[
https://issues.apache.org/jira/browse/RANGER-4400?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Madhan Neethiraj updated RANGER-4400:
-------------------------------------
Fix Version/s: 3.0.0
2.5.0
> RangerKafkaAuditHandler broken and multiple authorizations audited
> -------------------------------------------------------------------
>
> Key: RANGER-4400
> URL: https://issues.apache.org/jira/browse/RANGER-4400
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Reporter: Fateh Singh
> Assignee: Fateh Singh
> Priority: Major
> Fix For: 3.0.0, 2.5.0
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> RANGER-2222 https://issues.apache.org/jira/browse/RANGER-2222 added support
> for cluster as new resource.
> RangerKafkaAuditHandler overrides the base implementation of
> RangerDefaultAuditHandler and this implementation overrides the default
> processResult(RangerAccessResult result) method wherein check is applied to
> decide if audit is needed or not ( If Cluster Resource Level Topic Creation
> is not Allowed we don't audit.Subsequent call from Kafka for Topic Creation
> at Topic resource Level will be audited)
> After RANGER-3231, the method processResults(Collection<RangerAccessResult>
> results) is called instead of processResult(RangerAccessResult result).
> Since RangerKafkaAuditHandler does not have
> processResults(Collection<RangerAccessResult> results) i.e. kafka specific
> way to process results, it falls back on the default
> RangerDefaultAuditHandler and all authorizations are audited.
> Bug fix required: processResults(Collection<RangerAccessResult> results) will
> have to be implemented for RangerKafkaAuditHandler to add checks to determine
> if auditing is required or not.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
