You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by sp...@apache.org on 2021/05/26 04:38:46 UTC
[ranger] branch master updated: Added code to log the no. of
users/groups that are marked for delete and update it as part of ugsync
audits
This is an automated email from the ASF dual-hosted git repository.
spolavarapu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 99f7b57 Added code to log the no. of users/groups that are marked for delete and update it as part of ugsync audits
99f7b57 is described below
commit 99f7b571b93718196480559a95f396ed37bb3442
Author: Sailaja Polavarapu <sp...@cloudera.com>
AuthorDate: Tue May 25 21:38:28 2021 -0700
Added code to log the no. of users/groups that are marked for delete and update it as part of ugsync audits
---
.../apache/ranger/view/VXFileSyncSourceInfo.java | 20 ++++++++++++++++
.../apache/ranger/view/VXLdapSyncSourceInfo.java | 20 ++++++++++++++++
.../apache/ranger/view/VXUnixSyncSourceInfo.java | 20 ++++++++++++++++
.../webapp/scripts/modules/globalize/message/en.js | 2 ++
.../ugsyncutil/model/FileSyncSourceInfo.java | 20 ++++++++++++++++
.../ugsyncutil/model/LdapSyncSourceInfo.java | 20 ++++++++++++++++
.../ugsyncutil/model/UnixSyncSourceInfo.java | 20 ++++++++++++++++
.../process/PolicyMgrUserGroupBuilder.java | 28 ++++++++++++++++++----
8 files changed, 146 insertions(+), 4 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXFileSyncSourceInfo.java b/security-admin/src/main/java/org/apache/ranger/view/VXFileSyncSourceInfo.java
index b078a19..52d94c2 100644
--- a/security-admin/src/main/java/org/apache/ranger/view/VXFileSyncSourceInfo.java
+++ b/security-admin/src/main/java/org/apache/ranger/view/VXFileSyncSourceInfo.java
@@ -44,6 +44,8 @@ public class VXFileSyncSourceInfo implements java.io.Serializable {
private String lastModified;
private long totalUsersSynced;
private long totalGroupsSynced;
+ private long totalUsersDeleted;
+ private long totalGroupsDeleted;
public VXFileSyncSourceInfo() {
}
@@ -88,6 +90,22 @@ public class VXFileSyncSourceInfo implements java.io.Serializable {
this.totalGroupsSynced = totalGroupsSynced;
}
+ public long getTotalUsersDeleted() {
+ return totalUsersDeleted;
+ }
+
+ public void setTotalUsersDeleted(long totalUsersDeleted) {
+ this.totalUsersDeleted = totalUsersDeleted;
+ }
+
+ public long getTotalGroupsDeleted() {
+ return totalGroupsDeleted;
+ }
+
+ public void setTotalGroupsDeleted(long totalGroupsDeleted) {
+ this.totalGroupsDeleted = totalGroupsDeleted;
+ }
+
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
@@ -101,6 +119,8 @@ public class VXFileSyncSourceInfo implements java.io.Serializable {
sb.append("\", \"lastModified\":\"").append(lastModified);
sb.append("\", \"totalUsersSynced\":\"").append(totalUsersSynced);
sb.append("\", \"totalGroupsSynced\":\"").append(totalGroupsSynced);
+ sb.append("\", \"totalUsersDeleted\":\"").append(totalUsersDeleted);
+ sb.append("\", \"totalGroupsDeleted\":\"").append(totalGroupsDeleted);
sb.append("\"}");
return sb;
}
diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXLdapSyncSourceInfo.java b/security-admin/src/main/java/org/apache/ranger/view/VXLdapSyncSourceInfo.java
index be391de..d349a9e 100644
--- a/security-admin/src/main/java/org/apache/ranger/view/VXLdapSyncSourceInfo.java
+++ b/security-admin/src/main/java/org/apache/ranger/view/VXLdapSyncSourceInfo.java
@@ -49,6 +49,8 @@ public class VXLdapSyncSourceInfo implements java.io.Serializable {
private String groupHierarchyLevel;
private long totalUsersSynced;
private long totalGroupsSynced;
+ private long totalUsersDeleted;
+ private long totalGroupsDeleted;
public VXLdapSyncSourceInfo() {
}
@@ -133,6 +135,22 @@ public class VXLdapSyncSourceInfo implements java.io.Serializable {
this.userSearchEnabled = userSearchEnabled;
}
+ public long getTotalUsersDeleted() {
+ return totalUsersDeleted;
+ }
+
