Repository: incubator-ranger Updated Branches: refs/heads/master dd996d25b -> 88db70795
RANGER-432: Renamed RangerAuditHandler to RangerAccessResultProcessor Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/88db7079 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/88db7079 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/88db7079 Branch: refs/heads/master Commit: 88db7079500a6b07e5bc3e03970a2542c2364f1e Parents: dd996d2 Author: Madhan Neethiraj <[email protected]> Authored: Mon Apr 27 12:37:08 2015 -0700 Committer: Madhan Neethiraj <[email protected]> Committed: Mon Apr 27 13:55:30 2015 -0700 ---------------------------------------------------------------------- .../ranger/plugin/audit/RangerAuditHandler.java | 31 ---------------- .../plugin/audit/RangerDefaultAuditHandler.java | 15 ++++---- .../RangerAccessResultProcessor.java | 29 +++++++++++++++ .../plugin/policyengine/RangerPolicyEngine.java | 5 ++- .../policyengine/RangerPolicyEngineImpl.java | 13 ++++--- .../ranger/plugin/service/RangerBasePlugin.java | 38 ++++++++++---------- .../authorization/hbase/HbaseAuditHandler.java | 4 +-- .../hbase/RangerAuthorizationCoprocessor.java | 6 ++-- .../hadoop/RangerHdfsAuthorizer.java | 2 +- .../hive/authorizer/RangerHiveAuditHandler.java | 4 +-- .../authorization/knox/KnoxRangerPlugin.java | 2 +- .../kms/authorizer/RangerKmsAuthorizer.java | 2 +- .../yarn/authorizer/RangerYarnAuthorizer.java | 4 +-- .../authorization/storm/StormRangerPlugin.java | 2 +- 14 files changed, 77 insertions(+), 80 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/88db7079/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerAuditHandler.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerAuditHandler.java b/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerAuditHandler.java deleted file mode 100644 index 45a63c2..0000000 --- a/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerAuditHandler.java +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.ranger.plugin.audit; - -import java.util.Collection; - -import org.apache.ranger.plugin.policyengine.RangerAccessResult; - - -public interface RangerAuditHandler { - void logAudit(RangerAccessResult result); - - void logAudit(Collection<RangerAccessResult> results); -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/88db7079/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java b/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java index 9f9bd39..fd22852 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java @@ -32,9 +32,10 @@ import org.apache.ranger.plugin.model.RangerServiceDef; import org.apache.ranger.plugin.policyengine.RangerAccessRequest; import org.apache.ranger.plugin.policyengine.RangerAccessResult; import org.apache.ranger.plugin.policyengine.RangerAccessResource; +import org.apache.ranger.plugin.policyengine.RangerAccessResultProcessor; -public class RangerDefaultAuditHandler implements RangerAuditHandler { +public class RangerDefaultAuditHandler implements RangerAccessResultProcessor { private static final Log LOG = LogFactory.getLog(RangerDefaultAuditHandler.class); @@ -42,9 +43,9 @@ public class RangerDefaultAuditHandler implements RangerAuditHandler { } @Override - public void logAudit(RangerAccessResult result) { + public void processResult(RangerAccessResult result) { if(LOG.isDebugEnabled()) { - LOG.debug("==> RangerDefaultAuditHandler.logAudit(" + result + ")"); + LOG.debug("==> RangerDefaultAuditHandler.processResult(" + result + ")"); } AuthzAuditEvent event = getAuthzEvents(result); @@ -52,14 +53,14 @@ public class RangerDefaultAuditHandler implements RangerAuditHandler { logAuthzAudit(event); if(LOG.isDebugEnabled()) { - LOG.debug("<== RangerDefaultAuditHandler.logAudit(" + result + ")"); + LOG.debug("<== RangerDefaultAuditHandler.processResult(" + result + ")"); } } @Override - public void logAudit(Collection<RangerAccessResult> results) { + public void processResults(Collection<RangerAccessResult> results) { if(LOG.isDebugEnabled()) { - LOG.debug("==> RangerDefaultAuditHandler.logAudit(" + results + ")"); + LOG.debug("==> RangerDefaultAuditHandler.processResults(" + results + ")"); } Collection<AuthzAuditEvent> events = getAuthzEvents(results); @@ -67,7 +68,7 @@ public class RangerDefaultAuditHandler implements RangerAuditHandler { logAuthzAudits(events); if(LOG.isDebugEnabled()) { - LOG.debug("<== RangerDefaultAuditHandler.logAudit(" + results + ")"); + LOG.debug("<== RangerDefaultAuditHandler.processResults(" + results + ")"); } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/88db7079/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResultProcessor.