You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by sp...@apache.org on 2017/09/26 21:14:40 UTC
[1/2] ranger git commit: RANGER-1801: group user mapping updates to
ranger admin fail when the mapping is already existed in ranger DB --master
Repository: ranger
Updated Branches:
refs/heads/master 23624c64f -> 17deef643
RANGER-1801: group user mapping updates to ranger admin fail when the mapping is already existed in ranger DB --master
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/d31aabe2
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/d31aabe2
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/d31aabe2
Branch: refs/heads/master
Commit: d31aabe2fa3f21060a5ec7e8f0263d78c9f357e2
Parents: 23624c6
Author: Sailaja Polavarapu <sp...@hortonworks.com>
Authored: Tue Sep 26 13:53:49 2017 -0700
Committer: Sailaja Polavarapu <sp...@hortonworks.com>
Committed: Tue Sep 26 13:53:49 2017 -0700
----------------------------------------------------------------------
.../main/java/org/apache/ranger/biz/XUserMgr.java | 3 +++
.../java/org/apache/ranger/db/XXGroupUserDao.java | 18 ++++++++++++++++++
.../apache/ranger/service/XGroupUserService.java | 14 ++++++++++++--
.../main/resources/META-INF/jpa_named_queries.xml | 5 +++++
4 files changed, 38 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/d31aabe2/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index 447aebb..670baa3 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -573,6 +573,7 @@ public class XUserMgr extends XUserMgrBase {
.findByLoginId(vXUser.getName());
if (xUser != null) {
// Add or update group user mapping only if the user already exists in x_user table.
+ logger.debug(String.format("createXGroupUserFromMap(): Create or update group %s ", vXGroup.getName()));
vXGroup = xGroupService.createXGroupWithOutLogin(vXGroup);
vxGUInfo.setXgroupInfo(vXGroup);
vxu.add(vXUser);
@@ -582,6 +583,8 @@ public class XUserMgr extends XUserMgrBase {
if (xXPortalUser.getUserSource() == RangerCommonEnums.USER_EXTERNAL) {
vXGroupUser = xGroupUserService
.createXGroupUserWithOutLogin(vXGroupUser);
+ logger.debug(String.format("createXGroupUserFromMap(): Create or update group user mapping with groupname = " + vXGroup.getName()
+ + " username = %s userId = %d", xXPortalUser.getLoginId(), xUser.getId()));
}
Collection<String> reqRoleList = vXUser.getUserRoleList();
http://git-wip-us.apache.org/repos/asf/ranger/blob/d31aabe2/security-admin/src/main/java/org/apache/ranger/db/XXGroupUserDao.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXGroupUserDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXGroupUserDao.java
index 1a76d27..c8c105d 100644
--- a/security-admin/src/main/java/org/apache/ranger/db/XXGroupUserDao.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXGroupUserDao.java
@@ -27,6 +27,7 @@ import java.util.Set;
import javax.persistence.NoResultException;
+import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.apache.ranger.common.db.BaseDao;
import org.apache.ranger.entity.XXGroupUser;
@@ -114,4 +115,21 @@ public class XXGroupUserDao extends BaseDao<XXGroupUser> {
}
}
+ public XXGroupUser findByGroupNameAndUserId(String groupName, Long userId) {
+ if (StringUtils.isNotBlank(groupName) && userId != null) {
+ try {
+ return getEntityManager()
+ .createNamedQuery("XXGroupUser.findByGroupNameAndUserId", XXGroupUser.class)
+ .setParameter("userId", userId)
+ .setParameter("groupName", groupName)
+ .getSingleResult();
+ } catch (NoResultException e) {
+ logger.debug(e.getMessage());
+ }
+ } else {
+ logger.debug("userId and/or groupId not provided.");
+ return new XXGroupUser();
+ }
+ return null;
+ }
}
http://git-wip-us.apache.org/repos/asf/ranger/blob/d31aabe2/security-admin/src/main/java/org/apache/ranger/service/XGroupUserService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XGroupUserService.java b/security-admin/src/main/java/org/apache/ranger/service/XGroupUserService.java
index 7e8568b..bf39f5a 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/XGroupUserService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/XGroupUserService.java
@@ -79,7 +79,13 @@ public class XGroupUserService extends
