Examples with AuthzAuditEvent org.apache.ranger.audit.model.AuthzAuditEvent used on opensource projects

Search in sources :

Example 6 with AuthzAuditEvent

use of org.apache.ranger.audit.model.AuthzAuditEvent in project ranger by apache.

the class RangerDefaultAuditHandler method processResult.

@Override
public void processResult(RangerAccessResult result) {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> RangerDefaultAuditHandler.processResult(" + result + ")");
    }
    AuthzAuditEvent event = getAuthzEvents(result);
    logAuthzAudit(event);
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== RangerDefaultAuditHandler.processResult(" + result + ")");
    }
}
Also used : AuthzAuditEvent(org.apache.ranger.audit.model.AuthzAuditEvent)

Example 7 with AuthzAuditEvent

use of org.apache.ranger.audit.model.AuthzAuditEvent in project ranger by apache.

the class RangerDefaultAuditHandler method getAuthzEvents.

public Collection<AuthzAuditEvent> getAuthzEvents(Collection<RangerAccessResult> results) {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> RangerDefaultAuditHandler.getAuthzEvents(" + results + ")");
    }
    List<AuthzAuditEvent> ret = null;
    if (results != null) {
        // TODO: optimize the number of audit logs created
        for (RangerAccessResult result : results) {
            AuthzAuditEvent event = getAuthzEvents(result);
            if (event == null) {
                continue;
            }
            if (ret == null) {
                ret = new ArrayList<>();
            }
            ret.add(event);
        }
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== RangerDefaultAuditHandler.getAuthzEvents(" + results + "): " + ret);
    }
    return ret;
}
Also used : AuthzAuditEvent(org.apache.ranger.audit.model.AuthzAuditEvent)

Example 8 with AuthzAuditEvent

use of org.apache.ranger.audit.model.AuthzAuditEvent in project ranger by apache.

the class RangerHiveAuditHandler method createAuditEvent.

AuthzAuditEvent createAuditEvent(RangerAccessResult result) {
    AuthzAuditEvent ret = null;
    RangerAccessRequest request = result.getAccessRequest();
    RangerAccessResource resource = request.getResource();
    String resourcePath = resource != null ? resource.getAsString() : null;
    int policyType = result.getPolicyType();
    if (policyType == RangerPolicy.POLICY_TYPE_DATAMASK && result.isMaskEnabled()) {
        ret = createAuditEvent(result, result.getMaskType(), resourcePath);
    } else if (policyType == RangerPolicy.POLICY_TYPE_ROWFILTER) {
        ret = createAuditEvent(result, ACCESS_TYPE_ROWFILTER, resourcePath);
    } else {
        String accessType = null;
        if (request instanceof RangerHiveAccessRequest) {
            RangerHiveAccessRequest hiveRequest = (RangerHiveAccessRequest) request;
            accessType = hiveRequest.getHiveAccessType().toString();
        }
        if (StringUtils.isEmpty(accessType)) {
            accessType = request.getAccessType();
        }
        ret = createAuditEvent(result, accessType, resourcePath);
    }
    return ret;
}
Also used : AuthzAuditEvent(org.apache.ranger.audit.model.AuthzAuditEvent) RangerAccessRequest(org.apache.ranger.plugin.policyengine.RangerAccessRequest) RangerAccessResource(org.apache.ranger.plugin.policyengine.RangerAccessResource)

Example 9 with AuthzAuditEvent

use of org.apache.ranger.audit.model.AuthzAuditEvent in project ranger by apache.

the class RangerHiveAuditHandler method createAuditEvent.

AuthzAuditEvent createAuditEvent(RangerAccessResult result, String accessType, String resourcePath) {
    RangerAccessRequest request = result.getAccessRequest();
    RangerAccessResource resource = request.getResource();
    String resourceType = resource != null ? resource.getLeafName() : null;
    AuthzAuditEvent auditEvent = super.getAuthzEvents(result);
    auditEvent.setAccessType(accessType);
    auditEvent.setResourcePath(resourcePath);
    // to be consistent with earlier release
    auditEvent.setResourceType("@" + resourceType);
    if (request instanceof RangerHiveAccessRequest && resource instanceof RangerHiveResource) {
        RangerHiveAccessRequest hiveAccessRequest = (RangerHiveAccessRequest) request;
        RangerHiveResource hiveResource = (RangerHiveResource) resource;
        if (hiveAccessRequest.getHiveAccessType() == HiveAccessType.USE && hiveResource.getObjectType() == HiveObjectType.DATABASE) {
            // this should happen only for SHOWDATABASES and USE <db-name> commands
            auditEvent.setTags(null);
        }
    }
    return auditEvent;
}
Also used : AuthzAuditEvent(org.apache.ranger.audit.model.AuthzAuditEvent) RangerAccessRequest(org.apache.ranger.plugin.policyengine.RangerAccessRequest) RangerAccessResource(org.apache.ranger.plugin.policyengine.RangerAccessResource)

Example 10 with AuthzAuditEvent

use of org.apache.ranger.audit.model.AuthzAuditEvent in project ranger by apache.

the class RangerHiveAuditHandler method logAuditEventForDfs.

public void logAuditEventForDfs(String userName, String dfsCommand, boolean accessGranted, int repositoryType, String repositoryName) {
    AuthzAuditEvent auditEvent = new AuthzAuditEvent();
    auditEvent.setAclEnforcer(RangerDefaultAuditHandler.RangerModuleName);
    // to be consistent with earlier release
    auditEvent.setResourceType("@dfs");
    auditEvent.setAccessType("DFS");
    auditEvent.setAction("DFS");
    auditEvent.setUser(userName);
    auditEvent.setAccessResult((short) (accessGranted ? 1 : 0));
    auditEvent.setEventTime(new Date());
    auditEvent.setRepositoryType(repositoryType);
    auditEvent.setRepositoryName(repositoryName);
    auditEvent.setRequestData(dfsCommand);
    auditEvent.setResourcePath(dfsCommand);
    addAuthzAuditEvent(auditEvent);
}
Also used : AuthzAuditEvent(org.apache.ranger.audit.model.AuthzAuditEvent)

Aggregations

AuthzAuditEvent (org.apache.ranger.audit.model.AuthzAuditEvent)23 ArrayList (java.util.ArrayList)3 AccessDeniedException (org.apache.hadoop.hbase.security.AccessDeniedException)2 User (org.apache.hadoop.hbase.security.User)2 RangerAccessRequest (org.apache.ranger.plugin.policyengine.RangerAccessRequest)2 RangerAccessResource (org.apache.ranger.plugin.policyengine.RangerAccessResource)2 RangerAccessResult (org.apache.ranger.plugin.policyengine.RangerAccessResult)2 UpdateResponse (org.apache.solr.client.solrj.response.UpdateResponse)2 SolrInputDocument (org.apache.solr.common.SolrInputDocument)2 BufferedReader (java.io.BufferedReader)1 File (java.io.File)1 FileReader (java.io.FileReader)1 Date (java.util.Date)1 HashMap (java.util.HashMap)1 HashSet (java.util.HashSet)1 Map (java.util.Map)1 NavigableSet (java.util.NavigableSet)1 Properties (java.util.Properties)1 Set (java.util.Set)1 HTableDescriptor (org.apache.hadoop.hbase.HTableDescriptor)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial