Re: Review Request 74131: Logback.xml has been incorrectly modified by RANGER-3704.

[Kirby Zhou]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74131/#review224740
---


Ship it!




Ship It!

- Kirby Zhou


On 九月 28, 2022, 3:02 p.m., Ramachandran Krishnan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74131/
> ---
> 
> (Updated 九月 28, 2022, 3:02 p.m.)
> 
> 
> Review request for ranger, Madhan Neethiraj and Pradeep Agrawal.
> 
> 
> Bugs: RANGER-3775
> https://issues.apache.org/jira/browse/RANGER-3775
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> {logger name="com.mchange"}
> is used by c3p0 and {logger name="jdbc.connection"}
> 
> is used by log4jdbc
> 
>  
> 
>   
>   
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/resources/conf.dist/logback.xml 53cdc49cf 
> 
> 
> Diff: https://reviews.apache.org/r/74131/diff/9/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Ramachandran Krishnan
> 
>

Re: Review Request 74131: Logback.xml has been incorrectly modified by RANGER-3704.

[Kirby Zhou]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74131/#review224739
---




security-admin/src/main/resources/conf.dist/logback.xml
Lines 86 (patched)


It works, but unnecessory.


- Kirby Zhou


On 九月 28, 2022, 3:02 p.m., Ramachandran Krishnan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74131/
> ---
> 
> (Updated 九月 28, 2022, 3:02 p.m.)
> 
> 
> Review request for ranger, Madhan Neethiraj and Pradeep Agrawal.
> 
> 
> Bugs: RANGER-3775
> https://issues.apache.org/jira/browse/RANGER-3775
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> {logger name="com.mchange"}
> is used by c3p0 and {logger name="jdbc.connection"}
> 
> is used by log4jdbc
> 
>  
> 
>   
>   
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/resources/conf.dist/logback.xml 53cdc49cf 
> 
> 
> Diff: https://reviews.apache.org/r/74131/diff/9/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Ramachandran Krishnan
> 
>

Re: Review Request 74136: RANGER-3685:hive 'show' sql produces excessive audit log

[Kirby Zhou]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74136/#review224738
---


Ship it!




Ship It!

- Kirby Zhou


On 九月 24, 2022, 2:37 p.m., Xuze Yang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74136/
> ---
> 
> (Updated 九月 24, 2022, 2:37 p.m.)
> 
> 
> Review request for ranger, Kirby Zhou, Abhay Kulkarni, and Madhan Neethiraj.
> 
> 
> Bugs: RANGER-3685
> https://issues.apache.org/jira/browse/RANGER-3685
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> hive show sql produces too many audit logs, which will flood valuable audit 
> logs and take up a lot of storage resources. This patch aims to provide a 
> configuration item to support simplified hive audit logging
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/authorization/hadoop/constants/RangerHadoopConstants.java
>  6675125e1 
>   
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
>  8f6801be1 
> 
> 
> Diff: https://reviews.apache.org/r/74136/diff/1/
> 
> 
> Testing
> ---
> 
> 1. when configuration "xasecure.hive.simplify.audit.of.hive.show.sql" is not 
> set or set to false. The code behaves the same as before,i.e record audit 
> logs for each databases or tables
> 2. when configuration "xasecure.hive.simplify.audit.of.hive.show.sql" is set 
> to true. It will only record an audit log about USE operation
> 
> 
> Thanks,
> 
> Xuze Yang
> 
>

[jira] [Updated] (RANGER-3796) Enhancement to support multiple resource sets in a policy

[Madhan Neethiraj (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3796?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Madhan Neethiraj updated RANGER-3796:
-
Attachment: RANGER-3796-3.patch

> Enhancement to support multiple resource sets in a policy
> -
>
> Key: RANGER-3796
> URL: https://issues.apache.org/jira/browse/RANGER-3796
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Reporter: Madhan Neethiraj
>Assignee: Madhan Neethiraj
>Priority: Major
> Fix For: 3.0.0, 2.4.0
>
> Attachments: RANGER-3796-2.patch, RANGER-3796-3.patch, 
> RANGER-3796.patch
>
>
> Ranger policy model allows multiple resources to be covered in a single 
> policy. For example, by use of wildcards/macros/resource-list – as shown 
> below:
> {noformat}
> - database: test_db, table: *, column: *
> - path: /home/{USER}
> - storageaccount: finance, relativepath: [ /taxes, /reports ] {noformat}
>  
> It will be useful to extend this to support multiple resource sets in a 
> policy, like:
> {noformat}
>  - { database: db1, table: tb1, columns: * }, { database: db2, table: *, 
> column: * }
> {noformat}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Review Request 74153: RANGER-3796: updated policy change logs to handle additionalResources field

[Madhan Neethiraj]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74153/
---

Review request for ranger, Ankita Sinha, Kishor Gollapalliwar, Abhay Kulkarni, 
Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, Subhrat 
Chaudhary, and Velmurugan Periasamy.


Bugs: RANGER-3796
https://issues.apache.org/jira/browse/RANGER-3796


Repository: ranger


Description
---

Updated policy change logs to handle additionalResources field


Diffs
-

  
security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java 
92aaaebdc 


Diff: https://reviews.apache.org/r/74153/diff/1/


Testing
---

- validated that admin audits generated during policy create/update captures 
changes in policy.additionalResources


Thanks,

Madhan Neethiraj

[jira] [Commented] (RANGER-3796) Enhancement to support multiple resource sets in a policy

[Madhan Neethiraj (Jira)]

[ 
https://issues.apache.org/jira/browse/RANGER-3796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17612415#comment-17612415
 ] 

Madhan Neethiraj commented on RANGER-3796:
--

{noformat}
commit 710e7c763e8deebc24b7d8109fe8ef17618f0651
Author: Madhan Neethiraj 
Date:   Tue Jun 28 10:31:02 2022 -0700

RANGER-3796: plugin capabilities entry added for multiple resource sets in 
a policy - #2
{noformat}

> Enhancement to support multiple resource sets in a policy
> -
>
> Key: RANGER-3796
> URL: https://issues.apache.org/jira/browse/RANGER-3796
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Reporter: Madhan Neethiraj
>Assignee: Madhan Neethiraj
>Priority: Major
> Fix For: 3.0.0, 2.4.0
>
> Attachments: RANGER-3796-2.patch, RANGER-3796.patch
>
>
> Ranger policy model allows multiple resources to be covered in a single 
> policy. For example, by use of wildcards/macros/resource-list – as shown 
> below:
> {noformat}
> - database: test_db, table: *, column: *
> - path: /home/{USER}
> - storageaccount: finance, relativepath: [ /taxes, /reports ] {noformat}
>  
> It will be useful to extend this to support multiple resource sets in a 
> policy, like:
> {noformat}
>  - { database: db1, table: tb1, columns: * }, { database: db2, table: *, 
> column: * }
> {noformat}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (RANGER-3804) Update policy UI to support multiple resource-sets

[Madhan Neethiraj (Jira)]

[ 
https://issues.apache.org/jira/browse/RANGER-3804?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17612411#comment-17612411
 ] 

Madhan Neethiraj commented on RANGER-3804:
--

{noformat}
commit 2b4635d079bc704dc57ccbad9c330397aaa16aaf (HEAD -> master, origin/master, 
origin/HEAD)
Author: Nitin Galave 
Date:   Mon Oct 3 14:44:23 2022 +0530

RANGER-3804: Update policy UI to support multiple resource-sets: fix build 
issue - #2

Signed-off-by: Madhan Neethiraj 
{noformat}
 
{noformat}
commit 171ea134e8a3cb9e3d6e0159a04ce343fdefb0d9 (HEAD -> ranger-2.4)
Author: Nitin Galave 
Date:   Mon Oct 3 14:44:23 2022 +0530

RANGER-3804: Update policy UI to support multiple resource-sets: fix build 
issue - #2

Signed-off-by: Madhan Neethiraj 
(cherry picked from commit 2b4635d079bc704dc57ccbad9c330397aaa16aaf)
{noformat}

> Update policy UI to support multiple resource-sets
> --
>
> Key: RANGER-3804
> URL: https://issues.apache.org/jira/browse/RANGER-3804
> Project: Ranger
>  Issue Type: Sub-task
>  Components: admin
>Reporter: Madhan Neethiraj
>Assignee: Nitin Galave
>Priority: Major
> Fix For: 3.0.0, 2.4.0
>
> Attachments: 
> 0001-RANGER-3804-Update-policy-UI-to-support-multiple-res.patch, 
> EntityID.png, classification.png, entity-label.png
>
>
> Policy model enhancements in RANGER_3796 enable a Ranger policy to be created 
> with multiple resource-sets – like:
>  * database: [ db1 ], table: [ tbl1 ], column: [ * ]
>  * database: [ db1 ], udf: [ * ]
>  * database: [ db2 ], table: [ tbl2 ], column: [ * ]
>  
> Policy UI needs to be updated to support multiple resource-sets, some what 
> similar to security-zone UI that allows multiple resource-sets to be added in 
> a zone. For policy UI, I suggest retaining existing UI for 
> RangerPolicy.resources, and have a separate optional UI (triggered via _More 
> Resources_ button?) to capture additional resources.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: Review Request 74144: RANGER-3934: optimization in loading of tags into cache

[Madhan Neethiraj]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74144/
---

(Updated Oct. 3, 2022, 6:34 p.m.)


Review request for ranger, Ankita Sinha, Kishor Gollapalliwar, Abhay Kulkarni, 
Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, Subhrat 
Chaudhary, and Velmurugan Periasamy.


