This is an automated email from the ASF dual-hosted git repository. spolavarapu pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push: new 0bfe8a0 RANGER-2531: Removing a user from a group is not reflected properly in unix based sync 0bfe8a0 is described below commit 0bfe8a0b4c521297a91c4421fbe35f30c52608bc Author: Sailaja Polavarapu <spolavar...@cloudera.com> AuthorDate: Thu Aug 8 16:32:08 2019 -0700 RANGER-2531: Removing a user from a group is not reflected properly in unix based sync --- .../process/PolicyMgrUserGroupBuilder.java | 327 ++++++++++++--------- .../unixusersync/process/UnixUserGroupBuilder.java | 11 +- 2 files changed, 195 insertions(+), 143 deletions(-) diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java index 466c747..e5fc68b 100644 --- a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java +++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java @@ -425,152 +425,199 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink { } } - for(String g : addGroups) { - LOG.debug("INFO: addPMXAGroupToUser(" + userName + "," + g + ")" ); - } - if (!isMockRun) { - if (!addGroups.isEmpty()) { - XUserInfo obj = addXUserInfo(userName); - if (obj != null) { - for (String group : addGroups) { - String value = groupMap.get(group); - if (value != null) { - List<String> userRoleList = new ArrayList<String>(); - userRoleList.add(value); - if (userMap.containsKey(obj.getName())) { - List<String> userRole = new ArrayList<String>(); - userRole.add(userMap.get(obj.getName())); - if (!obj.getUserRoleList().equals(userRole)) { - obj.setUserRoleList(userRole); + for(String g : addGroups) { + if (LOG.isDebugEnabled()) { + LOG.debug("INFO: addPMXAGroupToUser(" + userName + "," + g + ")"); + } + } + for(String g : delGroups) { + if (LOG.isDebugEnabled()) { + LOG.debug("INFO: delPMXAGroupFromUser(" + userName + "," + g + ")"); + } + } + for(String g : updateGroups) { + if (LOG.isDebugEnabled()) { + LOG.debug("INFO: updatePMXAGroupToUser(" + userName + "," + g + ")"); + } + } - } - } else if (!obj.getUserRoleList().equals(userRoleList)) { - obj.setUserRoleList(userRoleList); - } - } - } - } - ugInfo.setXuserInfo(obj); - ugInfo.setXgroupInfo(getXGroupInfoList(addGroups)); - try { - // If the rest call to ranger admin fails, - // propagate the failure to the caller for retry in next - // sync cycle. - if (addUserGroupInfo(ugInfo) == null) { - String msg = "Failed to add user group info"; - LOG.error(msg); - throw new Exception(msg); - } - } catch (Throwable t) { - LOG.error("PolicyMgrUserGroupBuilder.addUserGroupInfo failed for user-group entry: " - + ugInfo.toString() + " with exception: ", t); - } - } - addXUserGroupInfo(user, addGroups); - } + if (isMockRun) { + return; + } + if (!addGroups.isEmpty()) { + XUserInfo obj = addXUserInfo(userName); + if (obj != null) { + for (String group : addGroups) { + String value = groupMap.get(group); + if (value != null) { + List<String> userRoleList = new ArrayList<String>(); + userRoleList.add(value); + if (userMap.containsKey(obj.getName())) { + List<String> userRole = new ArrayList<String>(); + userRole.add(userMap.get(obj.getName())); + if (!obj.getUserRoleList().equals(userRole)) { + obj.setUserRoleList(userRole); - for(String g : delGroups) { - LOG.debug("INFO: delPMXAGroupFromUser(" + userName + "," + g + ")" ); - } + } + } else if (!obj.getUserRoleList().equals(userRoleList)) { + obj.setUserRoleList(userRoleList); + } + } + } + } + ugInfo.setXuserInfo(obj); + ugInfo.setXgroupInfo(getXGroupInfoList(addGroups)); + try { + // If the rest call to ranger admin fails, + // propagate the failure to the caller for retry in next + // sync cycle. + if (addUserGroupInfo(ugInfo) == null) { + String msg = "Failed to add user group info"; + LOG.error(msg); + throw new Exception(msg); + } + } catch (Throwable t) { + LOG.error("PolicyMgrUserGroupBuilder.addUserGroupInfo failed for user-group entry: " + + ugInfo.toString() + " with exception: ", t); + } + addXUserGroupInfo(user, addGroups); + } - if (! isMockRun ) { - delXUserGroupInfo(user, delGroups); + if (!delGroups.isEmpty()) { + if (LOG.isDebugEnabled()) { + LOG.debug("PolicyMgrUserGroupBuilder.addUserGroupInfo() user role list for " + userName + " after delete = " + user.getUserRoleList()); + } + delXUserGroupInfo(user, delGroups); //Remove groups from user mapping userName2XUserInfoMap.get(userName).deleteGroups(delGroups); - LOG.debug(userName2XUserInfoMap.get(userName).getGroups()); - } - if (! isMockRun) { - if (!updateGroups.isEmpty()) { - XUserInfo obj = addXUserInfo(userName); - if (obj != null) { - for (String group : updateGroups) { - String value = groupMap.get(group); - if (value != null) { - List<String> userRoleList = new ArrayList<String>(); - userRoleList.add(value); - if (userMap.containsKey(obj.getName())) { - List<String> userRole = new ArrayList<String>(); - userRole.add(userMap.get(obj.getName())); - if (!obj.getUserRoleList().equals(userRole)) { - obj.setUserRoleList(userRole); - } - } else if (!obj.getUserRoleList().equals( - userRoleList)) { - obj.setUserRoleList(userRoleList); - } - } - } - } - ugInfo.setXuserInfo(obj); - ugInfo.setXgroupInfo(getXGroupInfoList(updateGroups)); - try { - // If the rest call to ranger admin fails, - // propagate the failure to the caller for retry in next - // sync cycle. - if (addUserGroupInfo(ugInfo) == null) { - String msg = "Failed to add user group info"; - LOG.error(msg); - throw new Exception(msg); - } - } catch (Throwable t) { - LOG.error("PolicyMgrUserGroupBuilder.addUserGroupInfo failed with exception: " - + t.getMessage() - + ", for user-group entry: " - + ugInfo); - } - } - } - if (!isMockRun) { - XUserInfo obj = addXUserInfo(userName); - boolean roleFlag = false; - if (obj != null && updateGroups.isEmpty() - && addGroups.isEmpty()) { - if (userMap.containsKey(obj.getName())) { - List<String> userRole = new ArrayList<String>(); - userRole.add(userMap.get(obj.getName())); - if (!obj.getUserRoleList().equals(userRole)) { - obj.setUserRoleList(userRole); - roleFlag = true; - } - } else { - for (String group : groups) { - String value = groupMap.get(group); - if (value != null) { - List<String> userRoleList = new ArrayList<String>(); - userRoleList.add(value); - if (!obj.getUserRoleList().equals(userRoleList)) { - obj.setUserRoleList(userRoleList); - roleFlag = true; - } - } - } + List<String> groupList = userName2XUserInfoMap.get(userName).getGroups(); + if (LOG.isDebugEnabled()) { + LOG.debug("PolicyMgrUserGroupBuilder.addUserGroupInfo() groups for " + userName + " after delete = " + groupList); + } + if (!groupList.isEmpty()) { + XUserInfo obj = addXUserInfo(userName); + if (obj != null) { + for (String group : updateGroups) { + String value = groupMap.get(group); + if (value != null) { + List<String> userRoleList = new ArrayList<String>(); + userRoleList.add(value); + if (userMap.containsKey(obj.getName())) { + List<String> userRole = new ArrayList<String>(); + userRole.add(userMap.get(obj.getName())); + if (!obj.getUserRoleList().equals(userRole)) { + obj.setUserRoleList(userRole); + } + } else if (!obj.getUserRoleList().equals( + userRoleList)) { + obj.setUserRoleList(userRoleList); + } + } + } + } + ugInfo.setXuserInfo(obj); + ugInfo.setXgroupInfo(getXGroupInfoList(groupList)); + try { + // If the rest call to ranger admin fails, + // propagate the failure to the caller for retry in next + // sync cycle. + if (addUserGroupInfo(ugInfo) == null) { + String msg = "Failed to add user group info"; + LOG.error(msg); + throw new Exception(msg); + } + } catch (Throwable t) { + LOG.error("PolicyMgrUserGroupBuilder.addUserGroupInfo failed with exception: " + + t.getMessage() + + ", for user-group entry: " + + ugInfo); + } + } + } + + if (!updateGroups.isEmpty()) { + XUserInfo obj = addXUserInfo(userName); + if (obj != null) { + for (String group : updateGroups) { + String value = groupMap.get(group); + if (value != null) { + List<String> userRoleList = new ArrayList<String>(); + userRoleList.add(value); + if (userMap.containsKey(obj.getName())) { + List<String> userRole = new ArrayList<String>(); + userRole.add(userMap.get(obj.getName())); + if (!obj.getUserRoleList().equals(userRole)) { + obj.setUserRoleList(userRole); + } + } else if (!obj.getUserRoleList().equals( + userRoleList)) { + obj.setUserRoleList(userRoleList); + } + } + } + } + ugInfo.setXuserInfo(obj); + ugInfo.setXgroupInfo(getXGroupInfoList(updateGroups)); + try { + // If the rest call