Repository: ranger Updated Branches: refs/heads/master 38141722e -> b087c4ccb
RANGER-2092: Fixed code to update the cache for user group mapping. Also fixed a minor code to handle exception properly and also minor bug to load default ugsync config file first Project: http://git-wip-us.apache.org/repos/asf/ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/b087c4cc Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/b087c4cc Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/b087c4cc Branch: refs/heads/master Commit: b087c4ccb804cb84ffc622a07d8ea25e900eb35a Parents: 3814172 Author: Sailaja Polavarapu <[email protected]> Authored: Thu May 3 08:07:31 2018 -0700 Committer: Sailaja Polavarapu <[email protected]> Committed: Thu May 3 08:07:31 2018 -0700 ---------------------------------------------------------------------- .../config/UserGroupSyncConfig.java | 2 +- .../ranger/unixusersync/model/XUserInfo.java | 6 ++++++ .../process/PolicyMgrUserGroupBuilder.java | 20 ++++++++++++-------- 3 files changed, 19 insertions(+), 9 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ranger/blob/b087c4cc/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java ---------------------------------------------------------------------- diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java index 18d39ed..27506d1 100644 --- a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java +++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java @@ -257,9 +257,9 @@ public class UserGroupSyncConfig { } private void init() { + XMLUtils.loadConfig(DEFAULT_CONFIG_FILE, prop); XMLUtils.loadConfig(CORE_SITE_CONFIG_FILE, prop); XMLUtils.loadConfig(CONFIG_FILE, prop); - XMLUtils.loadConfig(DEFAULT_CONFIG_FILE, prop); } public String getUserSyncFileSource(){ http://git-wip-us.apache.org/repos/asf/ranger/blob/b087c4cc/ugsync/src/main/java/org/apache/ranger/unixusersync/model/XUserInfo.java ---------------------------------------------------------------------- diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/model/XUserInfo.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/model/XUserInfo.java index 4f6ac46..5b81437 100644 --- a/ugsync/src/main/java/org/apache/ranger/unixusersync/model/XUserInfo.java +++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/model/XUserInfo.java @@ -56,6 +56,12 @@ public class XUserInfo { return groupNameList; } + public void deleteGroups(List<String> delGroups) { + for (String delGroup : delGroups) { + groupNameList.remove(delGroup); + } + } + public List<String> getGroups() { return groupNameList; } http://git-wip-us.apache.org/repos/asf/ranger/blob/b087c4cc/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java ---------------------------------------------------------------------- diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java index 25e1564..cb9b51c 100644 --- a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java +++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java @@ -459,6 +459,9 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink { if (! isMockRun ) { delXUserGroupInfo(user, delGroups); + //Remove groups from user mapping + userName2XUserInfoMap.get(userName).deleteGroups(delGroups); + LOG.debug(userName2XUserInfoMap.get(userName).getGroups()); } if (! isMockRun) { if (!updateGroups.isEmpty()) { @@ -785,7 +788,8 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink { return ret; } - private void getUserGroupInfo(UserGroupInfo ret, UserGroupInfo usergroupInfo) { + private UserGroupInfo getUserGroupInfo(UserGroupInfo usergroupInfo) { + UserGroupInfo ret = null; if(LOG.isDebugEnabled()){ LOG.debug("==> PolicyMgrUserGroupBuilder.getUsergroupInfo(UserGroupInfo ret, UserGroupInfo usergroupInfo)"); } @@ -824,6 +828,7 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink { if(LOG.isDebugEnabled()){ LOG.debug("<== PolicyMgrUserGroupBuilder.getUsergroupInfo(UserGroupInfo ret, UserGroupInfo usergroupInfo)"); } + return ret; } @@ -932,26 +937,25 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink { if (authenticationType != null && AUTH_KERBEROS.equalsIgnoreCase(authenticationType) && SecureClientLogin.isKerberosCredentialExists(principal, keytab)) { try { Subject sub = SecureClientLogin.loginUserFromKeytab(principal, keytab, nameRules); - final UserGroupInfo result = ret; final UserGroupInfo ugInfo = usergroupInfo; - Subject.doAs(sub, new PrivilegedAction<Void>() { + ret = Subject.doAs(sub, new PrivilegedAction<UserGroupInfo>() { @Override - public Void run() { + public UserGroupInfo run() { try { - getUserGroupInfo(result, ugInfo); + return getUserGroupInfo(ugInfo); } catch (Exception e) { LOG.error("Failed to add User Group Info : ", e); } return null; } }); - ret = result; + return ret; } catch (Exception e) { LOG.error("Failed to Authenticate Using given Principal and Keytab : ",e); } } else { try { - getUserGroupInfo(ret, usergroupInfo); + ret = getUserGroupInfo(usergroupInfo); } catch (Throwable t) { LOG.error("Failed to add User Group Info : ", t); } @@ -1046,7 +1050,7 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink { if (group != null) { if (authenticationType != null && AUTH_KERBEROS.equalsIgnoreCase(authenticationType) && SecureClientLogin.isKerberosCredentialExists(principal, keytab)) { try { - LOG.info("Using principal = " + principal + " and keytab = " + keytab); + LOG.debug("Using principal = " + principal + " and keytab = " + keytab); Subject sub = SecureClientLogin.loginUserFromKeytab(principal, keytab, nameRules); Subject.doAs(sub, new PrivilegedAction<Void>() { @Override
