Repository: ranger Updated Branches: refs/heads/master 3b510f8c0 -> 6cb7e82f4
RANGER-2063: Audit log shows multiple table names when only one table is accessed Project: http://git-wip-us.apache.org/repos/asf/ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/6cb7e82f Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/6cb7e82f Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/6cb7e82f Branch: refs/heads/master Commit: 6cb7e82f4926c407028cd9374001e7059a4c5a43 Parents: 3b510f8 Author: Abhay Kulkarni <akulka...@hortonworks.com> Authored: Mon Apr 9 15:15:23 2018 -0700 Committer: Abhay Kulkarni <akulka...@hortonworks.com> Committed: Mon Apr 9 15:15:23 2018 -0700 ---------------------------------------------------------------------- .../hbase/HbaseAuditHandlerImpl.java | 15 +++++ .../hbase/RangerHBaseResource.java | 65 ++++++++++++-------- 2 files changed, 54 insertions(+), 26 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ranger/blob/6cb7e82f/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuditHandlerImpl.java ---------------------------------------------------------------------- diff --git a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuditHandlerImpl.java b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuditHandlerImpl.java index 1dc06eb..bbf7db3 100644 --- a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuditHandlerImpl.java +++ b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuditHandlerImpl.java @@ -25,6 +25,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.ranger.audit.model.AuthzAuditEvent; import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler; +import org.apache.ranger.plugin.policyengine.RangerAccessRequest; import org.apache.ranger.plugin.policyengine.RangerAccessResult; public class HbaseAuditHandlerImpl extends RangerDefaultAuditHandler implements HbaseAuditHandler { @@ -42,6 +43,7 @@ public class HbaseAuditHandlerImpl extends RangerDefaultAuditHandler implements LOG.debug("==> HbaseAuditHandlerImpl.getAuthzEvents(" + result + ")"); } + resetResourceForAudit(result.getAccessRequest()); AuthzAuditEvent event = super.getAuthzEvents(result); // first accumulate last set of events and then capture these as the most recent ones if (_mostRecentEvent != null) { @@ -147,4 +149,17 @@ public class HbaseAuditHandlerImpl extends RangerDefaultAuditHandler implements LOG.debug("<== HbaseAuditHandlerImpl.applySuperUserOverride(...)"); } } + + private void resetResourceForAudit(RangerAccessRequest request) { + if (LOG.isDebugEnabled()) { + LOG.debug("==> HbaseAuditHandlerImpl.resetResourceForAudit(" + request + ")"); + } + if (request != null && request.getResource() instanceof RangerHBaseResource) { + RangerHBaseResource hbaseResource = (RangerHBaseResource) request.getResource(); + hbaseResource.resetValue(RangerHBaseResource.KEY_TABLE); + } + if(LOG.isDebugEnabled()) { + LOG.debug("<== HbaseAuditHandlerImpl.resetResourceForAudit(" + request + ")"); + } + } } http://git-wip-us.apache.org/repos/asf/ranger/blob/6cb7e82f/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerHBaseResource.java ---------------------------------------------------------------------- diff --git a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerHBaseResource.java b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerHBaseResource.java index e705d97..1055618 100644 --- a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerHBaseResource.java +++ b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerHBaseResource.java @@ -39,40 +39,53 @@ public class RangerHBaseResource extends RangerAccessResourceImpl { public RangerHBaseResource() { } - public RangerHBaseResource(Map<String, Object> elements) { - super(elements); - setValue(KEY_TABLE, getValue(KEY_TABLE)); - } + public RangerHBaseResource(Map<String, Object> elements) { + super(elements); + setValue(KEY_TABLE, getValue(KEY_TABLE)); + } - public RangerHBaseResource(Map<String, Object> elements, String ownerUser) { - super(elements, ownerUser); - setValue(KEY_TABLE, getValue(KEY_TABLE)); - } + public RangerHBaseResource(Map<String, Object> elements, String ownerUser) { + super(elements, ownerUser); + setValue(KEY_TABLE, getValue(KEY_TABLE)); + } @Override public void setValue(String key, Object value) { - // special handling for tables in 'default' namespace - if (StringUtils.equals(key, KEY_TABLE)) { - if (value != null && value instanceof String) { - String tableName = (String) value; + // special handling for tables in 'default' namespace + if (StringUtils.equals(key, KEY_TABLE)) { + if (value instanceof String) { + String tableName = (String) value; - if (!tableName.contains(NAMESPACE_SEPARATOR)) { - List<String> tableNames = new ArrayList<>(2); + if (!tableName.contains(NAMESPACE_SEPARATOR)) { + List<String> tableNames = new ArrayList<>(2); - tableNames.add(tableName); - tableNames.add(DEFAULT_NAMESPACE + tableName); + tableNames.add(tableName); + tableNames.add(DEFAULT_NAMESPACE + tableName); - value = tableNames; - } else if (StringUtils.startsWith(tableName, DEFAULT_NAMESPACE)) { - List<String> tableNames = new ArrayList<>(2); + value = tableNames; + } else if (StringUtils.startsWith(tableName, DEFAULT_NAMESPACE)) { + List<String> tableNames = new ArrayList<>(2); - tableNames.add(tableName.substring(DEFAULT_NAMESPACE.length())); - tableNames.add(tableName); + tableNames.add(tableName); + tableNames.add(tableName.substring(DEFAULT_NAMESPACE.length())); + + value = tableNames; + } + } + } + super.setValue(key, value); + } - value = tableNames; - } - } - } - super.setValue(key, value); + void resetValue(String key) { + // Undo special handling for tables in 'default' namespace + if (StringUtils.equals(key, KEY_TABLE)) { + Object value = getValue(key); + if (value instanceof List) { + List tableNames = (List) value; + if (!tableNames.isEmpty()) { + super.setValue(key, tableNames.get(0)); + } + } + } } }
