This is an automated email from the ASF dual-hosted git repository.
abhay pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 9e11e9ec9 RANGER-3861: Allow service creator user to create
users/groups/roles in default policies
9e11e9ec9 is described below
commit 9e11e9ec9d042fdbed9d14f278304517f31ec728
Author: Abhay Kulkarni <ab...@apache.org>
AuthorDate: Tue Aug 23 13:34:21 2022 -0700
RANGER-3861: Allow service creator user to create users/groups/roles in
default policies
---
.../apache/ranger/plugin/store/ServiceStore.java | 2 +
.../org/apache/ranger/biz/PolicyRefUpdater.java | 6 +--
.../java/org/apache/ranger/biz/RoleRefUpdater.java | 2 +-
.../java/org/apache/ranger/biz/ServiceDBStore.java | 60 +++++++++++-----------
.../main/java/org/apache/ranger/biz/XUserMgr.java | 22 +++++++-
.../PatchForKafkaServiceDefUpdate_J10025.java | 32 +++++++++++-
.../PatchForKafkaServiceDefUpdate_J10033.java | 34 ++++++++++--
...atchForMigratingOldRegimePolicyJson_J10046.java | 16 +++++-
.../patch/PatchForUpdatingPolicyJson_J10019.java | 16 +++++-
.../org/apache/ranger/biz/TestServiceDBStore.java | 2 +-
10 files changed, 150 insertions(+), 42 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java
b/agents-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java
index 6283e02f2..aecde05fb 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java
@@ -71,6 +71,8 @@ public interface ServiceStore {
RangerPolicy createPolicy(RangerPolicy policy) throws Exception;
+ RangerPolicy createDefaultPolicy(RangerPolicy policy) throws Exception;
+
RangerPolicy updatePolicy(RangerPolicy policy) throws Exception;
void deletePolicy(RangerPolicy policy, RangerService service) throws
Exception;
diff --git
a/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
b/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
index 6c99df4e9..6cc3509d8 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
@@ -97,7 +97,7 @@ public class PolicyRefUpdater {
@Autowired
RESTErrorUtil restErrorUtil;
- public void createNewPolMappingForRefTable(RangerPolicy policy,
XXPolicy xPolicy, XXServiceDef xServiceDef) throws Exception {
+ public void createNewPolMappingForRefTable(RangerPolicy policy,
XXPolicy xPolicy, XXServiceDef xServiceDef, boolean isDefaultPolicy) throws
Exception {
if(policy == null) {
return;
}
@@ -168,7 +168,7 @@ public class PolicyRefUpdater {
}
daoMgr.getXXPolicyRefResource().batchCreate(xPolResources);
- final boolean isAdmin = rangerBizUtil.checkAdminAccess();
+ final boolean isAdmin = rangerBizUtil.checkAdminAccess() ||
isDefaultPolicy;
List<XXPolicyRefRole> xPolRoles = new ArrayList<>();
for (String role : roleNames) {
@@ -397,7 +397,7 @@ public class PolicyRefUpdater {
ret = xUser.getId();
}
} else {
- LOG.error("serviceConfigUser:["
+ name + "] creation failed");
+ LOG.warn("serviceConfigUser:["
+ name + "] creation failed. This may be a transient/spurious condition that
may correct itself when transaction is committed");
}
}
break;
diff --git
a/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java
b/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java
index 66adac2b5..56f7ec4c8 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java
@@ -296,7 +296,7 @@ public class RoleRefUpdater {
ret = xUser.getId();
}
} else {
- LOG.error("serviceConfigUser:["
+ name + "] creation failed");
+ LOG.warn("serviceConfigUser:["
+ name + "] creation failed. This may be a transient/spurious condition that
may correct itself when transaction is committed");
}
}
break;
diff --git
