[ranger] branch master updated: RANGER-2599. Add more audit data to HBase grant/revoke events

Mon, 07 Oct 2019 07:19:32 -0700 

This is an automated email from the ASF dual-hosted git repository.

zsombor pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
     new 0011a44  RANGER-2599. Add more audit data to HBase grant/revoke events
0011a44 is described below

commit 0011a441d0151c9eeec78ab1e5b9e3e3262129b8
Author: Andor Molnar <[email protected]>
AuthorDate: Tue Oct 1 15:28:20 2019 +0200

    RANGER-2599. Add more audit data to HBase grant/revoke events
    
    Signed-off-by: Zsombor Gegesy <[email protected]>
---
 .../authorization/hbase/RangerAuthorizationCoprocessor.java |  3 ++-
 security-admin/src/main/webapp/scripts/utils/XAViewUtils.js | 13 +++++++++----
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git 
a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
 
b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
index 364a415..311d3eb 100644
--- 
a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
+++ 
b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
@@ -1497,6 +1497,7 @@ public class RangerAuthorizationCoprocessor implements 
AccessControlService.Inte
                ret.setClientIPAddress(getRemoteAddress());
                ret.setForwardedAddresses(null);//TODO: Need to check with Knox 
proxy how they handle forwarded add.
                ret.setRemoteIPAddress(getRemoteAddress());
+               ret.setRequestData(up.toString());
 
                if(userName.startsWith(GROUP_PREFIX)) {
                        
ret.getGroups().add(userName.substring(GROUP_PREFIX.length()));
@@ -1604,7 +1605,7 @@ public class RangerAuthorizationCoprocessor implements 
AccessControlService.Inte
                ret.setClientIPAddress(getRemoteAddress());
                ret.setForwardedAddresses(null);//TODO: Need to check with Knox 
proxy how they handle forwarded add.
                ret.setRemoteIPAddress(getRemoteAddress());
-               
+               ret.setRequestData(up.toString());
                
                if(userName.startsWith(GROUP_PREFIX)) {
                        
ret.getGroups().add(userName.substring(GROUP_PREFIX.length()));
diff --git a/security-admin/src/main/webapp/scripts/utils/XAViewUtils.js 
b/security-admin/src/main/webapp/scripts/utils/XAViewUtils.js
index 6ef3343..9c2af5f 100644
--- a/security-admin/src/main/webapp/scripts/utils/XAViewUtils.js
+++ b/security-admin/src/main/webapp/scripts/utils/XAViewUtils.js
@@ -31,7 +31,8 @@ define(function(require) {
     XAViewUtil.resourceTypeFormatter = function(rawValue, model){
         var resourcePath = _.isUndefined(model.get('resourcePath')) ? 
undefined : model.get('resourcePath');
         var resourceType = _.isUndefined(model.get('resourceType')) ? 
undefined : model.get('resourceType');
-        if(model.get('serviceType') == XAEnums.ServiceType.Service_HIVE.label 
&& model.get('aclEnforcer') == "ranger-acl"
+        if((model.get('serviceType') === 
XAEnums.ServiceType.Service_HIVE.label || model.get('serviceType') === 
XAEnums.ServiceType.Service_HBASE.label)
+            && model.get('aclEnforcer') === "ranger-acl"
             && model.get('requestData')){
             if(resourcePath && !_.isEmpty(model.get('requestData'))) {
                 return '<div class="clearfix">\
@@ -64,18 +65,22 @@ define(function(require) {
     };
 
     XAViewUtil.showQueryPopup = function(model, that){
-        if(model.get('serviceType') == XAEnums.ServiceType.Service_HIVE.label 
&& model.get('aclEnforcer') == "ranger-acl"
+        if((model.get('serviceType') === 
XAEnums.ServiceType.Service_HIVE.label || model.get('serviceType') === 
XAEnums.ServiceType.Service_HBASE.label)
+            && model.get('aclEnforcer') === "ranger-acl"
             && model.get('requestData') && 
!_.isEmpty(model.get('requestData'))){
+            var titleMap = {};
+            titleMap[XAEnums.ServiceType.Service_HIVE.label] = 'Hive Query';
+            titleMap[XAEnums.ServiceType.Service_HBASE.label] = 'HBase Audit 
Data';
             var msg = '<div class="pull-right link-tag query-icon copyQuery 
btn btn-mini" title="Copy Query"><i class="icon-copy"></i></div><div 
class="query-content">'+model.get('requestData')+'</div>';
             var $elements = that.$el.find('table [data-name = 
"queryInfo"][data-id = "'+model.id+'"]');
             $elements.popover({
                 html: true,
-                title:'<b> Hive Query </b>'+
+                title:'<b>' + (titleMap[model.get('serviceType')] || 'Request 
Data') + '</b>' +
                 '<button type="button"  id="queryInfoClose" class="close 
closeBtn" 
onclick="$(&quot;.queryInfo&quot;).popover(&quot;hide&quot;);">&times;</button>',
                 content: msg,
                 selector : true,
                 container:'body',
-                placement: 'top',
+                placement: 'top'
             }).on("click", function(e){
                 e.stopPropagation();
                 if($(e.target).data('toggle') !== 'popover' && 
$(e.target).parents('.popover.in').length === 0){

Reply via email to