[ranger] branch master updated: RANGER-3562: Redesign post commit tasks for updating ref-tables when policy/role is updated

abhay Mon, 03 Jan 2022 19:15:44 -0800

This is an automated email from the ASF dual-hosted git repository.

abhay pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git



The following commit(s) were added to refs/heads/master by this push:
     new df07b0d  RANGER-3562: Redesign post commit tasks for updating 
ref-tables when policy/role is updated
df07b0d is described below

commit df07b0da94dced97e6022b1d0d243c8b2e358803
Author: Abhay Kulkarni <ab...@apache.org>
AuthorDate: Mon Jan 3 18:38:55 2022 -0800

    RANGER-3562: Redesign post commit tasks for updating ref-tables when 
policy/role is updated
---
 .../main/java/org/apache/ranger/biz/AssetMgr.java  |  18 +-
 .../org/apache/ranger/biz/PolicyRefUpdater.java    | 474 ++++++++++-----------
 .../java/org/apache/ranger/biz/RoleRefUpdater.java | 395 +++++++++--------
 .../ranger/service/RangerPluginActivityLogger.java |  15 +-
 .../service/TestRangerPluginActivityLogger.java    |   3 +-
 5 files changed, 436 insertions(+), 469 deletions(-)

diff --git a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 
b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
index 36f137e..08255b3 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
@@ -48,6 +48,7 @@ import org.apache.ranger.common.RangerCommonEnums;
 import org.apache.ranger.common.RangerConstants;
 import org.apache.ranger.common.SearchCriteria;
 import org.apache.ranger.common.StringUtil;
+import org.apache.ranger.common.db.RangerTransactionSynchronizationAdapter;
 import org.apache.ranger.db.RangerDaoManager;
 import org.apache.ranger.elasticsearch.ElasticSearchAccessAuditsService;
 import org.apache.ranger.entity.XXPermMap;
@@ -121,7 +122,7 @@ public class AssetMgr extends AssetMgrBase {
        XPolicyService xPolicyService;
 
        @Autowired
-       RangerPluginActivityLogger activityLogger;
+       RangerTransactionSynchronizationAdapter 
transactionSynchronizationAdapter;
 
        @Autowired
        RangerPluginInfoService pluginInfoService;
@@ -663,7 +664,7 @@ public class AssetMgr extends AssetMgrBase {
 
                                        }
                                };
-                               
activityLogger.commitAfterTransactionComplete(commitWork);
+                               
transactionSynchronizationAdapter.executeOnTransactionCompletion(commitWork);
                        }
                } else {
                        ret = 
rangerDaoManager.getXXPolicyExportAudit().create(xXPolicyExportAudit);
@@ -733,6 +734,7 @@ public class AssetMgr extends AssetMgrBase {
                }
 
                final boolean isTagVersionResetNeeded;
+               final Runnable commitWork;
 
                if (httpCode == HttpServletResponse.SC_NOT_MODIFIED) {
                        // Create or update PluginInfo record after transaction 
is completed. If it is created in-line here
@@ -757,15 +759,13 @@ public class AssetMgr extends AssetMgrBase {
                                        break;
                        }
 
-                       Runnable commitWork = new Runnable() {
+                       commitWork = new Runnable() {
                                @Override
                                public void run() {
                                        
doCreateOrUpdateXXPluginInfo(pluginInfo, entityType, isTagVersionResetNeeded, 
clusterName);
                                }
                        };
-                       
activityLogger.commitAfterTransactionComplete(commitWork);
                } else if (httpCode == HttpServletResponse.SC_NOT_FOUND) {
-                       Runnable commitWork;
                        if ((isPolicyDownloadRequest(entityType) && 
(pluginInfo.getPolicyActiveVersion() == null || 
pluginInfo.getPolicyActiveVersion() == -1))
                                        || (isTagDownloadRequest(entityType) && 
(pluginInfo.getTagActiveVersion() == null || pluginInfo.getTagActiveVersion() 
== -1))
                                        || (isRoleDownloadRequest(entityType) 
&& (pluginInfo.getRoleActiveVersion() == null || 
pluginInfo.getRoleActiveVersion() == -1))
@@ -784,12 +784,16 @@ public class AssetMgr extends AssetMgrBase {
                                        }
                                };
                        }
-                       
activityLogger.commitAfterTransactionComplete(commitWork);
-
                } else {
                        isTagVersionResetNeeded = false;
+                       commitWork = null;
                        doCreateOrUpdateXXPluginInfo(pluginInfo, entityType, 
isTagVersionResetNeeded, clusterName);
                }
+
+               if (commitWork != null) {
+                       
transactionSynchronizationAdapter.executeOnTransactionCompletion(commitWork);
+               }
+
                if (logger.isDebugEnabled()) {
                        logger.debug("<== createOrUpdatePluginInfo(pluginInfo = 
" + pluginInfo + ", isPolicyDownloadRequest = " + 
isPolicyDownloadRequest(entityType) + ", httpCode = " + httpCode + ")");
                }
diff --git 
a/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java 
b/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
index 4452676..f8f0ee9 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
@@ -23,8 +23,6 @@ import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
 
-import javax.servlet.http.HttpServletResponse;
-
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
@@ -58,21 +56,23 @@ import 
org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition;
 import 
org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemDataMaskInfo;
 import org.apache.ranger.plugin.model.RangerRole;
 import org.apache.ranger.service.RangerAuditFields;
-import org.apache.ranger.service.RangerTransactionService;
 import org.apache.ranger.service.XGroupService;
-import org.apache.ranger.service.XUserService;
 import org.apache.ranger.view.VXGroup;
 import org.apache.ranger.view.VXResponse;
 import org.apache.ranger.view.VXUser;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
+import javax.servlet.http.HttpServletResponse;
+
 
 @Component
 public class PolicyRefUpdater {
 
        private static final Log LOG = 
LogFactory.getLog(PolicyRefUpdater.class);
 
+       public enum PRINCIPAL_TYPE { USER, GROUP, ROLE }
+
        @Autowired
        RangerDaoManager daoMgr;
 
@@ -82,12 +82,8 @@ public class PolicyRefUpdater {
        @Autowired
        XUserMgr xUserMgr;
 
-
        @Autowired
-       XUserService xUserService;
-
-        @Autowired
-        RoleDBStore roleStore;
+       RoleDBStore roleStore;
 
        @Autowired
        RangerBizUtil rangerBizUtil;
@@ -99,9 +95,6 @@ public class PolicyRefUpdater {
        RangerTransactionSynchronizationAdapter 
rangerTransactionSynchronizationAdapter;
 
