You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2020/02/24 09:39:29 UTC
[ranger] branch master updated (f909896 -> 3171f5b)
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git.
from f909896 RANGER-2734: updated Atlas plugin for new operations in Atlas - add/remove label, update-namespace, admin-purge
new 07a70be RANGER-2706 usermapsyncenabled can be removed from code
new 3171f5b RANGER-2707 ranger.usersync.enabled not respected on initial ugsync startup
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../bin/import_ranger_to_ambari.py | 1 -
.../ldapconfigcheck/conf/input.properties | 1 -
.../apache/ranger/ldapconfigcheck/LdapConfig.java | 14 ------
.../process/LdapDeltaUserGroupBuilder.java | 6 ---
.../ldapusersync/process/LdapUserGroupBuilder.java | 4 --
.../unixusersync/config/UserGroupSyncConfig.java | 14 ------
.../apache/ranger/usergroupsync/UserGroupSync.java | 53 +++++++++-------------
ugsync/src/test/resources/ranger-ugsync-site.xml | 5 --
.../scripts/templates/installprop2xml.properties | 1 -
.../scripts/templates/ranger-ugsync-template.xml | 4 --
10 files changed, 21 insertions(+), 82 deletions(-)
[ranger] 02/02: RANGER-2707 ranger.usersync.enabled not respected
on initial ugsync startup
Posted by pr...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 3171f5b38908e18d7ac40d27a1737e3d41370d9a
Author: Lars Francke <la...@gmail.com>
AuthorDate: Tue Jan 21 11:34:18 2020 +0100
RANGER-2707 ranger.usersync.enabled not respected on initial ugsync startup
Signed-off-by: Pradeep <pr...@apache.org>
---
.../apache/ranger/usergroupsync/UserGroupSync.java | 53 +++++++++-------------
1 file changed, 21 insertions(+), 32 deletions(-)
diff --git a/ugsync/src/main/java/org/apache/ranger/usergroupsync/UserGroupSync.java b/ugsync/src/main/java/org/apache/ranger/usergroupsync/UserGroupSync.java
index 2befe33..6429055 100644
--- a/ugsync/src/main/java/org/apache/ranger/usergroupsync/UserGroupSync.java
+++ b/ugsync/src/main/java/org/apache/ranger/usergroupsync/UserGroupSync.java
@@ -17,34 +17,31 @@
* under the License.
*/
- package org.apache.ranger.usergroupsync;
-
+package org.apache.ranger.usergroupsync;
import org.apache.log4j.Logger;
import org.apache.ranger.unixusersync.config.UserGroupSyncConfig;
public class UserGroupSync implements Runnable {
-
- private static final Logger LOG = Logger.getLogger(UserGroupSync.class);
-
- private boolean shutdownFlag = false;
- private UserGroupSink ugSink = null;
- private UserGroupSource ugSource = null;
+ private static final Logger LOG = Logger.getLogger(UserGroupSync.class);
+ private UserGroupSink ugSink;
+ private UserGroupSource ugSource;
public static void main(String[] args) {
UserGroupSync userGroupSync = new UserGroupSync();
userGroupSync.run();
}
+ @Override
public void run() {
try {
long sleepTimeBetweenCycleInMillis = UserGroupSyncConfig.getInstance().getSleepTimeInMillisBetweenCycle();
- boolean initDone = false;
+ boolean initPending = true;
- while (! initDone ) {
+ while (initPending) {
try {
ugSink = UserGroupSyncConfig.getInstance().getUserGroupSink();
LOG.info("initializing sink: " + ugSink.getClass().getName());
@@ -55,14 +52,13 @@ public class UserGroupSync implements Runnable {
ugSource.init();
LOG.info("Begin: initial load of user/group from source==>sink");
- ugSource.updateSink(ugSink);
+ syncUserGroup();
LOG.info("End: initial load of user/group from source==>sink");
- initDone = true;
+ initPending = false;
LOG.info("Done initializing user/group source and sink");
- }
- catch(Throwable t) {
+ } catch (Throwable t) {
LOG.error("Failed to initialize UserGroup source/sink. Will retry after " + sleepTimeBetweenCycleInMillis + " milliseconds. Error details: ", t);
try {
LOG.debug("Sleeping for [" + sleepTimeBetweenCycleInMillis + "] milliSeconds");
@@ -73,7 +69,7 @@ public class UserGroupSync implements Runnable {
}
}
- while (! shutdownFlag ) {
+ while (true) {
try {
LOG.debug("Sleeping for [" + sleepTimeBetweenCycleInMillis + "] milliSeconds");
