RANGER-5209 : User source is not getting updated on the Ranger Access Audit page

dineshkumar-yadav · dineshkumar-yadav · commit afe56fe7be0c · 2025-06-19T15:28:24.000+05:30
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerCommonConstants.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerCommonConstants.java
@@ -68,6 +68,7 @@ public class RangerCommonConstants {
     public static final String  SCRIPT_FIELD__MATCH_TYPE                             = "_matchType";
     public static final String  SCRIPT_FIELD__NAME                                   = "_name";
     public static final String  SCRIPT_FIELD__SYNC_SOURCE                            = "_syncSource";
+    public static final String  SCRIPT_FIELD__USER_SOURCE                            = "_userSource";
     public static final String  SCRIPT_FIELD__IS_INTERNAL                            = "_isInternal";
     public static final String  SCRIPT_FIELD__EMAIL_ADDRESS                          = "_emailAddress";
     public static final String  SCRIPT_FIELD__OWNER_USER                             = "_ownerUser";
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -79,13 +79,15 @@
 import org.apache.ranger.plugin.model.UserInfo;
 import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
 import org.apache.ranger.plugin.util.PasswordUtils.PasswordGenerator;
+import org.apache.ranger.plugin.util.RangerCommonConstants;
 import org.apache.ranger.plugin.util.RangerUserStore;
 import org.apache.ranger.service.RangerPolicyService;
 import org.apache.ranger.service.XPortalUserService;
 import org.apache.ranger.service.XResourceService;
 import org.apache.ranger.service.XUgsyncAuditInfoService;
 import org.apache.ranger.ugsyncutil.model.GroupUserInfo;
 import org.apache.ranger.ugsyncutil.model.UsersGroupRoleAssignments;
+import org.apache.ranger.view.VXAccessAudit;
 import org.apache.ranger.view.VXAuditMap;
 import org.apache.ranger.view.VXAuditMapList;
 import org.apache.ranger.view.VXGroup;
@@ -2821,6 +2823,33 @@ public RangerUserStore getRangerUserStoreIfUpdated(Long lastKnownUserStoreVersio
         return ret;
     }
 
+    public void setAccessAuditsUserSource(List<VXAccessAudit> vxAccessAudits) {
+        Long lastKnownUserStoreVersion = 1L;
+
+        if (vxAccessAudits != null) {
+            RangerUserStore latestUserStore = getRangerUserStoreIfUpdated(lastKnownUserStoreVersion);
+            if (latestUserStore != null) {
+                Map<String, Map<String, String>> userAttrMapping = latestUserStore.getUserAttrMapping();
+
+                for (VXAccessAudit vxAccessAudit : vxAccessAudits) {
+                    String              requestUser    = vxAccessAudit.getRequestUser();
+                    Map<String, String> userAttributes = userAttrMapping.getOrDefault(vxAccessAudit.getRequestUser(), Collections.emptyMap());
+
+                    if (MapUtils.isNotEmpty(userAttributes)) {
+                        String userSourceStr = userAttributes.get(RangerCommonConstants.SCRIPT_FIELD__USER_SOURCE);
+                        if (userSourceStr != null) {
+                            try {
+                                vxAccessAudit.setUserSource(Integer.parseInt(userSourceStr));
+                            } catch (NumberFormatException e) {
+                                logger.error("XUserMgr.setAccessAuditsUserSource() : could not parse [{}] as Integer!", userSourceStr, e); // ignore
+                            }
+                        }
+                    }
+                }
+            }
+        }
+    }
+
     public int createOrUpdateXUsers(VXUserList users) {
         logger.debug("==> createOrUpdateXUsers(): Started");
 
diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXUserDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXUserDao.java
@@ -43,6 +43,7 @@
 import static org.apache.ranger.plugin.util.RangerCommonConstants.SCRIPT_FIELD__EMAIL_ADDRESS;
 import static org.apache.ranger.plugin.util.RangerCommonConstants.SCRIPT_FIELD__IS_INTERNAL;
 import static org.apache.ranger.plugin.util.RangerCommonConstants.SCRIPT_FIELD__SYNC_SOURCE;
+import static org.apache.ranger.plugin.util.RangerCommonConstants.SCRIPT_FIELD__USER_SOURCE;
 
