RANGER-4676: OpenSearch destination implementation #284

giggsoff · 2023-09-22T10:14:11Z

What changes were proposed in this pull request?

OpenSearch has its own java library to connect with and is not fully compatible with bulk requests using elasticsearch library (at least v7). So let's implement another destination.

With current elasticsearch destination I can see problems with response parsing:

23/09/22 10:13:20 ERROR BaseAuditHandler: Error sending message to ElasticSearch
java.io.IOException: Unable to parse response body for Response{requestLine=POST /_bulk?timeout=1m HTTP/1.1, host=http://nia-spark-fedchenkov.ru-central1.internal:9200, response=HTTP/1.1 200 OK}
	at org.elasticsearch.client.RestHighLevelClient.internalPerformRequest(RestHighLevelClient.java:1651)
	at org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:1602)
	at org.elasticsearch.client.RestHighLevelClient.performRequestAndParseEntity(RestHighLevelClient.java:1572)
	at org.elasticsearch.client.RestHighLevelClient.bulk(RestHighLevelClient.java:537)
	at org.apache.ranger.audit.destination.ElasticSearchAuditDestination.log(ElasticSearchAuditDestination.java:141)
	at org.apache.ranger.audit.queue.AuditBatchQueue.runLogAudit(AuditBatchQueue.java:309)
	at org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:215)
	at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: java.lang.NullPointerException
	at java.base/java.util.Objects.requireNonNull(Objects.java:221)
	at org.elasticsearch.action.DocWriteResponse.<init>(DocWriteResponse.java:127)
	at org.elasticsearch.action.index.IndexResponse.<init>(IndexResponse.java:54)
	at org.elasticsearch.action.index.IndexResponse.<init>(IndexResponse.java:39)
	at org.elasticsearch.action.index.IndexResponse$Builder.build(IndexResponse.java:107)
	at org.elasticsearch.action.index.IndexResponse$Builder.build(IndexResponse.java:104)
	at org.elasticsearch.action.bulk.BulkItemResponse.fromXContent(BulkItemResponse.java:159)
	at org.elasticsearch.action.bulk.BulkResponse.fromXContent(BulkResponse.java:188)
	at org.elasticsearch.client.RestHighLevelClient.parseEntity(RestHighLevelClient.java:1911)
	at org.elasticsearch.client.RestHighLevelClient.lambda$performRequestAndParseEntity$8(RestHighLevelClient.java:1573)
	at org.elasticsearch.client.RestHighLevelClient.internalPerformRequest(RestHighLevelClient.java:1649)
	... 7 more

How was this patch tested?

manual test with opensearchproject/opensearch:2.9.0

OpenSearch has its own java library to connect with and is not fully compatible with bulk requests using elasticsearch library (at least v7). So let's implement another destination. Signed-off-by: Petr Fedchenkov <[email protected]>

OpenSearch destination implementation

19e5ec4

OpenSearch has its own java library to connect with and is not fully compatible with bulk requests using elasticsearch library (at least v7). So let's implement another destination. Signed-off-by: Petr Fedchenkov <[email protected]>

giggsoff changed the title ~~OpenSearch destination implementation~~ RANGER-4676: OpenSearch destination implementation Jan 26, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

RANGER-4676: OpenSearch destination implementation #284

RANGER-4676: OpenSearch destination implementation #284

giggsoff commented Sep 22, 2023

RANGER-4676: OpenSearch destination implementation #284

Are you sure you want to change the base?

RANGER-4676: OpenSearch destination implementation #284

Conversation

giggsoff commented Sep 22, 2023

What changes were proposed in this pull request?

How was this patch tested?