Changes
---

updated test stats


Bugs: RANGER-3934
https://issues.apache.org/jira/browse/RANGER-3934


Repository: ranger


Description
---

- updated several retrieval of XXService JPA object by replacing with retrival 
of serviceId
- replaced several instances of Map with Set, as these 
instances had same value for key and value
- avoided expensive calls to RangerTagResourceMapService.getByTagId(tagId) and 
RangerTagResourceMapService.getTagIdsForResourceId(serviceResourceId)
- updated several methods in XXTagResourceMapDao to avoid loading of 
XXTagResourceMap JPA object; instead created XXTagResourceMap object from 
individial fields retrieved from query


Diffs
-

  agents-common/src/main/java/org/apache/ranger/plugin/model/RangerTagDef.java 
c787beca5 
  
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerServiceTagsDeltaUtil.java
 8d9241c1c 
  security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java d8154b7de 
  
security-admin/src/main/java/org/apache/ranger/db/XXRMSServiceResourceDao.java 
afa754ba2 
  security-admin/src/main/java/org/apache/ranger/db/XXServiceDao.java 3cc3d9cef 
  security-admin/src/main/java/org/apache/ranger/db/XXTagResourceMapDao.java 
3f8b5b718 
  
security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasServiceDefUpdate_J10013.java
 b0f71e138 
  security-admin/src/main/java/org/apache/ranger/rest/TagREST.java c7cf3bfb8 
  security-admin/src/main/resources/META-INF/jpa_named_queries.xml e4a2354b0 


Diff: https://reviews.apache.org/r/74144/diff/6/


Testing (updated)
---

- with Ranger database having ~1m service-resources, ~2m tags and delta of 20k 
resource & 40k tags:
  -- before these optmizations, tag-cache update from delta didn't complete 
event after a long time (1h35m)
  -- with these optmizations, tag-cache update from the same delta completed 
within 15 seconds


Thanks,

Madhan Neethiraj

Re: Review Request 74152: RANGER-3804: Update policy UI to support multiple resource-sets

[Madhan Neethiraj]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74152/#review224737
---


Ship it!




Ship It!

- Madhan Neethiraj


On Oct. 3, 2022, 11:15 a.m., Nitin Galave wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74152/
> ---
> 
> (Updated Oct. 3, 2022, 11:15 a.m.)
> 
> 
> Review request for ranger, Dhaval Rajpara, Madhan Neethiraj, Mehul Parikh, 
> Pradeep Agrawal, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-3804
> https://issues.apache.org/jira/browse/RANGER-3804
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Build failure issue due to let, arrow function
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/webapp/scripts/views/policies/PermissionList.js 
> f3e62cd05 
>   security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js 
> a913c9d76 
> 
> 
> Diff: https://reviews.apache.org/r/74152/diff/1/
> 
> 
> Testing
> ---
> 
> Verified build and policy crud operation.
> 
> 
> Thanks,
> 
> Nitin Galave
> 
>

Re: Review Request 74143: Ranger-3912: Ranger Policy report for a given user should fetch policies maintained for roles belonging to that user and groups of the user

[Abhay Kulkarni]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74143/#review224736
---


Ship it!




Ship It!

- Abhay Kulkarni


On Oct. 3, 2022, 5:57 p.m., Ramesh Mani wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74143/
> ---
> 
> (Updated Oct. 3, 2022, 5:57 p.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, 
> Pradeep Agrawal, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-3912
> https://issues.apache.org/jira/browse/RANGER-3912
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Ranger-3912: Ranger Policy report for a given user should fetch policies 
> maintained for roles belonging to that user and groups of the user
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> 913633600 
>   security-admin/src/main/java/org/apache/ranger/db/XXGroupGroupDao.java 
> 21948b108 
>   security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java 35d718858 
>   security-admin/src/main/resources/META-INF/jpa_named_queries.xml e4a2354b0 
> 
> 
> Diff: https://reviews.apache.org/r/74143/diff/2/
> 
> 
> Testing
> ---
> 
> Verified in local vm  API to fetch policies for give user / group / role and 
> also via Ranger UI
> 
> 
> Thanks,
> 
> Ramesh Mani
> 
>

Re: Review Request 74143: Ranger-3912: Ranger Policy report for a given user should fetch policies maintained for roles belonging to that user and groups of the user

[Ramesh Mani]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74143/
---

(Updated Oct. 3, 2022, 5:57 p.m.)


Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, 
Pradeep Agrawal, and Velmurugan Periasamy.


Changes
---

Review comments addressed.


Summary (updated)
-

 Ranger-3912: Ranger Policy report for a given user should fetch policies 
maintained for roles belonging to that user and groups of the user


Bugs: RANGER-3912
https://issues.apache.org/jira/browse/RANGER-3912


Repository: ranger


Description (updated)
---

Ranger-3912: Ranger Policy report for a given user should fetch policies 
maintained for roles belonging to that user and groups of the user


Diffs (updated)
-

  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
913633600 
  security-admin/src/main/java/org/apache/ranger/db/XXGroupGroupDao.java 
21948b108 
  security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java 35d718858 
  security-admin/src/main/resources/META-INF/jpa_named_queries.xml e4a2354b0 


Diff: https://reviews.apache.org/r/74143/diff/2/

Changes: https://reviews.apache.org/r/74143/diff/1-2/


Testing
---

Verified in local vm  API to fetch policies for give user / group / role and 
also via Ranger UI


Thanks,

Ramesh Mani

[jira] [Updated] (RANGER-3912) Ranger Policy report for a given user should fetch policies maintained for roles belonging to that user and groups

[Ramesh Mani (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3912?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ramesh Mani updated RANGER-3912:

Summary:  Ranger Policy report for a given user should fetch policies 
maintained for roles belonging to that user and groups  (was:  Ranger Policy 
report for a give user should fetch policies maintained for roles belonging to 
that user )

>  Ranger Policy report for a given user should fetch policies maintained for 
> roles belonging to that user and groups
> ---
>
> Key: RANGER-3912
> URL: https://issues.apache.org/jira/browse/RANGER-3912
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 3.0.0
>Reporter: Ramesh Mani
>Assignee: Ramesh Mani
>Priority: Major
> Fix For: 3.0.0
>
>
> Ranger Policy report for a give user should fetch policies maintained for 
> roles belonging to that user. Current Policies that are maintained for the 
> roles are not considered and hence the report is not accurate.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-3912) Ranger Policy report for a given user should fetch policies maintained for roles belonging to that user and groups

[Ramesh Mani (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3912?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ramesh Mani updated RANGER-3912:

Description:  Ranger Policy report for a given user should fetch policies 
maintained for roles belonging to that user and groups of the user. Current 
Policies that are maintained for the roles are not considered and hence the 
report is not accurate.  (was: Ranger Policy report for a give user should 
fetch policies maintained for roles belonging to that user. Current Policies 
that are maintained for the roles are not considered and hence the report is 
not accurate.)

>  Ranger Policy report for a given user should fetch policies maintained for 
> roles belonging to that user and groups
> ---
>
> Key: RANGER-3912
> URL: https://issues.apache.org/jira/browse/RANGER-3912
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 3.0.0
>Reporter: Ramesh Mani
>Assignee: Ramesh Mani
>Priority: Major
> Fix For: 3.0.0
>
>
>  Ranger Policy report for a given user should fetch policies maintained for 
> roles belonging to that user and groups of the user. Current Policies that 
> are maintained for the roles are not considered and hence the report is not 
> accurate.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: Review Request 74143: RANGER-3912:Ranger Policy report for a give user should fetch policies maintained for roles belonging to that user

[Ramesh Mani]

> On Sept. 30, 2022, 7:22 p.m., Abhay Kulkarni wrote:
> > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
> > Lines 4950 (patched)
> > 
> >
> > Why is the "group" parameter removed from searchFilter here, especially 
> > with line 4986? Please review.

searchFilter which are set in the previous call is reset to current filter 
which is based on "roles"and that is the reason we remove "group" parameter.


> On Sept. 30, 2022, 7:22 p.m., Abhay Kulkarni wrote:
> > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
> > Lines 6241 (patched)
> > 
> >
> > There is a recursive call here. If the depth of the role hierarchy is 
> > too deep, this may cause stack overflow. Please review to see if that is 
> > possible.

This recursive call is need to fetch the roles belonging to role and its 
childs. Haven't seen maintaing role tree that deep to get into overflow issue. 
Looping issue is already handled in the method


> On Sept. 30, 2022, 7:22 p.m., Abhay Kulkarni wrote:
> > security-admin/src/main/java/org/apache/ranger/db/XXGroupGroupDao.java
> > Lines 57 (patched)
> > 
> >
> > Does this function's return list include the groupName that is passed 
> > in as argument? Is the caller expecting that? Please review.

No caller is not expected to return the groupName that is passed in the 
argument.


> On Sept. 30, 2022, 7:22 p.m., Abhay Kulkarni wrote:
> > security-admin/src/main/resources/META-INF/jpa_named_queries.xml
> > Lines 293 (patched)
> > 
> >
> > This query returns only parent group of the argument groupName. Is it 
> > expected to find more distant ancestors too? Please review.

It is not expected to find more distant ancestors. Ranger don't maintain group 
to group mapping. Users belonging to groups and policies maintained for those 
groups are already handled.


- Ramesh


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74143/#review224725
---


On Sept. 27, 2022, 7:37 p.m., Ramesh Mani wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74143/
> ---
> 
> (Updated Sept. 27, 2022, 7:37 p.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, 
> Pradeep Agrawal, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-3912
> https://issues.apache.org/jira/browse/RANGER-3912
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RANGER-3912:Ranger Policy report for a give user should fetch policies 
> maintained for roles belonging to that user
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> 913633600 
>   security-admin/src/main/java/org/apache/ranger/db/XXGroupGroupDao.java 
> 21948b108 
>   security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java 35d718858 
>   security-admin/src/main/resources/META-INF/jpa_named_queries.xml e4a2354b0 
> 
> 
> Diff: https://reviews.apache.org/r/74143/diff/1/
> 
> 
> Testing
> ---
> 
> Verified in local vm  API to fetch policies for give user / group / role and 
> also via Ranger UI
> 
> 
> Thanks,
> 
> Ramesh Mani
> 
>

Re: Review Request 74144: RANGER-3934: optimization in loading of tags into cache

[Abhay Kulkarni]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74144/#review224734
---


Ship it!




Please update the tests run and the improvements seen after optimizing 
applyDelta() function.

