[ranger] branch master updated: RANGER-2552: Fixed code to update the user role/permissions properly when group memberships are updated

Tue, 27 Aug 2019 11:05:23 -0700 

This is an automated email from the ASF dual-hosted git repository.

spolavarapu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
     new ba2d550  RANGER-2552: Fixed code to update the user role/permissions 
properly when group memberships are updated
ba2d550 is described below

commit ba2d55068a0c4e19b29616c1265575da674a5170
Author: Sailaja Polavarapu <spolavar...@cloudera.com>
AuthorDate: Tue Aug 27 10:32:38 2019 -0700

    RANGER-2552: Fixed code to update the user role/permissions properly when 
group memberships are updated
---
 .../process/PolicyMgrUserGroupBuilder.java         | 158 ++++++---------------
 1 file changed, 44 insertions(+), 114 deletions(-)

diff --git 
a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
 
b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
index e5fc68b..52579a3 100644
--- 
a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
+++ 
b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
@@ -34,6 +34,7 @@ import java.util.HashSet;
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 import java.util.StringTokenizer;
 import java.util.regex.Pattern;
 
@@ -359,7 +360,6 @@ public class PolicyMgrUserGroupBuilder implements 
UserGroupSink {
        @Override
        public void addOrUpdateUser(String userName, List<String> groups) 
throws Throwable {
 
-               UserGroupInfo ugInfo              = new UserGroupInfo();
                XUserInfo user = userName2XUserInfoMap.get(userName);
 
                if (groups == null) {
@@ -402,6 +402,7 @@ public class PolicyMgrUserGroupBuilder implements 
UserGroupSink {
                        List<String> addGroups = new ArrayList<String>();
                        List<String> delGroups = new ArrayList<String>();
                        List<String> updateGroups = new ArrayList<String>();
+                       Set<String> cumulativeGroups = new HashSet<>();
                        XGroupInfo tempXGroupInfo=null;
                        for(String group : groups) {
                                if (! oldGroups.contains(group)) {
@@ -442,122 +443,54 @@ public class PolicyMgrUserGroupBuilder implements 
UserGroupSink {
                        }
 
                        if (isMockRun) {
-                               return;
-                       }
-                       if (!addGroups.isEmpty()) {
-                               XUserInfo obj = addXUserInfo(userName);
-                               if (obj != null) {
-                                       for (String group : addGroups) {
-                                               String value = 
groupMap.get(group);
-                                               if (value != null) {
-                                                       List<String> 
userRoleList = new ArrayList<String>();
-                                                       userRoleList.add(value);
-                                                       if 
(userMap.containsKey(obj.getName())) {
-                                                               List<String> 
userRole = new ArrayList<String>();
-                                                               
userRole.add(userMap.get(obj.getName()));
-                                                               if 
(!obj.getUserRoleList().equals(userRole)) {
-                                                                       
obj.setUserRoleList(userRole);
-
-                                                               }
-                                                       } else if 
(!obj.getUserRoleList().equals(userRoleList)) {
-                                                               
obj.setUserRoleList(userRoleList);
-                                                       }
-                                               }
-                                       }
-                               }
-                               ugInfo.setXuserInfo(obj);
-                               
ugInfo.setXgroupInfo(getXGroupInfoList(addGroups));
-                               try {
-                                       // If the rest call to ranger admin 
fails,
-                                       // propagate the failure to the caller 
for retry in next
-                                       // sync cycle.
-                                       if (addUserGroupInfo(ugInfo) == null) {
-                                               String msg = "Failed to add 
user group info";
-                                               LOG.error(msg);
-                                               throw new Exception(msg);
-                                       }
-                               } catch (Throwable t) {
-                                       
LOG.error("PolicyMgrUserGroupBuilder.addUserGroupInfo failed for user-group 
entry: "
-                                                       + ugInfo.toString() + " 
with exception: ", t);
+                               if (LOG.isDebugEnabled()) {
+                                       
LOG.debug("PolicyMgrUserGroupBuilder.addOrUpdateUser(): Mock Run enabled and 
hence not sending updates to Ranger admin!");
                                }
-                               addXUserGroupInfo(user, addGroups);
+                               return;
                        }
 
                        if (!delGroups.isEmpty()) {
-                               if (LOG.isDebugEnabled()) {
-                                       
LOG.debug("PolicyMgrUserGroupBuilder.addUserGroupInfo() user role list for " + 
userName + " after delete = " + user.getUserRoleList());
-                               }
                                delXUserGroupInfo(user, delGroups);
                                //Remove groups from user mapping
-                               
userName2XUserInfoMap.get(userName).deleteGroups(delGroups);
-                               List<String> groupList = 
userName2XUserInfoMap.get(userName).getGroups();
+                               user.deleteGroups(delGroups);
                                if (LOG.isDebugEnabled()) {
-                                       
LOG.debug("PolicyMgrUserGroupBuilder.addUserGroupInfo() groups for " + userName 
+ " after delete = " + groupList);
-                               }
-                               if (!groupList.isEmpty()) {
-                                       XUserInfo obj = addXUserInfo(userName);
-                                       if (obj != null) {
-                                               for (String group : 
updateGroups) {
-                                                       String value = 
groupMap.get(group);
-                                                       if (value != null) {
-                                                               List<String> 
userRoleList = new ArrayList<String>();
-                                                               
userRoleList.add(value);
-                                                               if 
(userMap.containsKey(obj.getName())) {
-                                                                       
List<String> userRole = new ArrayList<String>();
-                                                                       
userRole.add(userMap.get(obj.getName()));
-                                                                       if 
(!obj.getUserRoleList().equals(userRole)) {
-                                                                               
obj.setUserRoleList(userRole);
-                                                                       }
-                                                               } else if 
(!obj.getUserRoleList().equals(
-                                                                               
userRoleList)) {
-                                                                       
obj.setUserRoleList(userRoleList);
-                                                               }
-                                                       }
-                                               }
-                                       }
-                                       ugInfo.setXuserInfo(obj);
-                                       
ugInfo.setXgroupInfo(getXGroupInfoList(groupList));
-                                       try {
-                                               // If the rest call to ranger 
admin fails,
-                                               // propagate the failure to the 
caller for retry in next
-                                               // sync cycle.
-                                               if (addUserGroupInfo(ugInfo) == 
null) {
-                                                       String msg = "Failed to 
add user group info";
-                                                       LOG.error(msg);
-                                                       throw new 
Exception(msg);
-                                               }
-                                       } catch (Throwable t) {
-                                               
LOG.error("PolicyMgrUserGroupBuilder.addUserGroupInfo failed with exception: "
-                                                               + t.getMessage()
-                                                               + ", for 
user-group entry: "
-                                                               + ugInfo);
-                                       }
+                                       
LOG.debug("PolicyMgrUserGroupBuilder.addUserGroupInfo(): groups for " + 
userName + " after delete = " + user.getGroups());
                                }
                        }
 
