This is an automated email from the ASF dual-hosted git repository.

pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
     new 24e8f31  RANGER-2334 : Audits: filter out service audit logs and 
additional users logs from user audit logs
24e8f31 is described below

commit 24e8f31af06433e159a6215b5bfb1588d7eb0700
Author: Nikhil P <[email protected]>
AuthorDate: Thu Feb 7 17:49:05 2019 +0530

    RANGER-2334 : Audits: filter out service audit logs and additional users 
logs from user audit logs
    
    Signed-off-by: Pradeep <[email protected]>
---
 .../plugin/store/EmbeddedServiceDefsUtil.java      |  2 +-
 .../java/org/apache/ranger/rest/AssetREST.java     |  3 +-
 .../ranger/solr/SolrAccessAuditsService.java       | 64 +++++++++++++++++++---
 .../webapp/scripts/views/reports/AuditLayout.js    | 10 +++-
 .../java/org/apache/ranger/rest/TestAssetREST.java |  4 +-
 5 files changed, 69 insertions(+), 14 deletions(-)

diff --git 
a/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
 
b/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
index 110f763..cbfd649 100755
--- 
a/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
+++ 
b/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
@@ -48,7 +48,7 @@ public class EmbeddedServiceDefsUtil {
 
 
        // following servicedef list should be reviewed/updated whenever a new 
embedded service-def is added
-       private static final String DEFAULT_BOOTSTRAP_SERVICEDEF_LIST = 
"tag,hdfs,hbase,hive,kms,knox,storm,yarn,kafka,solr,atlas,nifi,nifi-registry,sqoop,kylin,elasticsearch";
+       public static final String DEFAULT_BOOTSTRAP_SERVICEDEF_LIST = 
"tag,hdfs,hbase,hive,kms,knox,storm,yarn,kafka,solr,atlas,nifi,nifi-registry,sqoop,kylin,elasticsearch";
        private static final String PROPERTY_SUPPORTED_SERVICE_DEFS = 
"ranger.supportedcomponents";
        private Set<String> supportedServiceDefs;
        public static final String EMBEDDED_SERVICEDEF_TAG_NAME  = "tag";
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 
b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
index 8a0ca95..d708927 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
@@ -636,7 +636,8 @@ public class AssetREST {
                                "Client IP", StringUtil.VALIDATION_TEXT);
                searchUtil.extractString(request, searchCriteria, 
"resourceType",
                                "Resource Type", StringUtil.VALIDATION_TEXT);
-
+               
searchUtil.extractString(request,searchCriteria,"excludeServiceUser",
+                               "Exclude Service 
User",StringUtil.VALIDATION_TEXT);
                searchUtil.extractInt(request, searchCriteria, "auditType", 
"Audit Type");
                 searchUtil.extractInt(request, searchCriteria, "accessResult", 
"Result");
                searchUtil.extractInt(request, searchCriteria, "assetId", 
"Audit Type");
diff --git 
a/security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java
 
b/security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java
index f64c0db..1b49c13 100644
--- 
a/security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java
+++ 
b/security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java
@@ -21,8 +21,11 @@ package org.apache.ranger.solr;
 
 import java.io.UnsupportedEncodingException;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.List;
 
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang.StringUtils;
 import org.apache.log4j.Logger;
 import org.apache.ranger.common.MessageEnums;
 import org.apache.ranger.common.PropertiesUtil;
@@ -36,6 +39,7 @@ import org.apache.ranger.common.SearchField.SEARCH_TYPE;
 import org.apache.ranger.common.SortField.SORT_ORDER;
 import org.apache.ranger.db.RangerDaoManager;
 import org.apache.ranger.entity.XXServiceDef;
+import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
 import org.apache.ranger.view.VXAccessAudit;
 import org.apache.ranger.view.VXAccessAuditList;
 import org.apache.ranger.view.VXLong;
@@ -86,10 +90,10 @@ public class SolrAccessAuditsService {
                                SearchField.DATA_TYPE.STRING, 
SearchField.SEARCH_TYPE.FULL));
                searchFields.add(new SearchField("requestUser", "reqUser",
                                SearchField.DATA_TYPE.STRING, 
SearchField.SEARCH_TYPE.FULL));
-               searchFields.add(new SearchField("requestData", "reqData",
-                               SearchField.DATA_TYPE.STRING, 
SearchField.SEARCH_TYPE.PARTIAL));
-               searchFields.add(new SearchField("resourcePath", "resource",
-                               SearchField.DATA_TYPE.STRING, 
SearchField.SEARCH_TYPE.PARTIAL));
+               searchFields.add(new SearchField("requestData", "reqData", 
SearchField.DATA_TYPE.STRING,
+                               SearchField.SEARCH_TYPE.PARTIAL));
+               searchFields.add(new SearchField("resourcePath", "resource", 
SearchField.DATA_TYPE.STRING,
+                               SearchField.SEARCH_TYPE.PARTIAL));
                searchFields.add(new SearchField("clientIP", "cliIP",
                                SearchField.DATA_TYPE.STRING, 
SearchField.SEARCH_TYPE.FULL));
 
