Java Code Examples for org.apache.ranger.plugin.policyengine.RangerAccessRequest#getAction()

The following examples show how to use org.apache.ranger.plugin.policyengine.RangerAccessRequest#getAction() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: RangerHiveAuditHandler.java    From ranger with Apache License 2.0 5 votes vote down vote up
AuthzAuditEvent createAuditEvent(RangerAccessResult result) {

		AuthzAuditEvent ret = null;

		RangerAccessRequest  request  = result.getAccessRequest();
		RangerAccessResource resource = request.getResource();
		String               resourcePath = resource != null ? resource.getAsString() : null;
		int                  policyType = result.getPolicyType();

		if (policyType == RangerPolicy.POLICY_TYPE_DATAMASK && result.isMaskEnabled()) {
		    ret = createAuditEvent(result, result.getMaskType(), resourcePath);
        } else if (policyType == RangerPolicy.POLICY_TYPE_ROWFILTER) {
            ret = createAuditEvent(result, ACCESS_TYPE_ROWFILTER, resourcePath);
		} else if (policyType == RangerPolicy.POLICY_TYPE_ACCESS) {
			String accessType = null;

			if (request instanceof RangerHiveAccessRequest) {
				RangerHiveAccessRequest hiveRequest = (RangerHiveAccessRequest) request;

				accessType = hiveRequest.getHiveAccessType().toString();

				String action = request.getAction();
				if (ACTION_TYPE_METADATA_OPERATION.equals(action)) {
					accessType = ACTION_TYPE_METADATA_OPERATION;
				}
			}

			if (StringUtils.isEmpty(accessType)) {
				accessType = request.getAccessType();
			}

			ret = createAuditEvent(result, accessType, resourcePath);
		}

		return ret;
	}
 
Example 2
Source File: RangerHiveAuditHandler.java    From ranger with Apache License 2.0 5 votes vote down vote up
private boolean skipFilterOperationAuditing(RangerAccessResult result) {
	boolean ret = false;
	RangerAccessRequest accessRequest = result.getAccessRequest();
	if (accessRequest != null) {
		String action = accessRequest.getAction();
		if (ACTION_TYPE_METADATA_OPERATION.equals(action) && !result.getIsAllowed()) {
			ret = true;
		}
	}
	return ret;
}
 
Example 3
Source File: RangerHiveAuditHandler.java    From ranger with Apache License 2.0 4 votes vote down vote up
AuthzAuditEvent createAuditEvent(RangerAccessResult result, String accessType, String resourcePath) {
	RangerAccessRequest  request      = result.getAccessRequest();
	RangerAccessResource resource     = request.getResource();
	String               resourceType = resource != null ? resource.getLeafName() : null;

	AuthzAuditEvent auditEvent = super.getAuthzEvents(result);

	auditEvent.setAccessType(accessType);
	auditEvent.setResourcePath(resourcePath);
	auditEvent.setResourceType("@" + resourceType); // to be consistent with earlier release

	if (request instanceof RangerHiveAccessRequest && resource instanceof RangerHiveResource) {
		RangerHiveAccessRequest hiveAccessRequest = (RangerHiveAccessRequest) request;
		RangerHiveResource hiveResource = (RangerHiveResource) resource;
		HiveAccessType hiveAccessType = hiveAccessRequest.getHiveAccessType();

		if (hiveAccessType == HiveAccessType.USE && hiveResource.getObjectType() == HiveObjectType.DATABASE && StringUtils.isBlank(hiveResource.getDatabase())) {
			// this should happen only for SHOWDATABASES
			auditEvent.setTags(null);
		}

		if (hiveAccessType == HiveAccessType.REPLADMIN ) {
			// In case of REPL commands Audit should show what REPL Command instead of REPLADMIN access type
			String context = request.getRequestData();
				String replAccessType = getReplCmd(context);
				auditEvent.setAccessType(replAccessType);
		}

		if (hiveAccessType == HiveAccessType.SERVICEADMIN) {
			String hiveOperationType = request.getAction();
			String commandStr = request.getRequestData();
			if (HiveOperationType.KILL_QUERY.name().equalsIgnoreCase(hiveOperationType)) {
				String queryId = getServiceAdminQueryId(commandStr);
				if (!StringUtils.isEmpty(queryId)) {
					auditEvent.setRequestData(queryId);
				}
				commandStr = getServiceAdminCmd(commandStr);
				if (StringUtils.isEmpty(commandStr)) {
					commandStr = hiveAccessType.name();
				}
			}
			auditEvent.setAccessType(commandStr);
		}

		String action = request.getAction();
		if (hiveResource.getObjectType() == HiveObjectType.GLOBAL && isRoleOperation(action)) {
			auditEvent.setAccessType(action);
		}
	}

	return auditEvent;
}