RANGER-5315: Enhance Audit Log Filters to Support Resource Name Exclusions

RakeshGuptaDev · RakeshGuptaDev · commit 83beb9b47199 · 2025-09-11T16:20:51.000+05:30
diff --git a/security-admin/src/main/java/org/apache/ranger/AccessAuditsService.java b/security-admin/src/main/java/org/apache/ranger/AccessAuditsService.java
@@ -71,6 +71,7 @@ public AccessAuditsService() {
          */
         searchFields.add(new SearchField("-repoType", "-repoType", SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL));
         searchFields.add(new SearchField("-requestUser", "-reqUser", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
+        searchFields.add(new SearchField("excludeResourcePath", "-resource", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.PARTIAL));
         searchFields.add(new SearchField("resourceType", "resType", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
         searchFields.add(new SearchField("reason", "reason", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
         searchFields.add(new SearchField("action", "action", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
@@ -552,6 +552,7 @@ public VXAccessAuditList getAccessLogs(@Context HttpServletRequest request, @Que
         searchUtil.extractStringList(request, searchCriteria, "excludeUser", "Exclude Users", "-requestUser", null, StringUtil.VALIDATION_TEXT);
         searchUtil.extractString(request, searchCriteria, "requestData", "Request Data", StringUtil.VALIDATION_TEXT);
         searchUtil.extractString(request, searchCriteria, "resourcePath", "Resource Name", StringUtil.VALIDATION_TEXT);
+        searchUtil.extractString(request, searchCriteria, "excludeResourcePath", "Exclude Resource Name", StringUtil.VALIDATION_TEXT);
         searchUtil.extractString(request, searchCriteria, "clientIP", "Client IP", StringUtil.VALIDATION_TEXT);
         searchUtil.extractString(request, searchCriteria, "resourceType", "Resource Type", StringUtil.VALIDATION_TEXT);
         searchUtil.extractString(request, searchCriteria, "excludeServiceUser", "Exclude Service User", StringUtil.VALIDATION_TEXT);
diff --git a/security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AccessLogs.jsx b/security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AccessLogs.jsx
@@ -1009,6 +1009,12 @@ function Access() {
       urlLabel: "zoneName",
       type: "textoptions",
       options: getZones
+    },
+    {
+      category: "excludeResourcePath",
+      label: "Exclude Resource Name",
+      urlLabel: "excludeResourceName",
+      type: "text"
     }
   ];
 
diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java
@@ -569,7 +569,7 @@ public void testGetAccessLogs() {
         Mockito.verify(msBizUtil).isKeyAdmin();
         Mockito.verify(assetMgr).getAccessLogs(searchCriteria);
         Mockito.verify(daoManager).getXXServiceDef();
-        Mockito.verify(searchUtil, Mockito.times(15)).extractString(Mockito.any(), Mockito.any(), Mockito.anyString(), Mockito.anyString(), Mockito.nullable(String.class));
+        Mockito.verify(searchUtil, Mockito.times(16)).extractString(Mockito.any(), Mockito.any(), Mockito.anyString(), Mockito.anyString(), Mockito.nullable(String.class));
         Mockito.verify(searchUtil, Mockito.times(4)).extractInt(Mockito.any(), Mockito.any(), Mockito.anyString(), Mockito.anyString());
         Mockito.verify(searchUtil, Mockito.times(2)).extractDate(Mockito.any(), Mockito.any(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString());
         Mockito.verify(searchUtil).extractLong(Mockito.any(), Mockito.any(), Mockito.anyString(), Mockito.anyString());
@@ -604,7 +604,7 @@ public void testGetAccessLogsForKms() {
         Mockito.verify(msBizUtil).isKeyAdmin();
         Mockito.verify(assetMgr).getAccessLogs(searchCriteria);
         Mockito.verify(daoManager).getXXServiceDef();
-        Mockito.verify(searchUtil, Mockito.times(15)).extractString(Mockito.any(), Mockito.any(), Mockito.anyString(), Mockito.anyString(), Mockito.nullable(String.class));
+        Mockito.verify(searchUtil, Mockito.times(16)).extractString(Mockito.any(), Mockito.any(), Mockito.anyString(), Mockito.anyString(), Mockito.nullable(String.class));
         Mockito.verify(searchUtil, Mockito.times(4)).extractInt(Mockito.any(), Mockito.any(), Mockito.anyString(), Mockito.anyString());
         Mockito.verify(searchUtil, Mockito.times(2)).extractDate(Mockito.any(), Mockito.any(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString());
         Mockito.verify(searchUtil).extractLong(Mockito.any(), Mockito.any(), Mockito.anyString(), Mockito.anyString());