+ public void setTotalUsersDeleted(long totalUsersDeleted) {
+ this.totalUsersDeleted = totalUsersDeleted;
+ }
+
+ public long getTotalGroupsDeleted() {
+ return totalGroupsDeleted;
+ }
+
+ public void setTotalGroupsDeleted(long totalGroupsDeleted) {
+ this.totalGroupsDeleted = totalGroupsDeleted;
+ }
+
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
@@ -151,6 +169,8 @@ public class VXLdapSyncSourceInfo implements java.io.Serializable {
sb.append("\", \"groupHierarchyLevel\":\"").append(groupHierarchyLevel);
sb.append("\", \"totalUsersSynced\":\"").append(totalUsersSynced);
sb.append("\", \"totalGroupsSynced\":\"").append(totalGroupsSynced);
+ sb.append("\", \"totalUsersDeleted\":\"").append(totalUsersDeleted);
+ sb.append("\", \"totalGroupsDeleted\":\"").append(totalGroupsDeleted);
sb.append("\"}");
return sb;
}
diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXUnixSyncSourceInfo.java b/security-admin/src/main/java/org/apache/ranger/view/VXUnixSyncSourceInfo.java
index 55afec7..dc87f31 100644
--- a/security-admin/src/main/java/org/apache/ranger/view/VXUnixSyncSourceInfo.java
+++ b/security-admin/src/main/java/org/apache/ranger/view/VXUnixSyncSourceInfo.java
@@ -47,6 +47,8 @@ public class VXUnixSyncSourceInfo implements java.io.Serializable {
private String minGroupId;
private long totalUsersSynced;
private long totalGroupsSynced;
+ private long totalUsersDeleted;
+ private long totalGroupsDeleted;
public VXUnixSyncSourceInfo() {
}
@@ -115,6 +117,22 @@ public class VXUnixSyncSourceInfo implements java.io.Serializable {
this.totalGroupsSynced = totalGroupsSynced;
}
+ public long getTotalUsersDeleted() {
+ return totalUsersDeleted;
+ }
+
+ public void setTotalUsersDeleted(long totalUsersDeleted) {
+ this.totalUsersDeleted = totalUsersDeleted;
+ }
+
+ public long getTotalGroupsDeleted() {
+ return totalGroupsDeleted;
+ }
+
+ public void setTotalGroupsDeleted(long totalGroupsDeleted) {
+ this.totalGroupsDeleted = totalGroupsDeleted;
+ }
+
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
@@ -131,6 +149,8 @@ public class VXUnixSyncSourceInfo implements java.io.Serializable {
sb.append("\", \"minGroupId\":\"").append(minGroupId);
sb.append("\", \"totalUsersSynced\":\"").append(totalUsersSynced);
sb.append("\", \"totalGroupsSynced\":\"").append(totalGroupsSynced);
+ sb.append("\", \"totalUsersDeleted\":\"").append(totalUsersDeleted);
+ sb.append("\", \"totalGroupsDeleted\":\"").append(totalGroupsDeleted);
sb.append("\"}");
return sb;
}
diff --git a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
index cc18902..d30ed4d 100644
--- a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
+++ b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
@@ -267,6 +267,8 @@ define(function(require) {
editValidityPeriod : ' Edit Validity Period',
totalUsersSynced : 'Total number of users synced',
totalGroupsSynced : 'Total number of groups synced',
+ totalUsersDeleted : 'Total number of users marked for delete',
+ totalGroupsDeleted : 'Total number of groups marked for delete',
addPolicyCondition : 'Add Policy Condition',
editPolicyCondition : 'Edit Policy Condition',
agentHost :'Agent Host Name',
diff --git a/ugsync-util/src/main/java/org/apache/ranger/ugsyncutil/model/FileSyncSourceInfo.java b/ugsync-util/src/main/java/org/apache/ranger/ugsyncutil/model/FileSyncSourceInfo.java
index d6f12f1..4e122c2 100644
--- a/ugsync-util/src/main/java/org/apache/ranger/ugsyncutil/model/FileSyncSourceInfo.java
+++ b/ugsync-util/src/main/java/org/apache/ranger/ugsyncutil/model/FileSyncSourceInfo.java
@@ -25,6 +25,8 @@ public class FileSyncSourceInfo {
private String lastModified;
private long totalUsersSynced;
private long totalGroupsSynced;
+ private long totalUsersDeleted;
+ private long totalGroupsDeleted;
public String getFileName() {
return fileName;
@@ -66,6 +68,22 @@ public class FileSyncSourceInfo {
this.totalGroupsSynced = totalGroupsSynced;
