Skip to content

RANGER-5376:Add DataSetIds in the Ranger audit events for enabling searching with DataSet Ids #713

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Oct 23, 2025
Merged

RANGER-5376:Add DataSetIds in the Ranger audit events for enabling searching with DataSet Ids #713

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
f1861db
RANGER-5376:Add DataSetIds in the Ranger audit events for enabling se…
Oct 23, 2025
d280669
RANGER-5376:Add DataSetIds in the Ranger audit events for enabling s…
Oct 23, 2025
fe7a6a8
RANGER-5376:Add DataSetIds in the Ranger audit events for enabling se…
Oct 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions agents-audit/core/src/main/java/org/apache/ranger/audit/model/AuthzAuditEvent.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,9 @@ public class AuthzAuditEvent extends AuditEventBase {
@JsonProperty("projects")
protected Set<String> projects;

@JsonProperty("datasetIds")
protected Set<Long> datasetIds;

@JsonProperty("additional_info")
protected String additionalInfo;

Expand Down Expand Up @@ -469,6 +472,14 @@ public void setProjects(Set<String> projects) {
this.projects = projects;
}

public Set<Long> getDatasetIds() {
return datasetIds;
}

public void setDatasetIds(Set<Long> datasetIds) {
this.datasetIds = datasetIds;
}

public String getClusterName() {
return clusterName;
}
Expand Down
1 change: 1 addition & 0 deletions ...dit/dest-solr/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -316,6 +316,7 @@ SolrInputDocument toSolrDoc(AuthzAuditEvent auditEvent) {
doc.setField("tags", auditEvent.getTags());
doc.addField("datasets", auditEvent.getDatasets());
doc.addField("projects", auditEvent.getProjects());
doc.addField("datasetIds", auditEvent.getDatasetIds());
doc.setField("cluster", auditEvent.getClusterName());
doc.setField("zoneName", auditEvent.getZoneName());
doc.setField("agentHost", auditEvent.getAgentHostname());
Expand Down
1 change: 1 addition & 0 deletions ...udit/dest-solr/src/main/java/org/apache/ranger/audit/provider/solr/SolrAuditProvider.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -295,6 +295,7 @@ SolrInputDocument toSolrDoc(AuthzAuditEvent auditEvent) {
doc.addField("tags", auditEvent.getTags());
doc.addField("datasets", auditEvent.getDatasets());
doc.addField("projects", auditEvent.getProjects());
doc.addField("datasetIds", auditEvent.getDatasetIds());
doc.addField("cluster", auditEvent.getClusterName());
doc.addField("zone", auditEvent.getZoneName());
doc.addField("agentHost", auditEvent.getAgentHostname());
Expand Down
7 changes: 7 additions & 0 deletions agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,7 @@ public AuthzAuditEvent getAuthzEvents(RangerAccessResult result) {

ret.setDatasets(getDatasets(request));
ret.setProjects(getProjects(request));
ret.setDatasetIds(getDatasetIds(request));
ret.setAdditionalInfo(getAdditionalInfo(request));
ret.setClusterName(request.getClusterName());
ret.setZoneName(result.getZoneName());
Expand Down Expand Up @@ -223,6 +224,12 @@ public final Set<String> getProjects(RangerAccessRequest request) {
return gdsResult != null ? gdsResult.getProjects() : null;
}

public final Set<Long> getDatasetIds(RangerAccessRequest request) {
GdsAccessResult gdsResult = RangerAccessRequestUtil.getGdsResultFromContext(request.getContext());

return gdsResult != null ? gdsResult.getDatasetIds() : null;
}

public String getAdditionalInfo(RangerAccessRequest request) {
if (StringUtils.isBlank(request.getRemoteIPAddress()) && CollectionUtils.isEmpty(request.getForwardedAddresses())) {
return null;
Expand Down
17 changes: 16 additions & 1 deletion agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsAccessResult.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ public class GdsAccessResult {
private List<String> rowFilters;
private Set<String> datasets;
private Set<String> projects;
private Set<Long> datasetIds;
private Set<String> allowedByDatasets;
private Set<String> allowedByProjects;

Expand Down Expand Up @@ -113,6 +114,10 @@ public Set<String> getProjects() {
return projects;
}

public Set<Long> getDatasetIds() {
return datasetIds;
}

public Set<String> getAllowedByDatasets() {
return allowedByDatasets;
}
Expand All @@ -137,6 +142,14 @@ public void addProject(String name) {
projects.add(name);
}

public void addDatasetId(Long id) {
if (datasetIds == null) {
datasetIds = new HashSet<>();
}

datasetIds.add(id);
}

public void addAllowedByDataset(String name) {
if (allowedByDatasets == null) {
allowedByDatasets = new TreeSet<>(String.CASE_INSENSITIVE_ORDER);
Expand All @@ -155,7 +168,7 @@ public void addAllowedByProject(String name) {

@Override
public int hashCode() {
return Objects.hash(isAllowed, isAudited, policyId, policyVersion, maskType, maskedValue, maskCondition, rowFilters, datasets, projects, allowedByDatasets, allowedByProjects);
return Objects.hash(isAllowed, isAudited, policyId, policyVersion, maskType, maskedValue, maskCondition, rowFilters, datasets, projects, datasetIds, allowedByDatasets, allowedByProjects);
}

@Override
Expand All @@ -177,6 +190,7 @@ public boolean equals(Object obj) {
Objects.equals(rowFilters, other.rowFilters) &&
Objects.equals(datasets, other.datasets) &&
Objects.equals(projects, other.projects) &&
Objects.equals(datasetIds, other.datasetIds) &&
Objects.equals(allowedByDatasets, other.allowedByDatasets) &&
Objects.equals(allowedByProjects, other.allowedByProjects);
}
Expand All @@ -203,6 +217,7 @@ public StringBuilder toString(StringBuilder sb) {
sb.append(", rowFilters={").append(rowFilters).append("}");
sb.append(", datasets={").append(datasets).append("}");
sb.append(", projects={").append(projects).append("}");
sb.append(", datasetIds={").append(datasetIds).append("}");
sb.append(", allowedByDatasets={").append(allowedByDatasets).append("}");
sb.append(", allowedByProjects={").append(allowedByProjects).append("}");
sb.append("}");
Expand Down
1 change: 1 addition & 0 deletions ...s-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsDatasetEvaluator.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,7 @@ public void evaluate(RangerAccessRequest request, GdsAccessResult result, Collec

if (isActive()) {
result.addDataset(getName());
result.addDatasetId(getId());

if (!policyEvaluators.isEmpty()) {
GdsDatasetAccessRequest datasetRequest = new GdsDatasetAccessRequest(getId(), gdsServiceDef, request);
Expand Down
Loading
Loading