You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by sp...@apache.org on 2017/03/10 22:10:01 UTC
ranger git commit: RANGER-1435: Allow different files to be specified
for unix based usersync - ranger-0.7
Repository: ranger
Updated Branches:
refs/heads/ranger-0.7 8f825cad1 -> f81da7309
RANGER-1435: Allow different files to be specified for unix based usersync - ranger-0.7
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/f81da730
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/f81da730
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/f81da730
Branch: refs/heads/ranger-0.7
Commit: f81da73092e246531791657a2462033d58f91c03
Parents: 8f825ca
Author: Sailaja Polavarapu <sp...@hortonworks.com>
Authored: Fri Mar 10 14:09:49 2017 -0800
Committer: Sailaja Polavarapu <sp...@hortonworks.com>
Committed: Fri Mar 10 14:09:49 2017 -0800
----------------------------------------------------------------------
.../config/UserGroupSyncConfig.java | 24 ++++++++++++++++++++
.../process/UnixUserGroupBuilder.java | 16 ++++++++-----
.../process/TestUnixUserGroupBuilder.java | 23 +++++++++++++++++++
ugsync/src/test/resources/groupFile.txt | 6 +++++
ugsync/src/test/resources/passwordFile.txt | 5 ++++
5 files changed, 68 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/f81da730/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
----------------------------------------------------------------------
diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
index 81ddaa9..ba1b90d 100644
--- a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
+++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
@@ -59,6 +59,12 @@ public class UserGroupSyncConfig {
public static final String UGSYNC_PM_URL_PROP = "ranger.usersync.policymanager.baseURL";
+ public static final String UGSYNC_UNIX_PASSWORD_FILE = "ranger.usersync.unix.password.file";
+ public static final String DEFAULT_UGSYNC_UNIX_PASSWORD_FILE = "/etc/passwd";
+
+ public static final String UGSYNC_UNIX_GROUP_FILE = "ranger.usersync.unix.group.file";
+ public static final String DEFAULT_UGSYNC_UNIX_GROUP_FILE = "/etc/group";
+
public static final String UGSYNC_MIN_USERID_PROP = "ranger.usersync.unix.minUserId";
public static final String UGSYNC_MIN_GROUPID_PROP = "ranger.usersync.unix.minGroupId";
@@ -367,6 +373,24 @@ public class UserGroupSyncConfig {
}
return val;
}
+
+ public String getUnixPasswordFile() {
+ String val = prop.getProperty(UGSYNC_UNIX_PASSWORD_FILE);
+ if ( val == null ) {
+ val = DEFAULT_UGSYNC_UNIX_PASSWORD_FILE;
+ }
+
+ return val;
+ }
+
+ public String getUnixGroupFile() {
+ String val = prop.getProperty(UGSYNC_UNIX_GROUP_FILE);
+ if ( val == null ) {
+ val = DEFAULT_UGSYNC_UNIX_GROUP_FILE;
+ }
+
+ return val;
+ }
public String getUnixBackend() {
String val = prop.getProperty(UGSYNC_UNIX_BACKEND);
http://git-wip-us.apache.org/repos/asf/ranger/blob/f81da730/ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
----------------------------------------------------------------------
diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
index f5a4c9a..045fe3f 100644
--- a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
+++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
@@ -42,8 +42,8 @@ public class UnixUserGroupBuilder implements UserGroupSource {
private final static String OS = System.getProperty("os.name");
// kept for legacy support
- public static final String UNIX_USER_PASSWORD_FILE = "/etc/passwd";
- public static final String UNIX_GROUP_FILE = "/etc/group";
+ //public static final String UNIX_USER_PASSWORD_FILE = "/etc/passwd";
+ //public static final String UNIX_GROUP_FILE = "/etc/group";
/** Shell commands to get users and groups */
static final String LINUX_GET_ALL_USERS_CMD = "getent passwd";
@@ -78,6 +78,8 @@ public class UnixUserGroupBuilder implements UserGroupSource {
private Map<String,String> groupId2groupNameMap = new HashMap<String,String>();
private int minimumUserId = 0;
private int minimumGroupId = 0;
+ private String unixPasswordFile;
+ private String unixGroupFile;
private long passwordFileModifiedAt = 0;
private long groupFileModifiedAt = 0;
@@ -91,6 +93,8 @@ public class UnixUserGroupBuilder implements UserGroupSource {
public UnixUserGroupBuilder() {
minimumUserId = Integer.parseInt(config.getMinUserId());
minimumGroupId = Integer.parseInt(config.getMinGroupId());
+ unixPasswordFile = config.getUnixPasswordFile();
+ unixGroupFile = config.getUnixGroupFile();
LOG.debug("Minimum UserId: " + minimumUserId + ", minimum GroupId: " + minimumGroupId);
