You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Zsombor Gegesy <zs...@apache.org> on 2019/06/05 12:03:42 UTC
Re: Review Request 70389: RANGER-2394 - filter multiple users or
exclude multiple users in audit search
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70389/
-----------------------------------------------------------
(Updated June 5, 2019, 12:03 p.m.)
Review request for ranger.
Changes
-------
One more js issue
Bugs: RANGER-2394
https://issues.apache.org/jira/browse/RANGER-2394
Repository: ranger
Description
-------
Currently the audit search only allows to:
* filter to one user's activity
* exclude all 'service users' from every user's activity.
If there were way to search for multiple users or exclude multiple users from the search list, it would make debugging complex interactions simpler, for example only look for actions for 'alice' and 'hive' and 'yarn'
The frontend tweaked a bit, so if multiple users are passed to the jquery layer, the user names are always converted as requestUser=aaa&requestUser=bbb&requestUser=ccc instead of changing to requestUser[]=aaa&requestUser[]=bbb&requestUser[]=ccc, which would be an incompatible change between the server and to any potential client code.
Diffs (updated)
-----
security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 037888e8cd33f7a9bae9720a3c3180222758bda8
security-admin/src/main/java/org/apache/ranger/rest/XAuditREST.java fdf5ad86bff91e811c7d56ceb87845f158f8c789
security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java a517d7627af47adacb5bd8f90a104499981beeb8
security-admin/src/main/webapp/scripts/utils/XAUtils.js a7c4497feea13f06ddf8b92c05344301fca5a9a0
security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js 9c01eb76e410b45b19056f2638e23b8722cfb0fe
security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java ef149d5fa01b72f1ec3631012db4cf3433570547
Diff: https://reviews.apache.org/r/70389/diff/6/
Changes: https://reviews.apache.org/r/70389/diff/5-6/
Testing
-------
Tested on a live cluster that:
* searching for one user
* searching for multiple users
* excluding one user
* excluding multiple users
* searching for one user + 'excluding service users'
* searching for multiple users + 'excluding service users'
* excluding one user + 'excluding service users'
* excluding multiple users + 'excluding service users'
works as expected.
Thanks,
Zsombor Gegesy
Re: Review Request 70389: RANGER-2394 - filter multiple users or
exclude multiple users in audit search
Posted by Mehul Parikh <me...@freestoneinfotech.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70389/#review215698
-----------------------------------------------------------
Ship it!
Ship It!
- Mehul Parikh
On June 5, 2019, 12:03 p.m., Zsombor Gegesy wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70389/
> -----------------------------------------------------------
>
> (Updated June 5, 2019, 12:03 p.m.)
>
>
> Review request for ranger.
>
>
> Bugs: RANGER-2394
> https://issues.apache.org/jira/browse/RANGER-2394
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Currently the audit search only allows to:
>
> * filter to one user's activity
> * exclude all 'service users' from every user's activity.
>
> If there were way to search for multiple users or exclude multiple users from the search list, it would make debugging complex interactions simpler, for example only look for actions for 'alice' and 'hive' and 'yarn'
>
> The frontend tweaked a bit, so if multiple users are passed to the jquery layer, the user names are always converted as requestUser=aaa&requestUser=bbb&requestUser=ccc instead of changing to requestUser[]=aaa&requestUser[]=bbb&requestUser[]=ccc, which would be an incompatible change between the server and to any potential client code.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 037888e8cd33f7a9bae9720a3c3180222758bda8
> security-admin/src/main/java/org/apache/ranger/rest/XAuditREST.java fdf5ad86bff91e811c7d56ceb87845f158f8c789
> security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java a517d7627af47adacb5bd8f90a104499981beeb8
> security-admin/src/main/webapp/scripts/utils/XAUtils.js a7c4497feea13f06ddf8b92c05344301fca5a9a0
> security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js 9c01eb76e410b45b19056f2638e23b8722cfb0fe
> security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java ef149d5fa01b72f1ec3631012db4cf3433570547
>
>
> Diff: https://reviews.apache.org/r/70389/diff/6/
>
>
> Testing
> -------
>
> Tested on a live cluster that:
> * searching for one user
> * searching for multiple users
> * excluding one user
> * excluding multiple users
> * searching for one user + 'excluding service users'
> * searching for multiple users + 'excluding service users'
> * excluding one user + 'excluding service users'
> * excluding multiple users + 'excluding service users'
>
> works as expected.
>
>
> Thanks,
>
> Zsombor Gegesy
>
>