Re: Review Request 71418: RANGER-2533: update ‘xasecure.audit.is.enabled’ default value to ‘true’ in AuditProviderFactory.java and remove unnecessary unit test changes
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71418/#review217523 --- Ship it! Ship It! - Madhan Neethiraj On Aug. 31, 2019, 2:38 a.m., Xing Peng wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71418/ > --- > > (Updated Aug. 31, 2019, 2:38 a.m.) > > > Review request for ranger, Colm O hEigeartaigh, Madhan Neethiraj, > pengjianhua, Pradeep Agrawal, Ramesh Mani, Velmurugan Periasamy, and Qiang > Zhang. > > > Bugs: RANGER-2533 > https://issues.apache.org/jira/browse/RANGER-2533 > > > Repository: ranger > > > Description > --- > > to avoid breaking deployments where xasecure.audit.is.enabled is not set in > configuration file, please update default value to 'true' in > AuditProviderFactory.java, which will make the unit test changes in this > patch unnecessary > > > Diffs > - > > > agents-audit/src/main/java/org/apache/ranger/audit/provider/AuditProviderFactory.java > 405fb1d23 > security-admin/src/test/java/org/apache/ranger/audit/TestAuditQueue.java > 99b7c49c5 > > > Diff: https://reviews.apache.org/r/71418/diff/1/ > > > Testing > --- > > Test Result: > > Tested. > > > Thanks, > > Xing Peng > >
[jira] [Commented] (RANGER-2533) After setting 'xasecure.audit.is.enabled' to 'false', the audit log is still logged
[ https://issues.apache.org/jira/browse/RANGER-2533?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16919995#comment-16919995 ] Peng Xing commented on RANGER-2533: --- [~madhan.neethiraj],I have submitted a patch, please review it. Thanks! Review Requet: [https://reviews.apache.org/r/71418/] > After setting 'xasecure.audit.is.enabled' to 'false', the audit log is still > logged > --- > > Key: RANGER-2533 > URL: https://issues.apache.org/jira/browse/RANGER-2533 > Project: Ranger > Issue Type: Bug > Components: audit >Affects Versions: 2.1.0 >Reporter: Peng Xing >Assignee: Peng Xing >Priority: Major > Fix For: 2.1.0 > > Attachments: > 0001-RANGER-2533-After-setting-xasecure.audit.is.enabled-.patch, > RANGER-2533.patch > > > After setting 'xasecure.audit.is.enabled' to 'false', the audit log is still > logged -- This message was sent by Atlassian Jira (v8.3.2#803003)
[jira] [Updated] (RANGER-2533) After setting 'xasecure.audit.is.enabled' to 'false', the audit log is still logged
[ https://issues.apache.org/jira/browse/RANGER-2533?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Peng Xing updated RANGER-2533: -- Attachment: RANGER-2533.patch > After setting 'xasecure.audit.is.enabled' to 'false', the audit log is still > logged > --- > > Key: RANGER-2533 > URL: https://issues.apache.org/jira/browse/RANGER-2533 > Project: Ranger > Issue Type: Bug > Components: audit >Affects Versions: 2.1.0 >Reporter: Peng Xing >Assignee: Peng Xing >Priority: Major > Fix For: 2.1.0 > > Attachments: > 0001-RANGER-2533-After-setting-xasecure.audit.is.enabled-.patch, > RANGER-2533.patch > > > After setting 'xasecure.audit.is.enabled' to 'false', the audit log is still > logged -- This message was sent by Atlassian Jira (v8.3.2#803003)
Review Request 71418: RANGER-2533: update ‘xasecure.audit.is.enabled’ default value to ‘true’ in AuditProviderFactory.java and remove unnecessary unit test changes
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71418/ --- Review request for ranger, Colm O hEigeartaigh, Madhan Neethiraj, pengjianhua, Pradeep Agrawal, Ramesh Mani, Velmurugan Periasamy, and Qiang Zhang. Bugs: RANGER-2533 https://issues.apache.org/jira/browse/RANGER-2533 Repository: ranger Description --- to avoid breaking deployments where xasecure.audit.is.enabled is not set in configuration file, please update default value to 'true' in AuditProviderFactory.java, which will make the unit test changes in this patch unnecessary Diffs - agents-audit/src/main/java/org/apache/ranger/audit/provider/AuditProviderFactory.java 405fb1d23 security-admin/src/test/java/org/apache/ranger/audit/TestAuditQueue.java 99b7c49c5 Diff: https://reviews.apache.org/r/71418/diff/1/ Testing --- Test Result: Tested. Thanks, Xing Peng
Re: Review Request 71413: RANGER-2556:RangerHivePlugin Row filtering and Column Masking auditing gives inconsistent audit information
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71413/#review217522 --- Ship it! Ship It! - Madhan Neethiraj On Aug. 30, 2019, 9:33 p.m., Ramesh Mani wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71413/ > --- > > (Updated Aug. 30, 2019, 9:33 p.m.) > > > Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, > Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, > and Velmurugan Periasamy. > > > Repository: ranger > > > Description > --- > > RANGER-2556:RangerHivePlugin Row filtering and Column Masking auditing gives > inconsistent audit information > > > Diffs > - > > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java > bf4d6c1 > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java > dec39e4 > > > Diff: https://reviews.apache.org/r/71413/diff/2/ > > > Testing > --- > > Testing done in Local VM > - Create a new Rowfilter and column masking policy on a table t1 > - do select * on table t1 with user who has masking / row filter policy > - check audits are created for the policies > - do select * on table t1 with user who does have masking / row filter > policy > - check that denial audits are not created for this and it audits only the > resource policy if it allows. > > > Thanks, > > Ramesh Mani > >
Re: Review Request 71413: RANGER-2556:RangerHivePlugin Row filtering and Column Masking auditing gives inconsistent audit information