 @Service
 public class XXUserDao extends BaseDao<XXUser> {
@@ -213,6 +214,10 @@ private UserInfo toUserInfo(Object[] row) {
 
         attrMap.put(SCRIPT_FIELD__IS_INTERNAL, Boolean.toString(isInternal));
 
+        if (userSource != null) {
+            attrMap.put(SCRIPT_FIELD__USER_SOURCE, String.valueOf(userSource));
+        }
+
         return new UserInfo(name, description, attrMap);
     }
 }
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
@@ -23,6 +23,7 @@
 import org.apache.ranger.admin.client.datatype.RESTResponse;
 import org.apache.ranger.biz.AssetMgr;
 import org.apache.ranger.biz.RangerBizUtil;
+import org.apache.ranger.biz.XUserMgr;
 import org.apache.ranger.common.RESTErrorUtil;
 import org.apache.ranger.common.RangerSearchUtil;
 import org.apache.ranger.common.SearchCriteria;
@@ -142,6 +143,9 @@ public class AssetREST {
     @Autowired
     RangerDaoManager daoManager;
 
+    @Autowired
+    XUserMgr xUserMgr;
+
     @GET
     @Path("/assets/{id}")
     @Produces("application/json")
@@ -596,6 +600,8 @@ public VXAccessAuditList getAccessLogs(@Context HttpServletRequest request, @Que
             vxAccessAuditList.getVXAccessAudits().forEach(vxAccessAudit -> vxAccessAudit.setZonedEventTime(new SimpleDateFormat(RestUtil.ZONED_EVENT_TIME_FORMAT).format(vxAccessAudit.getEventTime())));
         }
 
+        xUserMgr.setAccessAuditsUserSource(vxAccessAuditList.getVXAccessAudits());
+
         return vxAccessAuditList;
     }
 
diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXAccessAudit.java b/security-admin/src/main/java/org/apache/ranger/view/VXAccessAudit.java
@@ -158,6 +158,11 @@ public class VXAccessAudit extends VXDataObject implements java.io.Serializable
     //Zoned Event Time
     protected String zonedEventTime;
 
