You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by sp...@apache.org on 2019/08/27 18:05:13 UTC
[ranger] branch master updated: RANGER-2552: Fixed code to update
the user role/permissions properly when group memberships are updated
This is an automated email from the ASF dual-hosted git repository.
spolavarapu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new ba2d550 RANGER-2552: Fixed code to update the user role/permissions properly when group memberships are updated
ba2d550 is described below
commit ba2d55068a0c4e19b29616c1265575da674a5170
Author: Sailaja Polavarapu <sp...@cloudera.com>
AuthorDate: Tue Aug 27 10:32:38 2019 -0700
RANGER-2552: Fixed code to update the user role/permissions properly when group memberships are updated
---
.../process/PolicyMgrUserGroupBuilder.java | 158 ++++++---------------
1 file changed, 44 insertions(+), 114 deletions(-)
diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
index e5fc68b..52579a3 100644
--- a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
+++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
@@ -34,6 +34,7 @@ import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
+import java.util.Set;
import java.util.StringTokenizer;
import java.util.regex.Pattern;
@@ -359,7 +360,6 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
@Override
public void addOrUpdateUser(String userName, List<String> groups) throws Throwable {
- UserGroupInfo ugInfo = new UserGroupInfo();
XUserInfo user = userName2XUserInfoMap.get(userName);
if (groups == null) {
@@ -402,6 +402,7 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
List<String> addGroups = new ArrayList<String>();
List<String> delGroups = new ArrayList<String>();
List<String> updateGroups = new ArrayList<String>();
+ Set<String> cumulativeGroups = new HashSet<>();
XGroupInfo tempXGroupInfo=null;
for(String group : groups) {
if (! oldGroups.contains(group)) {
@@ -442,122 +443,54 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
}
if (isMockRun) {
- return;
- }
- if (!addGroups.isEmpty()) {
- XUserInfo obj = addXUserInfo(userName);
- if (obj != null) {
- for (String group : addGroups) {
- String value = groupMap.get(group);
- if (value != null) {
- List<String> userRoleList = new ArrayList<String>();
- userRoleList.add(value);
- if (userMap.containsKey(obj.getName())) {
- List<String> userRole = new ArrayList<String>();
- userRole.add(userMap.get(obj.getName()));
- if (!obj.getUserRoleList().equals(userRole)) {
- obj.setUserRoleList(userRole);
-
- }
- } else if (!obj.getUserRoleList().equals(userRoleList)) {
- obj.setUserRoleList(userRoleList);
- }
- }
- }
- }
- ugInfo.setXuserInfo(obj);
- ugInfo.setXgroupInfo(getXGroupInfoList(addGroups));
- try {
- // If the rest call to ranger admin fails,
- // propagate the failure to the caller for retry in next
- // sync cycle.
- if (addUserGroupInfo(ugInfo) == null) {
- String msg = "Failed to add user group info";
- LOG.error(msg);
- throw new Exception(msg);
- }
- } catch (Throwable t) {
- LOG.error("PolicyMgrUserGroupBuilder.addUserGroupInfo failed for user-group entry: "
- + ugInfo.toString() + " with exception: ", t);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("PolicyMgrUserGroupBuilder.addOrUpdateUser(): Mock Run enabled and hence not sending updates to Ranger admin!");
}
- addXUserGroupInfo(user, addGroups);
+ return;
}
if (!delGroups.isEmpty()) {
- if (LOG.isDebugEnabled()) {
- LOG.debug("PolicyMgrUserGroupBuilder.addUserGroupInfo() user role list for " + userName + " after delete = " + user.getUserRoleList());
- }
delXUserGroupInfo(user, delGroups);
//Remove groups from user mapping
- userName2XUserInfoMap.get(userName).deleteGroups(delGroups);
- List<String> groupList = userName2XUserInfoMap.get(userName).getGroups();
+ user.deleteGroups(delGroups);
if (LOG.isDebugEnabled()) {
- LOG.debug("PolicyMgrUserGroupBuilder.addUserGroupInfo() groups for " + userName + " after delete = " + groupList);
- }
- if (!groupList.isEmpty()) {
- XUserInfo obj = addXUserInfo(userName);
- if (obj != null) {
- for (String group : updateGroups) {
- String value = groupMap.get(group);
- if (value != null) {
- List<String> userRoleList = new ArrayList<String>();
- userRoleList.add(value);
- if (userMap.containsKey(obj.getName())) {
- List<String> userRole = new ArrayList<String>();
- userRole.add(userMap.get(obj.getName()));
- if (!obj.getUserRoleList().equals(userRole)) {
- obj.setUserRoleList(userRole);
- }
- } else if (!obj.getUserRoleList().equals(
- userRoleList)) {
- obj.setUserRoleList(userRoleList);
- }
- }
- }
- }
- ugInfo.setXuserInfo(obj);
- ugInfo.setXgroupInfo(getXGroupInfoList(groupList));
- try {
- // If the rest call to ranger admin fails,
- // propagate the failure to the caller for retry in next
- // sync cycle.
