ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From spolavar...@apache.org
Subject ranger git commit: RANGER-2092: Fixed code to update the cache for user group mapping. Also fixed a minor code to handle exception properly and also minor bug to load default ugsync config file first
Date Thu, 03 May 2018 15:07:47 GMT
Repository: ranger
Updated Branches:
  refs/heads/master 38141722e -> b087c4ccb


RANGER-2092: Fixed code to update the cache for user group mapping. Also fixed a minor code
to handle exception properly and also minor bug to load default ugsync config file first


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/b087c4cc
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/b087c4cc
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/b087c4cc

Branch: refs/heads/master
Commit: b087c4ccb804cb84ffc622a07d8ea25e900eb35a
Parents: 3814172
Author: Sailaja Polavarapu <spolavarapu@hortonworks.com>
Authored: Thu May 3 08:07:31 2018 -0700
Committer: Sailaja Polavarapu <spolavarapu@hortonworks.com>
Committed: Thu May 3 08:07:31 2018 -0700

----------------------------------------------------------------------
 .../config/UserGroupSyncConfig.java             |  2 +-
 .../ranger/unixusersync/model/XUserInfo.java    |  6 ++++++
 .../process/PolicyMgrUserGroupBuilder.java      | 20 ++++++++++++--------
 3 files changed, 19 insertions(+), 9 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/b087c4cc/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
----------------------------------------------------------------------
diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
index 18d39ed..27506d1 100644
--- a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
+++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
@@ -257,9 +257,9 @@ public class UserGroupSyncConfig  {
 	}
 
 	private void init() {
+		XMLUtils.loadConfig(DEFAULT_CONFIG_FILE, prop);
 		XMLUtils.loadConfig(CORE_SITE_CONFIG_FILE, prop);
 		XMLUtils.loadConfig(CONFIG_FILE, prop);
-		XMLUtils.loadConfig(DEFAULT_CONFIG_FILE, prop);
 	}
 
 	public String getUserSyncFileSource(){

http://git-wip-us.apache.org/repos/asf/ranger/blob/b087c4cc/ugsync/src/main/java/org/apache/ranger/unixusersync/model/XUserInfo.java
----------------------------------------------------------------------
diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/model/XUserInfo.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/model/XUserInfo.java
index 4f6ac46..5b81437 100644
--- a/ugsync/src/main/java/org/apache/ranger/unixusersync/model/XUserInfo.java
+++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/model/XUserInfo.java
@@ -56,6 +56,12 @@ public class XUserInfo {
 		return groupNameList;
 	}
 
+	public void deleteGroups(List<String> delGroups) {
+		for (String delGroup : delGroups) {
+			groupNameList.remove(delGroup);
+		}
+	}
+
 	public List<String> getGroups() {
 		return groupNameList;
 	}

http://git-wip-us.apache.org/repos/asf/ranger/blob/b087c4cc/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
----------------------------------------------------------------------
diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
index 25e1564..cb9b51c 100644
--- a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
+++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
@@ -459,6 +459,9 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
 
  			if (! isMockRun ) {
  				delXUserGroupInfo(user, delGroups);
+				//Remove groups from user mapping
+				userName2XUserInfoMap.get(userName).deleteGroups(delGroups);
+				LOG.debug(userName2XUserInfoMap.get(userName).getGroups());
  			}
 			if (! isMockRun) {
                 if (!updateGroups.isEmpty()) {
@@ -785,7 +788,8 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
 		return ret;
 	}
 
-	private void getUserGroupInfo(UserGroupInfo ret, UserGroupInfo usergroupInfo) {
+	private UserGroupInfo getUserGroupInfo(UserGroupInfo usergroupInfo) {
+		UserGroupInfo ret = null;
 		if(LOG.isDebugEnabled()){
 			LOG.debug("==> PolicyMgrUserGroupBuilder.getUsergroupInfo(UserGroupInfo ret, UserGroupInfo
usergroupInfo)");
 		}
@@ -824,6 +828,7 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
 		if(LOG.isDebugEnabled()){
 			LOG.debug("<== PolicyMgrUserGroupBuilder.getUsergroupInfo(UserGroupInfo ret, UserGroupInfo
usergroupInfo)");
 		}
+		return ret;
 	}
 
 
@@ -932,26 +937,25 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
 		if (authenticationType != null && AUTH_KERBEROS.equalsIgnoreCase(authenticationType)
&& SecureClientLogin.isKerberosCredentialExists(principal, keytab)) {
 			try {
 				Subject sub = SecureClientLogin.loginUserFromKeytab(principal, keytab, nameRules);
-				final UserGroupInfo result = ret;
 				final UserGroupInfo ugInfo = usergroupInfo;
-				Subject.doAs(sub, new PrivilegedAction<Void>() {
+				ret = Subject.doAs(sub, new PrivilegedAction<UserGroupInfo>() {
 					@Override
-					public Void run() {
+					public UserGroupInfo run() {
 						try {
-							getUserGroupInfo(result, ugInfo);
+							return getUserGroupInfo(ugInfo);
 						} catch (Exception e) {
 							LOG.error("Failed to add User Group Info : ", e);
 						}
 						return null;
 					}
 				});
-				ret = result;
+				return ret;
 			} catch (Exception e) {
 				LOG.error("Failed to Authenticate Using given Principal and Keytab : ",e);
 			}
 		} else {
 			try {
-				getUserGroupInfo(ret, usergroupInfo);
+				ret = getUserGroupInfo(usergroupInfo);
 			} catch (Throwable t) {
 				LOG.error("Failed to add User Group Info : ", t);
 			}
@@ -1046,7 +1050,7 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
 			if (group != null) {
 				if (authenticationType != null && AUTH_KERBEROS.equalsIgnoreCase(authenticationType)
&& SecureClientLogin.isKerberosCredentialExists(principal, keytab)) {
 					try {
-						LOG.info("Using principal = " + principal + " and keytab = " + keytab);
+						LOG.debug("Using principal = " + principal + " and keytab = " + keytab);
 						Subject sub = SecureClientLogin.loginUserFromKeytab(principal, keytab, nameRules);
 						Subject.doAs(sub, new PrivilegedAction<Void>() {
 							@Override


Mime
View raw message