        @Autowired
-       RangerTransactionService transactionService;
-
-       @Autowired
        RESTErrorUtil restErrorUtil;
 
        public void createNewPolMappingForRefTable(RangerPolicy policy, 
XXPolicy xPolicy, XXServiceDef xServiceDef) throws Exception {
@@ -175,28 +168,28 @@ public class PolicyRefUpdater {
                }
                daoMgr.getXXPolicyRefResource().batchCreate(xPolResources);
 
+               final boolean isAdmin = rangerBizUtil.checkAdminAccess();
+
                List<XXPolicyRefRole> xPolRoles = new ArrayList<>();
                for (String role : roleNames) {
                        if (StringUtils.isBlank(role)) {
                                continue;
                        }
-
-                       XXRole xRole = daoMgr.getXXRole().findByRoleName(role);
-                       Long roleId = null;
-                       if (xRole != null) {
-                               roleId = xRole.getId();
-                       }
-                       else {
-                               RangerBizUtil.setBulkMode(false);
-                               roleId = createRoleForPolicy(role);
+                       PolicyPrincipalAssociator associator = new 
PolicyPrincipalAssociator(PRINCIPAL_TYPE.ROLE, role, xPolicy);
+                       if (associator.doAssociate(false)) {
+                               if (LOG.isDebugEnabled()) {
+                                       LOG.debug("Role name: " + role + " 
specified in policy does not exist in ranger admin.");
+                               }
+                       } else {
+                               if (isAdmin) {
+                                       
rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(associator);
+                               } else {
+                                       VXResponse gjResponse = new 
VXResponse();
+                                       
gjResponse.setStatusCode(HttpServletResponse.SC_BAD_REQUEST);
+                                       gjResponse.setMsgDesc("Operation 
denied. Role name: " + role + " specified in policy does not exist in ranger 
admin.");
+                                       throw 
restErrorUtil.generateRESTException(gjResponse);
+                               }
                        }
-                       XXPolicyRefRole xPolRole = 
rangerAuditFields.populateAuditFields(new XXPolicyRefRole(), xPolicy);
-
-                       xPolRole.setPolicyId(policy.getId());
-                       xPolRole.setRoleId(roleId);
-                       xPolRole.setRoleName(role);
-
-                       xPolRoles.add(xPolRole);
                }
                RangerBizUtil.setBulkMode(oldBulkMode);
                daoMgr.getXXPolicyRefRole().batchCreate(xPolRoles);
@@ -206,19 +199,18 @@ public class PolicyRefUpdater {
                                continue;
                        }
 
-                       XXGroup xGroup = 
daoMgr.getXXGroup().findByGroupName(group);
-                       Long groupId = null;
-                       if (xGroup != null) {
-                               groupId = xGroup.getId();
-                               groupPolicyAssociation(xPolicy,groupId,group );
-                       }
-                       else {
-                               if(rangerBizUtil.checkAdminAccess()) {
-                                       createGroupForPolicy(group, xPolicy);
-                               }else {
+                       PolicyPrincipalAssociator associator = new 
PolicyPrincipalAssociator(PRINCIPAL_TYPE.GROUP, group, xPolicy);
+                       if (associator.doAssociate(false)) {
+                               if (LOG.isDebugEnabled()) {
+                                       LOG.debug("Group name: " + group + " 
specified in policy does not exist in ranger admin.");
+                               }
+                       } else {
+                               if (isAdmin) {
+                                       
rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(associator);
+                               } else {
                                        VXResponse gjResponse = new 
VXResponse();
                                        
gjResponse.setStatusCode(HttpServletResponse.SC_BAD_REQUEST);
-                                       gjResponse.setMsgDesc("Operation 
denied. Group name: "+group + " specified in policy does not exist in ranger 
admin.");
+                                       gjResponse.setMsgDesc("Operation 
denied. Group name: " + group + " specified in policy does not exist in ranger 
admin.");
                                        throw 
restErrorUtil.generateRESTException(gjResponse);
                                }
                        }
@@ -228,24 +220,21 @@ public class PolicyRefUpdater {
                        if (StringUtils.isBlank(user)) {
                                continue;
                        }
-
-                       XXUser xUser = daoMgr.getXXUser().findByUserName(user);
-                       Long userId = null;
-                       if(xUser != null){
-                               userId = xUser.getId();
-                               userPolicyAssociation(xPolicy,userId, user );
-                       }
-                       else {
-                               if(rangerBizUtil.checkAdminAccess()) {
-                                       createUserForPolicy(user,xPolicy);
-                               }else {
+                       PolicyPrincipalAssociator associator = new 
PolicyPrincipalAssociator(PRINCIPAL_TYPE.USER, user, xPolicy);
+                       if (associator.doAssociate(false)) {
+                               if (LOG.isDebugEnabled()) {
+                                       LOG.debug("User name: " + user + " 
specified in policy does not exist in ranger admin.");
+                               }
+                       } else {
+                               if (isAdmin) {
+                                       
rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(associator);
+                               } else {
                                        VXResponse gjResponse = new 
VXResponse();
                                        
gjResponse.setStatusCode(HttpServletResponse.SC_BAD_REQUEST);
-                                       gjResponse.setMsgDesc("Operation 
denied. User name: "+user + " specified in policy does not exist in ranger 
admin.");
+                                       gjResponse.setMsgDesc("Operation 
denied. User name: " + user + " specified in policy does not exist in ranger 
admin.");
                                        throw 
restErrorUtil.generateRESTException(gjResponse);
                                }
                        }
-
                }
 
                List<XXPolicyRefAccessType> xPolAccesses = new ArrayList<>();
@@ -303,51 +292,204 @@ public class PolicyRefUpdater {
                
daoMgr.getXXPolicyRefDataMaskType().batchCreate(xxDataMaskInfos);
        }
 
-       private void createUserForPolicy(String user, XXPolicy xPolicy) {
-               LOG.warn("User specified in policy does not exist in ranger 
admin, creating new user, User = " + user);
-               final PolicyUserCreateContext policyUserCreateContext = new 
PolicyUserCreateContext(user, xPolicy);
-               Runnable createAndAssociateUser = new Runnable () {
-                       @Override
-                       public void run() {
-                               
doCreateAndAssociatePolicyUser(policyUserCreateContext);
+       private class PolicyPrincipalAssociator implements Runnable {
+               final PRINCIPAL_TYPE type;
+               final String    name;
+               final XXPolicy  xPolicy;
+
+               public PolicyPrincipalAssociator(PRINCIPAL_TYPE type, String 
name, XXPolicy xPolicy) {
+                       this.type    = type;
+                       this.name    = name;
+                       this.xPolicy = xPolicy;
+               }
+
+               @Override
+               public void run() {
+                       if (doAssociate(true)) {
+                               if (LOG.isDebugEnabled()) {
+                                       LOG.debug("Associated " + type.name() + 
":" + name + " with policy id:[" + xPolicy.getId() + "]");
+                               }
+                       } else {
+                               throw new RuntimeException("Failed to associate 
" + type.name() + ":" + name + " with policy id:[" + xPolicy.getId() + "]");
                        }
-               };
-               
rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(createAndAssociateUser);
-       }
+               }
 