}
public VXGroupUser createXGroupUserWithOutLogin(VXGroupUser vxGroupUser) {
- XXGroupUser xxGroupUser = new XXGroupUser();
+ boolean groupUserMappingExists = true;
+ XXGroupUser xxGroupUser = daoManager.getXXGroupUser().findByGroupNameAndUserId(vxGroupUser.getName(), vxGroupUser.getUserId());
+ if (xxGroupUser == null) {
+ xxGroupUser = new XXGroupUser();
+ groupUserMappingExists = false;
+ }
+
XXGroup xGroup = daoManager.getXXGroup().findByGroupName(vxGroupUser.getName());
vxGroupUser.setParentGroupId(xGroup.getId());
xxGroupUser = mapViewToEntityBean(vxGroupUser, xxGroupUser, 0);
@@ -88,7 +94,11 @@ public class XGroupUserService extends
xxGroupUser.setAddedByUserId(createdByUserId);
xxGroupUser.setUpdatedByUserId(createdByUserId);
}
- xxGroupUser = getDao().create(xxGroupUser);
+ if (groupUserMappingExists) {
+ xxGroupUser = getDao().update(xxGroupUser);
+ } else {
+ xxGroupUser = getDao().create(xxGroupUser);
+ }
vxGroupUser = postCreate(xxGroupUser);
return vxGroupUser;
}
http://git-wip-us.apache.org/repos/asf/ranger/blob/d31aabe2/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
index 68548a5..a212e59 100644
--- a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
+++ b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
@@ -189,6 +189,11 @@
</query>
</named-query>
+ <named-query name="XXGroupUser.findByGroupNameAndUserId">
+ <query>SELECT obj FROM XXGroupUser obj WHERE obj.name=:groupName AND obj.userId=:userId
+ </query>
+ </named-query>
+
<named-query name="XXTrxLog.findByTrxId">
<query>SELECT obj FROM XXTrxLog obj WHERE obj.transactionId = :transactionId
</query>
[2/2] ranger git commit: RANGER-1800: Usersync fails to update users
and groups during incremental sync with nested groups and group first search
enabled -- master
Posted by sp...@apache.org.
RANGER-1800: Usersync fails to update users and groups during incremental sync with nested groups and group first search enabled -- master
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/17deef64
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/17deef64
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/17deef64
Branch: refs/heads/master
Commit: 17deef643ae1985e74a18273852e205df0b051a6
Parents: d31aabe
Author: Sailaja Polavarapu <sp...@hortonworks.com>
Authored: Tue Sep 26 14:11:49 2017 -0700
Committer: Sailaja Polavarapu <sp...@hortonworks.com>
Committed: Tue Sep 26 14:11:49 2017 -0700
----------------------------------------------------------------------
.../ldapusersync/process/LdapDeltaUserGroupBuilder.java | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/17deef64/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java
----------------------------------------------------------------------
diff --git a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java
index 394bde2..17682ba 100644
--- a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java
+++ b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java
@@ -349,6 +349,7 @@ public class LdapDeltaUserGroupBuilder extends AbstractUserGroupSource {
}
List<String> userList = new ArrayList<>(userSet);
String transformGroupName = groupNameTransform(groupName);
+ LOG.debug("addOrUpdateGroup(): group = " + groupName + " users = " + userList);
try {
sink.addOrUpdateGroup(transformGroupName, userList);
} catch (Throwable t) {
@@ -751,8 +752,10 @@ public class LdapDeltaUserGroupBuilder extends AbstractUserGroupSource {
}
if (groupHierarchyLevels > 0) {
+ LOG.debug("deltaSyncGroupTime = " + deltaSyncGroupTime);
if (deltaSyncGroupTime > 0) {
- goUpGroupHierarchyLdap(groupNameMap.keySet(), groupHierarchyLevels-1);
+ LOG.info("LdapDeltaUserGroupBuilder.getGroups(): Going through group hierarchy for nested group evaluation for deltasync");
+ goUpGroupHierarchyLdap(groupNameMap.keySet(), groupHierarchyLevels-1);
}
}
@@ -942,7 +945,7 @@ public class LdapDeltaUserGroupBuilder extends AbstractUserGroupSource {
} else {
groupUserTable.put(gName, originalUserFullName, originalUserFullName);
}
-
+ groupNameMap.put(groupEntry.getNameInNamespace().toLowerCase(), gName);
}
LOG.info("No. of members in the group " + gName + " = " + userCount);
}