-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74752/
-----------------------------------------------------------
(Updated Nov. 22, 2023, 12:14 p.m.)
Review request for ranger, Dineshkumar Yadav, Mehul Parikh, and Pradeep Agrawal.
Summary (updated)
-----------------
RANGER-4543 : Add flink service user to default audit filters, and add spark3
path for default audit filters in HDFS
Bugs: RANGER-4543
https://issues.apache.org/jira/browse/RANGER-4543
Repository: ranger
Description (updated)
-------
The flink service user generates a huge number of audits on the path
"/user/flink/applicationHistory" for the listStatus operation. This operation
is performed frequently and these audits do not add much value.
It will be better to add the flink user to the default hdfs audit filters for
the above mentioned operation
Similarly, spark user generates audits for the path
"/user/spark/spark3ApplicationHistory". Although, there is a default audit
filter for spark user,
it is present for the path "/user/spark/spark3ApplicationHistory", and not for
Spark3 application.
Hence, the path for Spark3 application also has to be added in the default
audit filters
Diffs (updated)
-----
agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json
bc021a0dd
Diff: https://reviews.apache.org/r/74752/diff/2/
Changes: https://reviews.apache.org/r/74752/diff/1-2/
Testing
-------
Tested on a fresh install cluster and verified that no audits are logged for
flink user on the path "/user/flink/applicationHistory", for the "listStatus"
operation, after the servicedef is updated for hdfs service
Thanks,
Abhishek Patil