@@ -104,7 +108,9 @@ public class SolrAccessAuditsService {
                searchFields.add(new SearchField("repoType", "repoType",
                                SearchField.DATA_TYPE.INTEGER, 
SearchField.SEARCH_TYPE.FULL));
                 searchFields.add(new SearchField("-repoType", "-repoType",
-                                SearchField.DATA_TYPE.INTEGER, 
SearchField.SEARCH_TYPE.FULL));
+        SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL));
+                searchFields.add(new SearchField("-requestUser", "-reqUser",
+                       SearchField.DATA_TYPE.STRING, 
SearchField.SEARCH_TYPE.FULL));
                searchFields.add(new SearchField("resourceType", "resType",
                                SearchField.DATA_TYPE.STRING, 
SearchField.SEARCH_TYPE.FULL));
                searchFields.add(new SearchField("reason", "reason",
@@ -127,20 +133,29 @@ public class SolrAccessAuditsService {
                                SORT_ORDER.DESC));
        }
 
+
        public VXAccessAuditList searchXAccessAudits(SearchCriteria 
searchCriteria) {
 
                // Make call to Solr
                SolrClient solrClient = solrMgr.getSolrClient();
-                final boolean hiveQueryVisibility = 
PropertiesUtil.getBooleanProperty("ranger.audit.hive.query.visibility", true);
+               final boolean hiveQueryVisibility = 
PropertiesUtil.getBooleanProperty("ranger.audit.hive.query.visibility", true);
                if (solrClient == null) {
                        logger.warn("Solr client is null, so not running the 
query.");
                        throw restErrorUtil.createRESTException(
                                        "Error connecting to search engine",
                                        MessageEnums.ERROR_SYSTEM);
                }
-
+               List<String> excludeUsersList = new ArrayList<String>();
                List<VXAccessAudit> xAccessAuditList = new 
ArrayList<VXAccessAudit>();
 
+               String val = (String) 
searchCriteria.getParamList().get("excludeServiceUser");
+
+               if(val !=null && Boolean.valueOf(val.trim())) { //add param to 
negate requestUsers which will be added as filter query in solr
+                       excludeUsersList = getExcludeUsersList();
+                       if(CollectionUtils.isNotEmpty(excludeUsersList)) {
+                               
searchCriteria.getParamList().put("-requestUser", excludeUsersList);
+                       }
+        }
                QueryResponse response = 
solrUtil.searchResources(searchCriteria,
                                searchFields, sortFields, solrClient);
                SolrDocumentList docs = response.getResults();
@@ -159,7 +174,7 @@ public class SolrAccessAuditsService {
                                         }
                                 }
                         }
-                       xAccessAuditList.add(vXAccessAudit);
+                        xAccessAuditList.add(vXAccessAudit);
                }
 
                VXAccessAuditList returnList = new VXAccessAuditList();
@@ -171,6 +186,39 @@ public class SolrAccessAuditsService {
                return returnList;
        }
 
