You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by sp...@apache.org on 2021/05/14 00:02:52 UTC
[ranger] branch master updated: RANGER-3262: Fixed issue with group
membership computation when group member attribute contains short name of
the user
This is an automated email from the ASF dual-hosted git repository.
spolavarapu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 399cc0d RANGER-3262: Fixed issue with group membership computation when group member attribute contains short name of the user
399cc0d is described below
commit 399cc0d47bd5e1ae1dbc5a9612eababd79f2292a
Author: Sailaja Polavarapu <sp...@cloudera.com>
AuthorDate: Thu May 13 17:02:32 2021 -0700
RANGER-3262: Fixed issue with group membership computation when group member attribute contains short name of the user
---
.../ranger/ldapusersync/process/LdapUserGroupBuilder.java | 15 +++++++++++++++
.../usergroupsync/PolicyMgrUserGroupBuilderTest.java | 8 ++++++++
.../apache/ranger/usergroupsync/TestLdapUserGroup.java | 1 +
3 files changed, 24 insertions(+)
diff --git a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
index 5bfaf20..401b3f0 100644
--- a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
+++ b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
@@ -51,6 +51,8 @@ import javax.naming.ldap.PagedResultsResponseControl;
import javax.naming.ldap.Rdn;
import javax.naming.ldap.StartTlsRequest;
import javax.naming.ldap.StartTlsResponse;
+
+import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.apache.ranger.ugsyncutil.util.UgsyncCommonConstants;
@@ -572,6 +574,19 @@ public class LdapUserGroupBuilder implements UserGroupSource {
}
sourceUsers.put(userFullName, userAttrMap);
+ if ((groupUserTable.containsColumn(userFullName) || groupUserTable.containsColumn(userName))) {
+ //Update the username in the groupUserTable with the one from username attribute.
+ Map<String, String> userMap = groupUserTable.column(userFullName);
+ if (MapUtils.isEmpty(userMap)) {
+ userMap = groupUserTable.column(userName);
+ }
+ for (Map.Entry<String, String> entry : userMap.entrySet()) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Updating groupUserTable " + entry.getValue() + " with: " + userName + " for " + entry.getKey());
+ }
+ groupUserTable.put(entry.getKey(), userFullName, userFullName);
+ }
+ }
counter++;
if (counter <= 2000) {
diff --git a/ugsync/src/test/java/org/apache/ranger/usergroupsync/PolicyMgrUserGroupBuilderTest.java b/ugsync/src/test/java/org/apache/ranger/usergroupsync/PolicyMgrUserGroupBuilderTest.java
index 930f688..fd8181b 100644
--- a/ugsync/src/test/java/org/apache/ranger/usergroupsync/PolicyMgrUserGroupBuilderTest.java
+++ b/ugsync/src/test/java/org/apache/ranger/usergroupsync/PolicyMgrUserGroupBuilderTest.java
@@ -55,6 +55,14 @@ public class PolicyMgrUserGroupBuilderTest extends PolicyMgrUserGroupBuilder {
return allGroups.size();
}
+ public int getTotalGroupUsers() {
+ int totalGroupUsers = 0;
+ for (String group : groupUsers.keySet()) {
+ totalGroupUsers += groupUsers.get(group).size();
+ }
+ return totalGroupUsers;
+ }
+
public Set<String> getAllGroups() {
return allGroups;
}
diff --git a/ugsync/src/test/java/org/apache/ranger/usergroupsync/TestLdapUserGroup.java b/ugsync/src/test/java/org/apache/ranger/usergroupsync/TestLdapUserGroup.java
index e064d2b..78bc56c 100644
--- a/ugsync/src/test/java/org/apache/ranger/usergroupsync/TestLdapUserGroup.java
+++ b/ugsync/src/test/java/org/apache/ranger/usergroupsync/TestLdapUserGroup.java
@@ -280,6 +280,7 @@ public class TestLdapUserGroup extends AbstractLdapTestUnit{
ldapBuilder.updateSink(sink);
assertEquals(1, sink.getTotalUsers());
assertEquals(3, sink.getTotalGroups());
+ assertEquals(3, sink.getTotalGroupUsers());
}
@Test