You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Velmurugan Periasamy <vp...@hortonworks.com> on 2017/07/10 06:52:03 UTC
Re: Review Request 60421: RANGER-1491 : Automatically map group of
external users to Administrator Role
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/60421/#review180010
-----------------------------------------------------------
security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
Lines 1160 (patched)
<https://reviews.apache.org/r/60421/#comment255016>
single return from the method would be better. Also no exceptions are handled here.
security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
Lines 1169 (patched)
<https://reviews.apache.org/r/60421/#comment255014>
will this work if usersync user is customized? Also it would be a good idea to log debug messages for else condition, currently there is no clue if the execution falls on else condition.
security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
Line 1278 (original), 1298 (patched)
<https://reviews.apache.org/r/60421/#comment255015>
Logging else condition (allowing rangerusersync) would be helpful
unixauthservice/scripts/templates/ranger-ugsync-template.xml
Lines 209 (patched)
<https://reviews.apache.org/r/60421/#comment255006>
To be consistent, add prefix "ranger.usersync" to this new property
unixauthservice/scripts/templates/ranger-ugsync-template.xml
Lines 213 (patched)
<https://reviews.apache.org/r/60421/#comment255007>
To be consistent, add prefix "ranger.usersync" to this new property
unixauthservice/scripts/templates/ranger-ugsync-template.xml
Lines 217 (patched)
<https://reviews.apache.org/r/60421/#comment255008>
To be consistent, add prefix "ranger.usersync" to this new property
unixauthservice/scripts/templates/ranger-ugsync-template.xml
Lines 221 (patched)
<https://reviews.apache.org/r/60421/#comment255009>
To be consistent, add prefix "ranger.usersync" to this new property
- Velmurugan Periasamy
On June 26, 2017, 8:01 a.m., bhavik patel wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/60421/
> -----------------------------------------------------------
>
> (Updated June 26, 2017, 8:01 a.m.)
>
>
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1491
> https://issues.apache.org/jira/browse/RANGER-1491
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Currently when Ranger connect to external LDAP server than users are synchronised and they will get default as "User" role.
>
> It would be a good feature to introduce a mechanism to automatically map certain users (e.g. they are in a specific group) to "Administrator" or "Keyadmin" role rather than setting as default "User" role.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java 6f77832
> security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java cd1de9f
> security-admin/src/main/java/org/apache/ranger/service/XUserService.java de95138
> security-admin/src/test/java/org/apache/ranger/biz/TestUserMgr.java 5e0ca20
> security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java 30525b3
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 428ad30
> ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java 19343b2
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/MUserInfo.java 841bac6
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/XUserInfo.java 7d636fd
> unixauthservice/scripts/install.properties 13ae1e5
> unixauthservice/scripts/setup.py bbc9226
> unixauthservice/scripts/templates/installprop2xml.properties 1a9bf36
> unixauthservice/scripts/templates/ranger-ugsync-template.xml 0025dc8
>
>
> Diff: https://reviews.apache.org/r/60421/diff/1/
>
>
> Testing
> -------
>
> 1. Verified when ranger-admin connect to LDAP server than users are synchronised form there they got same role which is specified in usersync-side.
> 2. Verified unix authentication and usersync.
>
>
> Thanks,
>
> bhavik patel
>
>
Re: Review Request 60421: RANGER-1491 : Automatically map group of
external users to Administrator Role
Posted by bhavik patel <bh...@gmail.com>.
> On July 10, 2017, 6:52 a.m., Velmurugan Periasamy wrote:
> > security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
> > Lines 1160 (patched)
> > <https://reviews.apache.org/r/60421/diff/1/?file=1762551#file1762551line1160>
> >
> > single return from the method would be better. Also no exceptions are handled here.
Updated to single return. Already we are checking for null conditions so no need to handle any exceptions.
- bhavik
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/60421/#review180010
-----------------------------------------------------------
On July 11, 2017, 5:52 a.m., bhavik patel wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/60421/
> -----------------------------------------------------------
>
> (Updated July 11, 2017, 5:52 a.m.)
>
>
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1491
> https://issues.apache.org/jira/browse/RANGER-1491
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Currently when Ranger connect to external LDAP server than users are synchronised and they will get default as "User" role.
>
> It would be a good feature to introduce a mechanism to automatically map certain users (e.g. they are in a specific group) to "Administrator" or "Keyadmin" role rather than setting as default "User" role.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java 6f77832
> security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b973b9a
> security-admin/src/main/java/org/apache/ranger/service/XUserService.java de95138
> security-admin/src/test/java/org/apache/ranger/biz/TestUserMgr.java 5e0ca20
> security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java 9846f67
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 428ad30
> ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java 19343b2
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/MUserInfo.java 841bac6
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/XUserInfo.java 7d636fd
> unixauthservice/scripts/install.properties 13ae1e5
> unixauthservice/scripts/setup.py bbc9226
> unixauthservice/scripts/templates/installprop2xml.properties 1a9bf36
> unixauthservice/scripts/templates/ranger-ugsync-template.xml 0025dc8
>
>
> Diff: https://reviews.apache.org/r/60421/diff/2/
>
>
> Testing
> -------
>
> 1. Verified when ranger-admin connect to LDAP server than users are synchronised form there they got same role which is specified in usersync-side.
> 2. Verified unix authentication and usersync.
>
>
> Thanks,
>
> bhavik patel
>
>