-       private void createGroupForPolicy(String group, XXPolicy xPolicy) {
-               LOG.warn("Group specified in policy does not exist in ranger 
admin, creating new group, Group = " + group);
-               VXGroup vxGroup = new VXGroup();
-               vxGroup.setName(group);
-               vxGroup.setDescription(group);
-               vxGroup.setGroupSource(RangerCommonEnums.GROUP_EXTERNAL);
-               final PolicyGroupCreateContext policyGroupCreateContext = new 
PolicyGroupCreateContext(vxGroup, xPolicy);
-               Runnable createAndAssociatePolicyGroup = new Runnable() {
-                       @Override
-                       public void run() {
-                               
doCreateAndAssociatePolicyGroup(policyGroupCreateContext);
+               boolean doAssociate(boolean isAdmin) {
+                       if (LOG.isDebugEnabled()) {
+                               LOG.debug("===> 
PolicyPrincipalAssociator.doAssociate(" + isAdmin + ")");
                        }
-               };
-               
rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(createAndAssociatePolicyGroup);
+                       final boolean ret;
 
-       }
+                       Long id = createOrGetPrincipal(isAdmin);
+                       if (id != null) {
+                               // associate with policy
+                               createPolicyAssociation(id, name);
+                               ret = true;
+                       } else {
+                               ret = false;
+                       }
 
-       private Long createRoleForPolicy(String role) throws Exception {
-               LOG.warn("Role specified in policy does not exist in ranger 
admin, creating new role = " + role);
-
-               if (rangerBizUtil.checkAdminAccess()) {
-                       RangerRole rRole = new RangerRole(role, null, null, 
null, null);
-                       RangerRole createdRole = roleStore.createRole(rRole, 
false);
-                       return createdRole.getId();
-               } else {
-                       VXResponse gjResponse = new VXResponse();
-                       
gjResponse.setStatusCode(HttpServletResponse.SC_BAD_REQUEST);
-                       gjResponse.setMsgDesc(
-                                       "Operation denied. Role name: " + role 
+ " specified in policy does not exist in ranger admin.");
-                       throw restErrorUtil.generateRESTException(gjResponse);
+                       if (LOG.isDebugEnabled()) {
+                               LOG.debug("<=== 
PolicyPrincipalAssociator.doAssociate(" + isAdmin + ") : " + ret);
+                       }
+                       return ret;
+               }
+
+               private Long createOrGetPrincipal(final boolean createIfAbsent) 
{
+                       if (LOG.isDebugEnabled()) {
+                               LOG.debug("===> 
PolicyPrincipalAssociator.createOrGetPrincipal(" + createIfAbsent + ")");
+                       }
+
+                       Long ret = null;
+
+                       switch (type) {
+                               case USER: {
+                                       XXUser xUser = 
daoMgr.getXXUser().findByUserName(name);
+                                       if (xUser != null) {
+                                               ret = xUser.getId();
+                                       } else {
+                                               if (createIfAbsent) {
+                                                       ret = 
createPrincipal(name);
+                                               }
+                                       }
+                               }
+                               break;
+                               case GROUP: {
+                                       XXGroup xGroup = 
daoMgr.getXXGroup().findByGroupName(name);
+
+                                       if (xGroup != null) {
+                                               ret = xGroup.getId();
+                                       } else {
+                                               if (createIfAbsent) {
+                                                       ret = 
createPrincipal(name);
+                                               }
+                                       }
+                               }
+                               break;
+                               case ROLE: {
+                                       XXRole xRole = 
daoMgr.getXXRole().findByRoleName(name);
+                                       if (xRole != null) {
+                                               ret = xRole.getId();
+                                       } else {
+                                               if (createIfAbsent) {
+                                                       
RangerBizUtil.setBulkMode(false);
+                                                       ret = 
createPrincipal(name);
+                                               }
+                                       }
+                               }
+                               break;
+                               default:
+                                       break;
+                       }
+                       if (LOG.isDebugEnabled()) {
+                               LOG.debug("<=== 
PolicyPrincipalAssociator.createOrGetPrincipal(" + createIfAbsent + ") : " + 
ret);
+                       }
+                       return ret;
                }
-       }
 
+               private Long createPrincipal(String user) {
+                       LOG.warn("User specified in policy does not exist in 
ranger admin, creating new user, Type: " + type.name() + ", name = " + user);
+
+                       if (LOG.isDebugEnabled()) {
+                               LOG.debug("===> 
PolicyPrincipalAssociator.createPrincipal(type=" + type.name() +", name=" + 
name + ")");
+                       }
+
+                       Long ret = null;
+
+                       switch (type) {
+                               case USER: {
+                                       // Create External user
+                                       VXUser vXUser = 
xUserMgr.createServiceConfigUser(name);
+                                       if (vXUser != null) {
+                                               XXUser xUser = 
daoMgr.getXXUser().findByUserName(name);
+
+                                               if (xUser == null) {
+                                                       LOG.error("No User 
created!! Irrecoverable error! [" + name + "]");
+                                               } else {
+                                                       ret = xUser.getId();
+                                               }
+                                       } else {
+                                               LOG.error("serviceConfigUser:[" 
+ name + "] creation failed");
+                                       }
+                               }
+                               break;
+                               case GROUP: {
+                                       // Create group
+                                       VXGroup vxGroup = new VXGroup();
+                                       vxGroup.setName(name);
+                                       vxGroup.setDescription(name);
+                                       
vxGroup.setGroupSource(RangerCommonEnums.GROUP_EXTERNAL);
+                                       VXGroup vXGroup = 
xGroupService.createXGroupWithOutLogin(vxGroup);
+                                       if (vXGroup != null) {
+                                               List<XXTrxLog> trxLogList = 
xGroupService.getTransactionLog(vXGroup, "create");
+                                               for (XXTrxLog xTrxLog : 
trxLogList) {
+                                                       
xTrxLog.setAddedByUserId(xPolicy.getAddedByUserId());
+                                                       
xTrxLog.setUpdatedByUserId(xPolicy.getAddedByUserId());
+                                               }
+                                               
rangerBizUtil.createTrxLog(trxLogList);
+                                               ret = vXGroup.getId();
+                                       }
+                               }
+                               break;
+                               case ROLE: {
+                                       try {
+                                               RangerRole rRole = new 
RangerRole(name, null, null, null, null);
+                                               RangerRole createdRole = 
roleStore.createRole(rRole, false);
+                                               ret = createdRole.getId();
+                                       } catch (Exception e) {
+                                               // Ignore
+                                       }
+                               }
+                               break;
+                               default:
+                                       break;
+                       }
+                       if (LOG.isDebugEnabled()) {
+                               LOG.debug("<=== 
PolicyPrincipalAssociator.createPrincipal(type=" + type.name() + ", name=" + 
name + ") : " + ret);
+                       }
+                       return ret;
+               }
+
+               private void createPolicyAssociation(Long id, String name) {
+                       if(LOG.isDebugEnabled()) {
+                               LOG.debug("===> 
PolicyPrincipalAssociator.createPolicyAssociation(policyId=" + xPolicy.getId() 
+ ", type=" + type.name() + ", name=" + name + ", id=" + id + ")");
+                       }
+                       switch (type) {
+                               case USER: {
+                                       XXPolicyRefUser xPolUser = 
rangerAuditFields.populateAuditFields(new XXPolicyRefUser(), xPolicy);
+
+                                       xPolUser.setPolicyId(xPolicy.getId());
+                                       xPolUser.setUserId(id);
+                                       xPolUser.setUserName(name);
+                                       
daoMgr.getXXPolicyRefUser().create(xPolUser);
+                               }
+                               break;
+                               case GROUP: {
+                                       XXPolicyRefGroup xPolGroup = 
rangerAuditFields.populateAuditFields(new XXPolicyRefGroup(), xPolicy);
+
+                                       xPolGroup.setPolicyId(xPolicy.getId());
+                                       xPolGroup.setGroupId(id);
+                                       xPolGroup.setGroupName(name);
+                                       
daoMgr.getXXPolicyRefGroup().create(xPolGroup);
+                               }
+                               break;
+                               case ROLE: {
+                                       XXPolicyRefRole xPolRole = 
rangerAuditFields.populateAuditFields(new XXPolicyRefRole(), xPolicy);
+
+                                       xPolRole.setPolicyId(xPolicy.getId());
+                                       xPolRole.setRoleId(id);
+                                       xPolRole.setRoleName(name);
+                                       
daoMgr.getXXPolicyRefRole().create(xPolRole);
+                               }
+                               break;
+                               default:
+                                       break;
+                       }
+                       if(LOG.isDebugEnabled()) {
+                               LOG.debug("<=== 
PolicyPrincipalAssociator.createPolicyAssociation(policyId=" + xPolicy.getId() 
+ ", type=" + type.name() + ", name=" + name + ", id=" + id + ")");
+                       }
+               }
+       }
 