- Abhay Kulkarni


On Oct. 1, 2022, 12:38 a.m., Madhan Neethiraj wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74144/
> ---
> 
> (Updated Oct. 1, 2022, 12:38 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Kishor Gollapalliwar, Abhay 
> Kulkarni, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, 
> Subhrat Chaudhary, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-3934
> https://issues.apache.org/jira/browse/RANGER-3934
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> - updated several retrieval of XXService JPA object by replacing with 
> retrival of serviceId
> - replaced several instances of Map with Set, as these 
> instances had same value for key and value
> - avoided expensive calls to RangerTagResourceMapService.getByTagId(tagId) 
> and RangerTagResourceMapService.getTagIdsForResourceId(serviceResourceId)
> - updated several methods in XXTagResourceMapDao to avoid loading of 
> XXTagResourceMap JPA object; instead created XXTagResourceMap object from 
> individial fields retrieved from query
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/RangerTagDef.java 
> c787beca5 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerServiceTagsDeltaUtil.java
>  8d9241c1c 
>   security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java 
> d8154b7de 
>   
> security-admin/src/main/java/org/apache/ranger/db/XXRMSServiceResourceDao.java
>  afa754ba2 
>   security-admin/src/main/java/org/apache/ranger/db/XXServiceDao.java 
> 3cc3d9cef 
>   security-admin/src/main/java/org/apache/ranger/db/XXTagResourceMapDao.java 
> 3f8b5b718 
>   
> security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasServiceDefUpdate_J10013.java
>  b0f71e138 
>   security-admin/src/main/java/org/apache/ranger/rest/TagREST.java c7cf3bfb8 
>   security-admin/src/main/resources/META-INF/jpa_named_queries.xml e4a2354b0 
> 
> 
> Diff: https://reviews.apache.org/r/74144/diff/6/
> 
> 
> Testing
> ---
> 
> - with Ranger database having ~1m service-resources, ~2m tags and delta of 
> 20k resource & 40k tags:
>   -- before these optmizations, tag-cache update from delta didn't complete 
> event after a long time (1h35m)
>   -- with these optmizations, tag-cache update from the same delta completed 
> within 10 minutes
> - there is scope for further optimization 
> RangerServiceTagsDeltaUtil.applyDelta() - as this took almost 97% time in 
> updating the cache (588 seconds); compare this to 
> TagDBStore.getServiceTagsDelta() which completed in 13 seeconds
> 
> 
> Thanks,
> 
> Madhan Neethiraj
> 
>

[jira] [Updated] (RANGER-3918) Namespace policy that is created in Ranger by HBase Grant command not getting honored

[Ramesh Mani (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3918?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ramesh Mani updated RANGER-3918:

Fix Version/s: 3.0.0
   2.4.0

> Namespace policy that is created in Ranger by HBase Grant command not getting 
> honored
> -
>
> Key: RANGER-3918
> URL: https://issues.apache.org/jira/browse/RANGER-3918
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 3.0.0, 2.4.0
>Reporter: Ramesh Mani
>Assignee: Ramesh Mani
>Priority: Major
> Fix For: 3.0.0, 2.4.0
>
>
> Namespace policy that is created in Ranger by HBase Grant command not getting 
> honored
> When Grant command is executed on a Namespace for a User, the policy that is 
> getting created is not honored by HBase Ranger authorizer.
> eg. grant 'user' , 'RWXCA', '@namespace'
> create HBase Ranger policy for the table resource = "namespace:*"
> Ranger HBaseCoprocessor doesn't honor this policy because of the matching 
> issue in the request resource. Resource that are getting created for this 
> request should have "namespace:" also as a Table resource. This has to be 
> done as "Namespace" is not a first call resource in HBase Ranger 
> Authorization definition.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (RANGER-3918) Namespace policy that is created in Ranger by HBase Grant command not getting honored

[Ramesh Mani (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3918?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ramesh Mani resolved RANGER-3918.
-
Resolution: Fixed

> Namespace policy that is created in Ranger by HBase Grant command not getting 
> honored
> -
>
> Key: RANGER-3918
> URL: https://issues.apache.org/jira/browse/RANGER-3918
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 3.0.0, 2.4.0
>Reporter: Ramesh Mani
>Assignee: Ramesh Mani
>Priority: Major
> Fix For: 3.0.0, 2.4.0
>
>
> Namespace policy that is created in Ranger by HBase Grant command not getting 
> honored
> When Grant command is executed on a Namespace for a User, the policy that is 
> getting created is not honored by HBase Ranger authorizer.
> eg. grant 'user' , 'RWXCA', '@namespace'
> create HBase Ranger policy for the table resource = "namespace:*"
> Ranger HBaseCoprocessor doesn't honor this policy because of the matching 
> issue in the request resource. Resource that are getting created for this 
> request should have "namespace:" also as a Table resource. This has to be 
> done as "Namespace" is not a first call resource in HBase Ranger 
> Authorization definition.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-3907) Skip auditing of operation like monitorHealth in HDFS Ranger Plugin audit handler

[Ramesh Mani (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3907?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ramesh Mani updated RANGER-3907:

Affects Version/s: 2.4.0

> Skip auditing of operation like monitorHealth in HDFS Ranger Plugin audit 
> handler 
> --
>
> Key: RANGER-3907
> URL: https://issues.apache.org/jira/browse/RANGER-3907
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 3.0.0, 2.4.0
>Reporter: Ramesh Mani
>Assignee: Ramesh Mani
>Priority: Minor
> Fix For: 3.0.0, 2.4.0
>
>
> Certain operations like "monitorHealth" in HA environment cannot be excluded 
> using the Ranger audit filter as these operations are not done on any 
> resource, doesn't get authorized also. Only auditing is done on those 
> operations. 
> These operations fills up the Ranger audits and hence needs to be excluded.
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-3907) Skip auditing of operation like monitorHealth in HDFS Ranger Plugin audit handler

[Ramesh Mani (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3907?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ramesh Mani updated RANGER-3907:

Fix Version/s: 3.0.0
   2.4.0

> Skip auditing of operation like monitorHealth in HDFS Ranger Plugin audit 
> handler 
> --
>
> Key: RANGER-3907
> URL: https://issues.apache.org/jira/browse/RANGER-3907
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 3.0.0
>Reporter: Ramesh Mani
>Assignee: Ramesh Mani
>Priority: Minor
> Fix For: 3.0.0, 2.4.0
>
>
> Certain operations like "monitorHealth" in HA environment cannot be excluded 
> using the Ranger audit filter as these operations are not done on any 
> resource, doesn't get authorized also. Only auditing is done on those 
> operations. 
> These operations fills up the Ranger audits and hence needs to be excluded.
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (RANGER-3907) Skip auditing of operation like monitorHealth in HDFS Ranger Plugin audit handler

[Ramesh Mani (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3907?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ramesh Mani resolved RANGER-3907.
-
Resolution: Fixed

> Skip auditing of operation like monitorHealth in HDFS Ranger Plugin audit 
> handler 
> --
>
> Key: RANGER-3907
> URL: https://issues.apache.org/jira/browse/RANGER-3907
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 3.0.0, 2.4.0
>Reporter: Ramesh Mani
>Assignee: Ramesh Mani
>Priority: Minor
> Fix For: 3.0.0, 2.4.0
>
>
> Certain operations like "monitorHealth" in HA environment cannot be excluded 
> using the Ranger audit filter as these operations are not done on any 
> resource, doesn't get authorized also. Only auditing is done on those 
> operations. 
> These operations fills up the Ranger audits and hence needs to be excluded.
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: Review Request 74123: RANGER-3916 : Ranger UI fails to open when the Ranger admin domain name includes "service" keyword in it.

[Abhay Kulkarni]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74123/#review224732
---


Ship it!




Ship It!

- Abhay Kulkarni


On Sept. 20, 2022, 11:46 a.m., Dineshkumar Yadav wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74123/
> ---
> 
> (Updated Sept. 20, 2022, 11:46 a.m.)
> 
> 
> Review request for ranger, Jayendra Parab, Kishor Gollapalliwar, Abhay 
> Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-3916
> https://issues.apache.org/jira/browse/RANGER-3916
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> When domain name itself contain "service" keyword in it then it leads to 
> error message. 
> eg. when we try http://domain_name_with_service:6080/  as this has keyword 
> "service" as part of url. it gives below error instead of redirecting to 
> "http://domain_name_with_service:6080/login.jsp;.
> {"statusCode":401,"msgDesc":"Authentication Failed"}
> 
> 
> Diffs
> -
> 
>   
> security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java
>  26786b9eb 
> 
> 
> Diff: https://reviews.apache.org/r/74123/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Dineshkumar Yadav
> 
>

Re: Review Request 74134: RANGER-3888, RANGER-3887, RANGER-3886, RANGER-3931: Validity Scheduler , recurrence schedule: added validation

[Abhay Kulkarni]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74134/#review224731
---


Ship it!




Ship It!

- Abhay Kulkarni


On Sept. 28, 2022, 8:20 a.m., Dineshkumar Yadav wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74134/
> ---
> 
> (Updated Sept. 28, 2022, 8:20 a.m.)
> 
> 
> Review request for ranger, Dhaval Shah, Jayendra Parab, Kishor Gollapalliwar, 
> Abhay Kulkarni, Pradeep Agrawal, Ramesh Mani, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-3886, RANGER-3887, RANGER-3888, and RANGER-3931
> https://issues.apache.org/jira/browse/RANGER-3886
> https://issues.apache.org/jira/browse/RANGER-3887
> https://issues.apache.org/jira/browse/RANGER-3888
> https://issues.apache.org/jira/browse/RANGER-3931
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> below validation is added for Validity Scheduler and recurrence schedule.
> 1. When there is no interval but schedule is specified , policy is created
> 2. Ranger accepts invalid start/endTime
> 3. Ranger reports overlapping ranges though there are no overlapping values
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidityScheduleValidator.java
>  2b4b049fa 
> 
> 
> Diff: https://reviews.apache.org/r/74134/diff/2/
> 
> 
> Testing
> ---
> 
> tested using curl request.
> 
> 
> Thanks,
> 
> Dineshkumar Yadav
> 
>

No Ranger talks at Apache CON 2022. Any get togethers?

[eanders]

No Ranger talks at Apache CON 2022. Any get togethers?Erik 
AndersonBloombergSent via the Samsung Galaxy Z Fold3 5G, an AT 5G smartphone

Review Request 74152: RANGER-3804: Update policy UI to support multiple resource-sets

[Nitin Galave]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74152/
---

Review request for ranger, Dhaval Rajpara, Madhan Neethiraj, Mehul Parikh, 
Pradeep Agrawal, and Velmurugan Periasamy.


