[SENTRY-2112] Collection/core admin operation audit logs do not record accurate operation name - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 2.0.0
Fix Version/s: None
Component/s: Solr Plugin
Labels:
None

Description

As part of ~~SENTRY-1475~~, we reimplemented the Sentry/Solr integration which also includes audit logs. In case of collection/core admin operations, Sentry plugin asserts two checks

Does user has global admin privileges?
Does user has collection level admin privileges?

e.g. let's say user want to create alias named A for collection B. Then Sentry checks following permissions,

Does user has collection admin privileges (i.e. admin=collections) ?
Does user has collection privileges (i.e. collection=A)?

Solr plugin also emits audit log for each of these steps. Currently the audit log for second step records operationName = update/query (instead of actual operation name e.g. CREATEALIAS).

This jira is to rectify this bug (introduced as part of ~~SENTRY-1475~~).

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Hrishikesh Gadre

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 28/Dec/17 14:12

Updated:: 14/Aug/18 15:13