        public Boolean cleanupRefTables(RangerPolicy policy) {
                final Long policyId = policy == null ? null : policy.getId();
@@ -397,156 +539,4 @@ public class PolicyRefUpdater {
                return ret;
        }
 
-       public void groupPolicyAssociation(XXPolicy xPolicy, Long groupId, 
String groupName) {
-               if (LOG.isDebugEnabled()) {
-                       LOG.debug("===> 
PolicyRefUpdater.groupPolicyAssociation()");
-               }
-
-               XXPolicyRefGroup xPolGroup = 
rangerAuditFields.populateAuditFields(new XXPolicyRefGroup(), xPolicy);
-
-               xPolGroup.setPolicyId(xPolicy.getId());
-               xPolGroup.setGroupId(groupId);
-               xPolGroup.setGroupName(groupName);
-               daoMgr.getXXPolicyRefGroup().create(xPolGroup);
-       }
-
-       private static final class PolicyGroupCreateContext {
-               final VXGroup group;
-               final XXPolicy xPolicy;
-
-               PolicyGroupCreateContext(VXGroup group, XXPolicy xPolicy) {
-                       this.group = group;
-                       this.xPolicy = xPolicy;
-               }
-
-               @Override
-               public String toString() {
-                       return "{group=" + group + ", xPolicy=" + xPolicy + "}";
-               }
-       }
-
-       void doAssociatePolicyGroup(final PolicyGroupCreateContext context) {
-               if(LOG.isDebugEnabled()) {
-                       LOG.debug("===> 
PolicyRefUpdater.doAssociatePolicyGroup()");
-               }
-               XXGroup xGroup = 
daoMgr.getXXGroup().findByGroupName(context.group.getName());
-
-               if (xGroup == null) {
-                       LOG.error("No Group created!! Irrecoverable error! 
PolicyGroupContext:[" + context + "]");
-               } else {
-                       try {
-                               groupPolicyAssociation(context.xPolicy, 
xGroup.getId(), context.group.getName());
-                       } catch (Exception exception) {
-                               LOG.error("Failed to associate group and 
policy, PolicyGroupContext:[" + context + "]", exception);
-                       }
-               }
-       }
-
-       void doCreateAndAssociatePolicyGroup(final PolicyGroupCreateContext 
context) {
-               if (LOG.isDebugEnabled()) {
-                       LOG.debug("===> 
PolicyRefUpdater.doCreateAndAssociatePolicyGroup()");
-               }
-               XXGroup xGroup = 
daoMgr.getXXGroup().findByGroupName(context.group.getName());
-
-               if (xGroup != null) {
-                       groupPolicyAssociation(context.xPolicy, xGroup.getId(), 
context.group.getName());
-               } else {
-                       // Create group
-                       VXGroup vXGroup = 
xGroupService.createXGroupWithOutLogin(context.group);
-                       if (vXGroup != null) {
-                               try {
-                                       List<XXTrxLog> trxLogList = 
xGroupService.getTransactionLog(vXGroup, "create");
-                                       for (XXTrxLog xTrxLog : trxLogList) {
-                                               
xTrxLog.setAddedByUserId(context.xPolicy.getAddedByUserId());
-                                               
xTrxLog.setUpdatedByUserId(context.xPolicy.getAddedByUserId());
-                                       }
-                                       rangerBizUtil.createTrxLog(trxLogList);
-                               } catch (Throwable t) {
-                                       // Ignore
-                               }
-                               doAssociatePolicyGroup(context);
-                       } else {
-                               if (LOG.isDebugEnabled()) {
-                                       LOG.debug("Group:[" + context.group + 
"] creation failed!");
-                                       throw new RuntimeException("Group:[" + 
context.group + "] creation failed!");
-                               }
-                       }
-               }
-               if (LOG.isDebugEnabled()) {
-                       LOG.debug("<=== 
PolicyRefUpdater.doCreateAndAssociatePolicyGroup()");
-               }
-       }
-
-       private static final class PolicyUserCreateContext {
-               final String userName;
-               final XXPolicy xPolicy;
-
-               PolicyUserCreateContext(String userName, XXPolicy xPolicy) {
-                       this.userName = userName;
-                       this.xPolicy = xPolicy;
-               }
-
-               @Override
-               public String toString() {
-                       return "{userName=" + userName + ", xPolicy=" + xPolicy 
+ "}";
-               }
-       }
-
-       public void userPolicyAssociation(XXPolicy xPolicy, Long userId, String 
userName) {
-               if(LOG.isDebugEnabled()) {
-                       LOG.debug("===> 
PolicyRefUpdater.userPolicyAssociation()");
-               }
-
-               XXPolicyRefUser xPolUser = 
rangerAuditFields.populateAuditFields(new XXPolicyRefUser(), xPolicy);
-
-               xPolUser.setPolicyId(xPolicy.getId());
-               xPolUser.setUserId(userId);
-               xPolUser.setUserName(userName);
-               daoMgr.getXXPolicyRefUser().create(xPolUser);
-               if(LOG.isDebugEnabled()) {
-                       LOG.debug("<=== 
PolicyRefUpdater.userPolicyAssociation()");
-               }
-       }
-
-       void doAssociatePolicyUser(final PolicyUserCreateContext context) {
-               if(LOG.isDebugEnabled()) {
-                       LOG.debug("===> 
PolicyRefUpdater.doAssociatePolicyUser()");
-               }
-               XXUser xUser = 
daoMgr.getXXUser().findByUserName(context.userName);
-
-               if (xUser == null) {
-                       LOG.error("No User created!! Irrecoverable error! 
PolicyUserContext:[" + context + "]");
-               } else {
-                       try {
-                               userPolicyAssociation(context.xPolicy, 
xUser.getId(), context.userName);
-                       } catch (Exception exception) {
-                               LOG.error("Failed to associate user and policy, 
PolicyUserContext:[" + context + "]", exception);
-                       }
-               }
-       }
-
-       void doCreateAndAssociatePolicyUser(final PolicyUserCreateContext 
context) {
-               if (LOG.isDebugEnabled()) {
-                       LOG.debug("===> 
PolicyRefUpdater.doCreateAndAssociatePolicyUser()");
-               }
-               XXUser xUser = 
daoMgr.getXXUser().findByUserName(context.userName);
-
-               if (xUser != null) {
-                       userPolicyAssociation(context.xPolicy, xUser.getId(), 
context.userName);
-               } else {
-                       // Create External user
-                       VXUser vXUser = 
xUserMgr.createServiceConfigUser(context.userName);
-                       if (vXUser != null) {
-                               doAssociatePolicyUser(context);
-                       } else {
-                               if (LOG.isDebugEnabled()) {
-                                       LOG.debug("serviceConfigUser:[" + 
context.userName + "] creation failed");
-                                       throw new 
RuntimeException("serviceConfigUser:[" + context.userName + "] creation 
failed");
-                               }
-                       }
-               }
-               if (LOG.isDebugEnabled()) {
-                       LOG.debug("<=== 
PolicyRefUpdater.doCreateAndAssociatePolicyUser()");
-               }
-       }
 }
diff --git 
a/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java 
b/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java
index 4c50d81..0e5ccd3 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java
@@ -44,15 +44,12 @@ import org.apache.ranger.entity.XXTrxLog;
 import org.apache.ranger.entity.XXUser;
 import org.apache.ranger.plugin.model.RangerRole;
 import org.apache.ranger.service.RangerAuditFields;
-import org.apache.ranger.service.RangerTransactionService;
 import org.apache.ranger.service.XGroupService;
-import org.apache.ranger.service.XUserService;
 import org.apache.ranger.view.VXGroup;
 import org.apache.ranger.view.VXUser;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
-
 @Component
 public class RoleRefUpdater {
        private static final Log LOG = LogFactory.getLog(RoleRefUpdater.class);
@@ -70,21 +67,15 @@ public class RoleRefUpdater {
     XUserMgr xUserMgr;
 