Bugs: RANGER-3804
https://issues.apache.org/jira/browse/RANGER-3804


Repository: ranger


Description
---

Build failure issue due to let, arrow function


Diffs
-

  security-admin/src/main/webapp/scripts/views/policies/PermissionList.js 
f3e62cd05 
  security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js 
a913c9d76 


Diff: https://reviews.apache.org/r/74152/diff/1/


Testing
---

Verified build and policy crud operation.


Thanks,

Nitin Galave

[jira] [Commented] (RANGER-3938) Unable to access audit logs from an elasticsearch alias

[Suman B N (Jira)]

[ 
https://issues.apache.org/jira/browse/RANGER-3938?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17612225#comment-17612225
 ] 

Suman B N commented on RANGER-3938:
---

Fixed this issue with approach 1 and raised an MR 
[here|https://github.com/apache/ranger/pull/177].

> Unable to access audit logs from an elasticsearch alias
> ---
>
> Key: RANGER-3938
> URL: https://issues.apache.org/jira/browse/RANGER-3938
> Project: Ranger
>  Issue Type: Bug
>  Components: audit
>Reporter: Suman B N
>Priority: Minor
>
> Lets say for audit, we configure an elasticsearch alias(rollover alias). And 
> if there are 2 or more indices for an alias then audit API doesn't work. 
> Because while fetching the records, ranger uses multi get request on an 
> alias. 
> It results in below error:
> {noformat}
> Alias [alias-name] has more than one indices associated with it 
> [[index-02, index-01]], can't execute a single index op
> {noformat}
> [Code 
> snippet|https://github.com/apache/ranger/blob/6c8a142881896f2c6d1696bcee02c401867a45f9/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchUtil.java#L175-L180]:
> {code:java}
> MultiGetRequest multiGetRequest = new MultiGetRequest();
> for (SearchHit hit : hits) {
> MultiGetRequest.Item item = new MultiGetRequest.Item(index, null, 
> hit.getId());
> item.fetchSourceContext(FetchSourceContext.FETCH_SOURCE);
> multiGetRequest.add(item);
> }
> {code}
> So there can be 2 possible approaches to resolve this:
> - Approach 1(Quick and fast):
> Use hit.getIndex() instead of index(in this case its has alias) for a 
> MultiGetRequest.Item object.
> So that all the documents can be get by id with its index only instead of 
> alias.
> - Approach 2(Change the MultiGet to search):
> POST /_search
> {code:json}
> {
> "query": {
> "ids" : {
> "values" : ["id1", "id2"]
> }
> }
> }
> {code}
> This would be a recommended approach.
> Correct me if I am wrong. If not, Can I pick this up and fix it? I have 
> already fixed it in my local with approach 1 as a quick fix.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Review Request 74151: RANGER-3804: Update policy UI to support multiple resource-sets

[Nitin Galave]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74151/
---

Review request for ranger, Dhaval Rajpara, Madhan Neethiraj, Mehul Parikh, 
Pradeep Agrawal, and Velmurugan Periasamy.


Bugs: RANGER-3804
https://issues.apache.org/jira/browse/RANGER-3804


Repository: ranger


Description
---

Build failure issue due to `let` keyword


Diffs
-

  security-admin/src/main/webapp/scripts/views/policies/PermissionList.js 
f3e62cd05 
  security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js 
a913c9d76 


Diff: https://reviews.apache.org/r/74151/diff/1/


Testing
---

Verified build and policy crud operation.


Thanks,

Nitin Galave

[jira] [Updated] (RANGER-3938) Unable to access audit logs from an elasticsearch alias

[Suman B N (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3938?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Suman B N updated RANGER-3938:
--
Description: 
Lets say for audit, we configure an elasticsearch alias(rollover alias). And if 
there are 2 or more indices for an alias then audit API doesn't work. Because 
while fetching the records, ranger uses multi get request on an alias. 
It results in below error:
{noformat}
Alias [alias-name] has more than one indices associated with it [[index-02, 
index-01]], can't execute a single index op
{noformat}

[Code 
snippet|https://github.com/apache/ranger/blob/6c8a142881896f2c6d1696bcee02c401867a45f9/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchUtil.java#L175-L180]:
{code:java}
MultiGetRequest multiGetRequest = new MultiGetRequest();
for (SearchHit hit : hits) {
MultiGetRequest.Item item = new MultiGetRequest.Item(index, null, 
hit.getId());
item.fetchSourceContext(FetchSourceContext.FETCH_SOURCE);
multiGetRequest.add(item);
}
{code}

So there can be 2 possible approaches to resolve this:

- Approach 1(Quick and fast):
Use hit.getIndex() instead of index(in this case its has alias) for a 
MultiGetRequest.Item object.
So that all the documents can be get by id with its index only instead of alias.

- Approach 2(Change the MultiGet to search):
POST /_search
{code:json}
{
"query": {
"ids" : {
"values" : ["id1", "id2"]
}
}
}
{code}

This would be a recommended approach.

Correct me if I am wrong. If not, Can I pick this up and fix it? I have already 
fixed it in my local with approach 1 as a quick fix.

  was:
Lets say for audit, we configure an elasticsearch alias(rollover alias). And if 
there are 2 or more indices for an alias then audit API doesn't work. Because 
while fetching the records, ranger uses multi get request on an alias. 
It results in below error:
{noformat}
Alias [alias-name] has more than one indices associated with it [[index-02, 
index-01]], can't execute a single index op
{noformat}

[Code 
snippet|https://github.com/apache/ranger/blob/6c8a142881896f2c6d1696bcee02c401867a45f9/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchUtil.java#L175-L180]:
{code:java}
MultiGetRequest multiGetRequest = new MultiGetRequest();
for (SearchHit hit : hits) {
MultiGetRequest.Item item = new MultiGetRequest.Item(index, null, 
hit.getId());
item.fetchSourceContext(FetchSourceContext.FETCH_SOURCE);
multiGetRequest.add(item);
}
{code}

So there can be 2 possible approaches to resolve this:

- Approach 1(Quick and fast):
Use {quote}hit.getIndex(){quote} instead of index(in this case its has alias) 
for a MultiGetRequest.Item object.
So that all the documents can be get by id with its index only instead of alias.

- Approach 2(Change the MultiGet to search):
POST /_search
{code:json}
{
"query": {
"ids" : {
"values" : ["id1", "id2"]
}
}
}
{code}

This would be a recommended approach.

Correct me if I am wrong. If not, Can I pick this up and fix it? I have already 
fixed it in my local with approach 1 as a quick fix.


> Unable to access audit logs from an elasticsearch alias
> ---
>
> Key: RANGER-3938
> URL: https://issues.apache.org/jira/browse/RANGER-3938
> Project: Ranger
>  Issue Type: Bug
>  Components: audit
>Reporter: Suman B N
>Priority: Minor
>
> Lets say for audit, we configure an elasticsearch alias(rollover alias). And 
> if there are 2 or more indices for an alias then audit API doesn't work. 
> Because while fetching the records, ranger uses multi get request on an 
> alias. 
> It results in below error:
> {noformat}
> Alias [alias-name] has more than one indices associated with it 
> [[index-02, index-01]], can't execute a single index op
> {noformat}
> [Code 
> snippet|https://github.com/apache/ranger/blob/6c8a142881896f2c6d1696bcee02c401867a45f9/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchUtil.java#L175-L180]:
> {code:java}
> MultiGetRequest multiGetRequest = new MultiGetRequest();
> for (SearchHit hit : hits) {
> MultiGetRequest.Item item = new MultiGetRequest.Item(index, null, 
> hit.getId());
> item.fetchSourceContext(FetchSourceContext.FETCH_SOURCE);
> multiGetRequest.add(item);
> }
> {code}
> So there can be 2 possible approaches to resolve this:
> - Approach 1(Quick and fast):
> Use hit.getIndex() instead of index(in this case its has alias) for a 
> MultiGetRequest.Item object.
> So that all the documents can be get by id with its index only instead of 
> alias.
> - Approach 2(Change the MultiGet to 

[jira] [Updated] (RANGER-3938) Unable to access audit logs from an elasticsearch alias

[Suman B N (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3938?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Suman B N updated RANGER-3938:
--
Description: 
Lets say for audit, we configure an elasticsearch alias(rollover alias). And if 
there are 2 or more indices for an alias then audit API doesn't work. Because 
while fetching the records, ranger uses multi get request on an alias. 
It results in below error:
{noformat}
Alias [alias-name] has more than one indices associated with it [[index-02, 
index-01]], can't execute a single index op
{noformat}

[Code 
snippet|https://github.com/apache/ranger/blob/6c8a142881896f2c6d1696bcee02c401867a45f9/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchUtil.java#L175-L180]:
{code:java}
MultiGetRequest multiGetRequest = new MultiGetRequest();
for (SearchHit hit : hits) {
MultiGetRequest.Item item = new MultiGetRequest.Item(index, null, 
hit.getId());
item.fetchSourceContext(FetchSourceContext.FETCH_SOURCE);
multiGetRequest.add(item);
}
{code}

So there can be 2 possible approaches to resolve this:

- Approach 1(Quick and fast):
Use {quote}hit.getIndex(){quote} instead of index(in this case its has alias) 
for a MultiGetRequest.Item object.
So that all the documents can be get by id with its index only instead of alias.

- Approach 2(Change the MultiGet to search):
POST /_search
{code:json}
{
"query": {
"ids" : {
"values" : ["id1", "id2"]
}
}
}
{code}

This would be a recommended approach.

