-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74763/
-----------------------------------------------------------
(Updated Oct. 9, 2024, 5:55 a.m.)
Review request for ranger, Abhishek Kumar, bhavik patel, Dhaval Shah,
Dineshkumar Yadav, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj,
Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
Changes
-------
Addressed review comments
Bugs: RANGER-4607
https://issues.apache.org/jira/browse/RANGER-4607
Repository: ranger
Description
-------
**Problem Statement:** Ranger REST API responses are not proper. Most of the
legacy REST API's response format are not correct and gives false information.
**Proposed Solution:** This review request shall address multiple issues
related to old APIs.
The list of issues which shall be addressed with review request are :
RANGER-4545: DELETE /assets/resources/{resource_id} API should return proper
status code for non admin users
RANGER-4546: /assets/ugsyncAudits/{sync_source} API is accessible by user
without permission on audit module
RANGER-4548: Return proper error message in the response for /tags/tags,
/tags/resources and /tags/types API for non admin users
RANGER-4547: The reponse metrics (pagination values) for the
/assets/ugsyncAudits/{sync_source} API is not proper
RANGER-4549: Non admin users cannot access /public/v2/api/roles/names and
/public/v2/api/roles/name/{name} API, but can access /public/v2/api/roles API
RANGER-4551: No response returned for /assets/policyList/{service_name} API
RANGER-4550: API request to /assets/resource/{id} returns no response
RANGER-4552: Response metrics for /assets/report is not proper, and pagination
does not work
RANGER-4553: Response metrics for /xaudit/trx_log not proper
RANGER-4554: Response metrics for /assets/resources not proper
RANGER-4555: Response metrics for /assets/assets API not proper
RANGER-4573: /xaudit/trx_log API not accessible by keyadmin user
RANGER-4578: /xuser/groupgroups and /xuser/groupusers APIs allow creation of
entities even without groupId / userId fields in the request
RANGER-4574: /public/v2/api/service/{service_name}/policy/{policy_name} API
returns policies for users without access to the policy
RANGER-4575: /plugins/policy/{policy_id}/version/{version_number} API returns
policies for users without access to the policy
RANGER-4576: User without access to policy is able to fetch policy details
using /plugins/policies/{service_type}/for-resource API endpoint
RANGER-4577: UI and API behaviour for fetching users not consistent for
keyadmin users
RANGER-4589: keyadmin user can update the user password via UI but cannot
update the user password using /users/{user_id}/passwordchange API
RANGER-4588: /xaudit/trx_log/{trx_log_id} is not accessible by keyadmin user
RANGER-4591: keyadmin user can access non kms related admin audits using
/assets/report/{transaction_id} API
RANGER-4594: keyadmin user can mark ROLE_USER users as disabled by setting
status to 0 using /users API
RANGER-4595: keyadmin user able to view the user permission objects via /users
API
RANGER-4596: keyadmin can fetch the details of admin and auditor users through
/users API endpoint
RANGER-4598: ROLE_USER cannot acccess /xusers/groups API but can access
/xusers/groups/groupName/{group_name} API
RANGER-4586: XUserREST and UserREST API improvement for keyadmin users
Note: For individual issue fix please refer patch file attached in the
respective jira tickets.
Diffs (updated)
-----
security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 00062f3e2
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
c934fdd7c
security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java 0e723d9c4
security-admin/src/main/java/org/apache/ranger/biz/XAuditMgr.java 2fde68de1
security-admin/src/main/java/org/apache/ranger/biz/XAuditMgrBase.java
c53db99f3
security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 5ba6c14b9
security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 93672662d
security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java 7be7127cb
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
be56c487f
security-admin/src/main/java/org/apache/ranger/rest/TagREST.java 2adf0b0a2
security-admin/src/main/java/org/apache/ranger/rest/UserREST.java c6557b11c
security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java 0a3c524b5
security-admin/src/main/java/org/apache/ranger/service/XGroupService.java
98ee62612
security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java
942d53e91
security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
2b4ba0d15
security-admin/src/test/java/org/apache/ranger/biz/TestUserMgr.java 29f2ce802
security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
de342e994
security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java
fa14d93f9
security-admin/src/test/java/org/apache/ranger/rest/TestRoleREST.java
3978fab1b
security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
40de07150
security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java
7165a304d
security-admin/src/test/java/org/apache/ranger/rest/TestUserREST.java
cb2ccc47c
security-admin/src/test/java/org/apache/ranger/rest/TestXUserREST.java
74744e6cf
Diff: https://reviews.apache.org/r/74763/diff/6/
Changes: https://reviews.apache.org/r/74763/diff/5-6/
Testing
-------
Tested affected REST APIs using curl command and found the response as per the
expectation.
Thanks,
Pradeep Agrawal