     @Autowired
-    XUserService xUserService;
-
-    @Autowired
     XGroupService xGroupService;
 
     @Autowired
     RangerTransactionSynchronizationAdapter 
rangerTransactionSynchronizationAdapter;
 
        @Autowired
-       RangerTransactionService transactionService;
-
-       @Autowired
        RangerBizUtil xaBizUtil;
 
-       public void createNewRoleMappingForRefTable(RangerRole rangerRole, 
Boolean createNonExistUserGroup) throws Exception {
+       public void createNewRoleMappingForRefTable(RangerRole rangerRole, 
Boolean createNonExistUserGroup) {
                if (rangerRole == null) {
                        return;
                }
@@ -106,39 +97,26 @@ public class RoleRefUpdater {
                        roleRoles.add(role.getName());
                }
 
+               final boolean isCreateNonExistentUGs = createNonExistUserGroup 
&& xaBizUtil.checkAdminAccess();
+
                if (CollectionUtils.isNotEmpty(roleUsers)) {
                        for (String roleUser : roleUsers) {
 
                                if (StringUtils.isBlank(roleUser)) {
                                        continue;
                                }
-                               Long userId = null;
-                               XXUser xUser = 
daoMgr.getXXUser().findByUserName(roleUser);
-
-                               if (xUser == null) {
-                                       if (createNonExistUserGroup && 
xaBizUtil.checkAdminAccess()) {
-                                               LOG.warn("User specified in 
role does not exist in ranger admin, creating new user, User = "
-                                                               + roleUser);
-
-                                               final RoleUserCreateContext 
roleUserCreateContext = new RoleUserCreateContext(roleUser, roleId);
-                                               Runnable createAndAssociateUser 
= new Runnable() {
-                                                       @Override
-                                                       public void run() {
-                                                               
doCreateAndAssociateRoleUser(roleUserCreateContext);
-                                                       }
-                                               };
-                                               
rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(createAndAssociateUser);
+                               RolePrincipalAssociator associator = new 
RolePrincipalAssociator(PolicyRefUpdater.PRINCIPAL_TYPE.USER, roleUser, roleId);
 
+                               if (associator.doAssociate(false)) {
+                                       if (LOG.isDebugEnabled()) {
+                                               LOG.debug("User name: " + 
roleUser + " specified in role does not exist in ranger admin.");
+                                       }
+                               } else {
+                                       if (isCreateNonExistentUGs) {
+                                               
rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(associator);
                                        } else {
-                                               throw 
restErrorUtil.createRESTException("user with name: " + roleUser + " does not 
exist ",
-                                                               
MessageEnums.INVALID_INPUT_DATA);
+                                               throw 
restErrorUtil.createRESTException("user with name: " + roleUser + " does not 
exist ", MessageEnums.INVALID_INPUT_DATA);
                                        }
-                               }else {
-                                       userId = xUser.getId();
-                               }
-
-                               if(null != userId) {
-                                       
userRoleAssociation(roleId,userId,roleUser);
                                }
                        }
                }
@@ -149,38 +127,18 @@ public class RoleRefUpdater {
                                if (StringUtils.isBlank(roleGroup)) {
                                        continue;
                                }
-                               Long groupId = null;
-                               XXGroup xGroup = 
daoMgr.getXXGroup().findByGroupName(roleGroup);
-
-                               if (xGroup == null) {
-                                       if (createNonExistUserGroup && 
xaBizUtil.checkAdminAccess()) {
-                                               LOG.warn("Group specified in 
role does not exist in ranger admin, creating new group, Group = "
-                                                               + roleGroup);
-                                               VXGroup vxGroupNew = new 
VXGroup();
-                                               vxGroupNew.setName(roleGroup);
-                                               
vxGroupNew.setDescription(roleGroup);
-                                               
vxGroupNew.setGroupSource(RangerCommonEnums.GROUP_EXTERNAL);
-
-                                               final RoleGroupCreateContext 
roleGroupCreateContext = new RoleGroupCreateContext(vxGroupNew, roleId);
-
-                                               Runnable 
createAndAssociateRoleGroup = new Runnable() {
-                                                       @Override
-                                                       public void run() {
-                                                               
doCreateAndAssociateRoleGroup(roleGroupCreateContext);
-                                                       }
-                                               };
-                                               
rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(createAndAssociateRoleGroup);
+                               RolePrincipalAssociator associator = new 
RolePrincipalAssociator(PolicyRefUpdater.PRINCIPAL_TYPE.GROUP, roleGroup, 
roleId);
 