Correct me if I am wrong. If not, Can I pick this up and fix it? I have already 
fixed it in my local with approach 1 as a quick fix.

  was:
Lets say for audit, we configure an elasticsearch alias(rollover alias). And if 
there are 2 or more indices for an alias then audit API doesn't work. Because 
while fetching the records, ranger uses multi get request on an alias. 
It results in below error:
{noformat}
Alias [alias-name] has more than one indices associated with it [[index-02, 
index-01]], can't execute a single index op
{noformat}

[Code 
snippet|https://github.com/apache/ranger/blob/6c8a142881896f2c6d1696bcee02c401867a45f9/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchUtil.java#L175-L180]:
{code:java}
MultiGetRequest multiGetRequest = new MultiGetRequest();
for (SearchHit hit : hits) {
MultiGetRequest.Item item = new MultiGetRequest.Item(index, null, 
hit.getId());
item.fetchSourceContext(FetchSourceContext.FETCH_SOURCE);
multiGetRequest.add(item);
}
{code}

So there can be 2 possible approaches to resolve this:

- Approach 1(Quick and fast):
Use {noformat}hit.getIndex(){noformat} instead of index(in this case its has 
alias) for a MultiGetRequest.Item object.
So that all the documents can be get by id with its index only instead of alias.

- Approach 2(Change the MultiGet to search):
POST /_search
{code:json}
{
"query": {
"ids" : {
"values" : ["id1", "id2"]
}
}
}
{code}

This would be a recommended approach.

Correct me if I am wrong. If not, Can I pick this up and fix it? I have already 
fixed it in my local with approach 1 as a quick fix.


> Unable to access audit logs from an elasticsearch alias
> ---
>
> Key: RANGER-3938
> URL: https://issues.apache.org/jira/browse/RANGER-3938
> Project: Ranger
>  Issue Type: Bug
>  Components: audit
>Reporter: Suman B N
>Priority: Minor
>
> Lets say for audit, we configure an elasticsearch alias(rollover alias). And 
> if there are 2 or more indices for an alias then audit API doesn't work. 
> Because while fetching the records, ranger uses multi get request on an 
> alias. 
> It results in below error:
> {noformat}
> Alias [alias-name] has more than one indices associated with it 
> [[index-02, index-01]], can't execute a single index op
> {noformat}
> [Code 
> snippet|https://github.com/apache/ranger/blob/6c8a142881896f2c6d1696bcee02c401867a45f9/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchUtil.java#L175-L180]:
> {code:java}
> MultiGetRequest multiGetRequest = new MultiGetRequest();
> for (SearchHit hit : hits) {
> MultiGetRequest.Item item = new MultiGetRequest.Item(index, null, 
> hit.getId());
> item.fetchSourceContext(FetchSourceContext.FETCH_SOURCE);
> multiGetRequest.add(item);
> }
> {code}
> So there can be 2 possible approaches to resolve this:
> - Approach 1(Quick and fast):
> Use {quote}hit.getIndex(){quote} instead of index(in this case its has alias) 
> for a MultiGetRequest.Item object.
> So that all the documents can be get by id with its index only instead of 
> alias.
> - 

[jira] [Updated] (RANGER-3938) Unable to access audit logs from an elasticsearch alias

[Suman B N (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3938?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Suman B N updated RANGER-3938:
--
Description: 
Lets say for audit, we configure an elasticsearch alias(rollover alias). And if 
there are 2 or more indices for an alias then audit API doesn't work. Because 
while fetching the records, ranger uses multi get request on an alias. 
It results in below error:
{noformat}
Alias [alias-name] has more than one indices associated with it [[index-02, 
index-01]], can't execute a single index op
{noformat}

[Code 
snippet|https://github.com/apache/ranger/blob/6c8a142881896f2c6d1696bcee02c401867a45f9/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchUtil.java#L175-L180]:
{code:java}
MultiGetRequest multiGetRequest = new MultiGetRequest();
for (SearchHit hit : hits) {
MultiGetRequest.Item item = new MultiGetRequest.Item(index, null, 
hit.getId());
item.fetchSourceContext(FetchSourceContext.FETCH_SOURCE);
multiGetRequest.add(item);
}
{code}

So there can be 2 possible approaches to resolve this:

- Approach 1(Quick and fast):
Use {noformat}hit.getIndex(){noformat} instead of index(in this case its has 
alias) for a MultiGetRequest.Item object.
So that all the documents can be get by id with its index only instead of alias.

- Approach 2(Change the MultiGet to search):
POST /_search
{code:json}
{
"query": {
"ids" : {
"values" : ["id1", "id2"]
}
}
}
{code}

This would be a recommended approach.

Correct me if I am wrong. If not, Can I pick this up and fix it? I have already 
fixed it in my local with approach 1 as a quick fix.

  was:
Lets say for audit, we configure an elasticsearch alias(rollover alias). And if 
there are 2 or more indices for an alias then audit API doesn't work. Because 
while fetching the records, ranger uses multi get request on an alias. 
It results in below error:
{noformat}
Alias [alias-name] has more than one indices associated with it [[index-02, 
index-01]], can't execute a single index op
{noformat}

[Code 
snippet|https://github.com/apache/ranger/blob/6c8a142881896f2c6d1696bcee02c401867a45f9/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchUtil.java#L175-L180]:
{code:java}
MultiGetRequest multiGetRequest = new MultiGetRequest();
for (SearchHit hit : hits) {
MultiGetRequest.Item item = new MultiGetRequest.Item(index, null, 
hit.getId());
item.fetchSourceContext(FetchSourceContext.FETCH_SOURCE);
multiGetRequest.add(item);
}
{code}

So there can be 2 possible approaches to resolve this:

- Approach 1(Quick and fast):
Use 
{noformat}
hit.getIndex()
{noformat}
 instead of index(in this case its has alias) for a MultiGetRequest.Item object.
So that all the documents can be get by id with its index only instead of alias.

- Approach 2(Change the MultiGet to search):
POST /_search
{code:json}
{
"query": {
"ids" : {
"values" : ["id1", "id2"]
}
}
}
{code}

This would be a recommended approach.

Correct me if I am wrong. If not, Can I pick this up and fix it? I have already 
fixed it in my local with approach 1 as a quick fix.


> Unable to access audit logs from an elasticsearch alias
> ---
>
> Key: RANGER-3938
> URL: https://issues.apache.org/jira/browse/RANGER-3938
> Project: Ranger
>  Issue Type: Bug
>  Components: audit
>Reporter: Suman B N
>Priority: Minor
>
> Lets say for audit, we configure an elasticsearch alias(rollover alias). And 
> if there are 2 or more indices for an alias then audit API doesn't work. 
> Because while fetching the records, ranger uses multi get request on an 
> alias. 
> It results in below error:
> {noformat}
> Alias [alias-name] has more than one indices associated with it 
> [[index-02, index-01]], can't execute a single index op
> {noformat}
> [Code 
> snippet|https://github.com/apache/ranger/blob/6c8a142881896f2c6d1696bcee02c401867a45f9/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchUtil.java#L175-L180]:
> {code:java}
> MultiGetRequest multiGetRequest = new MultiGetRequest();
> for (SearchHit hit : hits) {
> MultiGetRequest.Item item = new MultiGetRequest.Item(index, null, 
> hit.getId());
> item.fetchSourceContext(FetchSourceContext.FETCH_SOURCE);
> multiGetRequest.add(item);
> }
> {code}
> So there can be 2 possible approaches to resolve this:
> - Approach 1(Quick and fast):
> Use {noformat}hit.getIndex(){noformat} instead of index(in this case its has 
> alias) for a MultiGetRequest.Item object.
> So that all the documents can be get by id with its index only instead of 
> 

[jira] [Updated] (RANGER-3938) Unable to access audit logs from an elasticsearch alias

[Suman B N (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3938?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Suman B N updated RANGER-3938:
--
Description: 
Lets say for audit, we configure an elasticsearch alias(rollover alias). And if 
there are 2 or more indices for an alias then audit API doesn't work. Because 
while fetching the records, ranger uses multi get request on an alias. 
It results in below error:
{noformat}
Alias [alias-name] has more than one indices associated with it [[index-02, 
index-01]], can't execute a single index op
{noformat}

[Code 
snippet|https://github.com/apache/ranger/blob/6c8a142881896f2c6d1696bcee02c401867a45f9/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchUtil.java#L175-L180]:
{code:java}
MultiGetRequest multiGetRequest = new MultiGetRequest();
for (SearchHit hit : hits) {
MultiGetRequest.Item item = new MultiGetRequest.Item(index, null, 
hit.getId());
item.fetchSourceContext(FetchSourceContext.FETCH_SOURCE);
multiGetRequest.add(item);
}
{code}

So there can be 2 possible approaches to resolve this:

- Approach 1(Quick and fast):
Use 
{noformat}
hit.getIndex()
{noformat}
 instead of index(in this case its has alias) for a MultiGetRequest.Item object.
So that all the documents can be get by id with its index only instead of alias.

- Approach 2(Change the MultiGet to search):
POST /_search
{code:json}
{
"query": {
"ids" : {
"values" : ["id1", "id2"]
}
}
}
{code}

This would be a recommended approach.

Correct me if I am wrong. If not, Can I pick this up and fix it? I have already 
fixed it in my local with approach 1 as a quick fix.

  was:
Lets say for audit, we configure an elasticsearch alias(rollover alias). And if 
there are 2 or more indices for an alias then audit API doesn't work. Because 
while fetching the records, ranger uses multi get request on an alias. 
It results in below error:
{noformat}
Alias [alias-name] has more than one indices associated with it [[index-02, 
index-01]], can't execute a single index op
{noformat}

[Code 
snippet|https://github.com/apache/ranger/blob/6c8a142881896f2c6d1696bcee02c401867a45f9/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchUtil.java#L175-L180]:
{code:java}
MultiGetRequest multiGetRequest = new MultiGetRequest();
for (SearchHit hit : hits) {
MultiGetRequest.Item item = new MultiGetRequest.Item(index, null, 
hit.getId());
item.fetchSourceContext(FetchSourceContext.FETCH_SOURCE);
multiGetRequest.add(item);
}
{code}

So there can be 2 possible approaches to resolve this:

- Approach 1(Quick and fast):
Use `hit.getIndex()` instead of index(in this case its has alias) for a 
MultiGetRequest.Item object.
So that all the documents can be get by id with its index only instead of alias.

- Approach 2(Change the MultiGet to search):
POST /_search
{code:json}
{
"query": {
"ids" : {
"values" : ["id1", "id2"]
}
}
}
{code}

This would be a recommended approach.

