(ranger) 03/03: RANGER-4600: updated /xaudit/access_audit API to handle KMS audit logs based on user role

[madhan]

This is an automated email from the ASF dual-hosted git repository.

madhan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git

commit 05e8bef4ba612ef2849d25fab408adef1900bb54
Author: princeap173 <princeap...@gmail.com>
AuthorDate: Tue Dec 12 15:56:57 2023 +0530

    RANGER-4600: updated /xaudit/access_audit API to handle KMS audit logs 
based on user role
    
    Signed-off-by: Madhan Neethiraj <mad...@apache.org>
---
 .../main/java/org/apache/ranger/rest/XAuditREST.java | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git 
a/security-admin/src/main/java/org/apache/ranger/rest/XAuditREST.java 
b/security-admin/src/main/java/org/apache/ranger/rest/XAuditREST.java
index a2b3034bc..a7047e897 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/XAuditREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/XAuditREST.java
@@ -48,6 +48,8 @@ import 
org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Component;
 import org.springframework.transaction.annotation.Propagation;
 import org.springframework.transaction.annotation.Transactional;
+import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
+import org.apache.ranger.biz.RangerBizUtil;
 
 @Path("xaudit")
 @Component
@@ -67,6 +69,10 @@ public class XAuditREST {
 
        @Autowired
        XAccessAuditService xAccessAuditService;
+
+       @Autowired
+       RangerBizUtil bizUtil;
+
        // Handle XTrxLog
        @GET
        @Path("/trx_log/{id}")
@@ -144,7 +150,19 @@ public class XAuditREST {
        @Produces({ "application/json" })
        @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + 
RangerAPIList.SEARCH_X_ACCESS_AUDITS + "\")")
        public VXAccessAuditList searchXAccessAudits(@Context 
HttpServletRequest request) {
-               SearchCriteria searchCriteria = 
searchUtil.extractCommonCriterias(request, xAccessAuditService.sortFields);
+               SearchCriteria searchCriteria  = 
searchUtil.extractCommonCriterias(request, xAccessAuditService.sortFields);
+               long           kmsServiceDefId = 
EmbeddedServiceDefsUtil.instance().getKmsServiceDefId();
+
+               if (kmsServiceDefId != -1) {
+                       boolean includeKmsAuditLogs = bizUtil.isKeyAdmin() || 
bizUtil.isAuditKeyAdmin();
+
+                       if (includeKmsAuditLogs) {
+                               searchCriteria.getParamList().put("repoType", 
kmsServiceDefId);
+                       } else {
+                               searchCriteria.getParamList().put("-repoType", 
kmsServiceDefId);
+                       }
+               }
+
                return xAuditMgr.searchXAccessAudits(searchCriteria);
        }