ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Zsombor Gegesy <zsom...@apache.org>
Subject Re: Review Request 70389: RANGER-2394 - filter multiple users or exclude multiple users in audit search
Date Fri, 03 May 2019 18:18:56 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70389/
-----------------------------------------------------------

(Updated May 3, 2019, 6:18 p.m.)


Review request for ranger.


Changes
-------

Fix rebase problems


Bugs: RANGER-2394
    https://issues.apache.org/jira/browse/RANGER-2394


Repository: ranger


Description
-------

Currently the audit search only allows to:

* filter to one user's activity
* exclude all 'service users' from every user's activity.

If there were way to search for multiple users or exclude multiple users from the search list,
it would make debugging complex interactions simpler, for example only look for actions for
'alice' and 'hive' and 'yarn'

The frontend tweaked a bit, so if multiple users are passed to the jquery layer, the user
names are always converted as requestUser=aaa&requestUser=bbb&requestUser=ccc instead
of changing to requestUser[]=aaa&requestUser[]=bbb&requestUser[]=ccc, which would
be an incompatible change between the server and to any potential client code.


Diffs (updated)
-----

  security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 703d30beb 
  security-admin/src/main/java/org/apache/ranger/rest/XAuditREST.java fdf5ad86b 
  security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java 9be2ef480

  security-admin/src/main/webapp/scripts/utils/XAUtils.js 6da76d5bf 
  security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js 5ae06d5cd 
  security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java 1f7370955 


Diff: https://reviews.apache.org/r/70389/diff/4/

Changes: https://reviews.apache.org/r/70389/diff/3-4/


Testing
-------

Tested on a live cluster that:
* searching for one user
* searching for multiple users
* excluding one user
* excluding multiple users
* searching for one user + 'excluding service users'
* searching for multiple users + 'excluding service users'
* excluding one user + 'excluding service users'
* excluding multiple users + 'excluding service users'

works as expected.


Thanks,

Zsombor Gegesy


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message