- if (addUserGroupInfo(ugInfo) == null) {
- String msg = "Failed to add user group info";
- LOG.error(msg);
- throw new Exception(msg);
- }
- } catch (Throwable t) {
- LOG.error("PolicyMgrUserGroupBuilder.addUserGroupInfo failed with exception: "
- + t.getMessage()
- + ", for user-group entry: "
- + ugInfo);
- }
+ LOG.debug("PolicyMgrUserGroupBuilder.addUserGroupInfo(): groups for " + userName + " after delete = " + user.getGroups());
}
}
- if (!updateGroups.isEmpty()) {
+ if (!delGroups.isEmpty() || !addGroups.isEmpty() || !updateGroups.isEmpty()) {
+ cumulativeGroups = new HashSet<>(user.getGroups());
+ cumulativeGroups.addAll(addGroups);
+ cumulativeGroups.addAll(updateGroups);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("PolicyMgrUserGroupBuilder.addUserGroupInfo(): cumulative groups for " + userName + " = " + cumulativeGroups);
+ }
+
+ UserGroupInfo ugInfo = new UserGroupInfo();
XUserInfo obj = addXUserInfo(userName);
- if (obj != null) {
- for (String group : updateGroups) {
- String value = groupMap.get(group);
- if (value != null) {
- List<String> userRoleList = new ArrayList<String>();
- userRoleList.add(value);
- if (userMap.containsKey(obj.getName())) {
- List<String> userRole = new ArrayList<String>();
- userRole.add(userMap.get(obj.getName()));
- if (!obj.getUserRoleList().equals(userRole)) {
- obj.setUserRoleList(userRole);
- }
- } else if (!obj.getUserRoleList().equals(
- userRoleList)) {
- obj.setUserRoleList(userRoleList);
- }
- }
+ Set<String> userRoleList = new HashSet<>();
+ if (userMap.containsKey(userName)) {
+ // Add the user role that is defined in user role assignments
+ userRoleList.add(userMap.get(userName));
+ }
+
+ for (String group : cumulativeGroups) {
+ String value = groupMap.get(group);
+ if (value != null) {
+ userRoleList.add(value);
}
}
+
+ if (!userRoleList.isEmpty()) {
+ obj.setUserRoleList(new ArrayList<>(userRoleList));
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("PolicyMgrUserGroupBuilder.addUserGroupInfo() user role list for " + userName + " = " + obj.getUserRoleList());
+ }
+
ugInfo.setXuserInfo(obj);
- ugInfo.setXgroupInfo(getXGroupInfoList(updateGroups));
+ ugInfo.setXgroupInfo(getXGroupInfoList(new ArrayList<>(cumulativeGroups)));
try {
// If the rest call to ranger admin fails,
// propagate the failure to the caller for retry in next
@@ -576,26 +509,23 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
}
if (isStartupFlag) {
+ UserGroupInfo ugInfo = new UserGroupInfo();
XUserInfo obj = addXUserInfo(userName);
if (obj != null && updateGroups.isEmpty()
&& addGroups.isEmpty() && delGroups.isEmpty()) {
+ Set<String> userRoleList = new HashSet<>();
+ if (userMap.containsKey(userName)) {
+ // Add the user role that is defined in user role assignments
+ userRoleList.add(userMap.get(userName));
+ }
+
for (String group : groups) {
String value = groupMap.get(group);
if (value != null) {
- List<String> userRoleList = new ArrayList<String>();
userRoleList.add(value);
- if (userMap.containsKey(obj.getName())) {
- List<String> userRole = new ArrayList<String>();
- userRole.add(userMap.get(obj.getName()));
- if (!obj.getUserRoleList().equals(userRole)) {
- obj.setUserRoleList(userRole);
- }
- } else if (!obj.getUserRoleList().equals(
- userRoleList)) {
- obj.setUserRoleList(userRoleList);
- }
}
}
+ obj.setUserRoleList(new ArrayList<>(userRoleList));
ugInfo.setXuserInfo(obj);
ugInfo.setXgroupInfo(getXGroupInfoList(groups));
try {