----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/42601/#review116741 -----------------------------------------------------------
agents-audit/src/main/java/org/apache/ranger/audit/destination/DBAuditDestination.java (line 97) <https://reviews.apache.org/r/42601/#comment177806> Instead of cloning and updating the eventDate in every destination (db/hdfs/solr/log4j), consider sending the "local" time (as set in AuthzAuditEvent.eventTime) to all audit destinations - exception DB, which require the time in UTC. For DB, consider updating the time in AuthzAuditEventDbObj(AuthzAuditEvent event) constructor. - Madhan Neethiraj On Jan. 27, 2016, 4:21 a.m., Gautam Borad wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/42601/ > ----------------------------------------------------------- > > (Updated Jan. 27, 2016, 4:21 a.m.) > > > Review request for ranger, Alok Lal, Don Bosco Durai, Abhay Kulkarni, Madhan > Neethiraj, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy. > > > Bugs: RANGER-798 > https://issues.apache.org/jira/browse/RANGER-798 > > > Repository: ranger > > > Description > ------- > > **Problem Statement**: > The current implementation of “auditEvent.getEventTime()” contains time in > UTC and since it's a date object it will contain component machine's local > timezone. When Solr receives this date object and timezone, it tries to > convert it from given timezone to UTC timestamp, which leads to double > conversion of actual time before it get stored in Solr. > > **Proposed Solution**: > If we can provide server local time and timezone to Solr then Solr will > convert the received time from given timezone to UTC. > As an alternate solution, replaced getUTCDate() with new Date() object at > various places for audit event time, all audit destination will receive > local Date object, for Solr there will be no conversion on received Date > object but for all other audit destination we need to convert the received > Date value to UTC timestamp as audit logs are being stored in UTC timestamp > for all service/component. If all destination thread are enabled then > changing the received event object may create issue in other audit > destination as same event object is refferred everywhere. Hence received > event object attributes value are being copied in another local event object > and the updated event time can be stored there, after this local event object > will be used to convert that in JSON to write in HDFS, or can be persisted in > DB. > > > Diffs > ----- > > > agents-audit/src/main/java/org/apache/ranger/audit/destination/DBAuditDestination.java > 376e724 > > agents-audit/src/main/java/org/apache/ranger/audit/destination/FileAuditDestination.java > c6cd8b2 > > agents-audit/src/main/java/org/apache/ranger/audit/destination/HDFSAuditDestination.java > 96755be > > agents-audit/src/main/java/org/apache/ranger/audit/destination/Log4JAuditDestination.java > 9521a4a > > agents-audit/src/main/java/org/apache/ranger/audit/model/AuditEventBase.java > 2a07e94 > > agents-audit/src/main/java/org/apache/ranger/audit/provider/BaseAuditHandler.java > 6717c92 > agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java > 9586f73 > > agents-common/src/main/java/org/apache/ranger/authorization/utils/StringUtil.java > f6f3d2d > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java > fe50ca6 > > hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java > 8762bf5 > > hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java > 5125af7 > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAccessRequest.java > 2ae4149 > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java > 0f13577 > > plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java > bb6a337 > > plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java > 04b8b91 > > plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java > a8ecf15 > > plugin-yarn/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java > ab9b7a9 > > Diff: https://reviews.apache.org/r/42601/diff/ > > > Testing > ------- > > Steps performed(after patch) : > 1) Changed plugin system time zone to IST and restarted all components. > 2) Initiated an HDFS audit event. > 3) Checked event time of newly created audit log in Solr, Audit log event > time was matching with UTC. > 4) Checked event time in Ranger UI, newly generated Audit event is matching > with current time. > 5) Checked event time of newly created audit log in xa_access_audit table, > Audit log event time was matching with UTC. > 6) Checked event time of newly created audit log in HDFS logs, Audit log > event time was matching with UTC. > > Note: Will test other services audit logs after this approach is reviewed. > > > Thanks, > > Gautam Borad > >