@@ -122,12 +126,12 @@ public class UnixUserGroupBuilder implements UserGroupSource {
if (useNss)
return System.currentTimeMillis() - lastUpdateTime > timeout;
- long TempPasswordFileModifiedAt = new File(UNIX_USER_PASSWORD_FILE).lastModified();
+ long TempPasswordFileModifiedAt = new File(unixPasswordFile).lastModified();
if (passwordFileModifiedAt != TempPasswordFileModifiedAt) {
return true;
}
- long TempGroupFileModifiedAt = new File(UNIX_GROUP_FILE).lastModified();
+ long TempGroupFileModifiedAt = new File(unixGroupFile).lastModified();
if (groupFileModifiedAt != TempGroupFileModifiedAt) {
return true;
}
@@ -197,7 +201,7 @@ public class UnixUserGroupBuilder implements UserGroupSource {
try {
if (!useNss) {
- File file = new File(UNIX_USER_PASSWORD_FILE);
+ File file = new File(unixPasswordFile);
passwordFileModifiedAt = file.lastModified();
FileInputStream fis = new FileInputStream(file);
reader = new BufferedReader(new InputStreamReader(fis, StandardCharsets.UTF_8));
@@ -386,7 +390,7 @@ public class UnixUserGroupBuilder implements UserGroupSource {
try {
if (!useNss) {
- File file = new File(UNIX_GROUP_FILE);
+ File file = new File(unixGroupFile);
groupFileModifiedAt = file.lastModified();
FileInputStream fis = new FileInputStream(file);
reader = new BufferedReader(new InputStreamReader(fis, StandardCharsets.UTF_8));
http://git-wip-us.apache.org/repos/asf/ranger/blob/f81da730/ugsync/src/test/java/org/apache/ranger/unixusersync/process/TestUnixUserGroupBuilder.java
----------------------------------------------------------------------
diff --git a/ugsync/src/test/java/org/apache/ranger/unixusersync/process/TestUnixUserGroupBuilder.java b/ugsync/src/test/java/org/apache/ranger/unixusersync/process/TestUnixUserGroupBuilder.java
index 831e92d..2118c84 100644
--- a/ugsync/src/test/java/org/apache/ranger/unixusersync/process/TestUnixUserGroupBuilder.java
+++ b/ugsync/src/test/java/org/apache/ranger/unixusersync/process/TestUnixUserGroupBuilder.java
@@ -42,6 +42,9 @@ public class TestUnixUserGroupBuilder {
@Test
public void testBuilderPasswd() throws Throwable {
config.setProperty("ranger.usersync.unix.backend", "passwd");
+ config.setProperty(UserGroupSyncConfig.UGSYNC_UNIX_PASSWORD_FILE, "/etc/passwd");
+ config.setProperty(UserGroupSyncConfig.UGSYNC_UNIX_GROUP_FILE, "/etc/group");
+
UnixUserGroupBuilder builder = new UnixUserGroupBuilder();
builder.init();
@@ -104,5 +107,25 @@ public class TestUnixUserGroupBuilder {
Map<String, List<String>> users = builder.getUser2GroupListMap();
assertNull(users.get("root"));
}
+
+ @Test
+ public void testUnixPasswdAndGroupFile() throws Throwable {
+ config.setProperty("ranger.usersync.unix.backend", "passwd");
+ config.setProperty(UserGroupSyncConfig.UGSYNC_UNIX_PASSWORD_FILE, "src/test/resources/passwordFile.txt");
+ config.setProperty(UserGroupSyncConfig.UGSYNC_UNIX_GROUP_FILE, "src/test/resources/groupFile.txt");
+
+ UnixUserGroupBuilder builder = new UnixUserGroupBuilder();
+ builder.init();
+
+ Map<String, String> groups = builder.getGroupId2groupNameMap();
+ String name = groups.get("1028");
+ assertThat(name, anyOf(equalTo("wheel"), equalTo("sam")));
+
+ Map<String, List<String>> users = builder.getUser2GroupListMap();
+ List<String> usergroups = users.get("sam");
+ assertNotNull(usergroups);
+ assertThat(usergroups, anyOf(hasItem("wheel"), hasItem("sam")));
+
+ }
}
http://git-wip-us.apache.org/repos/asf/ranger/blob/f81da730/ugsync/src/test/resources/groupFile.txt
----------------------------------------------------------------------
diff --git a/ugsync/src/test/resources/groupFile.txt b/ugsync/src/test/resources/groupFile.txt
new file mode 100644
index 0000000..89f7564
--- /dev/null
+++ b/ugsync/src/test/resources/groupFile.txt
@@ -0,0 +1,6 @@
+users:x:100:sam,bob,tom,user1,user2
+sam:x:1028:
+bob:x:1029:
+tom:x:1030:
+user1:x:1031:
+user2:x:1032:
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ranger/blob/f81da730/ugsync/src/test/resources/passwordFile.txt
----------------------------------------------------------------------
diff --git a/ugsync/src/test/resources/passwordFile.txt b/ugsync/src/test/resources/passwordFile.txt
new file mode 100644
index 0000000..0e8e10b
--- /dev/null
+++ b/ugsync/src/test/resources/passwordFile.txt
@@ -0,0 +1,5 @@
+sam:x:1021:1028::/home/sam:/bin/bash
+bob:x:1022:1029::/home/bob:/bin/bash
+tom:x:1023:1030::/home/tom:/bin/bash
+user1:x:1024:1031::/home/user1:/bin/bash
+user2:x:1025:1032::/home/user2:/bin/bash
\ No newline at end of file