to ranger admin fails, + // propagate the failure to the caller for retry in next + // sync cycle. + if (addUserGroupInfo(ugInfo) == null) { + String msg = "Failed to add user group info"; + LOG.error(msg); + throw new Exception(msg); + } + } catch (Throwable t) { + LOG.error("PolicyMgrUserGroupBuilder.addUserGroupInfo failed with exception: " + + t.getMessage() + + ", for user-group entry: " + + ugInfo); + } + } - } - ugInfo.setXuserInfo(obj); - ugInfo.setXgroupInfo(getXGroupInfoList(groups)); - } - if (roleFlag) { - try { - // If the rest call to ranger admin fails, - // propagate the failure to the caller for retry in next - // sync cycle. - if (addUserGroupInfo(ugInfo) == null) { - String msg = "Failed to add user group info"; - LOG.error(msg); - throw new Exception(msg); - } - } catch (Throwable t) { - LOG.error("PolicyMgrUserGroupBuilder.addUserGroupInfo failed with exception: " - + t.getMessage() - + ", for user-group entry: " - + ugInfo); - } - } - } - //LOG.info("Adding new groups " + addGroups + " for user = " + userName); if (isStartupFlag) { + XUserInfo obj = addXUserInfo(userName); + if (obj != null && updateGroups.isEmpty() + && addGroups.isEmpty() && delGroups.isEmpty()) { + for (String group : groups) { + String value = groupMap.get(group); + if (value != null) { + List<String> userRoleList = new ArrayList<String>(); + userRoleList.add(value); + if (userMap.containsKey(obj.getName())) { + List<String> userRole = new ArrayList<String>(); + userRole.add(userMap.get(obj.getName())); + if (!obj.getUserRoleList().equals(userRole)) { + obj.setUserRoleList(userRole); + } + } else if (!obj.getUserRoleList().equals( + userRoleList)) { + obj.setUserRoleList(userRoleList); + } + } + } + ugInfo.setXuserInfo(obj); + ugInfo.setXgroupInfo(getXGroupInfoList(groups)); + try { + // If the rest call to ranger admin fails, + // propagate the failure to the caller for retry in next + // sync cycle. + if (addUserGroupInfo(ugInfo) == null) { + String msg = "Failed to add user group info"; + LOG.error(msg); + throw new Exception(msg); + } + } catch (Throwable t) { + LOG.error("PolicyMgrUserGroupBuilder.addUserGroupInfo failed with exception: " + + t.getMessage() + + ", for user-group entry: " + + ugInfo); + } + } modifiedGroupList.addAll(oldGroups); - LOG.debug("Adding user to modified user list: " + userName + ": " + oldGroups); + if (LOG.isDebugEnabled()) { + LOG.debug("Adding user to modified user list: " + userName + ": " + oldGroups); + } modifiedUserList.add(userName); } else { @@ -990,6 +1037,10 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink { xuserInfo.setDescription(aUserName + " - add from Unix box"); + List<String> userRole = new ArrayList<>(); + userRole.add("ROLE_USER"); + xuserInfo.setUserRoleList(userRole); + usergroupInfo.setXuserInfo(xuserInfo); return xuserInfo; diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java index ddab629..2cf0082 100644 --- a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java +++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java @@ -73,11 +73,11 @@ public class UnixUserGroupBuilder implements UserGroupSource { private long timeout = 0; private UserGroupSyncConfig config = UserGroupSyncConfig.getInstance(); - private Map<String,List<String>> user2GroupListMap = new HashMap<String,List<String>>(); - private Map<String,List<String>> internalUser2GroupListMap = new HashMap<String,List<String>>(); - private Map<String,String> groupId2groupNameMap = new HashMap<String,String>(); - private int minimumUserId = 0; - private int minimumGroupId = 0; + private Map<String,List<String>> user2GroupListMap; + private Map<String,List<String>> internalUser2GroupListMap; + private Map<String,String> groupId2groupNameMap; + private int minimumUserId = 0; + private int minimumGroupId = 0; private String unixPasswordFile; private String unixGroupFile; @@ -194,6 +194,7 @@ public class UnixUserGroupBuilder implements UserGroupSource { private void buildUserGroupInfo() throws Throwable { user2GroupListMap = new HashMap<String,List<String>>(); groupId2groupNameMap = new HashMap<String, String>(); + internalUser2GroupListMap = new HashMap<String,List<String>>(); allGroups = new HashSet<>(); if (OS.startsWith("Mac")) {