Correct me if I am wrong. If not, Can I pick this up and fix it? I have already 
fixed it in my local with approach 1 as a quick fix.


> Unable to access audit logs from an elasticsearch alias
> ---
>
> Key: RANGER-3938
> URL: https://issues.apache.org/jira/browse/RANGER-3938
> Project: Ranger
>  Issue Type: Bug
>  Components: audit
>Reporter: Suman B N
>Priority: Minor
>
> Lets say for audit, we configure an elasticsearch alias(rollover alias). And 
> if there are 2 or more indices for an alias then audit API doesn't work. 
> Because while fetching the records, ranger uses multi get request on an 
> alias. 
> It results in below error:
> {noformat}
> Alias [alias-name] has more than one indices associated with it 
> [[index-02, index-01]], can't execute a single index op
> {noformat}
> [Code 
> snippet|https://github.com/apache/ranger/blob/6c8a142881896f2c6d1696bcee02c401867a45f9/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchUtil.java#L175-L180]:
> {code:java}
> MultiGetRequest multiGetRequest = new MultiGetRequest();
> for (SearchHit hit : hits) {
> MultiGetRequest.Item item = new MultiGetRequest.Item(index, null, 
> hit.getId());
> item.fetchSourceContext(FetchSourceContext.FETCH_SOURCE);
> multiGetRequest.add(item);
> }
> {code}
> So there can be 2 possible approaches to resolve this:
> - Approach 1(Quick and fast):
> Use 
> {noformat}
> hit.getIndex()
> {noformat}
>  instead of index(in this case its has alias) for a MultiGetRequest.Item 
> object.
> So that all the documents can be get by id with its index only instead of 
> alias.

[jira] [Updated] (RANGER-3938) Unable to access audit logs from an elasticsearch alias

[Suman B N (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3938?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Suman B N updated RANGER-3938:
--
Description: 
Lets say for audit, we configure an elasticsearch alias(rollover alias). And if 
there are 2 or more indices for an alias then audit API doesn't work. Because 
while fetching the records, ranger uses multi get request on an alias. 
It results in below error:
{noformat}
Alias [alias-name] has more than one indices associated with it [[index-02, 
index-01]], can't execute a single index op
{noformat}

[Code 
snippet|https://github.com/apache/ranger/blob/6c8a142881896f2c6d1696bcee02c401867a45f9/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchUtil.java#L175-L180]:
{code:java}
MultiGetRequest multiGetRequest = new MultiGetRequest();
for (SearchHit hit : hits) {
MultiGetRequest.Item item = new MultiGetRequest.Item(index, null, 
hit.getId());
item.fetchSourceContext(FetchSourceContext.FETCH_SOURCE);
multiGetRequest.add(item);
}
{code}

So there can be 2 possible approaches to resolve this:

- Approach 1(Quick and fast):
Use `hit.getIndex()` instead of index(in this case its has alias) for a 
MultiGetRequest.Item object.
So that all the documents can be get by id with its index only instead of alias.

- Approach 2(Change the MultiGet to search):


{noformat}
POST /_search

{code:json}
{
"query": {
"ids" : {
"values" : ["id1", "id2"]
}
}
}
{code}
{noformat}

This would be a recommended approach.

Correct me if I am wrong. If not, Can I pick this up and fix it? I have already 
fixed it in my local with approach 1 as a quick fix.

  was:
Lets say for audit, we configure an elasticsearch alias(rollover alias). And if 
there are 2 or more indices for an alias then audit API doesn't work. Because 
while fetching the records, ranger uses multi get request on an alias. 
It results in below error:
{noformat}
Alias [alias-name] has more than one indices associated with it [[index-02, 
index-01]], can't execute a single index op
{noformat}

[Code 
snippet|https://github.com/apache/ranger/blob/6c8a142881896f2c6d1696bcee02c401867a45f9/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchUtil.java#L175-L180]:
{code:java}
MultiGetRequest multiGetRequest = new MultiGetRequest();
for (SearchHit hit : hits) {
MultiGetRequest.Item item = new MultiGetRequest.Item(index, null, 
hit.getId());
item.fetchSourceContext(FetchSourceContext.FETCH_SOURCE);
multiGetRequest.add(item);
}
{code}

So there can be 2 possible approaches to resolve this:

- Approach 1(Quick and fast):
Use `hit.getIndex()` instead of index(in this case its has alias) for a 
MultiGetRequest.Item object.
So that all the documents can be get by id with its index only instead of alias.

- Approach 2(Change the MultiGet to search):


{code:http}
POST /_search

{code:json}
{
"query": {
"ids" : {
"values" : ["id1", "id2"]
}
}
}
{code}

{code}

This would be a recommended approach.

Correct me if I am wrong. If not, Can I pick this up and fix it? I have already 
fixed it in my local with approach 1 as a quick fix.


> Unable to access audit logs from an elasticsearch alias
> ---
>
> Key: RANGER-3938
> URL: https://issues.apache.org/jira/browse/RANGER-3938
> Project: Ranger
>  Issue Type: Bug
>  Components: audit
>Reporter: Suman B N
>Priority: Minor
>
> Lets say for audit, we configure an elasticsearch alias(rollover alias). And 
> if there are 2 or more indices for an alias then audit API doesn't work. 
> Because while fetching the records, ranger uses multi get request on an 
> alias. 
> It results in below error:
> {noformat}
> Alias [alias-name] has more than one indices associated with it 
> [[index-02, index-01]], can't execute a single index op
> {noformat}
> [Code 
> snippet|https://github.com/apache/ranger/blob/6c8a142881896f2c6d1696bcee02c401867a45f9/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchUtil.java#L175-L180]:
> {code:java}
> MultiGetRequest multiGetRequest = new MultiGetRequest();
> for (SearchHit hit : hits) {
> MultiGetRequest.Item item = new MultiGetRequest.Item(index, null, 
> hit.getId());
> item.fetchSourceContext(FetchSourceContext.FETCH_SOURCE);
> multiGetRequest.add(item);
> }
> {code}
> So there can be 2 possible approaches to resolve this:
> - Approach 1(Quick and fast):
> Use `hit.getIndex()` instead of index(in this case its has alias) for a 
> MultiGetRequest.Item object.
> So that all the documents can be get by id with its index only instead of 
> alias.
> - 

[jira] [Updated] (RANGER-3938) Unable to access audit logs from an elasticsearch alias

[Suman B N (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3938?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Suman B N updated RANGER-3938:
--
Description: 
Lets say for audit, we configure an elasticsearch alias(rollover alias). And if 
there are 2 or more indices for an alias then audit API doesn't work. Because 
while fetching the records, ranger uses multi get request on an alias. 
It results in below error:
{noformat}
Alias [alias-name] has more than one indices associated with it [[index-02, 
index-01]], can't execute a single index op
{noformat}

[Code 
snippet|https://github.com/apache/ranger/blob/6c8a142881896f2c6d1696bcee02c401867a45f9/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchUtil.java#L175-L180]:
{code:java}
MultiGetRequest multiGetRequest = new MultiGetRequest();
for (SearchHit hit : hits) {
MultiGetRequest.Item item = new MultiGetRequest.Item(index, null, 
hit.getId());
item.fetchSourceContext(FetchSourceContext.FETCH_SOURCE);
multiGetRequest.add(item);
}
{code}

So there can be 2 possible approaches to resolve this:

- Approach 1(Quick and fast):
Use `hit.getIndex()` instead of index(in this case its has alias) for a 
MultiGetRequest.Item object.
So that all the documents can be get by id with its index only instead of alias.

- Approach 2(Change the MultiGet to search):
POST /_search
{code:json}
{
"query": {
"ids" : {
"values" : ["id1", "id2"]
}
}
}
{code}

This would be a recommended approach.

Correct me if I am wrong. If not, Can I pick this up and fix it? I have already 
fixed it in my local with approach 1 as a quick fix.

  was:
Lets say for audit, we configure an elasticsearch alias(rollover alias). And if 
there are 2 or more indices for an alias then audit API doesn't work. Because 
while fetching the records, ranger uses multi get request on an alias. 
It results in below error:
{noformat}
Alias [alias-name] has more than one indices associated with it [[index-02, 
index-01]], can't execute a single index op
{noformat}

[Code 
snippet|https://github.com/apache/ranger/blob/6c8a142881896f2c6d1696bcee02c401867a45f9/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchUtil.java#L175-L180]:
{code:java}
MultiGetRequest multiGetRequest = new MultiGetRequest();
for (SearchHit hit : hits) {
MultiGetRequest.Item item = new MultiGetRequest.Item(index, null, 
hit.getId());
item.fetchSourceContext(FetchSourceContext.FETCH_SOURCE);
multiGetRequest.add(item);
}
{code}

So there can be 2 possible approaches to resolve this:

- Approach 1(Quick and fast):
Use `hit.getIndex()` instead of index(in this case its has alias) for a 
MultiGetRequest.Item object.
So that all the documents can be get by id with its index only instead of alias.

- Approach 2(Change the MultiGet to search):


{noformat}
POST /_search

{code:json}
{
"query": {
"ids" : {
"values" : ["id1", "id2"]
}
}
}
{code}
{noformat}

This would be a recommended approach.

Correct me if I am wrong. If not, Can I pick this up and fix it? I have already 
fixed it in my local with approach 1 as a quick fix.


