You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2020/02/24 15:56:29 UTC

[ranger] branch master updated: RANGER-2729: RANGER-2660 should creates external users rather internal

This is an automated email from the ASF dual-hosted git repository.

pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
     new 54083d6  RANGER-2729: RANGER-2660 should creates external users rather internal
54083d6 is described below

commit 54083d6bdd7711588e88ff806eab92af3ea05568
Author: Pradeep <pr...@apache.org>
AuthorDate: Wed Feb 12 16:50:16 2020 +0530

    RANGER-2729: RANGER-2660 should creates external users rather internal
---
 .../java/org/apache/ranger/biz/PolicyRefUpdater.java     | 16 ++++++----------
 .../src/main/java/org/apache/ranger/biz/XUserMgr.java    |  6 ++++++
 .../src/main/java/org/apache/ranger/rest/XUserREST.java  |  8 ++++++++
 3 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java b/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
index 318f9f5..41d235a 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
@@ -19,7 +19,6 @@
 package org.apache.ranger.biz;
 
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
@@ -28,6 +27,7 @@ import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.common.RangerCommonEnums;
 import org.apache.ranger.db.RangerDaoManager;
 import org.apache.ranger.entity.XXAccessTypeDef;
 import org.apache.ranger.entity.XXDataMaskTypeDef;
@@ -54,7 +54,6 @@ import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemDataMaskInfo;
 import org.apache.ranger.plugin.model.RangerRole;
 import org.apache.ranger.service.XUserService;
 import org.apache.ranger.view.VXGroup;
-import org.apache.ranger.view.VXUser;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
@@ -76,6 +75,9 @@ public class PolicyRefUpdater {
 	 @Autowired
 	 RoleDBStore roleStore;
 
+	@Autowired
+	RangerBizUtil rangerBizUtil;
+
 	public void createNewPolMappingForRefTable(RangerPolicy policy, XXPolicy xPolicy, XXServiceDef xServiceDef) throws Exception {
 		if(policy == null) {
 			return;
@@ -285,20 +287,14 @@ public class PolicyRefUpdater {
 
 	private Long createUserForPolicy(String user) {
 		LOG.warn("User specified in policy does not exist in ranger admin, creating new user, User = " + user);
-		VXUser vxUser = new VXUser();
-		vxUser.setName(user);
-		vxUser.setDescription(user);
-		vxUser.setUserSource(1);
-		vxUser.setPassword(user+"12345");
-		vxUser.setUserRoleList(Arrays.asList("ROLE_USER"));
-		VXUser createdXUser= xUserMgr.createXUser(vxUser);
-		return createdXUser.getId();
+		return xUserMgr.createExternalUser(user).getId();
 	}
 
 	private Long createGroupForPolicy(String group) {
 		LOG.warn("Group specified in policy does not exist in ranger admin, creating new group, Group = " + group);
 		VXGroup vxGroup = new VXGroup();
 		vxGroup.setName(group);
+		vxGroup.setGroupSource(RangerCommonEnums.GROUP_EXTERNAL);
 		VXGroup vxGroupCreated= xUserMgr.createXGroup(vxGroup);
 		return vxGroupCreated.getId();
 	}
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index bfce9a6..88a4330 100755
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -702,6 +702,12 @@ public class XUserMgr extends XUserMgrBase {
 		return xUserService.createXUserWithOutLogin(vXUser);
 	}
 
+	public VXUser createExternalUser(String userName) {
+		checkAdminAccess();
+		xaBizUtil.blockAuditorRoleUser();
+		return createServiceConfigUser(userName);
+	}
+
 	public VXGroup createXGroup(VXGroup vXGroup) {
 		checkAdminAccess();
                 xaBizUtil.blockAuditorRoleUser();
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java b/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
index af80639..8ad5bad 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
@@ -290,6 +290,14 @@ public class XUserREST {
 	public VXUser createXUser(VXUser vXUser) {
 		return xUserMgr.createXUserWithOutLogin(vXUser);
 	}
+
+	@POST
+	@Path("/users/external")
+	@Produces({ "application/xml", "application/json" })
+	@PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+	public VXUser createExternalUser(VXUser vXUser) {
+		return xUserMgr.createExternalUser(vXUser.getName());
+	}
 	
 	@POST
 	@Path("/users/userinfo")