a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index 41fb3bb96..913633600 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -266,19 +266,19 @@ public class ServiceDBStore extends AbstractServiceStore {
@Autowired
RESTErrorUtil restErrorUtil;
-
+
@Autowired
RangerServiceService svcService;
-
+
@Autowired
StringUtil stringUtil;
-
+
@Autowired
RangerAuditFields<?> rangerAuditFields;
-
+
@Autowired
RangerPolicyService policyService;
-
+
@Autowired
RangerPolicyLabelsService<XXPolicyLabel, ?> policyLabelsService;
@@ -1510,7 +1510,6 @@ public class ServiceDBStore extends AbstractServiceStore {
service = svcService.create(service);
}
XXService xCreatedService =
daoMgr.getXXService().getById(service.getId());
- VXUser vXUser = null;
XXServiceConfigMapDao xConfMapDao =
daoMgr.getXXServiceConfigMap();
for (Entry<String, String> configMap : validConfigs.entrySet())
{
@@ -1521,14 +1520,14 @@ public class ServiceDBStore extends
AbstractServiceStore {
String userName =
stringUtil.getValidUserName(configValue);
XXUser xxUser =
daoMgr.getXXUser().findByUserName(userName);
if (xxUser != null) {
- vXUser =
xUserService.populateViewBean(xxUser);
+ VXUser vXUser =
xUserService.populateViewBean(xxUser);
} else {
UserSessionBase usb =
ContextUtil.getCurrentUserSession();
if (usb != null && !usb.isUserAdmin()
&& !usb.isSpnegoEnabled()) {
throw
restErrorUtil.createRESTException("User does not exist with given username: ["
+ userName + "]
please use existing user", MessageEnums.OPER_NO_PERMISSION);
}
- vXUser =
xUserMgr.createServiceConfigUser(userName);
+
xUserMgr.createServiceConfigUser(userName);
}
}
@@ -1557,9 +1556,7 @@ public class ServiceDBStore extends AbstractServiceStore {
xConfMap = xConfMapDao.create(xConfMap);
}
updateTabPermissions(service.getType(), validConfigs);
- if (LOG.isDebugEnabled()) {
- LOG.debug("vXUser:[" + vXUser + "]");
- }
+
RangerService createdService =
svcService.getPopulatedViewObject(xCreatedService);
if (createdService == null) {
@@ -1684,7 +1681,7 @@ public class ServiceDBStore extends AbstractServiceStore {
service = svcService.update(service);
if (hasTagServiceValueChanged || hasIsEnabledChanged ||
hasServiceConfigForPluginChanged) {
- updatePolicyVersion(service,
RangerPolicyDelta.CHANGE_TYPE_SERVICE_CHANGE, null, false);
+ updatePolicyVersion(service,
RangerPolicyDelta.CHANGE_TYPE_SERVICE_CHANGE, null,false);
}
}
@@ -1699,7 +1696,6 @@ public class ServiceDBStore extends AbstractServiceStore {
daoMgr.getXXServiceConfigMap().remove(dbConfigMap);
}
- VXUser vXUser = null;
XXServiceConfigMapDao xConfMapDao =
daoMgr.getXXServiceConfigMap();
for (Entry<String, String> configMap : validConfigs.entrySet())
{
String configKey = configMap.getKey();
@@ -1709,14 +1705,14 @@ public class ServiceDBStore extends
AbstractServiceStore {
String userName =
stringUtil.getValidUserName(configValue);
XXUser xxUser =
daoMgr.getXXUser().findByUserName(userName);
if (xxUser != null) {
- vXUser =
xUserService.populateViewBean(xxUser);
+ VXUser vXUser =
xUserService.populateViewBean(xxUser);
} else {
UserSessionBase usb =
ContextUtil.getCurrentUserSession();
if (usb != null && !usb.isUserAdmin()) {
throw
restErrorUtil.createRESTException("User does not exist with given username: ["
+ userName + "]
please use existing user", MessageEnums.OPER_NO_PERMISSION);
}
- vXUser =
xUserMgr.createServiceConfigUser(userName);
+
xUserMgr.createServiceConfigUser(userName);
}
}
@@ -1758,9 +1754,7 @@ public class ServiceDBStore extends AbstractServiceStore {
xConfMapDao.create(xConfMap);
}
updateTabPermissions(service.getType(), validConfigs);
- if (LOG.isDebugEnabled()) {
- LOG.debug("vXUser:[" + vXUser + "]");
