[ranger] branch master updated: RANGER-2474:Policy version and details in access audits wrong when deny condition added to policy

rmani Tue, 18 Jun 2019 10:22:58 -0700

This is an automated email from the ASF dual-hosted git repository.

rmani pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git



The following commit(s) were added to refs/heads/master by this push:
     new bf5f755  RANGER-2474:Policy version and details in access audits wrong 
when deny condition added to policy
bf5f755 is described below

commit bf5f75532923edd2feca16f9961744e486628bb8
Author: rmani <[email protected]>
AuthorDate: Mon Jun 17 23:04:58 2019 -0700

    RANGER-2474:Policy version and details in access audits wrong when deny 
condition added to policy
    
    Signed-off-by: rmani <[email protected]>
---
 .../org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java   | 1 -
 .../ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java     | 2 ++
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git 
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
 
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
index 73fd0c2..e0043ff 100644
--- 
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
+++ 
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
@@ -1399,7 +1399,6 @@ public class RangerPolicyEngineImpl implements 
RangerPolicyEngine {
                                        }
 
                                        if (ret.getIsAuditedDetermined() && 
ret.getIsAccessDetermined()) {
-                                               
ret.setPolicyVersion(evaluator.getPolicy().getVersion());
                                                break;            // Break out 
of policy-evaluation loop
                                        }
 
diff --git 
a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
 
b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
index fc38a08..a0283c4 100644
--- 
a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
+++ 
b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
@@ -482,6 +482,7 @@ public class RangerDefaultPolicyEvaluator extends 
RangerAbstractPolicyEvaluator
                                result.setPolicyPriority(getPolicyPriority());
                                result.setPolicyId(getId());
                                result.setReason(reason);
+                               
result.setPolicyVersion(getPolicy().getVersion());
                        }
                } else {
                        if (!result.getIsAllowed()) { // if access is not yet 
allowed by another policy
@@ -489,6 +490,7 @@ public class RangerDefaultPolicyEvaluator extends 
RangerAbstractPolicyEvaluator
                                result.setPolicyPriority(getPolicyPriority());
                                result.setPolicyId(getId());
                                result.setReason(reason);
+                               
result.setPolicyVersion(getPolicy().getVersion());
                        }
                }
                if (LOG.isDebugEnabled()) {

[ranger] branch master updated: RANGER-2474:Policy version and details in access audits wrong when deny condition added to policy

Reply via email to