Thread.sleep(sleepTimeBetweenCycleInMillis);
@@ -82,35 +78,28 @@ public class UserGroupSync implements Runnable {
}
try {
+ LOG.info("Begin: update user/group from source==>sink");
syncUserGroup();
- }
- catch(Throwable t) {
+ LOG.info("End: update user/group from source==>sink");
+ } catch (Throwable t) {
LOG.error("Failed to synchronize UserGroup information. Error details: ", t);
}
}
-
- }
- catch(Throwable t) {
+
+ } catch (Throwable t) {
LOG.error("UserGroupSync thread got an error", t);
- }
- finally {
+ } finally {
LOG.info("Shutting down the UserGroupSync thread");
}
}
-
+
private void syncUserGroup() throws Throwable {
UserGroupSyncConfig config = UserGroupSyncConfig.getInstance();
- try{
- if (config.isUserSyncEnabled()) {
- LOG.info("Begin: update user/group from source==>sink");
- ugSource.updateSink(ugSink);
- LOG.info("End: update user/group from source==>sink");
- }
- }catch(Throwable t){
- LOG.error("Failed to sync user/group : ", t);
+ if (config.isUserSyncEnabled()) {
+ ugSource.updateSink(ugSink);
}
-
+
}
}
[ranger] 01/02: RANGER-2706 usermapsyncenabled can be removed from
code
Posted by pr...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 07a70be8cf19157efc0c875a6ddf63ab514ce88a
Author: Lars Francke <la...@gmail.com>
AuthorDate: Tue Jan 21 11:00:14 2020 +0100
RANGER-2706 usermapsyncenabled can be removed from code
Signed-off-by: Pradeep <pr...@apache.org>
---
.../bin/import_ranger_to_ambari.py | 1 -
.../ldapconfigcheck/conf/input.properties | 1 -
.../java/org/apache/ranger/ldapconfigcheck/LdapConfig.java | 14 --------------
.../ldapusersync/process/LdapDeltaUserGroupBuilder.java | 6 ------
.../ranger/ldapusersync/process/LdapUserGroupBuilder.java | 4 ----
.../ranger/unixusersync/config/UserGroupSyncConfig.java | 14 --------------
ugsync/src/test/resources/ranger-ugsync-site.xml | 5 -----
.../scripts/templates/installprop2xml.properties | 1 -
.../scripts/templates/ranger-ugsync-template.xml | 4 ----
9 files changed, 50 deletions(-)
diff --git a/migration-util/ambari2.1-hdp2.3-ranger0.50/bin/import_ranger_to_ambari.py b/migration-util/ambari2.1-hdp2.3-ranger0.50/bin/import_ranger_to_ambari.py
index e25b8ae..195a116 100755
--- a/migration-util/ambari2.1-hdp2.3-ranger0.50/bin/import_ranger_to_ambari.py
+++ b/migration-util/ambari2.1-hdp2.3-ranger0.50/bin/import_ranger_to_ambari.py
@@ -376,7 +376,6 @@ def add_advanced_ranger_configurations(add_admin_or_usersync, ranger_service_pro
advanced_user_sync_properties['ranger.usersync.ldap.groupname.caseconversion'] = ranger_service_properties_from_file.get('ranger.usersync.ldap.groupname.caseconversion','none')
advanced_user_sync_properties['ranger.usersync.logdir'] = ranger_service_properties_from_file.get('ranger.usersync.logdir','/var/log/ranger/usersync')
advanced_user_sync_properties['ranger.usersync.group.searchenabled'] = ranger_service_properties_from_file.get('ranger.usersync.group.searchenabled','false')
- advanced_user_sync_properties['ranger.usersync.group.usermapsyncenabled'] = ranger_service_properties_from_file.get('ranger.usersync.group.usermapsyncenabled','false')
advanced_user_sync_properties['ranger.usersync.group.searchbase'] = ranger_service_properties_from_file.get('ranger.usersync.group.searchbase',' ')
advanced_user_sync_properties['ranger.usersync.group.searchscope'] = ranger_service_properties_from_file.get('ranger.usersync.group.searchscope',' ')
advanced_user_sync_properties['ranger.usersync.group.objectclass'] = ranger_service_properties_from_file.get('ranger.usersync.group.objectclass',' ')
diff --git a/ugsync/ldapconfigchecktool/ldapconfigcheck/conf/input.properties b/ugsync/ldapconfigchecktool/ldapconfigcheck/conf/input.properties
index 449ee6f..adc12f9 100755
--- a/ugsync/ldapconfigchecktool/ldapconfigcheck/conf/input.properties
+++ b/ugsync/ldapconfigchecktool/ldapconfigcheck/conf/input.properties
@@ -51,7 +51,6 @@ ranger.usersync.group.searchscope=sub
ranger.usersync.credstore.filename=
