You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by sp...@apache.org on 2020/12/17 00:29:34 UTC
[ranger] branch master updated: RANGER-3101: Added error checks
while updating users/groups to ranger admin as well as while computing
roles
This is an automated email from the ASF dual-hosted git repository.
spolavarapu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 07827e3 RANGER-3101: Added error checks while updating users/groups to ranger admin as well as while computing roles
07827e3 is described below
commit 07827e39dc483bb2e6668e426cbf94ffe1a1fb8c
Author: Sailaja Polavarapu <sp...@cloudera.com>
AuthorDate: Wed Dec 16 16:29:18 2020 -0800
RANGER-3101: Added error checks while updating users/groups to ranger admin as well as while computing roles
---
.../main/java/org/apache/ranger/biz/XUserMgr.java | 12 ++++++--
.../apache/ranger/service/XGroupUserService.java | 12 +++++++-
.../process/PolicyMgrUserGroupBuilder.java | 32 ++++++++++++++--------
3 files changed, 41 insertions(+), 15 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index 4a371f8..b0d8569 100755
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -2594,6 +2594,7 @@ public class XUserMgr extends XUserMgrBase {
return ret;
}
+ @Transactional(readOnly = false, propagation = Propagation.REQUIRED)
public int createOrUpdateXUsers(VXUserList users) {
xaBizUtil.blockAuditorRoleUser();
int ret = 0;
@@ -2697,7 +2698,6 @@ public class XUserMgr extends XUserMgrBase {
return groups.getListSize();
}
- @Transactional(readOnly = false, propagation = Propagation.REQUIRED)
private void createOrDeleteXGroupUsers(GroupUserInfo groupUserInfo, Map<String, Long> usersFromDB) {
checkAdminAccess();
xaBizUtil.blockAuditorRoleUser();
@@ -2718,6 +2718,7 @@ public class XUserMgr extends XUserMgrBase {
}
}
+ @Transactional(readOnly = false, propagation = Propagation.REQUIRED)
public int createOrDeleteXGroupUserList(List<GroupUserInfo> groupUserInfoList) {
int updatedGroups = 0;
if (CollectionUtils.isNotEmpty(groupUserInfoList)) {
@@ -2732,6 +2733,7 @@ public class XUserMgr extends XUserMgrBase {
return updatedGroups;
}
+ @Transactional(readOnly = false, propagation = Propagation.REQUIRED)
public List<String> updateUserRoleAssignments(UsersGroupRoleAssignments ugRoleAssignments) {
List<String> updatedUsers = new ArrayList<>();
// For each user get groups and compute roles based on group role assignments
@@ -2874,7 +2876,7 @@ public class XUserMgr extends XUserMgrBase {
}
}
- public VXUser updateXUser(VXUser vXUser, VXPortalUser oldUserProfile) {
+ private VXUser updateXUser(VXUser vXUser, VXPortalUser oldUserProfile) {
VXPortalUser vXPortalUser = new VXPortalUser();
if (oldUserProfile != null && oldUserProfile.getId() != null) {
vXPortalUser.setId(oldUserProfile.getId());
@@ -2965,6 +2967,12 @@ public class XUserMgr extends XUserMgrBase {
// TODO I've to get the transaction log from here.
// There is nothing to log anything in XXUser so far.