+    /**
+     * userSource
+     */
+    protected int    userSource;
+
     /**
      * Default constructor. This will set all the attributes to default value.
      */
@@ -631,6 +636,7 @@ public String toString() {
         str += "agentHost={" + agentHost + "}";
         str += "eventId={" + eventId + "}";
         str += "zonedEventTime={" + zonedEventTime + "} ";
+        str += "userSource={" + userSource + "} ";
         str += "}";
         return str;
     }
@@ -697,4 +703,12 @@ public String getZonedEventTime() {
     public void setZonedEventTime(String zonedEventTime) {
         this.zonedEventTime = zonedEventTime;
     }
+
+    public int getUserSource() {
+        return userSource;
+    }
+
+    public void setUserSource(int userSource) {
+        this.userSource = userSource;
+    }
 }
diff --git a/security-admin/src/main/webapp/react-webapp/src/utils/XAUtils.js b/security-admin/src/main/webapp/react-webapp/src/utils/XAUtils.js
@@ -1585,3 +1585,12 @@ export const currentTimeZone = (timeZoneDate) => {
         .replace(/^.*GMT.*\(/, "")
         .replace(/\)$/, "");
 };
+
+export const isEmptyValueCheck = (value) => {
+  return (
+    value == null ||
+    (typeof value === "string" && value.trim() === "") ||
+    (Array.isArray(value) && value.length === 0) ||
+    (typeof value === "object" && Object.keys(value).length === 0)
+  );
+};
diff --git a/security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AccessLogs.jsx b/security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AccessLogs.jsx
@@ -58,7 +58,8 @@ import {
   serverError,
   requestDataTitle,
   fetchSearchFilterParams,
-  parseSearchFilter
+  parseSearchFilter,
+  isEmptyValueCheck
 } from "../../utils/XAUtils";
 import { CustomTooltip, Loader } from "../../components/CommonComponents";
 import {
@@ -530,13 +531,19 @@ function Access() {
         Header: "User Source",
         accessor: "userSource",
         Cell: (rawValue) => {
-          if (!isEmpty(rawValue?.value)) {
+          if (!isEmptyValueCheck(rawValue?.value)) {
             const userSourceVal = find(UserTypes, { value: rawValue.value });
-            return (
-              <h6 className="text-center">
-                <Badge bg={userSourceVal.variant}>{userSourceVal.label}</Badge>
-              </h6>
-            );
+            if (userSourceVal) {
+              return (
+                <h6 className="text-center">
+                  <Badge bg={userSourceVal.variant}>
+                    {userSourceVal.label}
+                  </Badge>
+                </h6>
+              );
+            } else {
+              return "--";
+            }
           } else return "--";
         },
         width: 100,
diff --git a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
@@ -75,6 +75,8 @@
 import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
 import org.apache.ranger.plugin.model.RangerSecurityZone;
 import org.apache.ranger.plugin.model.UserInfo;
+import org.apache.ranger.plugin.util.RangerCommonConstants;
+import org.apache.ranger.plugin.util.RangerUserStore;
 import org.apache.ranger.security.context.RangerContextHolder;
 import org.apache.ranger.security.context.RangerSecurityContext;
 import org.apache.ranger.service.RangerPolicyService;
@@ -92,6 +94,7 @@
 import org.apache.ranger.service.XUserService;
 import org.apache.ranger.ugsyncutil.model.GroupUserInfo;
 import org.apache.ranger.ugsyncutil.model.UsersGroupRoleAssignments;
+import org.apache.ranger.view.VXAccessAudit;
 import org.apache.ranger.view.VXAuditMap;
 import org.apache.ranger.view.VXAuditMapList;
 import org.apache.ranger.view.VXGroup;
@@ -134,6 +137,7 @@
 
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -4316,6 +4320,81 @@ public void test132CreateExternalUser() {
         Assert.assertEquals(createdXUser.getName(), vXUser.getName());
     }
 
