> On Oct. 11, 2022, 4:25 p.m., Madhan Neethiraj wrote: > > security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java > > Line 2134 (original), 2134 (patched) > > <https://reviews.apache.org/r/74115/diff/2/?file=2270560#file2270560line2134> > > > > While troubleshooting failures in create/update of > > policy/role/security-zone, it is often useful to see the contents in logs. > > So, I suggest to retain current log statements. Is there any specific > > usecase that results in flood of these error logs?
When the policy json is big like (one policy which contain 500 users , 10 resouces , 500 policy items ),it is flooding the log files while doing performance testing.Due to the this ,we started facing in the ELK side indexing. It make sense to retain the log statements for create/update of role/security-zone but policies we saw issues - Ramachandran ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74115/#review224778 ----------------------------------------------------------- On Oct. 11, 2022, 3:39 p.m., Ramachandran Krishnan wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74115/ > ----------------------------------------------------------- > > (Updated Oct. 11, 2022, 3:39 p.m.) > > > Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, > Nikhil P, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja > Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-3902 > https://issues.apache.org/jira/browse/RANGER-3902 > > > Repository: ranger > > > Description > ------- > > Whenever Role creation fails,we used to log the entire role JSON > LOG.error("createRole(" + role + ") failed", excp); > Whenever a Role update fails,we used to log the entire role JSON > LOG.error("updateRole(" + role + ") failed", excp); > Whenever policy creation fails , we used to log the entire policy JSON > LOG.error("createPolicy(" + policy + ") failed", excp); > Whenever a policy update fails, we used to log the entire policy JSON > LOG.error("updatePolicy(" + policy + ") failed", excp); > Proposal : > > During role/policy, creation/update fails > > We can log roleId/roleName for roles creation/updation .As well as > policyId/policyName for policy creation/updation. > > > Diffs > ----- > > security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 04968ecc5 > > security-admin/src/main/java/org/apache/ranger/common/RangerServicePoliciesCache.java > b1447829b > security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java ddff5cd23 > security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java > fd2b6aecf > security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java > c3a65a115 > > > Diff: https://reviews.apache.org/r/74115/diff/2/ > > > Testing > ------- > > Tested this change in the log files > > > Thanks, > > Ramachandran Krishnan > >