> Unable to access audit logs from an elasticsearch alias
> ---
>
> Key: RANGER-3938
> URL: https://issues.apache.org/jira/browse/RANGER-3938
> Project: Ranger
>  Issue Type: Bug
>  Components: audit
>Reporter: Suman B N
>Priority: Minor
>
> Lets say for audit, we configure an elasticsearch alias(rollover alias). And 
> if there are 2 or more indices for an alias then audit API doesn't work. 
> Because while fetching the records, ranger uses multi get request on an 
> alias. 
> It results in below error:
> {noformat}
> Alias [alias-name] has more than one indices associated with it 
> [[index-02, index-01]], can't execute a single index op
> {noformat}
> [Code 
> snippet|https://github.com/apache/ranger/blob/6c8a142881896f2c6d1696bcee02c401867a45f9/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchUtil.java#L175-L180]:
> {code:java}
> MultiGetRequest multiGetRequest = new MultiGetRequest();
> for (SearchHit hit : hits) {
> MultiGetRequest.Item item = new MultiGetRequest.Item(index, null, 
> hit.getId());
> item.fetchSourceContext(FetchSourceContext.FETCH_SOURCE);
> multiGetRequest.add(item);
> }
> {code}
> So there can be 2 possible approaches to resolve this:
> - Approach 1(Quick and fast):
> Use `hit.getIndex()` instead of index(in this case its has alias) for a 
> MultiGetRequest.Item object.
> So that all the documents can be get by id with its index only instead of 
> alias.
> - Approach 2(Change the 

[jira] [Updated] (RANGER-3938) Unable to access audit logs from an elasticsearch alias

[Suman B N (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3938?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Suman B N updated RANGER-3938:
--
Description: 
Lets say for audit, we configure an elasticsearch alias(rollover alias). And if 
there are 2 or more indices for an alias then audit API doesn't work. Because 
while fetching the records, ranger uses multi get request on an alias. 
It results in below error:
{noformat}
Alias [alias-name] has more than one indices associated with it [[index-02, 
index-01]], can't execute a single index op
{noformat}

[Code 
snippet|https://github.com/apache/ranger/blob/6c8a142881896f2c6d1696bcee02c401867a45f9/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchUtil.java#L175-L180]:
{code:java}
MultiGetRequest multiGetRequest = new MultiGetRequest();
for (SearchHit hit : hits) {
MultiGetRequest.Item item = new MultiGetRequest.Item(index, null, 
hit.getId());
item.fetchSourceContext(FetchSourceContext.FETCH_SOURCE);
multiGetRequest.add(item);
}
{code}

So there can be 2 possible approaches to resolve this:

- Approach 1(Quick and fast):
Use `hit.getIndex()` instead of index(in this case its has alias) for a 
MultiGetRequest.Item object.
So that all the documents can be get by id with its index only instead of alias.

- Approach 2(Change the MultiGet to search):


{code:http}
POST /_search

{code:json}
{
"query": {
"ids" : {
"values" : ["id1", "id2"]
}
}
}
{code}

{code}

This would be a recommended approach.

Correct me if I am wrong. If not, Can I pick this up and fix it? I have already 
fixed it in my local with approach 1 as a quick fix.

  was:
Lets say for audit, we configure an elasticsearch alias(rollover alias). And if 
there are 2 or more indices for an alias then audit API doesn't work. Because 
while fetching the records, ranger uses multi get request on an alias. 
It results in below error:
{noformat}
Alias [alias-name] has more than one indices associated with it [[index-02, 
index-01]], can't execute a single index op
{noformat}

[Code 
snippet|https://github.com/apache/ranger/blob/6c8a142881896f2c6d1696bcee02c401867a45f9/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchUtil.java#L175-L180]:
{code:java}
MultiGetRequest multiGetRequest = new MultiGetRequest();
for (SearchHit hit : hits) {
MultiGetRequest.Item item = new MultiGetRequest.Item(index, null, 
hit.getId());
item.fetchSourceContext(FetchSourceContext.FETCH_SOURCE);
multiGetRequest.add(item);
}
{code}

So there can be 2 possible approaches to resolve this:

- Approach 1(Quick and fast):
Use `hit.getIndex()` instead of index(in this case its has alias) for a 
MultiGetRequest.Item object.
So that all the documents can be get by id with its index only instead of alias.

- Approach 2(Change the MultiGet to search):
```
POST /_search

{code:json}
{
"query": {
"ids" : {
"values" : ["id1", "id2"]
}
}
}
{code}

```
This would be a recommended approach.

Correct me if I am wrong. If not, Can I pick this up and fix it? I have already 
fixed it in my local with approach 1 as a quick fix.


> Unable to access audit logs from an elasticsearch alias
> ---
>
> Key: RANGER-3938
> URL: https://issues.apache.org/jira/browse/RANGER-3938
> Project: Ranger
>  Issue Type: Bug
>  Components: audit
>Reporter: Suman B N
>Priority: Minor
>
> Lets say for audit, we configure an elasticsearch alias(rollover alias). And 
> if there are 2 or more indices for an alias then audit API doesn't work. 
> Because while fetching the records, ranger uses multi get request on an 
> alias. 
> It results in below error:
> {noformat}
> Alias [alias-name] has more than one indices associated with it 
> [[index-02, index-01]], can't execute a single index op
> {noformat}
> [Code 
> snippet|https://github.com/apache/ranger/blob/6c8a142881896f2c6d1696bcee02c401867a45f9/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchUtil.java#L175-L180]:
> {code:java}
> MultiGetRequest multiGetRequest = new MultiGetRequest();
> for (SearchHit hit : hits) {
> MultiGetRequest.Item item = new MultiGetRequest.Item(index, null, 
> hit.getId());
> item.fetchSourceContext(FetchSourceContext.FETCH_SOURCE);
> multiGetRequest.add(item);
> }
> {code}
> So there can be 2 possible approaches to resolve this:
> - Approach 1(Quick and fast):
> Use `hit.getIndex()` instead of index(in this case its has alias) for a 
> MultiGetRequest.Item object.
> So that all the documents can be get by id with its index only instead of 
> alias.
> - Approach 

[jira] [Updated] (RANGER-3938) Unable to access audit logs from an elasticsearch alias

[Suman B N (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3938?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Suman B N updated RANGER-3938:
--
Description: 
Lets say for audit, we configure an elasticsearch alias(rollover alias). And if 
there are 2 or more indices for an alias then audit API doesn't work. Because 
while fetching the records, ranger uses multi get request on an alias. 
It results in below error:
{noformat}
Alias [alias-name] has more than one indices associated with it [[index-02, 
index-01]], can't execute a single index op
{noformat}

[Code 
snippet|https://github.com/apache/ranger/blob/6c8a142881896f2c6d1696bcee02c401867a45f9/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchUtil.java#L175-L180]:
{code:java}
MultiGetRequest multiGetRequest = new MultiGetRequest();
for (SearchHit hit : hits) {
MultiGetRequest.Item item = new MultiGetRequest.Item(index, null, 
hit.getId());
item.fetchSourceContext(FetchSourceContext.FETCH_SOURCE);
multiGetRequest.add(item);
}
{code}

So there can be 2 possible approaches to resolve this:

- Approach 1(Quick and fast):
Use `hit.getIndex()` instead of index(in this case its has alias) for a 
MultiGetRequest.Item object.
So that all the documents can be get by id with its index only instead of alias.

- Approach 2(Change the MultiGet to search):
```
POST /_search

{code:json}
{
"query": {
"ids" : {
"values" : ["id1", "id2"]
}
}
}
{code}

```
This would be a recommended approach.

Correct me if I am wrong. If not, Can I pick this up and fix it? I have already 
fixed it in my local with approach 1 as a quick fix.

  was:
Lets say for audit, we configure an elasticsearch alias(rollover alias). And if 
there are 2 or more indices for an alias then audit API doesn't work. Because 
while fetching the records, ranger uses multi get request on an alias. 
It results in below error:



{noformat}
Alias [alias-name] has more than one indices associated with it [[index-02, 
index-01]], can't execute a single index op

{noformat}

[Code 
snippet|https://github.com/apache/ranger/blob/6c8a142881896f2c6d1696bcee02c401867a45f9/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchUtil.java#L175-L180]:
```
MultiGetRequest multiGetRequest = new MultiGetRequest();
for (SearchHit hit : hits) {
MultiGetRequest.Item item = new MultiGetRequest.Item(index, null, 
hit.getId());
item.fetchSourceContext(FetchSourceContext.FETCH_SOURCE);
multiGetRequest.add(item);
}
```
So there can be 2 possible approaches to resolve this:

- Approach 1(Quick and fast):
Use `hit.getIndex()` instead of index(in this case its has alias) for a 
MultiGetRequest.Item object.
So that all the documents can be get by id with its index only instead of alias.

- Approach 2(Change the MultiGet to search):
```
POST /_search

{code:json}
{
"query": {
"ids" : {
"values" : ["id1", "id2"]
}
}
}
{code}

```
This would be a recommended approach.


> Unable to access audit logs from an elasticsearch alias
> ---
>
> Key: RANGER-3938
> URL: https://issues.apache.org/jira/browse/RANGER-3938
> Project: Ranger
>  Issue Type: Bug
>  Components: audit
>Reporter: Suman B N
>Priority: Minor
>
> Lets say for audit, we configure an elasticsearch alias(rollover alias). And 
> if there are 2 or more indices for an alias then audit API doesn't work. 
> Because while fetching the records, ranger uses multi get request on an 
> alias. 
> It results in below error:
> {noformat}
> Alias [alias-name] has more than one indices associated with it 
> [[index-02, index-01]], can't execute a single index op
> {noformat}
> [Code 
> snippet|https://github.com/apache/ranger/blob/6c8a142881896f2c6d1696bcee02c401867a45f9/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchUtil.java#L175-L180]:
> {code:java}
> MultiGetRequest multiGetRequest = new MultiGetRequest();
> for (SearchHit hit : hits) {
> MultiGetRequest.Item item = new MultiGetRequest.Item(index, null, 
> hit.getId());
> item.fetchSourceContext(FetchSourceContext.FETCH_SOURCE);
> multiGetRequest.add(item);
> }
> {code}
> So there can be 2 possible approaches to resolve this:
> - Approach 1(Quick and fast):
> Use `hit.getIndex()` instead of index(in this case its has alias) for a 
> MultiGetRequest.Item object.
> So that all the documents can be get by id with its index only instead of 
> alias.
> - Approach 2(Change the MultiGet to search):
> ```
> POST /_search
> {code:json}
> {
> "query": {
> "ids" : {
> "values" : ["id1", "id2"]
> }

[jira] [Updated] (RANGER-3938) Unable to access audit logs from an elasticsearch alias

[Suman B N (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3938?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Suman B N updated RANGER-3938:
--
Description: 
Lets say for audit, we configure an elasticsearch alias(rollover alias). And if 
there are 2 or more indices for an alias then audit API doesn't work. Because 
while fetching the records, ranger uses multi get request on an alias. 
It results in below error:

```
Alias [alias-name] has more than one indices associated with it [[index-02, 
index-01]], can't execute a single index op
```
[Code 
snippet|https://github.com/apache/ranger/blob/6c8a142881896f2c6d1696bcee02c401867a45f9/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchUtil.java#L175-L180]:
```
MultiGetRequest multiGetRequest = new MultiGetRequest();
for (SearchHit hit : hits) {
MultiGetRequest.Item item = new MultiGetRequest.Item(index, null, 
hit.getId());
item.fetchSourceContext(FetchSourceContext.FETCH_SOURCE);
multiGetRequest.add(item);
}
```
So there can be 2 possible approaches to resolve this:

- Approach 1(Quick and fast):
Use `hit.getIndex()` instead of index(in this case its has alias) for a 
MultiGetRequest.Item object.
So that all the documents can be get by id with its index only instead of alias.