-                       if (!updateGroups.isEmpty()) {
+                       if (!delGroups.isEmpty() || !addGroups.isEmpty() || 
!updateGroups.isEmpty()) {
+                               cumulativeGroups = new 
HashSet<>(user.getGroups());
+                               cumulativeGroups.addAll(addGroups);
+                               cumulativeGroups.addAll(updateGroups);
+                               if (LOG.isDebugEnabled()) {
+                                       
LOG.debug("PolicyMgrUserGroupBuilder.addUserGroupInfo(): cumulative groups for 
" + userName + " = " + cumulativeGroups);
+                               }
+
+                               UserGroupInfo ugInfo = new UserGroupInfo();
                                XUserInfo obj = addXUserInfo(userName);
-                               if (obj != null) {
-                                       for (String group : updateGroups) {
-                                               String value = 
groupMap.get(group);
-                                               if (value != null) {
-                                                       List<String> 
userRoleList = new ArrayList<String>();
-                                                       userRoleList.add(value);
-                                                       if 
(userMap.containsKey(obj.getName())) {
-                                                               List<String> 
userRole = new ArrayList<String>();
-                                                               
userRole.add(userMap.get(obj.getName()));
-                                                               if 
(!obj.getUserRoleList().equals(userRole)) {
-                                                                       
obj.setUserRoleList(userRole);
-                                                               }
-                                                       } else if 
(!obj.getUserRoleList().equals(
-                                                                       
userRoleList)) {
-                                                               
obj.setUserRoleList(userRoleList);
-                                                       }
-                                               }
+                               Set<String> userRoleList = new HashSet<>();
+                               if (userMap.containsKey(userName)) {
+                                       // Add the user role that is defined in 
user role assignments
+                                       userRoleList.add(userMap.get(userName));
+                               }
+
+                               for (String group : cumulativeGroups) {
+                                       String value = groupMap.get(group);
+                                       if (value != null) {
+                                               userRoleList.add(value);
                                        }
                                }
+
+                               if (!userRoleList.isEmpty()) {
+                                       obj.setUserRoleList(new 
ArrayList<>(userRoleList));
+                               }
+
+                               if (LOG.isDebugEnabled()) {
+                                       
LOG.debug("PolicyMgrUserGroupBuilder.addUserGroupInfo() user role list for " + 
userName + " = " + obj.getUserRoleList());
+                               }
+
                                ugInfo.setXuserInfo(obj);
-                               
ugInfo.setXgroupInfo(getXGroupInfoList(updateGroups));
+                               ugInfo.setXgroupInfo(getXGroupInfoList(new 
ArrayList<>(cumulativeGroups)));
                                try {
                                        // If the rest call to ranger admin 
fails,
                                        // propagate the failure to the caller 
for retry in next
@@ -576,26 +509,23 @@ public class PolicyMgrUserGroupBuilder implements 
UserGroupSink {
                        }
 
                        if (isStartupFlag) {
+                               UserGroupInfo ugInfo = new UserGroupInfo();
                                XUserInfo obj = addXUserInfo(userName);
                                if (obj != null && updateGroups.isEmpty()
                                                && addGroups.isEmpty() && 
delGroups.isEmpty()) {
+                                       Set<String> userRoleList = new 
HashSet<>();
+                                       if (userMap.containsKey(userName)) {
+                                               // Add the user role that is 
defined in user role assignments
+                                               
userRoleList.add(userMap.get(userName));
+                                       }
+
                                        for (String group : groups) {
                                                String value = 
groupMap.get(group);
                                                if (value != null) {
-                                                       List<String> 
userRoleList = new ArrayList<String>();
                                                        userRoleList.add(value);
-                                                       if 
(userMap.containsKey(obj.getName())) {
-                                                               List<String> 
userRole = new ArrayList<String>();
-                                                               
userRole.add(userMap.get(obj.getName()));
-                                                               if 
(!obj.getUserRoleList().equals(userRole)) {
-                                                                       
obj.setUserRoleList(userRole);
-                                                               }
-                                                       } else if 
(!obj.getUserRoleList().equals(
-                                                                       
userRoleList)) {
-                                                               
obj.setUserRoleList(userRoleList);
-                                                       }
                                                }
                                        }
+                                       obj.setUserRoleList(new 
ArrayList<>(userRoleList));
                                        ugInfo.setXuserInfo(obj);
                                        
ugInfo.setXgroupInfo(getXGroupInfoList(groups));
                                        try {

Reply via email to