This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 84cb3c465 RANGER-4391: updated Ranger plugin to support using
user-groups from Ranger admin
84cb3c465 is described below
commit 84cb3c465c5c6dc71e369a9ccdc1594059b626ae
Author: Madhan Neethiraj
AuthorDate: Thu Aug 31 18:11:59 2023 -0700
RANGER-4391: updated Ranger plugin to support using user-groups from Ranger
admin
---
.../hadoop/config/RangerPluginConfig.java | 29 +++
.../ranger/plugin/service/RangerAuthContext.java | 27 +-
.../ranger/plugin/service/RangerBasePlugin.java| 13 ++-
.../service/RangerDefaultRequestProcessor.java | 97 --
.../ranger/plugin/util/RangerUserStoreUtil.java| 82 +-
.../apache/ranger/plugin/util/ServiceDefUtil.java | 2 +
6 files changed, 231 insertions(+), 19 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerPluginConfig.java
b/agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerPluginConfig.java
index ad1ce0986..df6307eb2 100644
---
a/agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerPluginConfig.java
+++
b/agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerPluginConfig.java
@@ -48,6 +48,10 @@ public class RangerPluginConfig extends RangerConfiguration {
private final boolean useForwardedIPAddress;
private final String[] trustedProxyAddresses;
private final StringpropertyPrefix;
+private final boolean useRangerGroups;
+private final boolean useOnlyRangerGroups;
+private final boolean convertEmailToUsername;
+private final boolean enableImplicitUserStoreEnricher;
private boolean isFallbackSupported;
private Set auditExcludedUsers =
Collections.emptySet();
private Set auditExcludedGroups =
Collections.emptySet();
@@ -116,6 +120,11 @@ public class RangerPluginConfig extends
RangerConfiguration {
this.policyEngineOptions = policyEngineOptions;
+useRangerGroups = this.getBoolean(propertyPrefix +
".use.rangerGroups", false);
+useOnlyRangerGroups = this.getBoolean(propertyPrefix +
".use.only.rangerGroups", false);
+convertEmailToUsername = this.getBoolean(propertyPrefix +
".convert.emailToUser", false);
+enableImplicitUserStoreEnricher = useRangerGroups ||
convertEmailToUsername || this.getBoolean(propertyPrefix +
".enable.implicit.userstore.enricher", false);
+
LOG.info("" + policyEngineOptions);
}
@@ -135,6 +144,10 @@ public class RangerPluginConfig extends
RangerConfiguration {
this.policyEngineOptions = sourcePluginConfig.getPolicyEngineOptions();
+this.useRangerGroups =
sourcePluginConfig.useRangerGroups;
+this.useOnlyRangerGroups =
sourcePluginConfig.useOnlyRangerGroups;
+this.convertEmailToUsername =
sourcePluginConfig.convertEmailToUsername;
+this.enableImplicitUserStoreEnricher =
sourcePluginConfig.enableImplicitUserStoreEnricher;
}
public String getServiceType() {
@@ -169,6 +182,22 @@ public class RangerPluginConfig extends
RangerConfiguration {
return propertyPrefix;
}
+public boolean isUseRangerGroups() {
+return useRangerGroups;
+}
+
+public boolean isUseOnlyRangerGroups() {
+return useOnlyRangerGroups;
+}
+
+public boolean isConvertEmailToUsername() {
+return convertEmailToUsername;
+}
+
+public boolean isEnableImplicitUserStoreEnricher() {
+return enableImplicitUserStoreEnricher;
+}
+
public boolean getIsFallbackSupported() {
return isFallbackSupported;
}
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java
b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java
index 78bd4232e..56e4d782d 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java
@@ -26,6 +26,8 @@ import
org.apache.ranger.plugin.contextenricher.RangerContextEnricher;
import org.apache.ranger.plugin.policyengine.RangerPolicyEngine;
import org.apache.ranger.plugin.util.RangerRoles;
import org.apache.ranger.plugin.util.RangerRolesUtil;
+import org.apache.ranger.plugin.util.RangerUserStore;
+import org.apache.ranger.plugin.util.RangerUserStoreUtil;
import java.util.HashSet;
import java.util.M