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71413/ --- (Updated Aug. 30, 2019, 9:33 p.m.) Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Changes --- addressed review comments Repository: ranger Description --- RANGER-2556:RangerHivePlugin Row filtering and Column Masking auditing gives inconsistent audit information Diffs (updated) - hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java bf4d6c1 hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java dec39e4 Diff: https://reviews.apache.org/r/71413/diff/2/ Changes: https://reviews.apache.org/r/71413/diff/1-2/ Testing --- Testing done in Local VM - Create a new Rowfilter and column masking policy on a table t1 - do select * on table t1 with user who has masking / row filter policy - check audits are created for the policies - do select * on table t1 with user who does have masking / row filter policy - check that denial audits are not created for this and it audits only the resource policy if it allows. Thanks, Ramesh Mani
Re: Review Request 71413: RANGER-2556:RangerHivePlugin Row filtering and Column Masking auditing gives inconsistent audit information
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71413/#review217517 --- Please review RangerHiveAuditHandler.createAuditEvent() to ensure that it does not create an audit event if the policy-type is data-mask/row-filter and no data-masking/row-filtering is needed. - Abhay Kulkarni On Aug. 29, 2019, 11:20 p.m., Ramesh Mani wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71413/ > --- > > (Updated Aug. 29, 2019, 11:20 p.m.) > > > Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, > Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, > and Velmurugan Periasamy. > > > Repository: ranger > > > Description > --- > > RANGER-2556:RangerHivePlugin Row filtering and Column Masking auditing gives > inconsistent audit information > > > Diffs > - > > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java > bb015c5 > > > Diff: https://reviews.apache.org/r/71413/diff/1/ > > > Testing > --- > > Testing done in Local VM > - Create a new Rowfilter and column masking policy on a table t1 > - do select * on table t1 with user who has masking / row filter policy > - check audits are created for the policies > - do select * on table t1 with user who does have masking / row filter > policy > - check that denial audits are not created for this and it audits only the > resource policy if it allows. > > > Thanks, > > Ramesh Mani > >
Re: Review Request 71413: RANGER-2556:RangerHivePlugin Row filtering and Column Masking auditing gives inconsistent audit information
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71413/#review217514 --- Ship it! Ship It! - Abhay Kulkarni On Aug. 29, 2019, 11:20 p.m., Ramesh Mani wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71413/ > --- > > (Updated Aug. 29, 2019, 11:20 p.m.) > > > Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, > Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, > and Velmurugan Periasamy. > > > Repository: ranger > > > Description > --- > > RANGER-2556:RangerHivePlugin Row filtering and Column Masking auditing gives > inconsistent audit information > > > Diffs > - > > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java > bb015c5 > > > Diff: https://reviews.apache.org/r/71413/diff/1/ > > > Testing > --- > > Testing done in Local VM > - Create a new Rowfilter and column masking policy on a table t1 > - do select * on table t1 with user who has masking / row filter policy > - check audits are created for the policies > - do select * on table t1 with user who does have masking / row filter > policy > - check that denial audits are not created for this and it audits only the > resource policy if it allows. > > > Thanks, > > Ramesh Mani > >
[jira] [Reopened] (RANGER-2533) After setting 'xasecure.audit.is.enabled' to 'false', the audit log is still logged
[ https://issues.apache.org/jira/browse/RANGER-2533?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Madhan Neethiraj reopened RANGER-2533: -- > After setting 'xasecure.audit.is.enabled' to 'false', the audit log is still > logged > --- > > Key: RANGER-2533 > URL: https://issues.apache.org/jira/browse/RANGER-2533 > Project: Ranger > Issue Type: Bug > Components: audit >Affects Versions: 2.1.0 >Reporter: Peng Xing >Assignee: Peng Xing >Priority: Major > Fix For: 2.1.0 > > Attachments: > 0001-RANGER-2533-After-setting-xasecure.audit.is.enabled-.patch > > > After setting 'xasecure.audit.is.enabled' to 'false', the audit log is still > logged -- This message was sent by Atlassian Jira (v8.3.2#803003)
[jira] [Commented] (RANGER-2533) After setting 'xasecure.audit.is.enabled' to 'false', the audit log is still logged
[ https://issues.apache.org/jira/browse/RANGER-2533?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16919597#comment-16919597 ] Madhan Neethiraj commented on RANGER-2533: -- [~xingpeng1] - to avoid breaking deployments where {{xasecure.audit.is.enabled}} is not set in configuration file, please update default value to 'true' in AuditProviderFactory.java, which will make the unit test changes in this patch unnecessary: {code:java} boolean isEnabled = MiscUtil.getBooleanProperty(props, AUDIT_IS_ENABLED_PROP, false); {code} > After setting 'xasecure.audit.is.enabled' to 'false', the audit log is still > logged > --- > > Key: RANGER-2533 > URL: https://issues.apache.org/jira/browse/RANGER-2533 > Project: Ranger > Issue Type: Bug > Components: audit >Affects Versions: 2.1.0 >Reporter: Peng Xing >Assignee: Peng Xing >Priority: Major > Fix For: 2.1.0 > > Attachments: > 0001-RANGER-2533-After-setting-xasecure.audit.is.enabled-.patch > > > After setting 'xasecure.audit.is.enabled' to 'false', the audit log is still > logged -- This message was sent by Atlassian Jira (v8.3.2#803003)