> On March 15, 2015, 1:58 a.m., Madhan Neethiraj wrote: > > - Updating a policy generated 2 audit log entries: 1) with the policy > > change details 2) for the version. Can you please review the implementation > > to generate a single audit instead? > > - Only the new values are shown in the audit. I think the earlier version > > used to display the old value as well. Can you please review? > > Gautam Borad wrote: > Updating a policy generated 2 audit log entries: 1) with the policy > change details 2) for the version. Can you please review the implementation > to generate a single audit instead? > > This is implemented like this : If user is updating policy, we are > updating value of two fields of `service` 1) `policyVersion` 2) > `policyUpdateTime`. So technically if user is updating policy, service is > also getting updated(value of those two fields will be changed). So trxLog > will be generated for both. Currently we are maintaining one Map called > `trxLogAttribute`, this map contains list of fields for what we want to > generate audit. So if we want to avoid above scenario then we can remove > `policyVersion` and `policyUpdateTime` fields from map, so trxLog will not > get generated when value of these two fields will change. > I think we should not remove these fields from map and should keep > generating trxLog for the value change of `policyVersion` and > `policyUpdateTime`. > Let me know if you think otherwise. > > ------------------------------- > Only the new values are shown in the audit. I think the earlier version > used to display the old value as well. Can you please review? > > We are storing old value in DB, but as of now we don't have UI, so It > wont get reflected on UI as of now. Did you look into `x_trx_log` table ?
1) policyVersion is an internal field, used to quickly check if a repository has any changes since a plugin last download the policy. Changes to this field should not be shown in the admin audit logs. 2) It is good the old value is stored in the DB; I didn't look at the table. Please plan a seperate commit for the UI update to show the old and new values. - Madhan ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/32039/#review76496 ----------------------------------------------------------- On March 13, 2015, 11:55 a.m., Gautam Borad wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/32039/ > ----------------------------------------------------------- > > (Updated March 13, 2015, 11:55 a.m.) > > > Review request for ranger, Alok Lal, Don Bosco Durai, Madhan Neethiraj, > Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy. > > > Bugs: RANGER-308 > https://issues.apache.org/jira/browse/RANGER-308 > > > Repository: ranger > > > Description > ------- > > Details of updates made to Policies should be persisted in db and presented > to UI. > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java > cdcda0e > > agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java > 91e3b48 > agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java > d67df8d > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > 9c59933 > security-admin/src/main/java/org/apache/ranger/common/JSONUtil.java cb5f26e > security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java > cfdffc0 > security-admin/src/main/java/org/apache/ranger/db/XXTrxLogDao.java df73d72 > security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java > 8f41288 > > security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java > 962f50c > > security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java > 0c4f99a > > security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java > cf784cc > > security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java > 1ebbc17 > > security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java > f6c07b3 > > security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java > c0cf23a > > security-admin/src/main/java/org/apache/ranger/service/RangerServiceServiceBase.java > 32823aa > security-admin/src/main/resources/META-INF/jpa_named_queries.xml a25a1bc > > Diff: https://reviews.apache.org/r/32039/diff/ > > > Testing > ------- > > Tested the following scenarios and checked whether audit was generated for it: > 1] Create HDFS Service > 2] Update HDFS Service > 3] Delete HDFS Service > 4] Create Policy for the Service above > 5] Update Policy > a] Update user > b] Update group > c] Update path > 6] Delete Policy > > Above was verified in db/google chrome, since UI is not yet ready for this. > > > Thanks, > > Gautam Borad > >
