RANGER-4607: Ranger REST API improvements #393
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pradeepagrawal8184
force-pushed
the
RANGER-4607_master
branch
from
3d04d9a
to
9346283
Compare
kumaab
reviewed
Oct 9, 2024
security-admin/src/main/java/org/apache/ranger/biz/XAuditMgr.java
Outdated
Show resolved
Hide resolved
kumaab
reviewed
Oct 9, 2024
RANGER-4545: DELETE /assets/resources/{resource_id} API should return proper status code for non admin users
RANGER-4546: /assets/ugsyncAudits/{sync_source} API is accessible by user without permission on audit module
RANGER-4548: Return proper error message in the response for /tags/tags, /tags/resources and /tags/types API for non admin users
RANGER-4547: The reponse metrics (pagination values) for the /assets/ugsyncAudits/{sync_source} API is not proper
RANGER-4549: Non admin users cannot access /public/v2/api/roles/names and /public/v2/api/roles/name/{name} API, but can access /public/v2/api/roles API
RANGER-4551: No response returned for /assets/policyList/{service_name} API
RANGER-4550: API request to /assets/resource/{id} returns no response
RANGER-4552: Response metrics for /assets/report is not proper, and pagination does not work
RANGER-4553: Response metrics for /xaudit/trx_log not proper
RANGER-4554: Response metrics for /assets/resources not proper
RANGER-4555: Response metrics for /assets/assets API not proper
RANGER-4573: /xaudit/trx_log API not accessible by keyadmin user
RANGER-4578: /xuser/groupgroups and /xuser/groupusers APIs allow creation of entities even without groupId / userId fields in the request
RANGER-4574: /public/v2/api/service/{service_name}/policy/{policy_name} API returns policies for users without access to the policy
RANGER-4575: /plugins/policy/{policy_id}/version/{version_number} API returns policies for users without access to the policy
RANGER-4576: User without access to policy is able to fetch policy details using /plugins/policies/{service_type}/for-resource API endpoint
RANGER-4577: UI and API behaviour for fetching users not consistent for keyadmin users
RANGER-4589: keyadmin user can update the user password via UI but cannot update the user password using /users/{user_id}/passwordchange API
RANGER-4588: /xaudit/trx_log/{trx_log_id} is not accessible by keyadmin user
RANGER-4591: keyadmin user can access non kms related admin audits using /assets/report/{transaction_id} API
RANGER-4594: keyadmin user can mark ROLE_USER users as disabled by setting status to 0 using /users API
RANGER-4595: keyadmin user able to view the user permission objects via /users API
RANGER-4596: keyadmin can fetch the details of admin and auditor users through /users API endpoint
RANGER-4598: ROLE_USER cannot acccess /xusers/groups API but can access /xusers/groups/groupName/{group_name} API
RANGER-4586: XUserREST and UserREST API improvement for keyadmin users
Change-Id: I1fa52a99049d81e58c40d071211d62b278ff8ef1
pradeepagrawal8184
force-pushed
the
RANGER-4607_master
branch
from
9346283
to
eaf41b1
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What changes were proposed in this pull request?
RANGER-4545: DELETE /assets/resources/{resource_id} API should return proper status code for non admin users
RANGER-4546: /assets/ugsyncAudits/{sync_source} API is accessible by user without permission on audit module
RANGER-4548: Return proper error message in the response for /tags/tags, /tags/resources and /tags/types API for non admin users
RANGER-4547: The reponse metrics (pagination values) for the /assets/ugsyncAudits/{sync_source} API is not proper
RANGER-4549: Non admin users cannot access /public/v2/api/roles/names and /public/v2/api/roles/name/{name} API, but can access /public/v2/api/roles API
RANGER-4551: No response returned for /assets/policyList/{service_name} API
RANGER-4550: API request to /assets/resource/{id} returns no response
RANGER-4552: Response metrics for /assets/report is not proper, and pagination does not work
RANGER-4553: Response metrics for /xaudit/trx_log not proper
RANGER-4554: Response metrics for /assets/resources not proper
RANGER-4555: Response metrics for /assets/assets API not proper
RANGER-4573: /xaudit/trx_log API not accessible by keyadmin user
RANGER-4578: /xuser/groupgroups and /xuser/groupusers APIs allow creation of entities even without groupId / userId fields in the request
RANGER-4574: /public/v2/api/service/{service_name}/policy/{policy_name} API returns policies for users without access to the policy
RANGER-4575: /plugins/policy/{policy_id}/version/{version_number} API returns policies for users without access to the policy
RANGER-4576: User without access to policy is able to fetch policy details using /plugins/policies/{service_type}/for-resource API endpoint
RANGER-4577: UI and API behaviour for fetching users not consistent for keyadmin users
RANGER-4589: keyadmin user can update the user password via UI but cannot update the user password using /users/{user_id}/passwordchange API
RANGER-4588: /xaudit/trx_log/{trx_log_id} is not accessible by keyadmin user
RANGER-4591: keyadmin user can access non kms related admin audits using /assets/report/{transaction_id} API
RANGER-4594: keyadmin user can mark ROLE_USER users as disabled by setting status to 0 using /users API
RANGER-4595: keyadmin user able to view the user permission objects via /users API
RANGER-4596: keyadmin can fetch the details of admin and auditor users through /users API endpoint
RANGER-4598: ROLE_USER cannot acccess /xusers/groups API but can access /xusers/groups/groupName/{group_name} API
RANGER-4586: XUserREST and UserREST API improvement for keyadmin users
Change-Id: I1fa52a99049d81e58c40d071211d62b278ff8ef1
How was this patch tested?
Tested affected REST APIs using curl command and found the response as per the expectation.