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResultProcessor.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResultProcessor.java new file mode 100644 index 0000000..770bd64 --- /dev/null +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResultProcessor.java @@ -0,0 +1,29 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.plugin.policyengine; + +import java.util.Collection; + + +public interface RangerAccessResultProcessor { + void processResult(RangerAccessResult result); + + void processResults(Collection<RangerAccessResult> results); +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/88db7079/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java index 4605a8d..8ff71ef 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java @@ -24,7 +24,6 @@ import java.util.List; import java.util.Map; import java.util.Set; -import org.apache.ranger.plugin.audit.RangerAuditHandler; import org.apache.ranger.plugin.contextenricher.RangerContextEnricher; import org.apache.ranger.plugin.model.RangerPolicy; import org.apache.ranger.plugin.model.RangerServiceDef; @@ -53,9 +52,9 @@ public interface RangerPolicyEngine { RangerAccessResult createAccessResult(RangerAccessRequest request); - RangerAccessResult isAccessAllowed(RangerAccessRequest request, RangerAuditHandler auditHandler); + RangerAccessResult isAccessAllowed(RangerAccessRequest request, RangerAccessResultProcessor resultProcessor); - Collection<RangerAccessResult> isAccessAllowed(Collection<RangerAccessRequest> requests, RangerAuditHandler auditHandler); + Collection<RangerAccessResult> isAccessAllowed(Collection<RangerAccessRequest> requests, RangerAccessResultProcessor resultProcessor); boolean isAccessAllowed(RangerAccessResource resource, String user, Set<String> userGroups, String accessType); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/88db7079/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java index efb0649..80c5d58 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java @@ -21,7 +21,6 @@ package org.apache.ranger.plugin.policyengine; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.apache.ranger.plugin.audit.RangerAuditHandler; import org.apache.ranger.plugin.contextenricher.RangerContextEnricher; import org.apache.ranger.plugin.model.RangerPolicy; import org.apache.ranger.plugin.model.RangerServiceDef; @@ -98,15 +97,15 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine { } @Override - public RangerAccessResult isAccessAllowed(RangerAccessRequest request, RangerAuditHandler auditHandler) { + public RangerAccessResult isAccessAllowed(RangerAccessRequest request, RangerAccessResultProcessor resultProcessor) { if(LOG.isDebugEnabled()) { LOG.debug("==> RangerPolicyEngineImpl.isAccessAllowed(" + request + ")"); } RangerAccessResult ret = isAccessAllowedNoAudit(request); - if(auditHandler != null) { - auditHandler.logAudit(ret); + if(resultProcessor != null) { + resultProcessor.processResult(ret); } if(LOG.isDebugEnabled()) { @@ -117,7 +116,7 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine { } @Override - public Collection<RangerAccessResult> isAccessAllowed(Collection<RangerAccessRequest> requests, RangerAuditHandler auditHandler) { + public Collection<RangerAccessResult> isAccessAllowed(Collection<RangerAccessRequest> requests, RangerAccessResultProcessor resultProcessor) { if(LOG.isDebugEnabled()) { LOG.debug("==> RangerPolicyEngineImpl.isAccessAllowed(" + requests + ")"); } @@ -132,8 +131,8 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine { } } - if(auditHandler != null) { - auditHandler.logAudit(ret); + if(resultProcessor != null) { + resultProcessor.processResults(ret); } if(LOG.isDebugEnabled()) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/88db7079/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java index 51d1ae0..b68e426 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java @@ -29,12 +29,12 @@ import org.apache.commons.logging.LogFactory; import org.apache.ranger.admin.client.RangerAdminClient; import org.apache.ranger.admin.client.RangerAdminRESTClient; import org.apache.ranger.authorization.hadoop.config.RangerConfiguration; -import org.apache.ranger.plugin.audit.RangerAuditHandler; import org.apache.ranger.plugin.contextenricher.RangerContextEnricher; import