You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by bhavik patel <bh...@gmail.com> on 2017/07/10 06:37:20 UTC
Review Request 60732: RANGER-1491 : Automatically map group of
external users to Administrator Role
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/60732/
-----------------------------------------------------------
Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
Bugs: RANGER-1491
https://issues.apache.org/jira/browse/RANGER-1491
Repository: ranger
Description
-------
Currently when Ranger connect to external LDAP server than users are synchronised and they will get default as "User" role.
It would be a good feature to introduce a mechanism to automatically map certain users (e.g. they are in a specific group) to "Administrator" or "Keyadmin" role rather than setting as default "User" role.
Diffs
-----
security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java be16f75
security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java cd1de9f
security-admin/src/main/java/org/apache/ranger/service/XUserService.java 0d07982
security-admin/src/test/java/org/apache/ranger/biz/TestUserMgr.java 6083778
security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java 3323f11
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 428ad30
ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java fc239af
ugsync/src/main/java/org/apache/ranger/unixusersync/model/MUserInfo.java 841bac6
ugsync/src/main/java/org/apache/ranger/unixusersync/model/XUserInfo.java 7d636fd
unixauthservice/scripts/install.properties 13ae1e5
unixauthservice/scripts/setup.py c7aa959
unixauthservice/scripts/templates/installprop2xml.properties 1a9bf36
unixauthservice/scripts/templates/ranger-ugsync-template.xml 0025dc8
Diff: https://reviews.apache.org/r/60732/diff/1/
Testing
-------
1. Verified when ranger-admin connect to LDAP server than users are synchronised form there they got same role which is specified in usersync-side.
2. Verified unix authentication and usersync.
Thanks,
bhavik patel
Re: Review Request 60732: RANGER-1491 : Automatically map group of
external users to Administrator Role
Posted by Mehul Parikh <me...@freestoneinfotech.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/60732/#review182660
-----------------------------------------------------------
Ship it!
Ship It!
- Mehul Parikh
On Aug. 8, 2017, 8:31 a.m., bhavik patel wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/60732/
> -----------------------------------------------------------
>
> (Updated Aug. 8, 2017, 8:31 a.m.)
>
>
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1491
> https://issues.apache.org/jira/browse/RANGER-1491
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Currently when Ranger connect to external LDAP server than users are synchronised and they will get default as "User" role.
>
> It would be a good feature to introduce a mechanism to automatically map certain users (e.g. they are in a specific group) to "Administrator" or "Keyadmin" role rather than setting as default "User" role.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java be16f75
> security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java ca06805
> security-admin/src/main/java/org/apache/ranger/service/XUserService.java 0d07982
> security-admin/src/main/java/org/apache/ranger/view/VXUser.java ecfd1ac
> security-admin/src/test/java/org/apache/ranger/biz/TestUserMgr.java 6083778
> security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java 2542f91
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 428ad30
> ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java fc239af
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/XUserInfo.java 7d636fd
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java 070a39b
> unixauthservice/scripts/install.properties 13ae1e5
> unixauthservice/scripts/setup.py c7aa959
> unixauthservice/scripts/templates/installprop2xml.properties 1a9bf36
> unixauthservice/scripts/templates/ranger-ugsync-template.xml 0025dc8
>
>
> Diff: https://reviews.apache.org/r/60732/diff/3/
>
>
> Testing
> -------
>
> 1. Verified when ranger-admin connect to LDAP server than users are synchronised form there they got same role which is specified in usersync-side.
> 2. Verified unix authentication and usersync.
>
>
> Thanks,
>
> bhavik patel
>
>
Re: Review Request 60732: RANGER-1491 : Automatically map group of
external users to Administrator Role
Posted by Ankita Sinha <an...@freestoneinfotech.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/60732/#review182658
-----------------------------------------------------------
Ship it!
Ship It!
- Ankita Sinha
On Aug. 8, 2017, 8:31 a.m., bhavik patel wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/60732/
> -----------------------------------------------------------
>
> (Updated Aug. 8, 2017, 8:31 a.m.)
>
>
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1491
> https://issues.apache.org/jira/browse/RANGER-1491
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Currently when Ranger connect to external LDAP server than users are synchronised and they will get default as "User" role.