+                               if (associator.doAssociate(false)) {
+                                       if (LOG.isDebugEnabled()) {
+                                               LOG.debug("Group name: " + 
roleGroup + " specified in role does not exist in ranger admin.");
+                                       }
+                               } else {
+                                       if (isCreateNonExistentUGs) {
+                                               
rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(associator);
                                        } else {
-                                               throw 
restErrorUtil.createRESTException("group with name: " + roleGroup + " does not 
exist ",
-                                                               
MessageEnums.INVALID_INPUT_DATA);
+                                               throw 
restErrorUtil.createRESTException("Group with name: " + roleGroup + " does not 
exist ", MessageEnums.INVALID_INPUT_DATA);
                                        }
-                               }else {
-                                       groupId = xGroup.getId();
-                               }
-
-                               if(null != groupId) {
-                                       groupRoleAssociation(roleId, groupId, 
roleGroup);
                                }
                        }
                }
@@ -192,20 +150,15 @@ public class RoleRefUpdater {
                                        continue;
                                }
 
-                               XXRole xRole = 
daoMgr.getXXRole().findByRoleName(roleRole);
+                               RolePrincipalAssociator associator = new 
RolePrincipalAssociator(PolicyRefUpdater.PRINCIPAL_TYPE.ROLE, roleRole, roleId);
 
-                               if (xRole == null) {
-                                       throw 
restErrorUtil.createRESTException("Role with name: " + roleRole + " does not 
exist ",
-                                                       
MessageEnums.INVALID_INPUT_DATA);
+                               if (associator.doAssociate(false)) {
+                                       if (LOG.isDebugEnabled()) {
+                                               LOG.debug("Group name: " + 
roleRole + " specified in role does not exist in ranger admin.");
+                                       }
+                               } else {
+                                       throw 
restErrorUtil.createRESTException("Role with name: " + roleRole + " does not 
exist ", MessageEnums.INVALID_INPUT_DATA);
                                }
-
-                               XXRoleRefRole xRoleRefRole = 
rangerAuditFields.populateAuditFieldsForCreate(new XXRoleRefRole());
-
-                               xRoleRefRole.setRoleId(roleId);
-                               xRoleRefRole.setSubRoleId(xRole.getId());
-                               xRoleRefRole.setSubRoleName(roleRole);
-                               xRoleRefRole.setSubRoleType(0);
-                               daoMgr.getXXRoleRefRole().create(xRoleRefRole);
                        }
                }
 
@@ -236,157 +189,191 @@ public class RoleRefUpdater {
                return true;
        }
 
-       public void groupRoleAssociation(Long roleId, Long groupId, String 
groupName) {
-               if(LOG.isDebugEnabled()) {
-                       LOG.debug("===> groupRoleAssociation()");
-               }
-
-               XXRoleRefGroup xRoleRefGroup = 
rangerAuditFields.populateAuditFieldsForCreate(new XXRoleRefGroup());
-               xRoleRefGroup.setRoleId(roleId);
-               xRoleRefGroup.setGroupId(groupId);
-               xRoleRefGroup.setGroupName(groupName);
-               xRoleRefGroup.setGroupType(0);
-               daoMgr.getXXRoleRefGroup().create(xRoleRefGroup);
-       }
-
-       private static final class RoleGroupCreateContext {
-               final VXGroup group;
-               final Long roleId;
+       private class RolePrincipalAssociator implements Runnable {
+               final PolicyRefUpdater.PRINCIPAL_TYPE type;
+               final String                     name;
+               final Long                       roleId;
 
-               RoleGroupCreateContext(VXGroup group, Long roleId) {
-                       this.group = group;
-                       this.roleId = roleId;
+               public RolePrincipalAssociator(PolicyRefUpdater.PRINCIPAL_TYPE 
type, String name, Long roleId) {
+                       this.type    = type;
+                       this.name    = name;
+                       this.roleId  = roleId;
                }
 
                @Override
-               public String toString() {
-                       return "{group=" + group + ", roleId=" + roleId + "}";
-               }
-       }
-
-       void doCreateAndAssociateRoleGroup(final RoleGroupCreateContext 
context) {
-               if (LOG.isDebugEnabled()) {
-                       LOG.debug("===> doCreateAndAssociateRoleGroup()");
-               }
-               XXGroup xGroup = 
daoMgr.getXXGroup().findByGroupName(context.group.getName());
-
-               if (xGroup != null) {
-                       groupRoleAssociation(context.roleId, xGroup.getId(), 
context.group.getName());
-               } else {
-                       // Create group
-                       VXGroup vXGroup = 
xGroupService.createXGroupWithOutLogin(context.group);
-                       if (null != vXGroup) {
-                               try {
-                                       List<XXTrxLog> trxLogList = 
xGroupService.getTransactionLog(vXGroup, "create");
-                                       xaBizUtil.createTrxLog(trxLogList);
-                               } catch (Throwable t) {
-                                       // Ignore
-                               }
-                               doAssociateRoleGroup(context);
-                       } else {
+               public void run() {
+                       if (doAssociate(true)) {
                                if (LOG.isDebugEnabled()) {
-                                       LOG.debug("Group:[" + context.group + 
"] creation failed!");
-                                       throw new RuntimeException("Group:[" + 
context.group + "] creation failed!");
+                                       LOG.debug("Associated " + type.name() + 
":" + name + " with role id:[" + roleId + "]");
                                }
+                       } else {
+                               throw new RuntimeException("Failed to associate 
" + type.name() + ":" + name + " with role id:[" + roleId + "]");
                        }
                }
-               if (LOG.isDebugEnabled()) {
-                       LOG.debug("<=== doCreateAndAssociateRoleGroup()");
-               }
-       }
 
