Repository: incubator-ranger Updated Branches: refs/heads/master fd7d0805f -> 5ef5ed1ad
RANGER-468: Audit logs should use ranger-acl as enforcer instead of xasecure-acl Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/5ef5ed1a Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/5ef5ed1a Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/5ef5ed1a Branch: refs/heads/master Commit: 5ef5ed1ade1ccaf2b6ab03914d28c068ee855417 Parents: fd7d080 Author: Madhan Neethiraj <[email protected]> Authored: Mon May 11 22:56:05 2015 -0700 Committer: Madhan Neethiraj <[email protected]> Committed: Mon May 11 23:23:29 2015 -0700 ---------------------------------------------------------------------- .../java/org/apache/ranger/audit/test/TestEvents.java | 2 +- .../hadoop/constants/RangerHadoopConstants.java | 3 ++- hdfs-agent/conf/ranger-hdfs-security.xml | 2 +- .../org/apache/ranger/service/XAccessAuditService.java | 11 ++++++++++- 4 files changed, 14 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5ef5ed1a/agents-audit/src/main/java/org/apache/ranger/audit/test/TestEvents.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/test/TestEvents.java b/agents-audit/src/main/java/org/apache/ranger/audit/test/TestEvents.java index 87c6a8f..3e89cc4 100644 --- a/agents-audit/src/main/java/org/apache/ranger/audit/test/TestEvents.java +++ b/agents-audit/src/main/java/org/apache/ranger/audit/test/TestEvents.java @@ -125,7 +125,7 @@ public class TestEvents { event.setClientIP("127.0.0.1"); event.setAccessResult((short)(idx % 2 > 0 ? 1 : 0)); - event.setAclEnforcer("xasecure-acl"); + event.setAclEnforcer("ranger-acl"); switch(idx % 5) { case 0: http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5ef5ed1a/agents-common/src/main/java/org/apache/ranger/authorization/hadoop/constants/RangerHadoopConstants.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/authorization/hadoop/constants/RangerHadoopConstants.java b/agents-common/src/main/java/org/apache/ranger/authorization/hadoop/constants/RangerHadoopConstants.java index be5a778..a800027 100644 --- a/agents-common/src/main/java/org/apache/ranger/authorization/hadoop/constants/RangerHadoopConstants.java +++ b/agents-common/src/main/java/org/apache/ranger/authorization/hadoop/constants/RangerHadoopConstants.java @@ -49,7 +49,8 @@ public class RangerHadoopConstants { public static final String AUDITLOG_HADOOP_MODULE_ACL_NAME_PROP = "xasecure.auditlog.hadoopAcl.name" ; public static final String DEFAULT_LOG_FIELD_DELIMITOR = "|" ; - public static final String DEFAULT_RANGER_MODULE_ACL_NAME = "xasecure-acl" ; + public static final String DEFAULT_XASECURE_MODULE_ACL_NAME = "xasecure-acl" ; + public static final String DEFAULT_RANGER_MODULE_ACL_NAME = "ranger-acl" ; public static final String DEFAULT_HADOOP_MODULE_ACL_NAME = "hadoop-acl" ; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5ef5ed1a/hdfs-agent/conf/ranger-hdfs-security.xml ---------------------------------------------------------------------- diff --git a/hdfs-agent/conf/ranger-hdfs-security.xml b/hdfs-agent/conf/ranger-hdfs-security.xml index 9e03e38..37230b7 100644 --- a/hdfs-agent/conf/ranger-hdfs-security.xml +++ b/hdfs-agent/conf/ranger-hdfs-security.xml @@ -69,7 +69,7 @@ <!-- <property> <name>xasecure.auditlog.xasecureAcl.name</name> - <value>xasecure-acl</value> + <value>ranger-acl</value> <description> The module name listed in the auditlog when the permission check is done by RangerACL </description> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5ef5ed1a/security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java b/security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java index 2c143b8..9598308 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java @@ -22,6 +22,8 @@ import java.util.ArrayList; import java.util.List; +import org.apache.commons.lang.StringUtils; +import org.apache.ranger.authorization.hadoop.constants.RangerHadoopConstants; import org.apache.ranger.common.SearchCriteria; import org.apache.ranger.common.SearchField; import org.apache.ranger.common.SearchField.DATA_TYPE; @@ -162,7 +164,14 @@ public class XAccessAuditService extends XAccessAuditServiceBase<XXAccessAudit, // Iterate over the result list and create the return list for (XXAccessAudit gjXAccessAudit : resultList) { VXAccessAudit vXAccessAudit = populateViewBean(gjXAccessAudit); - xAccessAuditList.add(vXAccessAudit); + + if(vXAccessAudit != null) { + if(StringUtils.equalsIgnoreCase(vXAccessAudit.getAclEnforcer(), RangerHadoopConstants.DEFAULT_XASECURE_MODULE_ACL_NAME)) { + vXAccessAudit.setAclEnforcer(RangerHadoopConstants.DEFAULT_RANGER_MODULE_ACL_NAME); + } + + xAccessAuditList.add(vXAccessAudit); + } }
