You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2020/02/24 15:56:29 UTC
[ranger] branch master updated: RANGER-2729: RANGER-2660 should
creates external users rather internal
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 54083d6 RANGER-2729: RANGER-2660 should creates external users rather internal
54083d6 is described below
commit 54083d6bdd7711588e88ff806eab92af3ea05568
Author: Pradeep <pr...@apache.org>
AuthorDate: Wed Feb 12 16:50:16 2020 +0530
RANGER-2729: RANGER-2660 should creates external users rather internal
---
.../java/org/apache/ranger/biz/PolicyRefUpdater.java | 16 ++++++----------
.../src/main/java/org/apache/ranger/biz/XUserMgr.java | 6 ++++++
.../src/main/java/org/apache/ranger/rest/XUserREST.java | 8 ++++++++
3 files changed, 20 insertions(+), 10 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java b/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
index 318f9f5..41d235a 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
@@ -19,7 +19,6 @@
package org.apache.ranger.biz;
import java.util.ArrayList;
-import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
@@ -28,6 +27,7 @@ import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.common.RangerCommonEnums;
import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.entity.XXAccessTypeDef;
import org.apache.ranger.entity.XXDataMaskTypeDef;
@@ -54,7 +54,6 @@ import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemDataMaskInfo;
import org.apache.ranger.plugin.model.RangerRole;
import org.apache.ranger.service.XUserService;
import org.apache.ranger.view.VXGroup;
-import org.apache.ranger.view.VXUser;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
@@ -76,6 +75,9 @@ public class PolicyRefUpdater {
@Autowired
RoleDBStore roleStore;
+ @Autowired
+ RangerBizUtil rangerBizUtil;
+
public void createNewPolMappingForRefTable(RangerPolicy policy, XXPolicy xPolicy, XXServiceDef xServiceDef) throws Exception {
if(policy == null) {
return;
@@ -285,20 +287,14 @@ public class PolicyRefUpdater {
private Long createUserForPolicy(String user) {
LOG.warn("User specified in policy does not exist in ranger admin, creating new user, User = " + user);
- VXUser vxUser = new VXUser();
- vxUser.setName(user);
- vxUser.setDescription(user);
- vxUser.setUserSource(1);
- vxUser.setPassword(user+"12345");
- vxUser.setUserRoleList(Arrays.asList("ROLE_USER"));
- VXUser createdXUser= xUserMgr.createXUser(vxUser);
- return createdXUser.getId();
+ return xUserMgr.createExternalUser(user).getId();
}
private Long createGroupForPolicy(String group) {
LOG.warn("Group specified in policy does not exist in ranger admin, creating new group, Group = " + group);
VXGroup vxGroup = new VXGroup();
vxGroup.setName(group);
+ vxGroup.setGroupSource(RangerCommonEnums.GROUP_EXTERNAL);
VXGroup vxGroupCreated= xUserMgr.createXGroup(vxGroup);
return vxGroupCreated.getId();
}
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index bfce9a6..88a4330 100755
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -702,6 +702,12 @@ public class XUserMgr extends XUserMgrBase {
return xUserService.createXUserWithOutLogin(vXUser);
}
+ public VXUser createExternalUser(String userName) {
+ checkAdminAccess();
+ xaBizUtil.blockAuditorRoleUser();
+ return createServiceConfigUser(userName);
+ }
+
public VXGroup createXGroup(VXGroup vXGroup) {
checkAdminAccess();
xaBizUtil.blockAuditorRoleUser();
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java b/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
index af80639..8ad5bad 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
@@ -290,6 +290,14 @@ public class XUserREST {
public VXUser createXUser(VXUser vXUser) {
return xUserMgr.createXUserWithOutLogin(vXUser);
}
+
+ @POST
+ @Path("/users/external")
+ @Produces({ "application/xml", "application/json" })
+ @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+ public VXUser createExternalUser(VXUser vXUser) {
+ return xUserMgr.createExternalUser(vXUser.getName());
+ }
@POST
@Path("/users/userinfo")