Fateh Singh created RANGER-4400:
-----------------------------------
Summary: RangerKafkaAuditHandler broken and multiple
authorizations audited
Key: RANGER-4400
URL: https://issues.apache.org/jira/browse/RANGER-4400
Project: Ranger
Issue Type: Bug
Components: Ranger
Reporter: Fateh Singh
Assignee: Fateh Singh
RANGER-2222 https://issues.apache.org/jira/browse/RANGER-2222 added support for
cluster as new resource.
RangerKafkaAuditHandler overrides the base implementation of
RangerDefaultAuditHandler and this implementation overrides the default
processResult(RangerAccessResult result) method wherein check is applied to
decide if audit is needed or not ( If Cluster Resource Level Topic Creation is
not Allowed we don't audit.Subsequent call from Kafka for Topic Creation at
Topic resource Level will be audited)
After RANGER-3231, the method processResults(Collection<RangerAccessResult>
results) is called instead of processResult(RangerAccessResult result).
Since RangerKafkaAuditHandler does not have
processResults(Collection<RangerAccessResult> results) i.e. kafka specific way
to process results, it falls back on the default RangerDefaultAuditHandler and
all authorizations are audited.
Bug fix required: processResults(Collection<RangerAccessResult> results) will
have to be implemented for RangerKafkaAuditHandler to add checks to determine
if auditing is required or not.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
