Re: Review Request 74763: RANGER-4607: Ranger REST API improvements

Fri, 13 Sep 2024 05:39:23 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74763/
-----------------------------------------------------------

(Updated Sept. 13, 2024, 12:39 p.m.)


Review request for ranger, Abhishek  Kumar, bhavik patel, Dhaval Shah, 
Dineshkumar Yadav, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, 
Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.


Changes
-------

Rebased patch


Bugs: RANGER-4607
    https://issues.apache.org/jira/browse/RANGER-4607


Repository: ranger


Description
-------

**Problem Statement:** Ranger REST API responses are not proper. Most of the 
legacy REST API's response format are not correct and gives false information.

**Proposed Solution:** This review request shall address multiple issues 
related to old APIs.
The list of issues which shall be addressed with review request are :

RANGER-4545: DELETE /assets/resources/{resource_id} API should return proper 
status code for non admin users
RANGER-4546: /assets/ugsyncAudits/{sync_source} API is accessible by user 
without permission on audit module
RANGER-4548: Return proper error message in the response for /tags/tags, 
/tags/resources and /tags/types API for non admin users
RANGER-4547: The reponse metrics (pagination values) for the 
/assets/ugsyncAudits/{sync_source} API is not proper
RANGER-4549: Non admin users cannot access /public/v2/api/roles/names and 
/public/v2/api/roles/name/{name} API, but can access /public/v2/api/roles API
RANGER-4551: No response returned for /assets/policyList/{service_name} API
RANGER-4550: API request to /assets/resource/{id} returns no response
RANGER-4552: Response metrics for /assets/report is not proper, and pagination 
does not work
RANGER-4553: Response metrics for /xaudit/trx_log not proper
RANGER-4554: Response metrics for /assets/resources not proper
RANGER-4555: Response metrics for /assets/assets API not proper
RANGER-4573: /xaudit/trx_log API not accessible by keyadmin user
RANGER-4578: /xuser/groupgroups and /xuser/groupusers APIs allow creation of 
entities even without groupId / userId fields in the request
RANGER-4574: /public/v2/api/service/{service_name}/policy/{policy_name} API 
returns policies for users without access to the policy
RANGER-4575: /plugins/policy/{policy_id}/version/{version_number} API returns 
policies for users without access to the policy
RANGER-4576: User without access to policy is able to fetch policy details 
using /plugins/policies/{service_type}/for-resource API endpoint
RANGER-4577: UI and API behaviour for fetching users not consistent for 
keyadmin users
RANGER-4589: keyadmin user can update the user password via UI but cannot 
update the user password using /users/{user_id}/passwordchange API
RANGER-4588: /xaudit/trx_log/{trx_log_id} is not accessible by keyadmin user
RANGER-4591: keyadmin user can access non kms related admin audits using 
/assets/report/{transaction_id} API
RANGER-4594: keyadmin user can mark ROLE_USER users as disabled by setting 
status to 0 using /users API
RANGER-4595: keyadmin user able to view the user permission objects via /users 
API
RANGER-4596: keyadmin can fetch the details of admin and auditor users through 
/users API endpoint
RANGER-4598: ROLE_USER cannot acccess /xusers/groups API but can access 
/xusers/groups/groupName/{group_name} API
RANGER-4586: XUserREST and UserREST API improvement for keyadmin users

Note: For individual issue fix please refer patch file attached in the 
respective jira tickets.


Diffs (updated)
-----

  security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 00062f3e2 
  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
c934fdd7c 
  security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java 0e723d9c4 
  security-admin/src/main/java/org/apache/ranger/biz/XAuditMgr.java 2fde68de1 
  security-admin/src/main/java/org/apache/ranger/biz/XAuditMgrBase.java 
c53db99f3 
  security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 5ba6c14b9 
  security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 93672662d 
  security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java 7be7127cb 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
be56c487f 
  security-admin/src/main/java/org/apache/ranger/rest/TagREST.java 2adf0b0a2 
  security-admin/src/main/java/org/apache/ranger/rest/UserREST.java c6557b11c 
  security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java 0a3c524b5 
  security-admin/src/main/java/org/apache/ranger/service/XGroupService.java 
98ee62612 
  
security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java
 942d53e91 
  security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java 
2b4ba0d15 
  security-admin/src/test/java/org/apache/ranger/biz/TestUserMgr.java 29f2ce802 
  security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java 
de342e994 
  security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java 
fa14d93f9 
  security-admin/src/test/java/org/apache/ranger/rest/TestRoleREST.java 
3978fab1b 
  security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java 
40de07150 
  security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java 
7165a304d 
  security-admin/src/test/java/org/apache/ranger/rest/TestUserREST.java 
cb2ccc47c 
  security-admin/src/test/java/org/apache/ranger/rest/TestXUserREST.java 
74744e6cf 


Diff: https://reviews.apache.org/r/74763/diff/5/

Changes: https://reviews.apache.org/r/74763/diff/4-5/


Testing
-------

Tested affected REST APIs using curl command and found the response as per the 
expectation.


Thanks,

Pradeep Agrawal

Reply via email to