- }
+
RangerService updService =
svcService.getPopulatedViewObject(xUpdService);
dataHistService.createObjectDataHistory(updService,
RangerDataHistService.ACTION_UPDATE);
bizUtil.createTrxLog(trxLogList);
@@ -1994,6 +1988,15 @@ public class ServiceDBStore extends AbstractServiceStore
{
@Override
public RangerPolicy createPolicy(RangerPolicy policy) throws Exception {
+ return createPolicy(policy, false);
+ }
+
+ @Override
+ public RangerPolicy createDefaultPolicy(RangerPolicy policy) throws
Exception {
+ return createPolicy(policy, true);
+ }
+
+ public RangerPolicy createPolicy(RangerPolicy policy, boolean
isDefaultPolicy) throws Exception {
RangerService service = getServiceByName(policy.getService());
@@ -2042,7 +2045,7 @@ public class ServiceDBStore extends AbstractServiceStore {
}
XXPolicy xCreatedPolicy =
daoMgr.getXXPolicy().getById(policy.getId());
- policyRefUpdater.createNewPolMappingForRefTable(policy,
xCreatedPolicy, xServiceDef);
+ policyRefUpdater.createNewPolMappingForRefTable(policy,
xCreatedPolicy, xServiceDef, isDefaultPolicy);
createOrMapLabels(xCreatedPolicy, uniquePolicyLabels);
RangerPolicy createdPolicy =
policyService.getPopulatedViewObject(xCreatedPolicy);
@@ -2215,7 +2218,7 @@ public class ServiceDBStore extends AbstractServiceStore {
policyRefUpdater.cleanupRefTables(policy);
deleteExistingPolicyLabel(policy);
- policyRefUpdater.createNewPolMappingForRefTable(policy,
newUpdPolicy, xServiceDef);
+ policyRefUpdater.createNewPolMappingForRefTable(policy,
newUpdPolicy, xServiceDef, false);
createOrMapLabels(newUpdPolicy, uniquePolicyLabels);
RangerPolicy updPolicy =
policyService.getPopulatedViewObject(newUpdPolicy);
@@ -3277,7 +3280,7 @@ public class ServiceDBStore extends AbstractServiceStore {
if (CollectionUtils.isNotEmpty(defaultPolicies)) {
for (RangerPolicy defaultPolicy : defaultPolicies) {
- createPolicy(defaultPolicy);
+ createDefaultPolicy(defaultPolicy);
}
}
@@ -3302,7 +3305,7 @@ public class ServiceDBStore extends AbstractServiceStore {
defaultPolicy.setZoneName(zoneName);
-
createPolicy(defaultPolicy);
+
createDefaultPolicy(defaultPolicy);
}
}
}
@@ -3350,17 +3353,14 @@ public class ServiceDBStore extends
AbstractServiceStore {
if(serviceCheckUsers != null){
for (String userName : serviceCheckUsers) {
if(!StringUtils.isEmpty(userName)){
- VXUser vXUser = null;
XXUser xxUser =
daoMgr.getXXUser().findByUserName(userName);
if (xxUser != null) {
- vXUser =
xUserService.populateViewBean(xxUser);
+ VXUser vXUser =
xUserService.populateViewBean(xxUser);
} else {
- vXUser =
xUserMgr.createServiceConfigUser(userName);
- LOG.info("Creating
Ambari Service Check User : "+vXUser.getName());
- }
- if(vXUser != null){
-
users.add(vXUser.getName());
+
xUserMgr.createServiceConfigUser(userName);
+ LOG.info("Creating
Ambari Service Check User : "+ userName);
}
+
users.add(userName);
}
}
}
@@ -3454,7 +3454,7 @@ public class ServiceDBStore extends AbstractServiceStore {
throw
restErrorUtil.createRESTException("User does not exist with given username: ["
+ policyUser +
"] please use existing user", MessageEnums.OPER_NO_PERMISSION);
}
-
xUserMgr.createServiceConfigUser(userName);
+
xUserMgr.createServiceConfigUser(userName);
}
}
}
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index 9af354d09..04968ecc5 100755
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -2492,7 +2492,6 @@ public class XUserMgr extends XUserMgrBase {
}
}
- @Transactional(readOnly = false, propagation = Propagation.REQUIRES_NEW)
public VXUser createServiceConfigUser(String userName){
if (userName == null || "null".equalsIgnoreCase(userName) ||