>
> It would be a good feature to introduce a mechanism to automatically map certain users (e.g. they are in a specific group) to "Administrator" or "Keyadmin" role rather than setting as default "User" role.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java be16f75
> security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java ca06805
> security-admin/src/main/java/org/apache/ranger/service/XUserService.java 0d07982
> security-admin/src/main/java/org/apache/ranger/view/VXUser.java ecfd1ac
> security-admin/src/test/java/org/apache/ranger/biz/TestUserMgr.java 6083778
> security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java 2542f91
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 428ad30
> ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java fc239af
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/XUserInfo.java 7d636fd
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java 070a39b
> unixauthservice/scripts/install.properties 13ae1e5
> unixauthservice/scripts/setup.py c7aa959
> unixauthservice/scripts/templates/installprop2xml.properties 1a9bf36
> unixauthservice/scripts/templates/ranger-ugsync-template.xml 0025dc8
>
>
> Diff: https://reviews.apache.org/r/60732/diff/3/
>
>
> Testing
> -------
>
> 1. Verified when ranger-admin connect to LDAP server than users are synchronised form there they got same role which is specified in usersync-side.
> 2. Verified unix authentication and usersync.
>
>
> Thanks,
>
> bhavik patel
>
>
Re: Review Request 60732: RANGER-1491 : Automatically map group of
external users to Administrator Role
Posted by Sailaja Polavarapu <sp...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/60732/#review182709
-----------------------------------------------------------
Ship it!
Ship It!
- Sailaja Polavarapu
On Aug. 8, 2017, 8:31 a.m., bhavik patel wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/60732/
> -----------------------------------------------------------
>
> (Updated Aug. 8, 2017, 8:31 a.m.)
>
>
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1491
> https://issues.apache.org/jira/browse/RANGER-1491
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Currently when Ranger connect to external LDAP server than users are synchronised and they will get default as "User" role.
>
> It would be a good feature to introduce a mechanism to automatically map certain users (e.g. they are in a specific group) to "Administrator" or "Keyadmin" role rather than setting as default "User" role.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java be16f75
> security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java ca06805
> security-admin/src/main/java/org/apache/ranger/service/XUserService.java 0d07982
> security-admin/src/main/java/org/apache/ranger/view/VXUser.java ecfd1ac
> security-admin/src/test/java/org/apache/ranger/biz/TestUserMgr.java 6083778
> security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java 2542f91
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 428ad30
> ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java fc239af
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/XUserInfo.java 7d636fd
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java 070a39b
> unixauthservice/scripts/install.properties 13ae1e5
> unixauthservice/scripts/setup.py c7aa959
> unixauthservice/scripts/templates/installprop2xml.properties 1a9bf36
> unixauthservice/scripts/templates/ranger-ugsync-template.xml 0025dc8
>
>
> Diff: https://reviews.apache.org/r/60732/diff/3/
>
>
> Testing
> -------
>
> 1. Verified when ranger-admin connect to LDAP server than users are synchronised form there they got same role which is specified in usersync-side.
> 2. Verified unix authentication and usersync.
>
>
> Thanks,
>
> bhavik patel
>
>
Re: Review Request 60732: RANGER-1491 : Automatically map group of
external users to Administrator Role
Posted by bhavik patel <bh...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/60732/#review182659
-----------------------------------------------------------
Ship it!
Ship It!
- bhavik patel
On Aug. 8, 2017, 8:31 a.m., bhavik patel wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/60732/
> -----------------------------------------------------------
>
> (Updated Aug. 8, 2017, 8:31 a.m.)
>
>
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1491
> https://issues.apache.org/jira/browse/RANGER-1491
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Currently when Ranger connect to external LDAP server than users are synchronised and they will get default as "User" role.
>
> It would be a good feature to introduce a mechanism to automatically map certain users (e.g. they are in a specific group) to "Administrator" or "Keyadmin" role rather than setting as default "User" role.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java be16f75
> security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java ca06805
> security-admin/src/main/java/org/apache/ranger/service/XUserService.java 0d07982
> security-admin/src/main/java/org/apache/ranger/view/VXUser.java ecfd1ac
> security-admin/src/test/java/org/apache/ranger/biz/TestUserMgr.java 6083778
> security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java 2542f91
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 428ad30
> ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java fc239af
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/XUserInfo.java 7d636fd
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java 070a39b
> unixauthservice/scripts/install.properties 13ae1e5
> unixauthservice/scripts/setup.py c7aa959
> unixauthservice/scripts/templates/installprop2xml.properties 1a9bf36
> unixauthservice/scripts/templates/ranger-ugsync-template.xml 0025dc8
>
>
> Diff: https://reviews.apache.org/r/60732/diff/3/
>
>
> Testing
> -------
>
> 1. Verified when ranger-admin connect to LDAP server than users are synchronised form there they got same role which is specified in usersync-side.