-       void doAssociateRoleGroup(final RoleGroupCreateContext context) {
-               if(LOG.isDebugEnabled()) {
-                       LOG.debug("===> doAssociateRoleGroup()");
-               }
-               XXGroup xGroup = 
daoMgr.getXXGroup().findByGroupName(context.group.getName());
-
-               if (xGroup == null) {
-                       LOG.error("No Group created!! Irrecoverable error! 
RoleGroupContext:[" + context + "]");
-               } else {
-                       try {
-                               groupRoleAssociation(context.roleId, 
xGroup.getId(), context.group.getName());
-                       } catch (Exception exception) {
-                               LOG.error("Failed to associate group and role, 
RoleGroupContext:[" + context + "]", exception);
+               boolean doAssociate(boolean isAdmin) {
+                       if (LOG.isDebugEnabled()) {
+                               LOG.debug("===> 
RolePrincipalAssociator.doAssociate(" + isAdmin + ")");
                        }
-               }
-               if(LOG.isDebugEnabled()) {
-                       LOG.debug("<=== doAssociateRoleGroup()");
-               }
-       }
+                       final boolean ret;
 
-       private static final class RoleUserCreateContext {
-               final String userName;
-               final Long roleId;
+                       Long id = createOrGetPrincipal(isAdmin);
+                       if (id != null) {
+                               // associate with role
+                               createRoleAssociation(id, name);
+                               ret = true;
+                       } else {
+                               ret = false;
+                       }
 
-               RoleUserCreateContext(String userName, Long roleId) {
-                       this.userName = userName;
-                       this.roleId = roleId;
+                       if (LOG.isDebugEnabled()) {
+                               LOG.debug("<=== 
RolePrincipalAssociator.doAssociate(" + isAdmin + ") : " + ret);
+                       }
+                       return ret;
                }
 
-               @Override
-               public String toString() {
-                       return "{userName=" + userName + ", roleId=" + roleId + 
"}";
-               }
-       }
+               private Long createOrGetPrincipal(final boolean createIfAbsent) 
{
+                       if (LOG.isDebugEnabled()) {
+                               LOG.debug("===> 
RolePrincipalAssociator.createOrGetPrincipal(" + createIfAbsent + ")");
+                       }
 
-       public void userRoleAssociation(Long roleId, Long userId, String 
userName) {
-               if(LOG.isDebugEnabled()) {
-                       LOG.debug("===> userRoleAssociation()");
-               }
-               XXRoleRefUser xRoleRefUser = 
rangerAuditFields.populateAuditFieldsForCreate(new XXRoleRefUser());
-               xRoleRefUser.setRoleId(roleId);
-               xRoleRefUser.setUserId(userId);
-               xRoleRefUser.setUserName(userName);
-               xRoleRefUser.setUserType(0);
-               daoMgr.getXXRoleRefUser().create(xRoleRefUser);
-               if(LOG.isDebugEnabled()) {
-                       LOG.debug("<=== userRoleAssociation()");
-               }
-       }
+                       Long ret = null;
 
-       void doCreateAndAssociateRoleUser(final RoleUserCreateContext context) {
-               if (LOG.isDebugEnabled()) {
-                       LOG.debug("===> doCreateAndAssociateRoleUser()");
-               }
-               XXUser xUser = 
daoMgr.getXXUser().findByUserName(context.userName);
-
-               if (xUser != null) {
-                       userRoleAssociation(context.roleId, xUser.getId(), 
context.userName);
-               } else {
-                       // Create External user
-                       VXUser vXUser = 
xUserMgr.createServiceConfigUser(context.userName);
-                       if (vXUser != null) {
-                               doAssociateRoleUser(context);
-                       } else {
-                               if (LOG.isDebugEnabled()) {
-                                       LOG.debug("ServiceConfigUser:[" + 
context.userName + "] creation failed!");
+                       switch (type) {
+                               case USER: {
+                                       XXUser xUser = 
daoMgr.getXXUser().findByUserName(name);
+                                       if (xUser != null) {
+                                               ret = xUser.getId();
+                                       } else {
+                                               if (createIfAbsent) {
+                                                       ret = 
createPrincipal(name);
+                                               }
+                                       }
                                }
-                               throw new 
RuntimeException("ServiceConfigUser:[" + context.userName + "] creation 
failed!");
+                               break;
+                               case GROUP: {
+                                       XXGroup xGroup = 
daoMgr.getXXGroup().findByGroupName(name);
+
+                                       if (xGroup != null) {
+                                               ret = xGroup.getId();
+                                       } else {
+                                               if (createIfAbsent) {
+                                                       ret = 
createPrincipal(name);
+                                               }
+                                       }
+                               }
+                               break;
+                               case ROLE: {
+                                       XXRole xRole = 
daoMgr.getXXRole().findByRoleName(name);
+                                       if (xRole != null) {
+                                               ret = xRole.getId();
+                                       } else {
+                                               if (createIfAbsent) {
+                                                       
RangerBizUtil.setBulkMode(false);
+                                                       ret = 
createPrincipal(name);
+                                               }
+                                       }
+                               }
+                               break;
+                               default:
+                                       break;
                        }
+                       if (LOG.isDebugEnabled()) {
+                               LOG.debug("<=== 
RolePrincipalAssociator.createOrGetPrincipal(" + createIfAbsent + ") : " + ret);
+                       }
+                       return ret;
                }
-               if (LOG.isDebugEnabled()) {
-                       LOG.debug("<=== doCreateAndAssociateRoleUser()");
-               }
-       }
 