userName.trim().isEmpty()) {
logger.error("User Name: "+userName);
@@ -2512,6 +2511,27 @@ public class XUserMgr extends XUserMgrBase {
return vXUser;
}
+ public VXUser createServiceConfigUserSynchronously(String userName){
+ if (userName == null || "null".equalsIgnoreCase(userName) ||
userName.trim().isEmpty()) {
+ logger.error("User Name: "+userName);
+ throw restErrorUtil.createRESTException("Please provide
a valid username.",MessageEnums.INVALID_INPUT_DATA);
+ }
+
+ VXUser vXUser = null;
+
+ XXUser xxUser = daoManager.getXXUser().findByUserName(userName);
+ if (xxUser == null) {
+ ExternalUserCreator externalUserCreator = new
ExternalUserCreator(userName);
+ externalUserCreator.run();
+ xxUser =
daoManager.getXXUser().findByUserName(userName);
+ }
+
+ if (xxUser != null) {
+ vXUser = xUserService.populateViewBean(xxUser);
+ }
+ return vXUser;
+ }
+
protected void validatePassword(VXUser vXUser) {
if (vXUser.getPassword() != null &&
!vXUser.getPassword().isEmpty()) {
boolean checkPassword = false;
diff --git
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForKafkaServiceDefUpdate_J10025.java
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForKafkaServiceDefUpdate_J10025.java
index 8367d3f6b..62847d725 100644
---
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForKafkaServiceDefUpdate_J10025.java
+++
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForKafkaServiceDefUpdate_J10025.java
@@ -21,6 +21,7 @@ import org.apache.commons.lang.StringUtils;
import org.apache.ranger.authorization.utils.JsonUtils;
import org.apache.ranger.biz.RangerBizUtil;
import org.apache.ranger.biz.ServiceDBStore;
+import org.apache.ranger.biz.XUserMgr;
import org.apache.ranger.common.GUIDUtil;
import org.apache.ranger.common.JSONUtil;
import org.apache.ranger.common.RangerValidatorFactory;
@@ -51,7 +52,13 @@ import org.apache.ranger.util.CLIUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;
+import org.springframework.transaction.PlatformTransactionManager;
+import org.springframework.transaction.TransactionDefinition;
+import org.springframework.transaction.TransactionStatus;
+import org.springframework.transaction.support.TransactionCallback;
+import org.springframework.transaction.support.TransactionTemplate;
import java.util.ArrayList;
import java.util.Arrays;
@@ -108,6 +115,13 @@ public class PatchForKafkaServiceDefUpdate_J10025 extends
BaseLoader {
@Autowired
ServiceDBStore svcStore;
+ @Autowired
+ XUserMgr xUserMgr;
+
+ @Autowired
+ @Qualifier(value = "transactionManager")
+ PlatformTransactionManager txManager;
+
public static void main(String[] args) {
logger.info("main()");
try {
@@ -335,7 +349,23 @@ public class PatchForKafkaServiceDefUpdate_J10025 extends
BaseLoader {
continue;
}
XXUser xxUser =
daoMgr.getXXUser().findByUserName(user);
- if (xxUser == null) {
+ if (null == xxUser) {
+ TransactionTemplate txTemplate
= new TransactionTemplate(txManager);
+
txTemplate.setPropagationBehavior(TransactionDefinition.PROPAGATION_REQUIRES_NEW);
+ try {
+ txTemplate.execute(new
TransactionCallback<Object>() {
+ @Override
+ public Object
doInTransaction(TransactionStatus status) {
+
xUserMgr.createServiceConfigUserSynchronously(user);
+ return
null;
+ }
+ });
+ } catch (Exception exception) {
+ logger.error("Cannot
create ServiceConfigUser(" + user + ")", exception);
+ }
+ }
+ xxUser =
daoMgr.getXXUser().findByUserName(user);
+ if (null == xxUser) {
throw new RuntimeException(user
+ ": user does not exist. policy='" + xxPolicy.getName()
+ "' service='"
+ xxPolicy.getService() + "' user='" + user + "'");