org.apache.ranger.plugin.model.RangerServiceDef; import org.apache.ranger.plugin.policyengine.RangerAccessRequest; import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl; import org.apache.ranger.plugin.policyengine.RangerAccessResult; +import org.apache.ranger.plugin.policyengine.RangerAccessResultProcessor; import org.apache.ranger.plugin.policyengine.RangerPolicyEngine; import org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl; import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl; @@ -54,7 +54,7 @@ public class RangerBasePlugin { private PolicyRefresher refresher = null; private RangerPolicyEngine policyEngine = null; private RangerPolicyEngineOptions policyEngineOptions = new RangerPolicyEngineOptions(); - private RangerAuditHandler defaultAuditHandler = null; + private RangerAccessResultProcessor resultProcessor = null; public RangerBasePlugin(String serviceType, String appId) { @@ -128,41 +128,41 @@ public class RangerBasePlugin { } } - public void setDefaultAuditHandler(RangerAuditHandler auditHandler) { - this.defaultAuditHandler = auditHandler; + public void setResultProcessor(RangerAccessResultProcessor resultProcessor) { + this.resultProcessor = resultProcessor; } - public RangerAuditHandler getDefaultAuditHandler() { - return this.defaultAuditHandler; + public RangerAccessResultProcessor getResultProcessor() { + return this.resultProcessor; } public RangerAccessResult isAccessAllowed(RangerAccessRequest request) { - return isAccessAllowed(request, defaultAuditHandler); + return isAccessAllowed(request, resultProcessor); } public Collection<RangerAccessResult> isAccessAllowed(Collection<RangerAccessRequest> requests) { - return isAccessAllowed(requests, defaultAuditHandler); + return isAccessAllowed(requests, resultProcessor); } - public RangerAccessResult isAccessAllowed(RangerAccessRequest request, RangerAuditHandler auditHandler) { + public RangerAccessResult isAccessAllowed(RangerAccessRequest request, RangerAccessResultProcessor resultProcessor) { RangerPolicyEngine policyEngine = this.policyEngine; if(policyEngine != null) { enrichRequest(request, policyEngine); - return policyEngine.isAccessAllowed(request, auditHandler); + return policyEngine.isAccessAllowed(request, resultProcessor); } return null; } - public Collection<RangerAccessResult> isAccessAllowed(Collection<RangerAccessRequest> requests, RangerAuditHandler auditHandler) { + public Collection<RangerAccessResult> isAccessAllowed(Collection<RangerAccessRequest> requests, RangerAccessResultProcessor resultProcessor) { RangerPolicyEngine policyEngine = this.policyEngine; if(policyEngine != null) { enrichRequests(requests, policyEngine); - return policyEngine.isAccessAllowed(requests, auditHandler); + return policyEngine.isAccessAllowed(requests, resultProcessor); } return null; @@ -178,7 +178,7 @@ public class RangerBasePlugin { return null; } - public void grantAccess(GrantRevokeRequest request, RangerAuditHandler auditHandler) throws Exception { + public void grantAccess(GrantRevokeRequest request, RangerAccessResultProcessor resultProcessor) throws Exception { if(LOG.isDebugEnabled()) { LOG.debug("==> RangerAdminRESTClient.grantAccess(" + request + ")"); } @@ -196,7 +196,7 @@ public class RangerBasePlugin { isSuccess = true; } finally { - auditGrantRevoke(request, "grant", isSuccess, auditHandler); + auditGrantRevoke(request, "grant", isSuccess, resultProcessor); } if(LOG.isDebugEnabled()) { @@ -204,7 +204,7 @@ public class RangerBasePlugin { } } - public void revokeAccess(GrantRevokeRequest request, RangerAuditHandler auditHandler) throws Exception { + public void revokeAccess(GrantRevokeRequest request, RangerAccessResultProcessor resultProcessor) throws Exception { if(LOG.isDebugEnabled()) { LOG.debug("==> RangerAdminRESTClient.revokeAccess(" + request + ")"); } @@ -222,7 +222,7 @@ public class RangerBasePlugin { isSuccess = true; } finally { - auditGrantRevoke(request, "revoke", isSuccess, auditHandler); + auditGrantRevoke(request, "revoke", isSuccess, resultProcessor); } if(LOG.isDebugEnabled()) { @@ -301,10 +301,10 @@ public class RangerBasePlugin { } } - private void auditGrantRevoke(GrantRevokeRequest request, String action, boolean isSuccess, RangerAuditHandler auditHandler) { + private void auditGrantRevoke(GrantRevokeRequest request, String action, boolean isSuccess, RangerAccessResultProcessor resultProcessor) { RangerPolicyEngine policyEngine = this.policyEngine; - if(request != null && auditHandler != null && policyEngine != null) { + if(request != null && resultProcessor != null && policyEngine != null) { RangerAccessRequestImpl accessRequest = new RangerAccessRequestImpl(); accessRequest.setResource(new RangerAccessResourceImpl(request.getResource())); @@ -323,7 +323,7 @@ public class RangerBasePlugin { accessResult.setPolicyId(-1); } - auditHandler.logAudit(accessResult); + resultProcessor.processResult(accessResult); } } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/88db7079/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuditHandler.java ---------------------------------------------------------------------- diff --git a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuditHandler.java b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuditHandler.java index f94cef4..bbff6df 100644 --- a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuditHandler.java +++ b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuditHandler.java @@ -22,9 +22,9 @@ import java.util.Collection; import java.util.List; import org.apache.ranger.audit.model.AuthzAuditEvent; -import org.apache.ranger.plugin.audit.RangerAuditHandler; +import org.apache.ranger.plugin.policyengine.RangerAccessResultProcessor; -public interface HbaseAuditHandler extends RangerAuditHandler { +public interface HbaseAuditHandler extends RangerAccessResultProcessor { List<AuthzAuditEvent> getCapturedEvents(); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/88db7079/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java ---------------------------------------------------------------------- diff --git a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java index 2926bec..4893aa3 100644 --- a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java +++ b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java @@ -96,8 +96,8 @@ import org.apache.ranger.audit.model.AuthzAuditEvent; import org.apache.ranger.authorization.hadoop.config.RangerConfiguration; import org.apache.ranger.authorization.hadoop.constants.RangerHadoopConstants; import org.apache.ranger.authorization.utils.StringUtil; -import org.apache.ranger.plugin.audit.RangerAuditHandler; import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler; +import org.apache.ranger.plugin.policyengine.RangerAccessResultProcessor; import org.apache.ranger.plugin.service.RangerBasePlugin; import org.apache.ranger.plugin.util.GrantRevokeRequest; @@ -1012,7 +1012,7 @@ public class RangerAuthorizationCoprocessor extends RangerAuthorizationCoprocess RangerHBasePlugin plugin = hbasePlugin; if(plugin != null) { - RangerAuditHandler auditHandler = new RangerDefaultAuditHandler(); + RangerAccessResultProcessor auditHandler = new RangerDefaultAuditHandler(); plugin.grantAccess(grData, auditHandler); @@ -1051,7 +1051,7 @@ public class RangerAuthorizationCoprocessor extends RangerAuthorizationCoprocess RangerHBasePlugin plugin = hbasePlugin; if(plugin != null) { - RangerAuditHandler auditHandler = new RangerDefaultAuditHandler(); + RangerAccessResultProcessor auditHandler = new RangerDefaultAuditHandler(); plugin.revokeAccess(grData, auditHandler); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/88db7079/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java ---------------------------------------------------------------------- diff --git a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java index 55d8f73..bd8b4c8 100644 --- a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java +++ b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java @@ -449,7 +449,7 @@ class RangerHdfsAuditHandler extends RangerDefaultAuditHandler { } @Override - public void logAudit(RangerAccessResult result) { + public void processResult(RangerAccessResult result) { if(LOG.isDebugEnabled()) { LOG.debug("==> RangerHdfsAuditHandler.logAudit(" + result + ")"); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/88db7079/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java ---------------------------------------------------------------------- diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java index 2cb73b8..3c16c8f 100644 --- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java +++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java @@ -130,7 +130,7 @@ public class RangerHiveAuditHandler extends RangerDefaultAuditHandler { } @Override - public void logAudit(RangerAccessResult