This is an automated email from the ASF dual-hosted git repository. abhay pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push: new dd7c773 RANGER-3562: Redesign post commit tasks for updating ref-tables when policy/role is updated - Part 2 dd7c773 is described below commit dd7c773dee6d8f15ffcb14304d71b79c29fdf082 Author: Abhay Kulkarni <ab...@apache.org> AuthorDate: Wed Jan 5 15:24:39 2022 -0800 RANGER-3562: Redesign post commit tasks for updating ref-tables when policy/role is updated - Part 2 --- .../java/org/apache/ranger/biz/PolicyRefUpdater.java | 18 +++--------------- .../java/org/apache/ranger/biz/RoleRefUpdater.java | 18 +++--------------- .../resources/stability-tests/ranger-policy/app.conf | 6 +++--- .../resources/stability-tests/ranger-policy/start.sh | 2 +- 4 files changed, 10 insertions(+), 34 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java b/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java index f8f0ee9..b1f331b 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java @@ -176,11 +176,7 @@ public class PolicyRefUpdater { continue; } PolicyPrincipalAssociator associator = new PolicyPrincipalAssociator(PRINCIPAL_TYPE.ROLE, role, xPolicy); - if (associator.doAssociate(false)) { - if (LOG.isDebugEnabled()) { - LOG.debug("Role name: " + role + " specified in policy does not exist in ranger admin."); - } - } else { + if (!associator.doAssociate(false)) { if (isAdmin) { rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(associator); } else { @@ -200,11 +196,7 @@ public class PolicyRefUpdater { } PolicyPrincipalAssociator associator = new PolicyPrincipalAssociator(PRINCIPAL_TYPE.GROUP, group, xPolicy); - if (associator.doAssociate(false)) { - if (LOG.isDebugEnabled()) { - LOG.debug("Group name: " + group + " specified in policy does not exist in ranger admin."); - } - } else { + if (!associator.doAssociate(false)) { if (isAdmin) { rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(associator); } else { @@ -221,11 +213,7 @@ public class PolicyRefUpdater { continue; } PolicyPrincipalAssociator associator = new PolicyPrincipalAssociator(PRINCIPAL_TYPE.USER, user, xPolicy); - if (associator.doAssociate(false)) { - if (LOG.isDebugEnabled()) { - LOG.debug("User name: " + user + " specified in policy does not exist in ranger admin."); - } - } else { + if (!associator.doAssociate(false)) { if (isAdmin) { rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(associator); } else { diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java b/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java index 0e5ccd3..6ada7ee 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java @@ -107,11 +107,7 @@ public class RoleRefUpdater { } RolePrincipalAssociator associator = new RolePrincipalAssociator(PolicyRefUpdater.PRINCIPAL_TYPE.USER, roleUser, roleId); - if (associator.doAssociate(false)) { - if (LOG.isDebugEnabled()) { - LOG.debug("User name: " + roleUser + " specified in role does not exist in ranger admin."); - } - } else { + if (!associator.doAssociate(false)) { if (isCreateNonExistentUGs) { rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(associator); } else { @@ -129,11 +125,7 @@ public class RoleRefUpdater { } RolePrincipalAssociator associator = new RolePrincipalAssociator(PolicyRefUpdater.PRINCIPAL_TYPE.GROUP, roleGroup, roleId); - if (associator.doAssociate(false)) { - if (LOG.isDebugEnabled()) { - LOG.debug("Group name: " + roleGroup + " specified in role does not exist in ranger admin."); - } - } else { + if (!associator.doAssociate(false)) { if (isCreateNonExistentUGs) { rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(associator); } else { @@ -152,11 +144,7 @@ public class RoleRefUpdater { RolePrincipalAssociator associator = new RolePrincipalAssociator(PolicyRefUpdater.PRINCIPAL_TYPE.ROLE, roleRole, roleId); - if (associator.doAssociate(false)) { - if (LOG.isDebugEnabled()) { - LOG.debug("Group name: " + roleRole + " specified in role does not exist in ranger admin."); - } - } else { + if (!associator.doAssociate(false)) { throw restErrorUtil.createRESTException("Role with name: " + roleRole + " does not exist ", MessageEnums.INVALID_INPUT_DATA); } } diff --git a/security-admin/src/test/resources/stability-tests/ranger-policy/app.conf b/security-admin/src/test/resources/stability-tests/ranger-policy/app.conf index fff4277..9229907 100644 --- a/security-admin/src/test/resources/stability-tests/ranger-policy/app.conf +++ b/security-admin/src/test/resources/stability-tests/ranger-policy/app.conf @@ -17,7 +17,7 @@ MAX_ITERATION=10 # Max number of iteration performed by each python client ADM_HOST="http://localhost:6080" # Ranger ADMIN URL USERNAME="admin" # Ranger administrator user, as we should be able to create/update/delete policies/users/groups/roles -PASSWORD="admin123" # Ranger administrator password -SERVICE_NAME="test_hdfs" # Ranger service name, against which policies will be created +PASSWORD="rangerR0cks!" # Ranger administrator password +SERVICE_NAME="dev_hdfs" # Ranger service name, against which policies will be created MAX_CLIENT=5 # Max number of python clients -LOG_DIR=log # The default log directory \ No newline at end of file +LOG_DIR=log # The default log directory diff --git a/security-admin/src/test/resources/stability-tests/ranger-policy/start.sh b/security-admin/src/test/resources/stability-tests/ranger-policy/start.sh index fd00387..9844d88 100755 --- a/security-admin/src/test/resources/stability-tests/ranger-policy/start.sh +++ b/security-admin/src/test/resources/stability-tests/ranger-policy/start.sh @@ -91,7 +91,7 @@ idx=1 while [ $idx -le $MAX_CLIENT ] do LOG $INFO "Initiating: 'python ./test-hdfs-policy.py --startIndex $idx --maxIteration $MAX_ITERATION --incrementBy $MAX_CLIENT --host $ADM_HOST --username $USERNAME --password $PASSWORD --serviceName $SERVICE_NAME > $SCRIPT_LOG_DIR/script-$idx.log 2>&1 &'" - python ./test-hdfs-policy.py --startIndex $idx --maxIteration $MAX_ITERATION --incrementBy $MAX_CLIENT --host $ADM_HOST --username $USERNAME --password $PASSWORD --serviceName $SERVICE_NAME > $SCRIPT_LOG_DIR/script-$idx.log 2>&1 & + python3 ./test-hdfs-policy.py --startIndex $idx --maxIteration $MAX_ITERATION --incrementBy $MAX_CLIENT --host $ADM_HOST --username $USERNAME --password $PASSWORD --serviceName $SERVICE_NAME > $SCRIPT_LOG_DIR/script-$idx.log 2>&1 & idx=`expr $idx + 1` done