RANGER-4600: updated /xaudit/access_audit API to handle KMS audit logs based on user role
Signed-off-by: Madhan Neethiraj <madhan@apache.org>
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/XAuditREST.java b/security-admin/src/main/java/org/apache/ranger/rest/XAuditREST.java
index a2b3034..a7047e8 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/XAuditREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/XAuditREST.java
@@ -48,6 +48,8 @@
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;
+import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
+import org.apache.ranger.biz.RangerBizUtil;
@Path("xaudit")
@Component
@@ -67,6 +69,10 @@
@Autowired
XAccessAuditService xAccessAuditService;
+
+ @Autowired
+ RangerBizUtil bizUtil;
+
// Handle XTrxLog
@GET
@Path("/trx_log/{id}")
@@ -144,7 +150,19 @@
@Produces({ "application/json" })
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.SEARCH_X_ACCESS_AUDITS + "\")")
public VXAccessAuditList searchXAccessAudits(@Context HttpServletRequest request) {
- SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(request, xAccessAuditService.sortFields);
+ SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(request, xAccessAuditService.sortFields);
+ long kmsServiceDefId = EmbeddedServiceDefsUtil.instance().getKmsServiceDefId();
+
+ if (kmsServiceDefId != -1) {
+ boolean includeKmsAuditLogs = bizUtil.isKeyAdmin() || bizUtil.isAuditKeyAdmin();
+
+ if (includeKmsAuditLogs) {
+ searchCriteria.getParamList().put("repoType", kmsServiceDefId);
+ } else {
+ searchCriteria.getParamList().put("-repoType", kmsServiceDefId);
+ }
+ }
+
return xAuditMgr.searchXAccessAudits(searchCriteria);
}