ranger.usersync.ldap.bindalias=
ranger.usersync.ldap.searchBase=
-ranger.usersync.group.usermapsyncenabled=false
# Authentication properties
ranger.authentication.method=
diff --git a/ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/LdapConfig.java b/ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/LdapConfig.java
index 920ebf0..46eafa9 100644
--- a/ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/LdapConfig.java
+++ b/ugsync/ldapconfigchecktool/ldapconfigcheck/src/main/java/org/apache/ranger/ldapconfigcheck/LdapConfig.java
@@ -79,9 +79,6 @@ public class LdapConfig {
private static final String LGSYNC_GROUP_SEARCH_ENABLED = "ranger.usersync.group.searchenabled";
private static final boolean DEFAULT_LGSYNC_GROUP_SEARCH_ENABLED = false;
- private static final String LGSYNC_GROUP_USER_MAP_SYNC_ENABLED = "ranger.usersync.group.usermapsyncenabled";
- private static final boolean DEFAULT_LGSYNC_GROUP_USER_MAP_SYNC_ENABLED = false;
-
private static final String LGSYNC_GROUP_SEARCH_BASE = "ranger.usersync.group.searchbase";
private static final String LGSYNC_GROUP_SEARCH_SCOPE = "ranger.usersync.group.searchscope";
@@ -315,17 +312,6 @@ public class LdapConfig {
return groupSearchEnabled;
}
- public boolean isGroupUserMapSyncEnabled() {
- boolean groupUserMapSyncEnabled;
- String val = prop.getProperty(LGSYNC_GROUP_USER_MAP_SYNC_ENABLED);
- if (val == null || val.trim().isEmpty()) {
- groupUserMapSyncEnabled = DEFAULT_LGSYNC_GROUP_USER_MAP_SYNC_ENABLED;
- } else {
- groupUserMapSyncEnabled = Boolean.valueOf(val);
- }
- return groupUserMapSyncEnabled;
- }
-
public String getGroupSearchBase() {
String val = prop.getProperty(LGSYNC_GROUP_SEARCH_BASE);
return val;
diff --git a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java
index bea91c4..0c54f71 100644
--- a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java
+++ b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java
@@ -119,10 +119,6 @@ public class LdapDeltaUserGroupBuilder extends AbstractUserGroupSource {
private boolean userNameLowerCaseFlag = false;
private boolean groupNameLowerCaseFlag = false;
- private boolean groupUserMapSyncEnabled = false;
-
- //private Map<String, UserInfo> userGroupMap;
-
private Table<String, String, String> groupUserTable;
private Map<String, String> userNameMap;
private HashSet<String> groupNames;
@@ -297,7 +293,6 @@ public class LdapDeltaUserGroupBuilder extends AbstractUserGroupSource {
groupHierarchyLevels = config.getGroupHierarchyLevels();
extendedGroupSearchFilter = "(&" + extendedGroupSearchFilter + "(|(" + groupMemberAttributeName + "={0})(" + groupMemberAttributeName + "={1})))";
- groupUserMapSyncEnabled = config.isGroupUserMapSyncEnabled();
groupSearchControls = new SearchControls();
groupSearchControls.setSearchScope(groupSearchScope);
@@ -343,7 +338,6 @@ public class LdapDeltaUserGroupBuilder extends AbstractUserGroupSource {
+ ", groupMemberAttributeName: " + groupMemberAttributeName
+ ", groupNameAttribute: " + groupNameAttribute
+ ", groupSearchAttributes: " + groupSearchAttributes
- + ", groupUserMapSyncEnabled: " + groupUserMapSyncEnabled
+ ", groupSearchFirstEnabled: " + groupSearchFirstEnabled
+ ", userSearchEnabled: " + userSearchEnabled
+ ", ldapReferral: " + ldapReferral
diff --git a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
index 07cba9e..9563eee 100644
--- a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
+++ b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
@@ -99,8 +99,6 @@ public class LdapUserGroupBuilder extends AbstractUserGroupSource {
private boolean userNameLowerCaseFlag;
private boolean groupNameLowerCaseFlag;
- private boolean groupUserMapSyncEnabled;
-
private Map<String, UserInfo> userGroupMap;
//private Set<String> firstGroupDNs;
private Set<String> allUsers;
@@ -248,7 +246,6 @@ public class LdapUserGroupBuilder extends AbstractUserGroupSource {
if (!groupSearchFirstEnabled) {
