You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by sp...@apache.org on 2021/05/26 17:27:41 UTC
[ranger] branch ranger-2.2 updated: RANGER-3297: Updating user
source when same user exists as an internal & later added from external
source
This is an automated email from the ASF dual-hosted git repository.
spolavarapu pushed a commit to branch ranger-2.2
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.2 by this push:
new 2ac6feb RANGER-3297: Updating user source when same user exists as an internal & later added from external source
2ac6feb is described below
commit 2ac6feb14c7866537b2a936d326c08d3f37e0311
Author: Sailaja Polavarapu <sp...@cloudera.com>
AuthorDate: Wed May 26 10:25:46 2021 -0700
RANGER-3297: Updating user source when same user exists as an internal & later added from external source
---
.../main/java/org/apache/ranger/biz/XUserMgr.java | 4 ++--
.../process/PolicyMgrUserGroupBuilder.java | 21 +++++++++++----------
2 files changed, 13 insertions(+), 12 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index b903955..fad332a 100755
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -3028,7 +3028,7 @@ public class XUserMgr extends XUserMgrBase {
} else {
vXPortalUser.setPublicScreenName(vXUser.getName());
}
- vXPortalUser.setUserSource(oldUserProfile.getUserSource());
+ vXPortalUser.setUserSource(vXUser.getUserSource());
String hiddenPasswordString = PropertiesUtil.getProperty("ranger.password.hidden", "*****");
String password = vXUser.getPassword();
@@ -3038,7 +3038,7 @@ public class XUserMgr extends XUserMgrBase {
}
else if(oldUserProfile != null && oldUserProfile.getUserSource() == RangerCommonEnums.USER_EXTERNAL && password != null){
vXPortalUser.setPassword(oldUserProfile.getPassword());
- logger.debug("User is trrying to change external user password which we are not allowing it to change");
+ logger.debug("User is trying to change external user password which we are not allowing it to change");
}
else if(password != null){
validatePassword(vXUser);
diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
index cb071cd..65e26fe 100644
--- a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
+++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
@@ -624,11 +624,11 @@ public class PolicyMgrUserGroupBuilder extends AbstractUserGroupSource implement
String oldGroupAttrsStr = oldGroup.getOtherAttributes();
if (!StringUtils.equalsIgnoreCase(oldGroupAttrsStr, newGroupAttrsStr)) {
Map<String, String> oldGroupAttrs = oldGroup.getOtherAttrsMap();
- String oldGroupDN = oldGroupAttrs.get(UgsyncCommonConstants.FULL_NAME);
- if (StringUtils.equalsIgnoreCase(groupDN, oldGroupDN)
+ String oldGroupDN = oldGroupAttrs != null ? oldGroupAttrs.get(UgsyncCommonConstants.FULL_NAME) : groupName;
+ if (oldGroupAttrs == null || (StringUtils.equalsIgnoreCase(groupDN, oldGroupDN)
&& (StringUtils.isEmpty(oldGroupAttrs.get(UgsyncCommonConstants.SYNC_SOURCE))
|| StringUtils.equalsIgnoreCase(oldGroupAttrs.get(UgsyncCommonConstants.SYNC_SOURCE),
- newGroupAttrs.get(UgsyncCommonConstants.SYNC_SOURCE)))) {
+ newGroupAttrs.get(UgsyncCommonConstants.SYNC_SOURCE))))) {
oldGroup.setOtherAttributes(newGroupAttrsStr);
oldGroup.setOtherAttrsMap(newGroupAttrs);
deltaGroups.put(groupName, oldGroup);
@@ -680,13 +680,14 @@ public class PolicyMgrUserGroupBuilder extends AbstractUserGroupSource implement
String oldUserAttrsStr = oldUser.getOtherAttributes();
if (!StringUtils.equalsIgnoreCase(oldUserAttrsStr, newUserAttrsStr)) {
Map<String, String> oldUserAttrs = oldUser.getOtherAttrsMap();
- String oldUserDN = oldUserAttrs.get(UgsyncCommonConstants.FULL_NAME);
- if (StringUtils.equalsIgnoreCase(userDN, oldUserDN)
+ String oldUserDN = oldUserAttrs != null ? oldUserAttrs.get(UgsyncCommonConstants.FULL_NAME) : userName;
+ if (oldUserAttrs == null || (StringUtils.equalsIgnoreCase(userDN, oldUserDN)
&& (StringUtils.isEmpty(oldUserAttrs.get(UgsyncCommonConstants.SYNC_SOURCE))
|| StringUtils.equalsIgnoreCase(oldUserAttrs.get(UgsyncCommonConstants.SYNC_SOURCE),
- newUserAttrs.get(UgsyncCommonConstants.SYNC_SOURCE)))) {
+ newUserAttrs.get(UgsyncCommonConstants.SYNC_SOURCE))))) {
oldUser.setOtherAttributes(newUserAttrsStr);
oldUser.setOtherAttrsMap(newUserAttrs);
+ oldUser.setUserSource(SOURCE_EXTERNAL);
deltaUsers.put(userName, oldUser);
noOfModifiedUsers++;
userNameMap.put(userDN, userName);
@@ -1640,8 +1641,8 @@ public class PolicyMgrUserGroupBuilder extends AbstractUserGroupSource implement
&& StringUtils.equalsIgnoreCase(groupOtherAttrs.get(UgsyncCommonConstants.SYNC_SOURCE), currentSyncSource)
&& StringUtils.equalsIgnoreCase(groupOtherAttrs.get(UgsyncCommonConstants.LDAP_URL), ldapUrl)) {
if (groupInfo.getIsVisible() != ISHIDDEN) {
- groupInfo.setIsVisible(ISHIDDEN);
- deletedGroups.put(groupInfo.getName(), groupInfo);
+ groupInfo.setIsVisible(ISHIDDEN);
+ deletedGroups.put(groupInfo.getName(), groupInfo);
} else {
LOG.info("group " + groupInfo.getName() + " already marked for delete ");
}
@@ -1761,8 +1762,8 @@ public class PolicyMgrUserGroupBuilder extends AbstractUserGroupSource implement
&& StringUtils.equalsIgnoreCase(userOtherAttrs.get(UgsyncCommonConstants.SYNC_SOURCE), currentSyncSource)
&& StringUtils.equalsIgnoreCase(userOtherAttrs.get(UgsyncCommonConstants.LDAP_URL), ldapUrl)) {
if (userInfo.getIsVisible() != ISHIDDEN) {
- userInfo.setIsVisible(ISHIDDEN);
- deletedUsers.put(userInfo.getName(), userInfo);
+ userInfo.setIsVisible(ISHIDDEN);
+ deletedUsers.put(userInfo.getName(), userInfo);
} else {
LOG.info("user " + userInfo.getName() + " already marked for delete ");
}