+       private List<String> getExcludeUsersList() {
+               List<String> excludeUsersList = new ArrayList<String>();
+               //for excluding serviceUsers using existing property in 
ranger-admin-site
+               List<String> serviceUsersList = getServiceUserList();
+               excludeUsersList.addAll(serviceUsersList);
+
+               //for excluding additional users using new property in 
ranger-admin-site
+               String additionalExcludeUsers = 
PropertiesUtil.getProperty("ranger.accesslogs.exclude.users.list");
+               List<String> additionalExcludeUsersList = null;
+               if (StringUtils.isNotBlank(additionalExcludeUsers)) {
+                       additionalExcludeUsersList = new 
ArrayList<>(Arrays.asList(StringUtils.split(additionalExcludeUsers, ",")));
+                       for (String serviceUser : additionalExcludeUsersList) {
+                               if (StringUtils.isNotBlank(serviceUser) && 
!excludeUsersList.contains(serviceUser.trim())) {
+                                       excludeUsersList.add(serviceUser);
+                               }
+                       }
+               }
+               return excludeUsersList;
+       }
+
+       private List<String> getServiceUserList() {
+               String components = 
EmbeddedServiceDefsUtil.DEFAULT_BOOTSTRAP_SERVICEDEF_LIST;
+               List<String> serviceUsersList = new ArrayList<String>();
+               List<String> componentNames =  
Arrays.asList(StringUtils.split(components,","));
+               for(String componentName : componentNames) {
+                       String serviceUser = 
PropertiesUtil.getProperty("ranger.plugins."+componentName+".serviceuser");
+                       if(StringUtils.isNotBlank(serviceUser)) {
+                               serviceUsersList.add(serviceUser);
+                       }
+               }
+               return serviceUsersList;
+       }
+
        /**
         * @param doc
         * @return
diff --git 
a/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js 
b/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js
index 4894480..0b47ba7 100644
--- a/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js
+++ b/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js
@@ -309,6 +309,7 @@ define(function(require) {
                addSearchForBigDataTab :function(){
             var that = this , query = '';
                        var serverListForRepoType =  
this.serviceDefList.map(function(serviceDef){ return {'label' : 
serviceDef.get('name').toUpperCase(), 'value' : serviceDef.get('id')}; })
+            var serviceUser = [{'label' : 'True' , 'value' : true},{'label' : 
'False' , 'value' : false}]
                        var serverAttrName = [{text : 'Start Date',label 
:'startDate'},{text : 'End Date',label :'endDate'},
                                              {text : 'User',label 
:'requestUser'},{text : 'Resource Name',label :'resourcePath'},
                                              {text : 'Service Name',label 
:'repoName'},{text : 'Policy ID',label :'policyId'},
@@ -317,8 +318,10 @@ define(function(require) {
                                              {text : 'Access Type',label 
:'accessType'},{text : 'Access Enforcer',label :'aclEnforcer'},
                                              {text : 'Client IP',label 
:'clientIP'},{text : 'Tags',label :'tags'},
                                              {text : 'Resource Type',label : 
'resourceType'},{text : 'Cluster Name',label : 'cluster'},
-                                             {text : 'Zone Name',label : 
'zoneName'}];
-            var searchOpt = ['Resource Type','Start Date','End 
Date','User','Service Name','Service Type','Resource Name','Access 
Type','Result','Access Enforcer','Client IP','Tags','Cluster Name', 'Zone 
Name'];//,'Policy ID'
+                                             {text : 'Zone Name',label : 
'zoneName'},
+                                             {text : 'Exclude Service User', 
label : 'excludeServiceUser', 'multiple' : true, 'optionsArr' : serviceUser}];
+            var searchOpt = ['Resource Type','Start Date','End 
Date','User','Service Name','Service Type','Resource Name','Access 
Type','Result','Access Enforcer',
+            'Client IP','Tags','Cluster Name', 'Zone Name', 'Exclude Service 
User'];//,'Policy ID'
                         this.clearVisualSearch(this.accessAuditList, 
serverAttrName);
                         this.searchInfoArr =[{text :'Access Enforcer', info 
:localization.tt('msg.accessEnforcer')},
                                             {text :'Access Type'       , info 
:localization.tt('msg.accessTypeMsg')},
@@ -414,6 +417,9 @@ define(function(require) {
                                                                } 
                                                                
XAUtils.displayDatepicker(that.ui.visualSearch, facet, startDate, callback);
                                                                break;
+                            case 'Exclude Service User' :
+                                
callback(XAUtils.hackForVSLabelValuePairs(serviceUser));
+                                break;
                                                         }
                                        }
                              }
diff --git 
a/security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java 
b/security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java
index 40e680a..a1b0e45 100644
--- a/security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java
@@ -761,7 +761,7 @@ public class TestAssetREST {
                Mockito.verify(msBizUtil).isKeyAdmin();
                Mockito.verify(assetMgr).getAccessLogs(searchCriteria);
                Mockito.verify(daoManager).getXXServiceDef();
-               Mockito.verify(searchUtil, 
Mockito.times(13)).extractString((HttpServletRequest) Mockito.any(),
+               Mockito.verify(searchUtil, 
Mockito.times(14)).extractString((HttpServletRequest) Mockito.any(),
                                (SearchCriteria) Mockito.any(), 
Mockito.anyString(), Mockito.anyString(), Mockito.nullable(String.class));
                Mockito.verify(searchUtil, 
Mockito.times(4)).extractInt((HttpServletRequest) Mockito.any(),
                                (SearchCriteria) Mockito.any(), 
Mockito.anyString(), Mockito.anyString());
@@ -804,7 +804,7 @@ public class TestAssetREST {
                Mockito.verify(msBizUtil).isKeyAdmin();
                Mockito.verify(assetMgr).getAccessLogs(searchCriteria);
                Mockito.verify(daoManager).getXXServiceDef();
-               Mockito.verify(searchUtil, 
Mockito.times(13)).extractString((HttpServletRequest) Mockito.any(),
+               Mockito.verify(searchUtil, 
Mockito.times(14)).extractString((HttpServletRequest) Mockito.any(),
                                (SearchCriteria) Mockito.any(), 
Mockito.anyString(), Mockito.anyString(), Mockito.nullable(String.class));
                Mockito.verify(searchUtil, 
Mockito.times(4)).extractInt((HttpServletRequest) Mockito.any(),
                                (SearchCriteria) Mockito.any(), 
Mockito.anyString(), Mockito.anyString());

Reply via email to