+ List tableNames = (List) value;
+ if (!tableNames.isEmpty()) {
+ super.setValue(key, tableNames.get(0));
+ }
+ }
+ }
}
}