ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ab...@apache.org
Subject ranger git commit: RANGER-2037: Avoid creation of spurious audit record in HDFS 2.8.0 and later versions
Date Fri, 23 Mar 2018 19:02:13 GMT
Repository: ranger
Updated Branches:
  refs/heads/master 44e4269b1 -> 98e6b6631


RANGER-2037: Avoid creation of spurious audit record in HDFS 2.8.0 and later versions


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/98e6b663
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/98e6b663
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/98e6b663

Branch: refs/heads/master
Commit: 98e6b663156a67ce9ccba4b01a76d24a559eb885
Parents: 44e4269
Author: Abhay Kulkarni <akulkarni@hortonworks.com>
Authored: Fri Mar 23 11:24:45 2018 -0700
Committer: Abhay Kulkarni <akulkarni@hortonworks.com>
Committed: Fri Mar 23 11:24:45 2018 -0700

----------------------------------------------------------------------
 .../apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/98e6b663/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
----------------------------------------------------------------------
diff --git a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
index 59cf6b1..ecc62a1 100644
--- a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
+++ b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
@@ -469,7 +469,7 @@ public class RangerHdfsAuthorizer extends INodeAttributeProvider {
 				ret = AuthzStatus.ALLOW;
 			}
 
-			if (result != null && (!skipAuditOnAllow || ret == AuthzStatus.DENY)) {
+			if (ret == AuthzStatus.DENY || (!skipAuditOnAllow && result != null &&
result.getIsAccessDetermined())) {
 				auditHandler.processResult(result);
 			}
 


Mime
View raw message