RANGER-4600: updated /xaudit/access_audit API to handle KMS audit log…

…s based on user role Signed-off-by: Madhan Neethiraj <[email protected]>
apache · Jan 5, 2024 · 05e8bef · 05e8bef
1 parent 712fc43
commit 05e8bef
Showing 1 changed file with 19 additions and 1 deletion.
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/XAuditREST.java b/security-admin/src/main/java/org/apache/ranger/rest/XAuditREST.java
@@ -48,6 +48,8 @@
 import org.springframework.stereotype.Component;
 import org.springframework.transaction.annotation.Propagation;
 import org.springframework.transaction.annotation.Transactional;
+import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
+import org.apache.ranger.biz.RangerBizUtil;
 
 @Path("xaudit")
 @Component
@@ -67,6 +69,10 @@ public class XAuditREST {
 
 	@Autowired
 	XAccessAuditService xAccessAuditService;
+
+	@Autowired
+	RangerBizUtil bizUtil;
+
 	// Handle XTrxLog
 	@GET
 	@Path("/trx_log/{id}")
@@ -144,7 +150,19 @@ public VXLong countXTrxLogs(@Context HttpServletRequest request) {
 	@Produces({ "application/json" })
 	@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.SEARCH_X_ACCESS_AUDITS + "\")")
 	public VXAccessAuditList searchXAccessAudits(@Context HttpServletRequest request) {
-		SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(request, xAccessAuditService.sortFields);
+		SearchCriteria searchCriteria  = searchUtil.extractCommonCriterias(request, xAccessAuditService.sortFields);
+		long           kmsServiceDefId = EmbeddedServiceDefsUtil.instance().getKmsServiceDefId();
+
+		if (kmsServiceDefId != -1) {
+			boolean includeKmsAuditLogs = bizUtil.isKeyAdmin() || bizUtil.isAuditKeyAdmin();
+
+			if (includeKmsAuditLogs) {
+				searchCriteria.getParamList().put("repoType", kmsServiceDefId);
+			} else {
+				searchCriteria.getParamList().put("-repoType", kmsServiceDefId);
+			}
+		}
+
 		return xAuditMgr.searchXAccessAudits(searchCriteria);
 	}