}
+ public long getTotalUsersDeleted() {
+ return totalUsersDeleted;
+ }
+
+ public void setTotalUsersDeleted(long totalUsersDeleted) {
+ this.totalUsersDeleted = totalUsersDeleted;
+ }
+
+ public long getTotalGroupsDeleted() {
+ return totalGroupsDeleted;
+ }
+
+ public void setTotalGroupsDeleted(long totalGroupsDeleted) {
+ this.totalGroupsDeleted = totalGroupsDeleted;
+ }
+
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
@@ -79,6 +97,8 @@ public class FileSyncSourceInfo {
sb.append(", lastModified= ").append(lastModified);
sb.append(", totalUsersSynced= ").append(totalUsersSynced);
sb.append(", totalGroupsSynced= ").append(totalGroupsSynced);
+ sb.append(", totalUsersDeleted= ").append(totalUsersDeleted);
+ sb.append(", totalGroupsDeleted= ").append(totalGroupsDeleted);
sb.append("]");
return sb;
}
diff --git a/ugsync-util/src/main/java/org/apache/ranger/ugsyncutil/model/LdapSyncSourceInfo.java b/ugsync-util/src/main/java/org/apache/ranger/ugsyncutil/model/LdapSyncSourceInfo.java
index 2de4faf..227c897 100644
--- a/ugsync-util/src/main/java/org/apache/ranger/ugsyncutil/model/LdapSyncSourceInfo.java
+++ b/ugsync-util/src/main/java/org/apache/ranger/ugsyncutil/model/LdapSyncSourceInfo.java
@@ -31,6 +31,8 @@ public class LdapSyncSourceInfo {
private long totalUsersSynced;
private long totalGroupsSynced;
+ private long totalUsersDeleted;
+ private long totalGroupsDeleted;
public String getLdapUrl() {
return ldapUrl;
@@ -112,6 +114,22 @@ public class LdapSyncSourceInfo {
this.userSearchEnabled = userSearchEnabled;
}
+ public long getTotalUsersDeleted() {
+ return totalUsersDeleted;
+ }
+
+ public void setTotalUsersDeleted(long totalUsersDeleted) {
+ this.totalUsersDeleted = totalUsersDeleted;
+ }
+
+ public long getTotalGroupsDeleted() {
+ return totalGroupsDeleted;
+ }
+
+ public void setTotalGroupsDeleted(long totalGroupsDeleted) {
+ this.totalGroupsDeleted = totalGroupsDeleted;
+ }
+
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
@@ -130,6 +148,8 @@ public class LdapSyncSourceInfo {
sb.append(", groupHierarchyLevel= ").append(groupHierarchyLevel);
sb.append(", totalUsersSynced= ").append(totalUsersSynced);
sb.append(", totalGroupsSynced= ").append(totalGroupsSynced);
+ sb.append(", totalUsersDeleted= ").append(totalUsersDeleted);
+ sb.append(", totalGroupsDeleted= ").append(totalGroupsDeleted);
sb.append("]");
return sb;
}
diff --git a/ugsync-util/src/main/java/org/apache/ranger/ugsyncutil/model/UnixSyncSourceInfo.java b/ugsync-util/src/main/java/org/apache/ranger/ugsyncutil/model/UnixSyncSourceInfo.java
index 1445655..17b6362 100644
--- a/ugsync-util/src/main/java/org/apache/ranger/ugsyncutil/model/UnixSyncSourceInfo.java
+++ b/ugsync-util/src/main/java/org/apache/ranger/ugsyncutil/model/UnixSyncSourceInfo.java
@@ -28,6 +28,8 @@ public class UnixSyncSourceInfo {
private String minGroupId;
private long totalUsersSynced;
private long totalGroupsSynced;
+ private long totalUsersDeleted;
+ private long totalGroupsDeleted;
public String getMinGroupId() {
return minGroupId;
@@ -93,6 +95,22 @@ public class UnixSyncSourceInfo {
this.totalGroupsSynced = totalGroupsSynced;
}
+ public long getTotalUsersDeleted() {
+ return totalUsersDeleted;
+ }
+
+ public void setTotalUsersDeleted(long totalUsersDeleted) {
+ this.totalUsersDeleted = totalUsersDeleted;
+ }
+
+ public long getTotalGroupsDeleted() {
+ return totalGroupsDeleted;
+ }
+
+ public void setTotalGroupsDeleted(long totalGroupsDeleted) {
+ this.totalGroupsDeleted = totalGroupsDeleted;
+ }
+
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
@@ -109,6 +127,8 @@ public class UnixSyncSourceInfo {
sb.append(", minGroupId= ").append(minGroupId);
sb.append(", totalUsersSynced= ").append(totalUsersSynced);
sb.append(", totalGroupsSynced= ").append(totalGroupsSynced);
+ sb.append(", totalUsersDeleted= ").append(totalUsersDeleted);