- Approach 2(Change the MultiGet to search):
```
POST /_search

{code:json}
{
"query": {
"ids" : {
"values" : ["id1", "id2"]
}
}
}
{code}

```
This would be a recommended approach.

  was:
Lets say for audit, we configure an elasticsearch alias(rollover alias). And if 
there are 2 or more indices for an alias then audit API doesn't work. Because 
while fetching the records, ranger uses multi get request on an alias. 
It results in below error:

```
Alias [alias-name] has more than one indices associated with it [[index-02, 
index-01]], can't execute a single index op
```
[Code 
snippet|https://github.com/apache/ranger/blob/6c8a142881896f2c6d1696bcee02c401867a45f9/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchUtil.java#L175-L180]:
```
MultiGetRequest multiGetRequest = new MultiGetRequest();
for (SearchHit hit : hits) {
MultiGetRequest.Item item = new MultiGetRequest.Item(index, null, 
hit.getId());
item.fetchSourceContext(FetchSourceContext.FETCH_SOURCE);
multiGetRequest.add(item);
}
```
So there can be 2 possible approaches to resolve this:

- Approach 1(Quick and fast):
Use `hit.getIndex()` instead of index(in this case its has alias) for a 
MultiGetRequest.Item object.
So that all the documents can be get by id with its index only instead of alias.

- Approach 2(Change the MultiGet to search):
```
POST /_search
{
"query": {
"ids" : {
"values" : ["id1", "id2"]
}
}
}
```
This would be a recommended approach.


> Unable to access audit logs from an elasticsearch alias
> ---
>
> Key: RANGER-3938
> URL: https://issues.apache.org/jira/browse/RANGER-3938
> Project: Ranger
>  Issue Type: Bug
>  Components: audit
>Reporter: Suman B N
>Priority: Minor
>
> Lets say for audit, we configure an elasticsearch alias(rollover alias). And 
> if there are 2 or more indices for an alias then audit API doesn't work. 
> Because while fetching the records, ranger uses multi get request on an 
> alias. 
> It results in below error:
> ```
> Alias [alias-name] has more than one indices associated with it 
> [[index-02, index-01]], can't execute a single index op
> ```
> [Code 
> snippet|https://github.com/apache/ranger/blob/6c8a142881896f2c6d1696bcee02c401867a45f9/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchUtil.java#L175-L180]:
> ```
> MultiGetRequest multiGetRequest = new MultiGetRequest();
> for (SearchHit hit : hits) {
> MultiGetRequest.Item item = new MultiGetRequest.Item(index, null, 
> hit.getId());
> item.fetchSourceContext(FetchSourceContext.FETCH_SOURCE);
> multiGetRequest.add(item);
> }
> ```
> So there can be 2 possible approaches to resolve this:
> - Approach 1(Quick and fast):
> Use `hit.getIndex()` instead of index(in this case its has alias) for a 
> MultiGetRequest.Item object.
> So that all the documents can be get by id with its index only instead of 
> alias.
> - Approach 2(Change the MultiGet to search):
> ```
> POST /_search
> {code:json}
> {
> "query": {
> "ids" : {
> "values" : ["id1", "id2"]
> }
> }
> }
> {code}
> ```
> This would be a recommended approach.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-3938) Unable to access audit logs from an elasticsearch alias

[Suman B N (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3938?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Suman B N updated RANGER-3938:
--
Description: 
Lets say for audit, we configure an elasticsearch alias(rollover alias). And if 
there are 2 or more indices for an alias then audit API doesn't work. Because 
while fetching the records, ranger uses multi get request on an alias. 
It results in below error:



{noformat}
Alias [alias-name] has more than one indices associated with it [[index-02, 
index-01]], can't execute a single index op

{noformat}

[Code 
snippet|https://github.com/apache/ranger/blob/6c8a142881896f2c6d1696bcee02c401867a45f9/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchUtil.java#L175-L180]:
```
MultiGetRequest multiGetRequest = new MultiGetRequest();
for (SearchHit hit : hits) {
MultiGetRequest.Item item = new MultiGetRequest.Item(index, null, 
hit.getId());
item.fetchSourceContext(FetchSourceContext.FETCH_SOURCE);
multiGetRequest.add(item);
}
```
So there can be 2 possible approaches to resolve this:

- Approach 1(Quick and fast):
Use `hit.getIndex()` instead of index(in this case its has alias) for a 
MultiGetRequest.Item object.
So that all the documents can be get by id with its index only instead of alias.

- Approach 2(Change the MultiGet to search):
```
POST /_search

{code:json}
{
"query": {
"ids" : {
"values" : ["id1", "id2"]
}
}
}
{code}

```
This would be a recommended approach.

  was:
Lets say for audit, we configure an elasticsearch alias(rollover alias). And if 
there are 2 or more indices for an alias then audit API doesn't work. Because 
while fetching the records, ranger uses multi get request on an alias. 
It results in below error:

```
Alias [alias-name] has more than one indices associated with it [[index-02, 
index-01]], can't execute a single index op
```
[Code 
snippet|https://github.com/apache/ranger/blob/6c8a142881896f2c6d1696bcee02c401867a45f9/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchUtil.java#L175-L180]:
```
MultiGetRequest multiGetRequest = new MultiGetRequest();
for (SearchHit hit : hits) {
MultiGetRequest.Item item = new MultiGetRequest.Item(index, null, 
hit.getId());
item.fetchSourceContext(FetchSourceContext.FETCH_SOURCE);
multiGetRequest.add(item);
}
```
So there can be 2 possible approaches to resolve this:

- Approach 1(Quick and fast):
Use `hit.getIndex()` instead of index(in this case its has alias) for a 
MultiGetRequest.Item object.
So that all the documents can be get by id with its index only instead of alias.

- Approach 2(Change the MultiGet to search):
```
POST /_search

{code:json}
{
"query": {
"ids" : {
"values" : ["id1", "id2"]
}
}
}
{code}

```
This would be a recommended approach.


> Unable to access audit logs from an elasticsearch alias
> ---
>
> Key: RANGER-3938
> URL: https://issues.apache.org/jira/browse/RANGER-3938
> Project: Ranger
>  Issue Type: Bug
>  Components: audit
>Reporter: Suman B N
>Priority: Minor
>
> Lets say for audit, we configure an elasticsearch alias(rollover alias). And 
> if there are 2 or more indices for an alias then audit API doesn't work. 
> Because while fetching the records, ranger uses multi get request on an 
> alias. 
> It results in below error:
> {noformat}
> Alias [alias-name] has more than one indices associated with it 
> [[index-02, index-01]], can't execute a single index op
> {noformat}
> [Code 
> snippet|https://github.com/apache/ranger/blob/6c8a142881896f2c6d1696bcee02c401867a45f9/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchUtil.java#L175-L180]:
> ```
> MultiGetRequest multiGetRequest = new MultiGetRequest();
> for (SearchHit hit : hits) {
> MultiGetRequest.Item item = new MultiGetRequest.Item(index, null, 
> hit.getId());
> item.fetchSourceContext(FetchSourceContext.FETCH_SOURCE);
> multiGetRequest.add(item);
> }
> ```
> So there can be 2 possible approaches to resolve this:
> - Approach 1(Quick and fast):
> Use `hit.getIndex()` instead of index(in this case its has alias) for a 
> MultiGetRequest.Item object.
> So that all the documents can be get by id with its index only instead of 
> alias.
> - Approach 2(Change the MultiGet to search):
> ```
> POST /_search
> {code:json}
> {
> "query": {
> "ids" : {
> "values" : ["id1", "id2"]
> }
> }
> }
> {code}
> ```
> This would be a recommended approach.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (RANGER-3938) Unable to access audit logs from an elasticsearch alias

[Suman B N (Jira)]

Suman B N created RANGER-3938:
-

 Summary: Unable to access audit logs from an elasticsearch alias
 Key: RANGER-3938
 URL: https://issues.apache.org/jira/browse/RANGER-3938
 Project: Ranger
  Issue Type: Bug
  Components: audit
Reporter: Suman B N


Lets say for audit, we configure an elasticsearch alias(rollover alias). And if 
there are 2 or more indices for an alias then audit API doesn't work. Because 
while fetching the records, ranger uses multi get request on an alias. 
It results in below error:

```
Alias [alias-name] has more than one indices associated with it [[index-02, 
index-01]], can't execute a single index op
```
[Code 
snippet|https://github.com/apache/ranger/blob/6c8a142881896f2c6d1696bcee02c401867a45f9/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchUtil.java#L175-L180]:
```
MultiGetRequest multiGetRequest = new MultiGetRequest();
for (SearchHit hit : hits) {
MultiGetRequest.Item item = new MultiGetRequest.Item(index, null, 
hit.getId());
item.fetchSourceContext(FetchSourceContext.FETCH_SOURCE);
multiGetRequest.add(item);
}
```
So there can be 2 possible approaches to resolve this:

- Approach 1(Quick and fast):
Use `hit.getIndex()` instead of index(in this case its has alias) for a 
MultiGetRequest.Item object.
So that all the documents can be get by id with its index only instead of alias.

- Approach 2(Change the MultiGet to search):
```
POST /_search
{
"query": {
"ids" : {
"values" : ["id1", "id2"]
}
}
}
```
This would be a recommended approach.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)