> 2. Verified unix authentication and usersync.
>
>
> Thanks,
>
> bhavik patel
>
>
Re: Review Request 60732: RANGER-1491 : Automatically map group of
external users to Administrator Role
Posted by bhavik patel <bh...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/60732/
-----------------------------------------------------------
(Updated Aug. 8, 2017, 8:31 a.m.)
Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
Changes
-------
Initial plan was to provide feature of setting roles for different users for sync source = LDAP. Extending implementation to provide same feature for all External users(sync source = LDAP / AD / UNIX / File).
Bugs: RANGER-1491
https://issues.apache.org/jira/browse/RANGER-1491
Repository: ranger
Description
-------
Currently when Ranger connect to external LDAP server than users are synchronised and they will get default as "User" role.
It would be a good feature to introduce a mechanism to automatically map certain users (e.g. they are in a specific group) to "Administrator" or "Keyadmin" role rather than setting as default "User" role.
Diffs (updated)
-----
security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java be16f75
security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java ca06805
security-admin/src/main/java/org/apache/ranger/service/XUserService.java 0d07982
security-admin/src/main/java/org/apache/ranger/view/VXUser.java ecfd1ac
security-admin/src/test/java/org/apache/ranger/biz/TestUserMgr.java 6083778
security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java 2542f91
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 428ad30
ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java fc239af
ugsync/src/main/java/org/apache/ranger/unixusersync/model/XUserInfo.java 7d636fd
ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java 070a39b
unixauthservice/scripts/install.properties 13ae1e5
unixauthservice/scripts/setup.py c7aa959
unixauthservice/scripts/templates/installprop2xml.properties 1a9bf36
unixauthservice/scripts/templates/ranger-ugsync-template.xml 0025dc8
Diff: https://reviews.apache.org/r/60732/diff/3/
Changes: https://reviews.apache.org/r/60732/diff/2-3/
Testing
-------
1. Verified when ranger-admin connect to LDAP server than users are synchronised form there they got same role which is specified in usersync-side.
2. Verified unix authentication and usersync.
Thanks,
bhavik patel
Re: Review Request 60732: RANGER-1491 : Automatically map group of
external users to Administrator Role
Posted by bhavik patel <bh...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/60732/
-----------------------------------------------------------
(Updated July 11, 2017, 6:08 a.m.)
Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
Bugs: RANGER-1491
https://issues.apache.org/jira/browse/RANGER-1491
Repository: ranger
Description
-------
Currently when Ranger connect to external LDAP server than users are synchronised and they will get default as "User" role.
It would be a good feature to introduce a mechanism to automatically map certain users (e.g. they are in a specific group) to "Administrator" or "Keyadmin" role rather than setting as default "User" role.
Diffs (updated)
-----
security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java be16f75
security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b973b9a
security-admin/src/main/java/org/apache/ranger/service/XUserService.java 0d07982
security-admin/src/test/java/org/apache/ranger/biz/TestUserMgr.java 6083778
security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java 2542f91
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 428ad30
ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java fc239af
ugsync/src/main/java/org/apache/ranger/unixusersync/model/MUserInfo.java 841bac6
ugsync/src/main/java/org/apache/ranger/unixusersync/model/XUserInfo.java 7d636fd
unixauthservice/scripts/install.properties 13ae1e5
unixauthservice/scripts/setup.py c7aa959
unixauthservice/scripts/templates/installprop2xml.properties 1a9bf36
unixauthservice/scripts/templates/ranger-ugsync-template.xml 0025dc8
Diff: https://reviews.apache.org/r/60732/diff/2/
Changes: https://reviews.apache.org/r/60732/diff/1-2/
Testing
-------
1. Verified when ranger-admin connect to LDAP server than users are synchronised form there they got same role which is specified in usersync-side.
2. Verified unix authentication and usersync.
Thanks,
bhavik patel