}
diff --git
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForKafkaServiceDefUpdate_J10033.java
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForKafkaServiceDefUpdate_J10033.java
index 9f0717a40..e78c666db 100644
---
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForKafkaServiceDefUpdate_J10033.java
+++
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForKafkaServiceDefUpdate_J10033.java
@@ -42,7 +42,13 @@ import org.apache.ranger.util.CLIUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;
+import org.springframework.transaction.PlatformTransactionManager;
+import org.springframework.transaction.TransactionDefinition;
+import org.springframework.transaction.TransactionStatus;
+import org.springframework.transaction.support.TransactionCallback;
+import org.springframework.transaction.support.TransactionTemplate;
import java.util.ArrayList;
import java.util.Arrays;
@@ -100,6 +106,10 @@ public class PatchForKafkaServiceDefUpdate_J10033 extends
BaseLoader {
@Autowired
XUserMgr xUserMgr;
+ @Autowired
+ @Qualifier(value = "transactionManager")
+ PlatformTransactionManager txManager;
+
public static void main(String[] args) {
logger.info("main()");
try {
@@ -352,17 +362,35 @@ public class PatchForKafkaServiceDefUpdate_J10033 extends
BaseLoader {
continue;
}
XXUser xxUser =
daoMgr.getXXUser().findByUserName(user);
+ Long userId = null;
if (xxUser == null) {
- logger.info(user +" user is not
found, adding user: "+user);
-
xUserMgr.createServiceConfigUser(user);
+ if (null == xxUser) {
+ logger.info(user +"
user is not found, adding user: "+user);
+ TransactionTemplate
txTemplate = new TransactionTemplate(txManager);
+
txTemplate.setPropagationBehavior(TransactionDefinition.PROPAGATION_REQUIRES_NEW);
+ try {
+
txTemplate.execute(new TransactionCallback<Object>() {
+
@Override
+ public
Object doInTransaction(TransactionStatus status) {
+
xUserMgr.createServiceConfigUserSynchronously(user);
+
return null;
+ }
+ });
+ } catch(Exception
exception) {
+
logger.error("Cannot create ServiceConfigUser(" + user + ")", exception);
+ }
+ }
+
xxUser =
daoMgr.getXXUser().findByUserName(user);
if (xxUser == null) {
throw new
RuntimeException(user + ": user does not exist. policy='" + xxPolicy.getName()
+ "' service='" +
xxPolicy.getService() + "' user='" + user + "'");
}
}
+ userId = xxUser.getId();
+
XXPolicyItemUserPerm xUserPerm = new
XXPolicyItemUserPerm();
- xUserPerm.setUserId(xxUser.getId());
+ xUserPerm.setUserId(userId);
xUserPerm.setPolicyItemId(createdXXPolicyItem.getId());
xUserPerm.setOrder(i);
xUserPerm.setAddedByUserId(currentUserId);
diff --git
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForMigratingOldRegimePolicyJson_J10046.java
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForMigratingOldRegimePolicyJson_J10046.java
index c40280629..dbffc5663 100644
---
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForMigratingOldRegimePolicyJson_J10046.java
+++
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForMigratingOldRegimePolicyJson_J10046.java
@@ -68,6 +68,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;
import org.springframework.transaction.PlatformTransactionManager;
+import org.springframework.transaction.TransactionDefinition;
import org.springframework.transaction.TransactionStatus;
import org.springframework.transaction.support.TransactionCallback;
import org.springframework.transaction.support.TransactionTemplate;
@@ -338,7 +339,19 @@ public class PatchForMigratingOldRegimePolicyJson_J10046
extends BaseLoader {
if (userObject == null) {
