You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by sp...@apache.org on 2020/03/09 16:15:25 UTC
[ranger] branch master updated: RANGER-2753: Using DB query to
access user group mappings while generating user store information
This is an automated email from the ASF dual-hosted git repository.
spolavarapu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 48076d2 RANGER-2753: Using DB query to access user group mappings while generating user store information
48076d2 is described below
commit 48076d2055ccdc9dbf7cfb46a368c1e0b7d20e6f
Author: Sailaja Polavarapu <sp...@cloudera.com>
AuthorDate: Mon Mar 9 09:15:11 2020 -0700
RANGER-2753: Using DB query to access user group mappings while generating user store information
---
.../apache/ranger/plugin/util/RangerUserStore.java | 12 ++++------
.../main/java/org/apache/ranger/biz/XUserMgr.java | 4 ++++
.../apache/ranger/common/RangerUserStoreCache.java | 11 ++++++---
.../main/java/org/apache/ranger/db/XXUserDao.java | 26 ++++++++++++++++++++++
.../main/resources/META-INF/jpa_named_queries.xml | 7 ++++++
5 files changed, 49 insertions(+), 11 deletions(-)
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerUserStore.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerUserStore.java
index dfe742f..2916ae7 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerUserStore.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerUserStore.java
@@ -32,10 +32,7 @@ import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlRootElement;
import java.io.Serializable;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Set;
+import java.util.*;
@JsonAutoDetect(fieldVisibility= JsonAutoDetect.Visibility.ANY)
@JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL)
@@ -54,11 +51,12 @@ public class RangerUserStore implements Serializable {
private Map<String, String> userCloudIdMapping;
private Map<String, String> groupCloudIdMapping;
- public RangerUserStore() {this(-1L, null, null);}
+ public RangerUserStore() {this(-1L, null, null, null);}
- public RangerUserStore(Long userStoreVersion, Set<UserInfo> users, Set<GroupInfo> groups ) {
+ public RangerUserStore(Long userStoreVersion, Set<UserInfo> users, Set<GroupInfo> groups, Map<String, Set<String>> userGroups) {
setUserStoreVersion(userStoreVersion);
setUserStoreUpdateTime(new Date());
+ setUserGroupMapping(userGroups);
buildMap(users, groups);
}
public Long getUserStoreVersion() {
@@ -153,7 +151,6 @@ public class RangerUserStore implements Serializable {
if (CollectionUtils.isNotEmpty(users)) {
userAttrMapping = new HashMap<>();
userCloudIdMapping = new HashMap<>();
- userGroupMapping = new HashMap<>();
for (UserInfo user : users) {
String username = user.getName();
Map<String, String> userAttrs = user.getOtherAttributes();
@@ -164,7 +161,6 @@ public class RangerUserStore implements Serializable {
userCloudIdMapping.put(cloudId, username);
}
}
- userGroupMapping.put(username, user.getGroups());
}
}
if (CollectionUtils.isNotEmpty(groups)) {
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index 88a4330..6a5ca7b 100755
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -2567,6 +2567,10 @@ public class XUserMgr extends XUserMgrBase {
return new HashSet<>(xGroupService.getGroups());
}
+ public Map<String, Set<String>> getUserGroups() {
+ return daoManager.getXXUser().findGroupsByUserIds();
+ }
+
public RangerUserStore getRangerUserStore(Long lastKnownUserStoreVersion) throws Exception {
RangerUserStore ret = null;
Long rangerUserStoreVersionInDB = getUserStoreVersion();
diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerUserStoreCache.java b/security-admin/src/main/java/org/apache/ranger/common/RangerUserStoreCache.java
index 8ffc98c..198e3d6 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/RangerUserStoreCache.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/RangerUserStoreCache.java
@@ -19,7 +19,6 @@
package org.apache.ranger.common;
-import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.authorization.hadoop.config.RangerAdminConfig;
@@ -90,14 +89,20 @@ public class RangerUserStoreCache {
if (lockResult) {
final Set<UserInfo> rangerUsersInDB = xUserMgr.getUsers();
final Set<GroupInfo> rangerGroupsInDB = xUserMgr.getGroups();
- if (CollectionUtils.isNotEmpty(rangerUsersInDB)) {
+ final Map<String, Set<String>> userGroups = xUserMgr.getUserGroups();
+ /*if (CollectionUtils.isNotEmpty(rangerUsersInDB)) {
for (UserInfo userInfo : rangerUsersInDB) {
//Get user group mapping from DB and update userInfo object.
userInfo.setGroups(xUserMgr.getGroupsForUser(userInfo.getName()));
}
+ }*/
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("No. of users from DB = " + rangerUsersInDB.size() + " and no. of groups from DB = " + rangerGroupsInDB.size());
+ LOG.debug("No. of userGroupMappings = " + userGroups.size());
}
- ret = new RangerUserStore(rangerUserStoreVersionInDB, rangerUsersInDB, rangerGroupsInDB);
+ ret = new RangerUserStore(rangerUserStoreVersionInDB, rangerUsersInDB, rangerGroupsInDB, userGroups);
rangerUserStore = ret;
} else {
if (LOG.isDebugEnabled()) {
diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXUserDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXUserDao.java
index cea90c1..0a9c640 100644
--- a/security-admin/src/main/java/org/apache/ranger/db/XXUserDao.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXUserDao.java
@@ -26,6 +26,8 @@ import org.apache.ranger.common.db.BaseDao;
import org.apache.ranger.entity.XXUser;
import org.springframework.stereotype.Service;
+import java.util.*;
+
@Service
public class XXUserDao extends BaseDao<XXUser> {
private static final Logger logger = Logger.getLogger(XXResourceDao.class);
@@ -62,4 +64,28 @@ public class XXUserDao extends BaseDao<XXUser> {
}
}
+ public Map<String, Set<String>> findGroupsByUserIds() {
+ Map<String, Set<String>> userGroups = new HashMap<>();
+
+ try {
+ List<Object[]> rows = (List<Object[]>) getEntityManager()
+ .createNamedQuery("XXUser.findGroupsByUserIds")
+ .getResultList();
+ if (rows != null) {
+ for (Object[] row : rows) {
+ if (userGroups.containsKey((String)row[0])) {
+ userGroups.get((String)row[0]).add((String)row[1]);
+ } else {
+ Set<String> groups = new HashSet<>();
+ groups.add((String)row[1]);
+ userGroups.put((String)row[0], groups);
+ }
+ }
+ }
+ } catch (NoResultException e) {
+ //Ignore
+ }
+ return userGroups;
+ }
+
}
diff --git a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
index f23bf2e..182a038 100755
--- a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
+++ b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
@@ -127,6 +127,13 @@
</query>
</named-query>
+ <!-- XXGroup -->
+ <named-query name="XXUser.findGroupsByUserIds">
+ <query>SELECT user.name, group.name FROM XXUser user, XXGroup group, XXGroupUser groupUser
+ WHERE user.id=groupUser.userId and group.name=groupUser.name
+ </query>
+ </named-query>
+
<!-- XXPermMap -->
<named-query name="XXPermMap.findByResourceId">
<query>SELECT obj FROM XXPermMap obj WHERE obj.resourceId = :resourceId