+ XXUser xUser = daoManager.getXXUser().findByUserName(vXUser.getName());
+ if (xUser == null) {
+ logger.warn("Could not find corresponding xUser for username: [" + vXPortalUser.getLoginId() + "], So not updating this user");
+ return vXUser;
+ }
+ vXUser.setId(xUser.getId());
vXUser = xUserService.updateResource(vXUser);
vXUser.setUserRoleList(roleList);
if (oldUserProfile != null) {
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XGroupUserService.java b/security-admin/src/main/java/org/apache/ranger/service/XGroupUserService.java
index 0509999..6c0289c 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/XGroupUserService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/XGroupUserService.java
@@ -107,6 +107,16 @@ public class XGroupUserService extends
public void createOrUpdateXGroupUsers(String groupName, Set<String> users, Map<String, Long> usersFromDB) {
XXGroup xxGroup = daoManager.getXXGroup().findByGroupName(groupName);
+ if (logger.isDebugEnabled()) {
+ logger.debug("createOrUpdateXGroupUsers(): groupname = " + groupName + " users = " + users);
+ }
+ if (xxGroup == null) {
+ if (logger.isDebugEnabled()) {
+ logger.debug("createOrUpdateXGroupUsers(): groupname = " + groupName
+ + " doesn't exist in database. Hence ignoring group membership updates");
+ }
+ return;
+ }
Map<String, XXGroupUser> groupUsers = daoManager.getXXGroupUser().findUsersByGroupName(groupName);
XXPortalUser xXPortalUser = daoManager.getXXPortalUser().getById(createdByUserId);
for (String username : users) {
@@ -136,7 +146,7 @@ public class XGroupUserService extends
}
VXGroupUser vXGroupUser = postCreate(xxGroupUser);
if (logger.isDebugEnabled()) {
- logger.debug(String.format("createXGroupUserFromMap(): Create or update group user mapping with groupname = " + vXGroupUser.getName()
+ logger.debug(String.format("createOrUpdateXGroupUsers(): Create or update group user mapping with groupname = " + vXGroupUser.getName()
+ " username = %s userId = %d", username, vXGroupUser.getUserId()));
}
}
diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
index ee9a254..556d976 100644
--- a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
+++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
@@ -274,10 +274,18 @@ private static final Logger LOG = Logger.getLogger(PolicyMgrUserGroupBuilder.cla
}
if (MapUtils.isNotEmpty(groupMap)) {
for (String groupName : groupMap.keySet()) {
- if (LOG.isDebugEnabled()) {
- LOG.debug("adding " + groupUsersCache.get(groupName) + " from " + groupName + " for computing roles during startup");
+ Set<String> groupUsers = null;
+ if (CollectionUtils.isNotEmpty(groupUsersCache.get(groupName))) {
+ groupUsers = new HashSet<>(groupUsersCache.get(groupName));
+ } else if (CollectionUtils.isNotEmpty(deltaGroupUsers.get(groupName))) {
+ groupUsers = new HashSet<>(deltaGroupUsers.get(groupName));
+ }
+ if (groupUsers != null) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("adding " + groupUsers + " from " + groupName + " for computing roles during startup");
+ }
+ computeRolesForUsers.addAll(groupUsers);
}
- computeRolesForUsers.addAll(groupUsersCache.get(groupName));
}
}
}
@@ -799,17 +807,17 @@ private static final Logger LOG = Logger.getLogger(PolicyMgrUserGroupBuilder.cla
LOG.debug("RESPONSE[" + response + "]");
}
- if (response != null) {
+ if (StringUtils.isNotEmpty(response)) {
try {
ret = Integer.valueOf(response);
uploadedCount += pageSize;
} catch (NumberFormatException e) {
LOG.error("Failed to addOrUpdateUsers " + uploadedCount, e);
- ret = 0;
+ throw e;
}
} else {
LOG.error("Failed to addOrUpdateUsers " + uploadedCount );
- ret = 0;
+ throw new Exception("Failed to addOrUpdateUsers " + uploadedCount);
}
LOG.info("ret = " + ret + " No. of users uploaded to ranger admin= " + (uploadedCount>totalCount?totalCount:uploadedCount));
}
@@ -897,17 +905,17 @@ private static final Logger LOG = Logger.getLogger(PolicyMgrUserGroupBuilder.cla
LOG.debug("RESPONSE[" + response + "]");
}
- if (response != null) {
+ if (StringUtils.isNotEmpty(response)) {
try {
ret = Integer.valueOf(response);
uploadedCount += pageSize;
} catch (NumberFormatException e) {
LOG.error("Failed to addOrUpdateGroups " + uploadedCount, e );
- ret = 0;
+ throw e;
}
} else {
LOG.error("Failed to addOrUpdateGroups " + uploadedCount );
- ret = 0;
+ throw new Exception("Failed to addOrUpdateGroups " + uploadedCount);
}
LOG.info("ret = " + ret + " No. of groups uploaded to ranger admin= " + (uploadedCount>totalCount?totalCount:uploadedCount));
}
@@ -990,17 +998,17 @@ private static final Logger LOG = Logger.getLogger(PolicyMgrUserGroupBuilder.cla
LOG.debug("RESPONSE[" + response + "]");
}
- if (response != null) {
+ if (StringUtils.isNotEmpty(response)) {
try {
ret = Integer.valueOf(response);
uploadedCount += pageSize;
} catch (NumberFormatException e) {
LOG.error("Failed to addOrUpdateGroupUsers " + uploadedCount, e );
- ret = 0;
+ throw e;
}
} else {
LOG.error("Failed to addOrUpdateGroupUsers " + uploadedCount );
- ret = 0;
+ throw new Exception("Failed to addOrUpdateGroupUsers " + uploadedCount);
}
LOG.info("ret = " + ret + " No. of group memberships uploaded to ranger admin= " + (uploadedCount>totalCount?totalCount:uploadedCount));