logger.info(user +" user is not found,
adding user: "+user);
- xUserMgr.createServiceConfigUser(user);
+ TransactionTemplate txTemplate = new
TransactionTemplate(txManager);
+
txTemplate.setPropagationBehavior(TransactionDefinition.PROPAGATION_REQUIRES_NEW);
+ try {
+ txTemplate.execute(new
TransactionCallback<Object>() {
+ @Override
+ public Object
doInTransaction(TransactionStatus status) {
+
xUserMgr.createServiceConfigUserSynchronously(user);
+ return null;
+ }
+ });
+ } catch(Exception exception) {
+ logger.error("Cannot create
ServiceConfigUser(" + user + ")", exception);
+ }
userObject =
userDao.findByUserName(user);
if (userObject == null) {
throw new Exception(user + ":
unknown user in policy [id=" + policyId + "]");
@@ -346,6 +359,7 @@ public class PatchForMigratingOldRegimePolicyJson_J10046
extends BaseLoader {
}
userId = userObject.getId();
+ logger.info("userId:"+userId);
userIdMap.put(user, userId);
}
diff --git
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForUpdatingPolicyJson_J10019.java
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForUpdatingPolicyJson_J10019.java
index ae6158ab0..6eb3315e7 100644
---
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForUpdatingPolicyJson_J10019.java
+++
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForUpdatingPolicyJson_J10019.java
@@ -92,6 +92,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;
import org.springframework.transaction.PlatformTransactionManager;
+import org.springframework.transaction.TransactionDefinition;
import org.springframework.transaction.TransactionStatus;
import org.springframework.transaction.support.TransactionCallback;
import org.springframework.transaction.support.TransactionTemplate;
@@ -356,7 +357,19 @@ public class PatchForUpdatingPolicyJson_J10019 extends
BaseLoader {
if (userObject == null) {
logger.info(user +" user is not found,
adding user: "+user);
- xUserMgr.createServiceConfigUser(user);
+ TransactionTemplate txTemplate = new
TransactionTemplate(txManager);
+
txTemplate.setPropagationBehavior(TransactionDefinition.PROPAGATION_REQUIRES_NEW);
+ try {
+ txTemplate.execute(new
TransactionCallback<Object>() {
+ @Override
+ public Object
doInTransaction(TransactionStatus status) {
+
xUserMgr.createServiceConfigUserSynchronously(user);
+ return null;
+ }
+ });
+ } catch(Exception exception) {
+ logger.error("Cannot create
ServiceConfigUser(" + user + ")", exception);
+ }
userObject =
userDao.findByUserName(user);
if (userObject == null) {
throw new Exception(user + ":
unknown user in policy [id=" + policyId + "]");
@@ -364,6 +377,7 @@ public class PatchForUpdatingPolicyJson_J10019 extends
BaseLoader {
}
userId = userObject.getId();
+ logger.info("userId:"+userId);
userIdMap.put(user, userId);
}
diff --git
a/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
b/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
index dfb5814f3..a80f12efb 100644
--- a/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
+++ b/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
@@ -1706,7 +1706,7 @@ public class TestServiceDBStore {
Mockito.when(daoManager.getXXPolicy()).thenReturn(xPolicyDao);
Mockito.when(xPolicyDao.getById(Id)).thenReturn(xPolicy);
-
Mockito.doNothing().when(policyRefUpdater).createNewPolMappingForRefTable(rangerPolicy,
xPolicy, xServiceDef);
+
Mockito.doNothing().when(policyRefUpdater).createNewPolMappingForRefTable(rangerPolicy,
xPolicy, xServiceDef, false);
Mockito.when(policyService.getPopulatedViewObject(xPolicy)).thenReturn(rangerPolicy);
Mockito.when(daoManager.getXXService()).thenReturn(xServiceDao);