result) { + public void processResult(RangerAccessResult result) { if(! result.getIsAudited()) { return; } @@ -143,7 +143,7 @@ public class RangerHiveAuditHandler extends RangerDefaultAuditHandler { * To ensure this, RangerHiveAuthorizer should call isAccessAllowed(Collection<requests>) only for this condition */ @Override - public void logAudit(Collection<RangerAccessResult> results) { + public void processResults(Collection<RangerAccessResult> results) { List<AuthzAuditEvent> auditEvents = createAuditEvents(results); for(AuthzAuditEvent auditEvent : auditEvents) { addAuthzAuditEvent(auditEvent); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/88db7079/knox-agent/src/main/java/org/apache/ranger/authorization/knox/KnoxRangerPlugin.java ---------------------------------------------------------------------- diff --git a/knox-agent/src/main/java/org/apache/ranger/authorization/knox/KnoxRangerPlugin.java b/knox-agent/src/main/java/org/apache/ranger/authorization/knox/KnoxRangerPlugin.java index 643450c..70ecd04 100644 --- a/knox-agent/src/main/java/org/apache/ranger/authorization/knox/KnoxRangerPlugin.java +++ b/knox-agent/src/main/java/org/apache/ranger/authorization/knox/KnoxRangerPlugin.java @@ -44,7 +44,7 @@ public class KnoxRangerPlugin extends RangerBasePlugin { // mandatory call to base plugin super.init(); // One time call to register the audit hander with the policy engine. - super.setDefaultAuditHandler(new RangerDefaultAuditHandler()); + super.setResultProcessor(new RangerDefaultAuditHandler()); initialized = true; } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/88db7079/plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java ---------------------------------------------------------------------- diff --git a/plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java b/plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java index 1ba462a..4eb828d 100755 --- a/plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java +++ b/plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java @@ -318,7 +318,7 @@ public class RangerKmsAuthorizer implements Runnable, KeyACLs { RangerDefaultAuditHandler auditHandler = new RangerDefaultAuditHandler(); - super.setDefaultAuditHandler(auditHandler); + super.setResultProcessor(auditHandler); } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/88db7079/plugin-yarn/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java ---------------------------------------------------------------------- diff --git a/plugin-yarn/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java b/plugin-yarn/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java index ff20097..e322477 100644 --- a/plugin-yarn/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java +++ b/plugin-yarn/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java @@ -185,7 +185,7 @@ public class RangerYarnAuthorizer extends YarnAuthorizationProvider { } try { - plugin.grantAccess(request, plugin.getDefaultAuditHandler()); + plugin.grantAccess(request, plugin.getResultProcessor()); } catch(Exception excp) { LOG.error("grantAccess(" + request + ") failed", excp); } @@ -242,7 +242,7 @@ class RangerYarnPlugin extends RangerBasePlugin { RangerDefaultAuditHandler auditHandler = new RangerDefaultAuditHandler(); - super.setDefaultAuditHandler(auditHandler); + super.setResultProcessor(auditHandler); } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/88db7079/storm-agent/src/main/java/org/apache/ranger/authorization/storm/StormRangerPlugin.java ---------------------------------------------------------------------- diff --git a/storm-agent/src/main/java/org/apache/ranger/authorization/storm/StormRangerPlugin.java b/storm-agent/src/main/java/org/apache/ranger/authorization/storm/StormRangerPlugin.java index af28223..323ab58 100644 --- a/storm-agent/src/main/java/org/apache/ranger/authorization/storm/StormRangerPlugin.java +++ b/storm-agent/src/main/java/org/apache/ranger/authorization/storm/StormRangerPlugin.java @@ -48,7 +48,7 @@ public class StormRangerPlugin extends RangerBasePlugin { // mandatory call to base plugin super.init(); // One time call to register the audit hander with the policy engine. - super.setDefaultAuditHandler(new RangerDefaultAuditHandler()); + super.setResultProcessor(new RangerDefaultAuditHandler()); // this needed to set things right in the nimbus process if (KerberosName.getRules() == null) { KerberosName.setRules("DEFAULT") ;