+    @Test
+    public void testSetAccessAuditsUserSource_WhenValidUserMappingExists() {
+        destroySession();
+        setup();
+        VXAccessAudit audit = new VXAccessAudit();
+        audit.setRequestUser("tom");
+
+        List<VXAccessAudit> auditList = Collections.singletonList(audit);
+
+        Map<String, String> userAttributes = new HashMap<>();
+        userAttributes.put(RangerCommonConstants.SCRIPT_FIELD__USER_SOURCE, "5");
+
+        Map<String, Map<String, String>> attrMap = new HashMap<>();
+        attrMap.put("tom", userAttributes);
+        RangerUserStore rangerUserStore = Mockito.mock(RangerUserStore.class);
+        rangerUserStore.setUserAttrMapping(attrMap);
+        XUserMgr spyXUserMgr = Mockito.spy(xUserMgr);
+        Mockito.doReturn(rangerUserStore).when(spyXUserMgr).getRangerUserStoreIfUpdated(1L);
+        Mockito.when(rangerUserStore.getUserAttrMapping()).thenReturn(attrMap);
+
+        spyXUserMgr.setAccessAuditsUserSource(auditList);
+
+        Assert.assertEquals(5, audit.getUserSource());
+    }
+
+    @Test
+    public void testSetAccessAuditsUserSource_WhenUserMappingDoesNotExist() {
+        destroySession();
+        setup();
+        VXAccessAudit audit = new VXAccessAudit();
+        audit.setRequestUser("unknownUser");
+
+        List<VXAccessAudit> auditList = Collections.singletonList(audit);
+
+        Map<String, String> userAttributes = new HashMap<>();
+        userAttributes.put(RangerCommonConstants.SCRIPT_FIELD__USER_SOURCE, "5");
+
+        Map<String, Map<String, String>> attrMap = new HashMap<>();
+        attrMap.put("tom", userAttributes);
+        RangerUserStore rangerUserStore = Mockito.mock(RangerUserStore.class);
+        rangerUserStore.setUserAttrMapping(attrMap);
+        XUserMgr spyXUserMgr = Mockito.spy(xUserMgr);
+        Mockito.doReturn(rangerUserStore).when(spyXUserMgr).getRangerUserStoreIfUpdated(1L);
+        Mockito.when(rangerUserStore.getUserAttrMapping()).thenReturn(attrMap);
+
+        spyXUserMgr.setAccessAuditsUserSource(auditList);
+
+        Assert.assertEquals(0, audit.getUserSource());
+    }
+
+    @Test
+    public void testSetAccessAuditsUserSource_WhenUserSourceKeyIsMissing() {
+        destroySession();
+        setup();
+
+        VXAccessAudit audit = new VXAccessAudit();
+        audit.setRequestUser("tom");
+
+        List<VXAccessAudit> auditList = Collections.singletonList(audit);
+
+        Map<String, String> userAttributes = new HashMap<>();
+
+        Map<String, Map<String, String>> attrMap = new HashMap<>();
+        attrMap.put("tom", userAttributes);
+        RangerUserStore rangerUserStore = Mockito.mock(RangerUserStore.class);
+        rangerUserStore.setUserAttrMapping(attrMap);
+        XUserMgr spyXUserMgr = Mockito.spy(xUserMgr);
+        Mockito.doReturn(rangerUserStore).when(spyXUserMgr).getRangerUserStoreIfUpdated(1L);
+        Mockito.when(rangerUserStore.getUserAttrMapping()).thenReturn(attrMap);
+
+        spyXUserMgr.setAccessAuditsUserSource(auditList);
+
+        Assert.assertEquals(0, audit.getUserSource());
+    }
+
     @Test
     public void test01CreateXUser_federated() {
         destroySession();
diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java
@@ -20,6 +20,7 @@
 import org.apache.ranger.admin.client.datatype.RESTResponse;
 import org.apache.ranger.biz.AssetMgr;
 import org.apache.ranger.biz.RangerBizUtil;
+import org.apache.ranger.biz.XUserMgr;
 import org.apache.ranger.common.RESTErrorUtil;
 import org.apache.ranger.common.RangerSearchUtil;
 import org.apache.ranger.common.SearchCriteria;
@@ -120,6 +121,8 @@ public class TestAssetREST {
     RangerBizUtil msBizUtil;
     @Mock
     RangerDaoManager daoManager;
+    @Mock
+    XUserMgr xUserMgr;
     @InjectMocks
     AssetREST assetREST = new AssetREST();
     @Mock        RESTErrorUtil           restErrorUtil;
@@ -562,6 +565,7 @@ public void testGetAccessLogs() {
         Mockito.when(daoManager.getXXServiceDef()).thenReturn(xxServiceDefDao);
         XXServiceDef xServiceDef = new XXServiceDef();
         xServiceDef.setId(Id);
+        xUserMgr.setAccessAuditsUserSource(vXAccessAuditList.getVXAccessAudits());
         Mockito.when(xxServiceDefDao.findByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_KMS_NAME)).thenReturn(xServiceDef);
         Mockito.when(assetMgr.getAccessLogs(searchCriteria)).thenReturn(vXAccessAuditList);
         VXAccessAuditList expectedVXAccessAuditList = assetREST.getAccessLogs(request, null);
@@ -597,6 +601,7 @@ public void testGetAccessLogsForKms() {
         Mockito.when(daoManager.getXXServiceDef()).thenReturn(xxServiceDefDao);
         XXServiceDef xServiceDef = new XXServiceDef();
         xServiceDef.setId(Id);
+        xUserMgr.setAccessAuditsUserSource(vXAccessAuditList.getVXAccessAudits());
         Mockito.when(xxServiceDefDao.findByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_KMS_NAME)).thenReturn(xServiceDef);
         Mockito.when(assetMgr.getAccessLogs(searchCriteria)).thenReturn(vXAccessAuditList);
         VXAccessAuditList expectedVXAccessAuditList = assetREST.getAccessLogs(request, null);
