ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mad...@apache.org
Subject incubator-ranger git commit: RANGER-468: Audit logs should use ranger-acl as enforcer instead of xasecure-acl
Date Tue, 12 May 2015 06:23:39 GMT
Repository: incubator-ranger
Updated Branches:
  refs/heads/master fd7d0805f -> 5ef5ed1ad


RANGER-468: Audit logs should use ranger-acl as enforcer instead of xasecure-acl


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/5ef5ed1a
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/5ef5ed1a
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/5ef5ed1a

Branch: refs/heads/master
Commit: 5ef5ed1ade1ccaf2b6ab03914d28c068ee855417
Parents: fd7d080
Author: Madhan Neethiraj <madhan@apache.org>
Authored: Mon May 11 22:56:05 2015 -0700
Committer: Madhan Neethiraj <madhan@apache.org>
Committed: Mon May 11 23:23:29 2015 -0700

----------------------------------------------------------------------
 .../java/org/apache/ranger/audit/test/TestEvents.java    |  2 +-
 .../hadoop/constants/RangerHadoopConstants.java          |  3 ++-
 hdfs-agent/conf/ranger-hdfs-security.xml                 |  2 +-
 .../org/apache/ranger/service/XAccessAuditService.java   | 11 ++++++++++-
 4 files changed, 14 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5ef5ed1a/agents-audit/src/main/java/org/apache/ranger/audit/test/TestEvents.java
----------------------------------------------------------------------
diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/test/TestEvents.java b/agents-audit/src/main/java/org/apache/ranger/audit/test/TestEvents.java
index 87c6a8f..3e89cc4 100644
--- a/agents-audit/src/main/java/org/apache/ranger/audit/test/TestEvents.java
+++ b/agents-audit/src/main/java/org/apache/ranger/audit/test/TestEvents.java
@@ -125,7 +125,7 @@ public class TestEvents {
 
         event.setClientIP("127.0.0.1");
         event.setAccessResult((short)(idx % 2 > 0 ? 1 : 0));
-        event.setAclEnforcer("xasecure-acl");
+        event.setAclEnforcer("ranger-acl");
 
         switch(idx % 5) {
             case 0:

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5ef5ed1a/agents-common/src/main/java/org/apache/ranger/authorization/hadoop/constants/RangerHadoopConstants.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/authorization/hadoop/constants/RangerHadoopConstants.java
b/agents-common/src/main/java/org/apache/ranger/authorization/hadoop/constants/RangerHadoopConstants.java
index be5a778..a800027 100644
--- a/agents-common/src/main/java/org/apache/ranger/authorization/hadoop/constants/RangerHadoopConstants.java
+++ b/agents-common/src/main/java/org/apache/ranger/authorization/hadoop/constants/RangerHadoopConstants.java
@@ -49,7 +49,8 @@ public class RangerHadoopConstants {
 	public static final String AUDITLOG_HADOOP_MODULE_ACL_NAME_PROP    	= "xasecure.auditlog.hadoopAcl.name"
;
 	
 	public static final String DEFAULT_LOG_FIELD_DELIMITOR  			= "|" ;
-	public static final String DEFAULT_RANGER_MODULE_ACL_NAME  		= "xasecure-acl" ;
+	public static final String DEFAULT_XASECURE_MODULE_ACL_NAME  	= "xasecure-acl" ;
+	public static final String DEFAULT_RANGER_MODULE_ACL_NAME  		= "ranger-acl" ;
 	public static final String DEFAULT_HADOOP_MODULE_ACL_NAME    		= "hadoop-acl" ;
 	
 

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5ef5ed1a/hdfs-agent/conf/ranger-hdfs-security.xml
----------------------------------------------------------------------
diff --git a/hdfs-agent/conf/ranger-hdfs-security.xml b/hdfs-agent/conf/ranger-hdfs-security.xml
index 9e03e38..37230b7 100644
--- a/hdfs-agent/conf/ranger-hdfs-security.xml
+++ b/hdfs-agent/conf/ranger-hdfs-security.xml
@@ -69,7 +69,7 @@
 	<!-- 
 	<property>
 		<name>xasecure.auditlog.xasecureAcl.name</name>
-		<value>xasecure-acl</value>
+		<value>ranger-acl</value>
 		<description>
 			The module name listed in the auditlog when the permission check is done by RangerACL
 		</description>

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5ef5ed1a/security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java
b/security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java
index 2c143b8..9598308 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java
@@ -22,6 +22,8 @@
 import java.util.ArrayList;
 import java.util.List;
 
+import org.apache.commons.lang.StringUtils;
+import org.apache.ranger.authorization.hadoop.constants.RangerHadoopConstants;
 import org.apache.ranger.common.SearchCriteria;
 import org.apache.ranger.common.SearchField;
 import org.apache.ranger.common.SearchField.DATA_TYPE;
@@ -162,7 +164,14 @@ public class XAccessAuditService extends XAccessAuditServiceBase<XXAccessAudit,
         // Iterate over the result list and create the return list
         for (XXAccessAudit gjXAccessAudit : resultList) {
             VXAccessAudit vXAccessAudit = populateViewBean(gjXAccessAudit);
-            xAccessAuditList.add(vXAccessAudit);
+
+            if(vXAccessAudit != null) {
+                if(StringUtils.equalsIgnoreCase(vXAccessAudit.getAclEnforcer(), RangerHadoopConstants.DEFAULT_XASECURE_MODULE_ACL_NAME))
{
+                    vXAccessAudit.setAclEnforcer(RangerHadoopConstants.DEFAULT_RANGER_MODULE_ACL_NAME);
+                }
+
+                xAccessAuditList.add(vXAccessAudit);
+            }
         }
 
 


Mime
View raw message