+ sb.append(", totalGroupsDeleted= ").append(totalGroupsDeleted);
sb.append("]");
return sb;
}
diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
index 7e9a364..cb071cd 100644
--- a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
+++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
@@ -125,6 +125,8 @@ public class PolicyMgrUserGroupBuilder extends AbstractUserGroupSource implement
private int noOfNewGroups;
private int noOfModifiedUsers;
private int noOfModifiedGroups;
+ private int noOfDeletedUsers = 0;
+ private int noOfDeletedGroups = 0;
private boolean userNameCaseConversionFlag;
private boolean groupNameCaseConversionFlag;
@@ -246,14 +248,20 @@ public class PolicyMgrUserGroupBuilder extends AbstractUserGroupSource implement
case "LDAP/AD":
ugsyncAuditInfo.getLdapSyncSourceInfo().setTotalUsersSynced(noOfCachedUsers);
ugsyncAuditInfo.getLdapSyncSourceInfo().setTotalGroupsSynced(noOfCachedGroups);
+ ugsyncAuditInfo.getLdapSyncSourceInfo().setTotalUsersDeleted(noOfDeletedUsers);
+ ugsyncAuditInfo.getLdapSyncSourceInfo().setTotalGroupsDeleted(noOfDeletedGroups);
break;
case "Unix":
ugsyncAuditInfo.getUnixSyncSourceInfo().setTotalUsersSynced(noOfCachedUsers);
ugsyncAuditInfo.getUnixSyncSourceInfo().setTotalGroupsSynced(noOfCachedGroups);
+ ugsyncAuditInfo.getUnixSyncSourceInfo().setTotalUsersDeleted(noOfDeletedUsers);
+ ugsyncAuditInfo.getUnixSyncSourceInfo().setTotalGroupsDeleted(noOfDeletedGroups);
break;
case "File" :
ugsyncAuditInfo.getFileSyncSourceInfo().setTotalUsersSynced(noOfCachedUsers);
ugsyncAuditInfo.getFileSyncSourceInfo().setTotalGroupsSynced(noOfCachedGroups);
+ ugsyncAuditInfo.getFileSyncSourceInfo().setTotalUsersDeleted(noOfDeletedUsers);
+ ugsyncAuditInfo.getFileSyncSourceInfo().setTotalGroupsDeleted(noOfDeletedGroups);
break;
default:
break;
@@ -1615,6 +1623,8 @@ public class PolicyMgrUserGroupBuilder extends AbstractUserGroupSource implement
throw new Exception(msg);
}
}
+ LOG.info("No. of groups marked for delete = " + deletedGroups.size());
+ noOfDeletedGroups += deletedGroups.size();
}
private void computeDeletedGroups(Map<String, Map<String, String>> sourceGroups) {
@@ -1629,8 +1639,12 @@ public class PolicyMgrUserGroupBuilder extends AbstractUserGroupSource implement
if (StringUtils.isNotEmpty(groupDN) && !sourceGroups.containsKey(groupDN)
&& StringUtils.equalsIgnoreCase(groupOtherAttrs.get(UgsyncCommonConstants.SYNC_SOURCE), currentSyncSource)
&& StringUtils.equalsIgnoreCase(groupOtherAttrs.get(UgsyncCommonConstants.LDAP_URL), ldapUrl)) {
- groupInfo.setIsVisible(ISHIDDEN);
- deletedGroups.put(groupInfo.getName(), groupInfo);
+ if (groupInfo.getIsVisible() != ISHIDDEN) {
+ groupInfo.setIsVisible(ISHIDDEN);
+ deletedGroups.put(groupInfo.getName(), groupInfo);
+ } else {
+ LOG.info("group " + groupInfo.getName() + " already marked for delete ");
+ }
}
}
if (LOG.isDebugEnabled()) {
@@ -1730,6 +1744,8 @@ public class PolicyMgrUserGroupBuilder extends AbstractUserGroupSource implement
throw new Exception(msg);
}
}
+ LOG.info("No. of users marked for delete = " + deletedUsers.size());
+ noOfDeletedUsers += deletedUsers.size();
}
private void computeDeletedUsers(Map<String, Map<String, String>> sourceUsers) {
@@ -1744,8 +1760,12 @@ public class PolicyMgrUserGroupBuilder extends AbstractUserGroupSource implement
if (StringUtils.isNotEmpty(userDN) && !sourceUsers.containsKey(userDN)
&& StringUtils.equalsIgnoreCase(userOtherAttrs.get(UgsyncCommonConstants.SYNC_SOURCE), currentSyncSource)
&& StringUtils.equalsIgnoreCase(userOtherAttrs.get(UgsyncCommonConstants.LDAP_URL), ldapUrl)) {
- userInfo.setIsVisible(ISHIDDEN);
- deletedUsers.put(userInfo.getName(), userInfo);
+ if (userInfo.getIsVisible() != ISHIDDEN) {
+ userInfo.setIsVisible(ISHIDDEN);
+ deletedUsers.put(userInfo.getName(), userInfo);
+ } else {
+ LOG.info("user " + userInfo.getName() + " already marked for delete ");
+ }
}
}
if (LOG.isDebugEnabled()) {