extendedGroupSearchFilter = "(&" + extendedGroupSearchFilter + "(|(" + groupMemberAttributeName + "={0})(" + groupMemberAttributeName + "={1})))";
}
- groupUserMapSyncEnabled = config.isGroupUserMapSyncEnabled();
groupSearchControls = new SearchControls();
groupSearchControls.setSearchScope(groupSearchScope);
@@ -287,7 +284,6 @@ public class LdapUserGroupBuilder extends AbstractUserGroupSource {
+ ", groupMemberAttributeName: " + groupMemberAttributeName
+ ", groupNameAttribute: " + groupNameAttribute
+ ", groupSearchAttributes: " + groupSearchAttributes
- + ", groupUserMapSyncEnabled: " + groupUserMapSyncEnabled
+ ", groupSearchFirstEnabled: " + groupSearchFirstEnabled
+ ", userSearchEnabled: " + userSearchEnabled
+ ", ldapReferral: " + ldapReferral
diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
index f9f51d9..2c98bd8 100644
--- a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
+++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
@@ -186,9 +186,6 @@ public class UserGroupSyncConfig {
private static final String LGSYNC_USER_SEARCH_ENABLED = "ranger.usersync.user.searchenabled";
private static final boolean DEFAULT_LGSYNC_USER_SEARCH_ENABLED = true;
- private static final String LGSYNC_GROUP_USER_MAP_SYNC_ENABLED = "ranger.usersync.group.usermapsyncenabled";
- private static final boolean DEFAULT_LGSYNC_GROUP_USER_MAP_SYNC_ENABLED = false;
-
private static final String LGSYNC_GROUP_SEARCH_BASE = "ranger.usersync.group.searchbase";
private static final String LGSYNC_GROUP_SEARCH_SCOPE = "ranger.usersync.group.searchscope";
@@ -778,17 +775,6 @@ public class UserGroupSyncConfig {
return userSearchEnabled;
}
- public boolean isGroupUserMapSyncEnabled() {
- boolean groupUserMapSyncEnabled;
- String val = prop.getProperty(LGSYNC_GROUP_USER_MAP_SYNC_ENABLED);
- if(val == null || val.trim().isEmpty()) {
- groupUserMapSyncEnabled = DEFAULT_LGSYNC_GROUP_USER_MAP_SYNC_ENABLED;
- } else {
- groupUserMapSyncEnabled = Boolean.valueOf(val);
- }
- return groupUserMapSyncEnabled;
- }
-
public String getGroupSearchBase() throws Throwable {
String val = prop.getProperty(LGSYNC_GROUP_SEARCH_BASE);
if(val == null || val.trim().isEmpty()) {
diff --git a/ugsync/src/test/resources/ranger-ugsync-site.xml b/ugsync/src/test/resources/ranger-ugsync-site.xml
index 0a1a86d..5ed504b 100644
--- a/ugsync/src/test/resources/ranger-ugsync-site.xml
+++ b/ugsync/src/test/resources/ranger-ugsync-site.xml
@@ -59,11 +59,6 @@
</property>
<property>
- <name>ranger.usersync.group.usermapsyncenabled</name>
- <value>true</value>
- </property>
-
- <property>
<name>ranger.usersync.group.search.first.enabled</name>
<value>false</value>
</property>
diff --git a/unixauthservice/scripts/templates/installprop2xml.properties b/unixauthservice/scripts/templates/installprop2xml.properties
index e64ca3a..846c6a8 100644
--- a/unixauthservice/scripts/templates/installprop2xml.properties
+++ b/unixauthservice/scripts/templates/installprop2xml.properties
@@ -37,7 +37,6 @@ SYNC_LDAP_USERNAME_CASE_CONVERSION = ranger.usersync.ldap.username.caseconversio
SYNC_LDAP_GROUPNAME_CASE_CONVERSION = ranger.usersync.ldap.groupname.caseconversion
logdir=ranger.usersync.logdir
SYNC_GROUP_SEARCH_ENABLED = ranger.usersync.group.searchenabled
-SYNC_GROUP_USER_MAP_SYNC_ENABLED = ranger.usersync.group.usermapsyncenabled
SYNC_GROUP_SEARCH_BASE=ranger.usersync.group.searchbase
SYNC_GROUP_SEARCH_SCOPE=ranger.usersync.group.searchscope
SYNC_GROUP_OBJECT_CLASS=ranger.usersync.group.objectclass
diff --git a/unixauthservice/scripts/templates/ranger-ugsync-template.xml b/unixauthservice/scripts/templates/ranger-ugsync-template.xml
index b5dd437..0ae76eb 100644
--- a/unixauthservice/scripts/templates/ranger-ugsync-template.xml
+++ b/unixauthservice/scripts/templates/ranger-ugsync-template.xml
@@ -54,10 +54,6 @@
<value></value>
</property>
<property>
- <name>ranger.usersync.group.usermapsyncenabled</name>
- <value></value>
- </property>
- <property>
<name>ranger.usersync.ldap.binddn</name>
<value></value>
</property>