You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by sp...@apache.org on 2021/05/14 00:02:52 UTC

[ranger] branch master updated: RANGER-3262: Fixed issue with group membership computation when group member attribute contains short name of the user

This is an automated email from the ASF dual-hosted git repository.

spolavarapu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
     new 399cc0d  RANGER-3262: Fixed issue with group membership computation  when group member attribute contains short name of the user
399cc0d is described below

commit 399cc0d47bd5e1ae1dbc5a9612eababd79f2292a
Author: Sailaja Polavarapu <sp...@cloudera.com>
AuthorDate: Thu May 13 17:02:32 2021 -0700

    RANGER-3262: Fixed issue with group membership computation  when group member attribute contains short name of the user
---
 .../ranger/ldapusersync/process/LdapUserGroupBuilder.java | 15 +++++++++++++++
 .../usergroupsync/PolicyMgrUserGroupBuilderTest.java      |  8 ++++++++
 .../apache/ranger/usergroupsync/TestLdapUserGroup.java    |  1 +
 3 files changed, 24 insertions(+)

diff --git a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
index 5bfaf20..401b3f0 100644
--- a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
+++ b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
@@ -51,6 +51,8 @@ import javax.naming.ldap.PagedResultsResponseControl;
 import javax.naming.ldap.Rdn;
 import javax.naming.ldap.StartTlsRequest;
 import javax.naming.ldap.StartTlsResponse;
+
+import org.apache.commons.collections.MapUtils;
 import org.apache.commons.lang.StringUtils;
 import org.apache.log4j.Logger;
 import org.apache.ranger.ugsyncutil.util.UgsyncCommonConstants;
@@ -572,6 +574,19 @@ public class LdapUserGroupBuilder implements UserGroupSource {
 						}
 
 						sourceUsers.put(userFullName, userAttrMap);
+						if ((groupUserTable.containsColumn(userFullName) || groupUserTable.containsColumn(userName))) {
+							//Update the username in the groupUserTable with the one from username attribute.
+							Map<String, String> userMap = groupUserTable.column(userFullName);
+							if (MapUtils.isEmpty(userMap)) {
+								userMap = groupUserTable.column(userName);
+							}
+							for (Map.Entry<String, String> entry : userMap.entrySet()) {
+								if (LOG.isDebugEnabled()) {
+									LOG.debug("Updating groupUserTable " + entry.getValue() + " with: " + userName + " for " + entry.getKey());
+								}
+								groupUserTable.put(entry.getKey(), userFullName, userFullName);
+							}
+						}
 						counter++;
 
                         if (counter <= 2000) {
diff --git a/ugsync/src/test/java/org/apache/ranger/usergroupsync/PolicyMgrUserGroupBuilderTest.java b/ugsync/src/test/java/org/apache/ranger/usergroupsync/PolicyMgrUserGroupBuilderTest.java
index 930f688..fd8181b 100644
--- a/ugsync/src/test/java/org/apache/ranger/usergroupsync/PolicyMgrUserGroupBuilderTest.java
+++ b/ugsync/src/test/java/org/apache/ranger/usergroupsync/PolicyMgrUserGroupBuilderTest.java
@@ -55,6 +55,14 @@ public class PolicyMgrUserGroupBuilderTest extends PolicyMgrUserGroupBuilder {
                 return allGroups.size();
         }
 
+        public int getTotalGroupUsers() {
+                int totalGroupUsers = 0;
+                for (String group : groupUsers.keySet()) {
+                        totalGroupUsers += groupUsers.get(group).size();
+                }
+                return totalGroupUsers;
+        }
+
         public Set<String> getAllGroups() {
                 return allGroups;
         }
diff --git a/ugsync/src/test/java/org/apache/ranger/usergroupsync/TestLdapUserGroup.java b/ugsync/src/test/java/org/apache/ranger/usergroupsync/TestLdapUserGroup.java
index e064d2b..78bc56c 100644
--- a/ugsync/src/test/java/org/apache/ranger/usergroupsync/TestLdapUserGroup.java
+++ b/ugsync/src/test/java/org/apache/ranger/usergroupsync/TestLdapUserGroup.java
@@ -280,6 +280,7 @@ public class TestLdapUserGroup extends AbstractLdapTestUnit{
 		ldapBuilder.updateSink(sink);
 		assertEquals(1, sink.getTotalUsers());
 		assertEquals(3, sink.getTotalGroups());
+		assertEquals(3, sink.getTotalGroupUsers());
 	}
 
 	@Test