You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ve...@apache.org on 2017/02/04 16:01:08 UTC
ranger git commit: RANGER-1345: User group memberships are not
updated properly in Ranger with Incremental LDAP/AD sync
Repository: ranger
Updated Branches:
refs/heads/master 5c2eee8ab -> 223a14974
RANGER-1345: User group memberships are not updated properly in Ranger with Incremental LDAP/AD sync
Signed-off-by: Velmurugan Periasamy <ve...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/223a1497
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/223a1497
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/223a1497
Branch: refs/heads/master
Commit: 223a14974c4614ecf0d0d537c62b5b1319d8d7b7
Parents: 5c2eee8
Author: Sailaja Polavarapu <sp...@hortonworks.com>
Authored: Fri Feb 3 17:09:17 2017 -0800
Committer: Velmurugan Periasamy <ve...@apache.org>
Committed: Sat Feb 4 11:00:52 2017 -0500
----------------------------------------------------------------------
.../java/org/apache/ranger/biz/XUserMgr.java | 4 +++
.../process/LdapPolicyMgrUserGroupBuilder.java | 27 ++++++++++----------
2 files changed, 18 insertions(+), 13 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/223a1497/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index dd6e6ca..2373f35 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -587,6 +587,10 @@ public class XUserMgr extends XUserMgrBase {
if (xGroup == null) {
return vxGUInfo;
}
+
+ VXGroup xgroupInfo = xGroupService.populateViewBean(xGroup);
+ vxGUInfo.setXgroupInfo(xgroupInfo);
+
SearchCriteria searchCriteria = new SearchCriteria();
searchCriteria.addParam("xGroupId", xGroup.getId());
http://git-wip-us.apache.org/repos/asf/ranger/blob/223a1497/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
----------------------------------------------------------------------
diff --git a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
index 3337f61..4c95907 100644
--- a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
+++ b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
@@ -388,40 +388,39 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder
public void addOrUpdateGroup(String groupName, List<String> users) throws Throwable {
// First get the existing group user mappings from Ranger admin.
// Then compute the delta and send the updated group user mappings to ranger admin.
- GroupUserInfo groupUserInfo = new GroupUserInfo();
+ LOG.debug("addOrUpdateGroup for " + groupName + " with users: " + users);
+ GroupUserInfo groupUserInfo = null;
if (authenticationType != null && AUTH_KERBEROS.equalsIgnoreCase(authenticationType) && SecureClientLogin.isKerberosCredentialExists(principal,keytab)) {
try {
LOG.info("Using principal = " + principal + " and keytab = " + keytab);
Subject sub = SecureClientLogin.loginUserFromKeytab(principal, keytab, nameRules);
- final GroupUserInfo groupInfo = groupUserInfo;
final String gName = groupName;
- Subject.doAs(sub, new PrivilegedAction<Void>() {
+ groupUserInfo = Subject.doAs(sub, new PrivilegedAction<GroupUserInfo>() {
@Override
- public Void run() {
+ public GroupUserInfo run() {
try {
- getGroupUserInfo(gName, groupInfo);
+ return getGroupUserInfo(gName);
} catch (Exception e) {
LOG.error("Failed to build Group List : ", e);
}
return null;
}
});
- groupUserInfo = groupInfo;
} catch (Exception e) {
LOG.error("Failed to Authenticate Using given Principal and Keytab : ", e);
}
} else {
- getGroupUserInfo(groupName, groupUserInfo);
+ groupUserInfo = getGroupUserInfo(groupName);
}
- //GroupUserInfo groupUserInfo = getGroupUserInfo(groupName);
- LOG.debug("Returned users for group " + groupUserInfo.getXgroupInfo() + " are: " + groupUserInfo.getXuserInfo());
List<String> oldUsers = new ArrayList<String>();
if (groupUserInfo.getXuserInfo() != null) {
for (XUserInfo xUserInfo : groupUserInfo.getXuserInfo()) {
oldUsers.add(xUserInfo.getName());
}
+ LOG.debug("Returned users for group " + groupUserInfo.getXgroupInfo().getName() + " are: " + oldUsers);
}
+
List<String> addUsers = new ArrayList<String>();
List<String> delUsers = new ArrayList<String>();
@@ -640,8 +639,8 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder
return ret;
}
- public void getGroupUserInfo(String groupName, GroupUserInfo ret) {
- //GroupUserInfo ret = null;
+ public GroupUserInfo getGroupUserInfo(String groupName) {
+ GroupUserInfo ret = null;
try {
Client c = getClient();
@@ -655,15 +654,17 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder
Gson gson = new GsonBuilder().create();
- LOG.debug("RESPONSE: [" + response + "]");
+ LOG.debug("RESPONSE for " + uri + ": [" + response + "]");
ret = gson.fromJson(response, GroupUserInfo.class);
- LOG.debug("return value = " + ret);
+
+ LOG.debug("return value = " + ret.getXgroupInfo().getName());
} catch (Exception e) {
LOG.warn( "ERROR: Unable to get group user mappings for: " + groupName, e);
}
+ return ret;
}
private String getURL(String uri) {