-       void doAssociateRoleUser(final RoleUserCreateContext context) {
-               if(LOG.isDebugEnabled()) {
-                       LOG.debug("===> doAssociateRoleUser()");
-               }
-               XXUser xUser = 
daoMgr.getXXUser().findByUserName(context.userName);
-
-               if (xUser == null) {
-                       LOG.error("No User created!! Irrecoverable error! 
RoleUserContext:[" + context + "]");
-               } else {
-                       try {
-                               userRoleAssociation(context.roleId, 
xUser.getId(), context.userName);
-                       } catch (Exception exception) {
-                               LOG.error("Failed to associate user and role, 
RoleUserContext:[" + context + "]", exception);
+               private Long createPrincipal(String user) {
+                       LOG.warn("User specified in role does not exist in 
ranger admin, creating new user, Type: " + type.name() + ", name = " + user);
+
+                       if (LOG.isDebugEnabled()) {
+                               LOG.debug("===> 
RolePrincipalAssociator.createPrincipal(type=" + type.name() +", name=" + name 
+ ")");
                        }
+
+                       Long ret = null;
+
+                       switch (type) {
+                               case USER: {
+                                       // Create External user
+                                       VXUser vXUser = 
xUserMgr.createServiceConfigUser(name);
+                                       if (vXUser != null) {
+                                               XXUser xUser = 
daoMgr.getXXUser().findByUserName(name);
+
+                                               if (xUser == null) {
+                                                       LOG.error("No User 
created!! Irrecoverable error! [" + name + "]");
+                                               } else {
+                                                       ret = xUser.getId();
+                                               }
+                                       } else {
+                                               LOG.error("serviceConfigUser:[" 
+ name + "] creation failed");
+                                       }
+                               }
+                               break;
+                               case GROUP: {
+                                       // Create group
+                                       VXGroup vxGroup = new VXGroup();
+                                       vxGroup.setName(name);
+                                       vxGroup.setDescription(name);
+                                       
vxGroup.setGroupSource(RangerCommonEnums.GROUP_EXTERNAL);
+                                       VXGroup vXGroup = 
xGroupService.createXGroupWithOutLogin(vxGroup);
+                                       if (vXGroup != null) {
+                                               List<XXTrxLog> trxLogList = 
xGroupService.getTransactionLog(vXGroup, "create");
+                                               
xaBizUtil.createTrxLog(trxLogList);
+                                               ret = vXGroup.getId();
+                                       }
+                               }
+                               break;
+                               default:
+                                       break;
+                       }
+                       if (LOG.isDebugEnabled()) {
+                               LOG.debug("<=== 
RolePrincipalAssociator.createPrincipal(type=" + type.name() + ", name=" + name 
+ ") : " + ret);
+                       }
+                       return ret;
                }
-               if(LOG.isDebugEnabled()) {
-                       LOG.debug("<=== doAssociateRoleUser()");
+
+               private void createRoleAssociation(Long id, String name) {
+                       if(LOG.isDebugEnabled()) {
+                               LOG.debug("===> 
RolePrincipalAssociator.createRoleAssociation(roleId=" + roleId + ", type=" + 
type.name() + ", name=" + name + ", id=" + id + ")");
+                       }
+                       switch (type) {
+                               case USER: {
+                                       XXRoleRefUser xRoleRefUser = 
rangerAuditFields.populateAuditFieldsForCreate(new XXRoleRefUser());
+
+                                       xRoleRefUser.setRoleId(roleId);
+                                       xRoleRefUser.setUserId(id);
+                                       xRoleRefUser.setUserName(name);
+                                       xRoleRefUser.setUserType(0);
+                                       
daoMgr.getXXRoleRefUser().create(xRoleRefUser);
+                               }
+                               break;
+                               case GROUP: {
+                                       XXRoleRefGroup xRoleRefGroup = 
rangerAuditFields.populateAuditFieldsForCreate(new XXRoleRefGroup());
+
+                                       xRoleRefGroup.setRoleId(roleId);
+                                       xRoleRefGroup.setGroupId(id);
+                                       xRoleRefGroup.setGroupName(name);
+                                       xRoleRefGroup.setGroupType(0);
+                                       
daoMgr.getXXRoleRefGroup().create(xRoleRefGroup);
+                               }
+                               break;
+                               case ROLE: {
+                                       XXRoleRefRole xRoleRefRole = 
rangerAuditFields.populateAuditFieldsForCreate(new XXRoleRefRole());
+
+                                       xRoleRefRole.setRoleId(roleId);
+                                       xRoleRefRole.setSubRoleId(id);
+                                       xRoleRefRole.setSubRoleName(name);
+                                       xRoleRefRole.setSubRoleType(0);
+                                       
daoMgr.getXXRoleRefRole().create(xRoleRefRole);
+                               }
+                               break;
+                               default:
+                                       break;
+                       }
+                       if(LOG.isDebugEnabled()) {
+                               LOG.debug("<=== 
RolePrincipalAssociator.createRoleAssociation(roleId=" + roleId + ", type=" + 
type.name() + ", name=" + name + ", id=" + id + ")");
+                       }
                }
        }
 
diff --git 
a/security-admin/src/main/java/org/apache/ranger/service/RangerPluginActivityLogger.java
 
b/security-admin/src/main/java/org/apache/ranger/service/RangerPluginActivityLogger.java
index 702df4c..2cc9b91 100644
--- 
a/security-admin/src/main/java/org/apache/ranger/service/RangerPluginActivityLogger.java
+++ 
b/security-admin/src/main/java/org/apache/ranger/service/RangerPluginActivityLogger.java
@@ -30,8 +30,6 @@ import javax.annotation.PostConstruct;
 
 @Component
 public class RangerPluginActivityLogger {
-    @Autowired
-    RangerTransactionService transactionService;
 
     @Autowired
     RangerTransactionSynchronizationAdapter transactionSynchronizationAdapter;
@@ -52,18 +50,7 @@ public class RangerPluginActivityLogger {
     }
 
     public void commitAfterTransactionComplete(Runnable commitWork) {
-        if (pluginActivityAuditCommitInline) {
-            if (LOG.isDebugEnabled()) {
-                LOG.debug("Using TransactionManager for committing work 
[pluginActivityAuditCommitInline:" + pluginActivityAuditCommitInline + "]");
-            }
-            
transactionSynchronizationAdapter.executeOnTransactionCompletion(commitWork);
-        } else {
-            if (LOG.isDebugEnabled()) {
-                LOG.debug("Using separate thread for committing work 
[pluginActivityAuditCommitInline:" + pluginActivityAuditCommitInline + "]");
-            }
-            final long delayInMillis = 1000L;
-            transactionService.scheduleToExecuteInOwnTransaction(commitWork, 
delayInMillis);
-        }
+        
transactionSynchronizationAdapter.executeOnTransactionCompletion(commitWork);
     }
 
 }
diff --git 
a/security-admin/src/test/java/org/apache/ranger/service/TestRangerPluginActivityLogger.java
 
b/security-admin/src/test/java/org/apache/ranger/service/TestRangerPluginActivityLogger.java
index e501cc3..26d6389 100644
--- 
a/security-admin/src/test/java/org/apache/ranger/service/TestRangerPluginActivityLogger.java
+++ 
b/security-admin/src/test/java/org/apache/ranger/service/TestRangerPluginActivityLogger.java
@@ -21,7 +21,6 @@ import org.junit.FixMethodOrder;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.MethodSorters;
-import org.mockito.InjectMocks;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
 
@@ -29,7 +28,7 @@ import org.mockito.junit.MockitoJUnitRunner;
 @FixMethodOrder(MethodSorters.NAME_ASCENDING)
 public class TestRangerPluginActivityLogger {
 
-       @InjectMocks
+       @Mock
        RangerPluginActivityLogger rangerPluginActivityLogger;
 
        @Mock

[ranger] branch master updated: RANGER-3562: Redesign post commit tasks for updating ref-tables when policy/role is updated

Reply via email to