Re: Review Request 70389: RANGER-2394 - filter multiple users or exclude multiple users in audit search

Velmurugan Periasamy Wed, 10 Apr 2019 12:47:03 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70389/#review214542
-----------------------------------------------------------





security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
Line 629 (original), 629 (patched)
<https://reviews.apache.org/r/70389/#comment300726>

    Seems like this is failing unit tests. Could you please take a look and 
resolve? 
    
    ```
    Failed tests:
      TestAssetREST.testGetAccessLogs:764
    searchUtil.extractString(
        <any>,
        <any>,
        <any string>,
        <any string>,
        or(isA(java.lang.String), isNull())
    );
    Wanted 14 times:
    -> at 
org.apache.ranger.rest.TestAssetREST.testGetAccessLogs(TestAssetREST.java:764)
    But was 13 times:
    -> at org.apache.ranger.rest.AssetREST.getAccessLogs(AssetREST.java:619)
    -> at org.apache.ranger.rest.AssetREST.getAccessLogs(AssetREST.java:621)
    -> at org.apache.ranger.rest.AssetREST.getAccessLogs(AssetREST.java:623)
    -> at org.apache.ranger.rest.AssetREST.getAccessLogs(AssetREST.java:625)
    -> at org.apache.ranger.rest.AssetREST.getAccessLogs(AssetREST.java:627)
    -> at org.apache.ranger.rest.AssetREST.getAccessLogs(AssetREST.java:633)
    -> at org.apache.ranger.rest.AssetREST.getAccessLogs(AssetREST.java:635)
    -> at org.apache.ranger.rest.AssetREST.getAccessLogs(AssetREST.java:637)
    -> at org.apache.ranger.rest.AssetREST.getAccessLogs(AssetREST.java:639)
    -> at org.apache.ranger.rest.AssetREST.getAccessLogs(AssetREST.java:641)
    -> at org.apache.ranger.rest.AssetREST.getAccessLogs(AssetREST.java:654)
    -> at org.apache.ranger.rest.AssetREST.getAccessLogs(AssetREST.java:655)
    -> at org.apache.ranger.rest.AssetREST.getAccessLogs(AssetREST.java:656)
    
      TestAssetREST.testGetAccessLogsForKms:807
    searchUtil.extractString(
        <any>,
        <any>,
        <any string>,
        <any string>,
        or(isA(java.lang.String), isNull())
    );
    Wanted 14 times:
    -> at 
org.apache.ranger.rest.TestAssetREST.testGetAccessLogsForKms(TestAssetREST.java:807)
    But was 13 times:
    -> at org.apache.ranger.rest.AssetREST.getAccessLogs(AssetREST.java:619)
    -> at org.apache.ranger.rest.AssetREST.getAccessLogs(AssetREST.java:621)
    -> at org.apache.ranger.rest.AssetREST.getAccessLogs(AssetREST.java:623)
    -> at org.apache.ranger.rest.AssetREST.getAccessLogs(AssetREST.java:625)
    -> at org.apache.ranger.rest.AssetREST.getAccessLogs(AssetREST.java:627)
    -> at org.apache.ranger.rest.AssetREST.getAccessLogs(AssetREST.java:633)
    -> at org.apache.ranger.rest.AssetREST.getAccessLogs(AssetREST.java:635)
    -> at org.apache.ranger.rest.AssetREST.getAccessLogs(AssetREST.java:637)
    -> at org.apache.ranger.rest.AssetREST.getAccessLogs(AssetREST.java:639)
    -> at org.apache.ranger.rest.AssetREST.getAccessLogs(AssetREST.java:641)
    -> at org.apache.ranger.rest.AssetREST.getAccessLogs(AssetREST.java:654)
    -> at org.apache.ranger.rest.AssetREST.getAccessLogs(AssetREST.java:655)
    -> at org.apache.ranger.rest.AssetREST.getAccessLogs(AssetREST.java:656)
    ```


- Velmurugan Periasamy


On April 4, 2019, 6:13 p.m., Zsombor Gegesy wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70389/
> -----------------------------------------------------------
> 
> (Updated April 4, 2019, 6:13 p.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-2394
>     https://issues.apache.org/jira/browse/RANGER-2394
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Currently the audit search only allows to:
> 
> * filter to one user's activity
> * exclude all 'service users' from every user's activity.
> 
> If there were way to search for multiple users or exclude multiple users from 
> the search list, it would make debugging complex interactions simpler, for 
> example only look for actions for 'alice' and 'hive' and 'yarn'
> 
> The frontend tweaked a bit, so if multiple users are passed to the jquery 
> layer, the user names are always converted as 
> requestUser=aaa&requestUser=bbb&requestUser=ccc instead of changing to 
> requestUser[]=aaa&requestUser[]=bbb&requestUser[]=ccc, which would be an 
> incompatible change between the server and to any potential client code.
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 
> ce577e0fc 
>   security-admin/src/main/java/org/apache/ranger/rest/XAuditREST.java 
> fdf5ad86b 
>   
> security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java
>  cf2a3b4d8 
>   security-admin/src/main/webapp/scripts/utils/XAUtils.js b14f4b918 
>   security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js 
> e7b45d992 
> 
> 
> Diff: https://reviews.apache.org/r/70389/diff/1/
> 
> 
> Testing
> -------
> 
> Tested on a live cluster that:
> * searching for one user
> * searching for multiple users
> * excluding one user
> * excluding multiple users
> * searching for one user + 'excluding service users'
> * searching for multiple users + 'excluding service users'
> * excluding one user + 'excluding service users'
> * excluding multiple users + 'excluding service users'
> 
> works as expected.
> 
> 
> Thanks,
> 
> Zsombor Gegesy
> 
>

Re: Review Request 70389: RANGER-2394 - filter multiple users or exclude multiple users in audit search

Reply via email to