Java Code Examples for org.apache.ranger.plugin.policyengine.RangerAccessRequest#getAction()
The following examples show how to use
org.apache.ranger.plugin.policyengine.RangerAccessRequest#getAction() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: RangerHiveAuditHandler.java From ranger with Apache License 2.0 | 5 votes |
AuthzAuditEvent createAuditEvent(RangerAccessResult result) { AuthzAuditEvent ret = null; RangerAccessRequest request = result.getAccessRequest(); RangerAccessResource resource = request.getResource(); String resourcePath = resource != null ? resource.getAsString() : null; int policyType = result.getPolicyType(); if (policyType == RangerPolicy.POLICY_TYPE_DATAMASK && result.isMaskEnabled()) { ret = createAuditEvent(result, result.getMaskType(), resourcePath); } else if (policyType == RangerPolicy.POLICY_TYPE_ROWFILTER) { ret = createAuditEvent(result, ACCESS_TYPE_ROWFILTER, resourcePath); } else if (policyType == RangerPolicy.POLICY_TYPE_ACCESS) { String accessType = null; if (request instanceof RangerHiveAccessRequest) { RangerHiveAccessRequest hiveRequest = (RangerHiveAccessRequest) request; accessType = hiveRequest.getHiveAccessType().toString(); String action = request.getAction(); if (ACTION_TYPE_METADATA_OPERATION.equals(action)) { accessType = ACTION_TYPE_METADATA_OPERATION; } } if (StringUtils.isEmpty(accessType)) { accessType = request.getAccessType(); } ret = createAuditEvent(result, accessType, resourcePath); } return ret; }
Example 2
Source File: RangerHiveAuditHandler.java From ranger with Apache License 2.0 | 5 votes |
private boolean skipFilterOperationAuditing(RangerAccessResult result) { boolean ret = false; RangerAccessRequest accessRequest = result.getAccessRequest(); if (accessRequest != null) { String action = accessRequest.getAction(); if (ACTION_TYPE_METADATA_OPERATION.equals(action) && !result.getIsAllowed()) { ret = true; } } return ret; }
Example 3
Source File: RangerHiveAuditHandler.java From ranger with Apache License 2.0 | 4 votes |
AuthzAuditEvent createAuditEvent(RangerAccessResult result, String accessType, String resourcePath) { RangerAccessRequest request = result.getAccessRequest(); RangerAccessResource resource = request.getResource(); String resourceType = resource != null ? resource.getLeafName() : null; AuthzAuditEvent auditEvent = super.getAuthzEvents(result); auditEvent.setAccessType(accessType); auditEvent.setResourcePath(resourcePath); auditEvent.setResourceType("@" + resourceType); // to be consistent with earlier release if (request instanceof RangerHiveAccessRequest && resource instanceof RangerHiveResource) { RangerHiveAccessRequest hiveAccessRequest = (RangerHiveAccessRequest) request; RangerHiveResource hiveResource = (RangerHiveResource) resource; HiveAccessType hiveAccessType = hiveAccessRequest.getHiveAccessType(); if (hiveAccessType == HiveAccessType.USE && hiveResource.getObjectType() == HiveObjectType.DATABASE && StringUtils.isBlank(hiveResource.getDatabase())) { // this should happen only for SHOWDATABASES auditEvent.setTags(null); } if (hiveAccessType == HiveAccessType.REPLADMIN ) { // In case of REPL commands Audit should show what REPL Command instead of REPLADMIN access type String context = request.getRequestData(); String replAccessType = getReplCmd(context); auditEvent.setAccessType(replAccessType); } if (hiveAccessType == HiveAccessType.SERVICEADMIN) { String hiveOperationType = request.getAction(); String commandStr = request.getRequestData(); if (HiveOperationType.KILL_QUERY.name().equalsIgnoreCase(hiveOperationType)) { String queryId = getServiceAdminQueryId(commandStr); if (!StringUtils.isEmpty(queryId)) { auditEvent.setRequestData(queryId); } commandStr = getServiceAdminCmd(commandStr); if (StringUtils.isEmpty(commandStr)) { commandStr = hiveAccessType.name(); } } auditEvent.setAccessType(commandStr); } String action = request.getAction(); if (hiveResource.getObjectType() == HiveObjectType.GLOBAL && isRoleOperation(action)) { auditEvent.setAccessType(action); } } return auditEvent; }