-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/42601/
-----------------------------------------------------------
Review request for ranger, Alok Lal, Don Bosco Durai, Abhay Kulkarni, Madhan
Neethiraj, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy.
Bugs: RANGER-798
https://issues.apache.org/jira/browse/RANGER-798
Repository: ranger
Description
-------
**Problem Statement**:
The current implementation of “auditEvent.getEventTime()” contains time in UTC
and since it's a date object it will contain component machine's local
timezone. When Solr receives this date object and timezone, it tries to convert
it from given timezone to UTC timestamp, which leads to double conversion of
actual time before it get stored in Solr.
**Proposed Solution**:
If we can provide server local time and timezone to Solr then Solr will convert
the received time from given timezone to UTC.
As an alternate solution, replaced getUTCDate() with new Date() object at
various places for audit event time, all audit destination will receive local
Date object, for Solr there will be no conversion on received Date object but
for all other audit destination we need to convert the received Date value to
UTC timestamp as audit logs are being stored in UTC timestamp for all
service/component. If all destination thread are enabled then changing the
received event object may create issue in other audit destination as same event
object is refferred everywhere. Hence received event object attributes value
are being copied in another local event object and the updated event time can
be stored there, after this local event object will be used to convert that in
JSON to write in HDFS, or can be persisted in DB.
Diffs
-----
agents-audit/src/main/java/org/apache/ranger/audit/destination/DBAuditDestination.java
376e724
agents-audit/src/main/java/org/apache/ranger/audit/destination/FileAuditDestination.java
c6cd8b2
agents-audit/src/main/java/org/apache/ranger/audit/destination/HDFSAuditDestination.java
96755be
agents-audit/src/main/java/org/apache/ranger/audit/destination/Log4JAuditDestination.java
9521a4a
agents-audit/src/main/java/org/apache/ranger/audit/model/AuditEventBase.java
2a07e94
agents-audit/src/main/java/org/apache/ranger/audit/provider/BaseAuditHandler.java
6717c92
agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
9586f73
agents-common/src/main/java/org/apache/ranger/authorization/utils/StringUtil.java
f6f3d2d
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java
fe50ca6
hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
8762bf5
hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
5125af7
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAccessRequest.java
2ae4149
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java
0f13577
plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
bb6a337
plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java
04b8b91
plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
a8ecf15
plugin-yarn/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java
ab9b7a9
Diff: https://reviews.apache.org/r/42601/diff/
Testing
-------
Steps performed(after patch) :
1) Changed plugin system time zone to IST and restarted all components.
2) Initiated an HDFS audit event.
3) Checked event time of newly created audit log in Solr, Audit log event time
was matching with UTC.
4) Checked event time in Ranger UI, newly generated Audit event is matching
with current time.
5) Checked event time of newly created audit log in xa_access_audit table,
Audit log event time was matching with UTC.
6) Checked event time of newly created audit log in HDFS logs, Audit log event
time was matching with UTC.
Note: Will test other services audit logs after this approach is reviewed.
Thanks,
Gautam Borad
