-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74974/#review226415
-----------------------------------------------------------
> For the change only in security-zone resource name (resource count of the
> zone is same), admin audit is not generated.
Subhrat - instead of skipping admin audit in this scenario, I suggest audit to
indicate that resources have been updated in services - with text like '{
"dev_hdfs": "resources updated", "dev_hbase": "resources updated" }
if (oldValue == null || oldValue.equalsIgnoreCase(value)) { // existing line
#357
Map<String, String> resourceUpdateSummary =
getResourceUpdateSummary(securityZoneDB.getServices(),
vSecurityZone.getServices());
if (MapUtils.isNotEmpty(resourceUpdateSummary)) {
oldValue = "";
value = new Gson().toJson(resourceUpdateSummary, Map.class);
} else {
continue;
}
} else {
continue; // existing line #358
} // existing line #359
- Madhan Neethiraj
On May 3, 2024, 12:45 p.m., Subhrat Chaudhary wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74974/
> -----------------------------------------------------------
>
> (Updated May 3, 2024, 12:45 p.m.)
>
>
> Review request for ranger, Anand Nadar, Asit Vadhavkar, Madhan Neethiraj,
> Monika Kachhadiya, and Siddhesh Phatak.
>
>
> Bugs: RANGER-4789
> https://issues.apache.org/jira/browse/RANGER-4789
>
>
> Repository: ranger
>
>
> Description
> -------
>
> In security-zone when resource name is updated, admin audit is generated for
> same, with details about old and new value.
>
> When the json data compression is enabled in the security-zone with the
> property:
>
> ranger.admin.store.security.zone.compress.json_data
>
> the old and new value in the generated admin audit is blank, when only the
> resource name is changed. The reason for this is, if compression is enabled,
> only the resource count is added in the new and old values. Hence if the
> resource count does not change, change details in the admin audit is blank.
>
> In the code flow to update security-zone, when no change is noticed in the
> new and old values, a dummy admin audit is being added with null for old and
> new values. In this fix, removing the that code block.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
> 5534c8056
>
> security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneServiceService.java
> a6cb2ae74
>
>
> Diff: https://reviews.apache.org/r/74974/diff/1/
>
>
> Testing
> -------
>
> Validations done:
> 1. For the change only in security-zone resource name (resource count of the
> zone is same), admin audit is not generated.
> 2. For above case x_service_version_info.policy_version is incremented (same
> as existing behavior).
> 3. If a resource is added or removed from the security-zone, admin audit is
> generated for same.
> 4. All the existing Junits are passing
>
>
> Thanks,
>
> Subhrat Chaudhary
>
>
