This is an automated email from the ASF dual-hosted git repository. mehul pushed a commit to branch ranger-2.2 in repository https://gitbox.apache.org/repos/asf/ranger.git
commit faae58f507fde28cfb45d76665571417a85870d2 Author: Sailaja Polavarapu <[email protected]> AuthorDate: Mon Aug 31 11:29:23 2020 -0700 RANGER-2940: Added code to update user roles when group memberships are changed with AD/LDAP incremental sync --- .../main/java/org/apache/ranger/biz/XUserMgr.java | 79 +++++++- .../java/org/apache/ranger/rest/XUserREST.java | 10 +- .../ranger/view/VXUsersGroupRoleAssignments.java | 45 +++-- .../process/LdapPolicyMgrUserGroupBuilder.java | 223 ++++++++++++++------- ...oupList.java => UsersGroupRoleAssignments.java} | 32 ++- 5 files changed, 276 insertions(+), 113 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java index 6a5ca7b..323d3d3 100755 --- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java @@ -649,7 +649,7 @@ public class XUserMgr extends XUserMgrBase { return vxGUInfo; } - + public VXGroupUserInfo getXGroupUserFromMap( String groupName) { checkAdminAccess(); @@ -687,7 +687,7 @@ public class XUserMgr extends XUserMgrBase { } vxu.add(vxUser); } - + } vxGUInfo.setXuserInfo(vxu); @@ -745,13 +745,13 @@ public class XUserMgr extends XUserMgrBase { throw restErrorUtil.create403RESTException("Logged-In user is not allowed to access requested user data."); } } - + if(vXUser!=null && !hasAccessToModule(RangerConstants.MODULE_USER_GROUPS)){ vXUser=getMaskedVXUser(vXUser); } return vXUser; } - + private boolean hasAccessToGetUserInfo(VXUser requestedVXUser) { UserSessionBase userSession = ContextUtil.getCurrentUserSession(); if (userSession != null && userSession.getLoginId() != null) { @@ -761,9 +761,9 @@ public class XUserMgr extends XUserMgrBase { if (loggedInVXUser.getUserRoleList().size() == 1 && loggedInVXUser.getUserRoleList().contains( RangerConstants.ROLE_USER)) { - + return requestedVXUser.getId().equals(loggedInVXUser.getId()) ? true : false; - + }else{ return true; } @@ -779,7 +779,7 @@ public class XUserMgr extends XUserMgrBase { public VXGroup getXGroup(Long id) { VXGroup vXGroup=null; - + UserSessionBase userSession = ContextUtil.getCurrentUserSession(); if (userSession != null && userSession.getLoginId() != null) { VXUser loggedInVXUser = xUserService.getXUserByUserName(userSession @@ -1540,6 +1540,71 @@ public class XUserMgr extends XUserMgrBase { } + public List<String> updateUserRoleAssignments(VXUsersGroupRoleAssignments ugRoleAssignments) { + List<String> updatedUsers = new ArrayList<>(); + // For each user get groups and compute roles based on group role assignments + for (String userName : ugRoleAssignments.getUsers()) { + if (userMgr.getUserProfileByLoginId(userName) == null) { + logger.info(userName + " doesn't exist and hence ignoring role assignments"); + continue; + } + Set<String> userRoleList = new HashSet<>(); + Map<String, String> userMap = ugRoleAssignments.getUserRoleAssignments(); + if (!userMap.isEmpty() && userMap.containsKey(userName)) { + // Add the user role that is defined in user role assignments + userRoleList.add(userMap.get(userName)); + } + Map<String, String> groupMap = ugRoleAssignments.getGroupRoleAssignments(); + + if (!groupMap.isEmpty()) { + for (String group : getGroupsForUser(userName)) { + String value = groupMap.get(group); + if (value != null) { + userRoleList.add(value); + } + } + } + if (userRoleList.isEmpty()) { + userRoleList.add(RangerConstants.ROLE_USER); + } + String updatedUser = setRolesByUserName(userName, new ArrayList<>(userRoleList)); + if (updatedUser != null) { + updatedUsers.add(updatedUser); + } + } + return updatedUsers; + } + + private String setRolesByUserName(String userName, List<String> roleListNewProfile) { + if (logger.isDebugEnabled()) { + logger.debug("==> XUserMgr.setRolesByUserName(" + userName + ", " + roleListNewProfile + ")"); + } + String ret = null; + xaBizUtil.blockAuditorRoleUser(); + if (roleListNewProfile == null) { + roleListNewProfile = new ArrayList<String>(); + } + + if(userName!=null && roleListNewProfile.size()>0){ + checkAccessRoles(roleListNewProfile); + VXPortalUser oldUserProfile = userMgr.getUserProfileByLoginId(userName); + if(oldUserProfile!=null){ + denySelfRoleChange(oldUserProfile.getLoginId()); + updateUserRolesPermissions(oldUserProfile,roleListNewProfile); + logger.info("<== XUserMgr.setRolesByUserName returned roles for " + userName + " are: " + roleListNewProfile ); + ret = userName; + }else{ + logger.error(userName + "doesn't exist."); + } + }else{ + logger.error(userName + "doesn't exist or new role assignments are empty"); + } + if (logger.isDebugEnabled()) { + logger.debug("<== XUserMgr.setRolesByUserName(" + userName + ", " + roleListNewProfile + ") ret = " + ret); + } + return ret; + } + public VXStringList getUserRolesByExternalID(Long userId) { VXUser vXUser=getXUser(userId); if(vXUser==null){ diff --git a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java b/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java index 8ad5bad..e299f1f 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java @@ -306,7 +306,15 @@ public class XUserREST { public VXUserGroupInfo createXUserGroupFromMap(VXUserGroupInfo vXUserGroupInfo) { return xUserMgr.createXUserGroupFromMap(vXUserGroupInfo); } - + + @POST + @Path("/users/roleassignments") + @Produces({ "application/xml", "application/json" }) + @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") + public List<String> setXUserRolesByName(VXUsersGroupRoleAssignments ugRoleAssignments) { + return xUserMgr.updateUserRoleAssignments(ugRoleAssignments); + } + @POST @Path("/secure/users") @Produces({ "application/xml", "application/json" }) diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/model/UserGroupList.java b/security-admin/src/main/java/org/apache/ranger/view/VXUsersGroupRoleAssignments.java similarity index 64% copy from ugsync/src/main/java/org/apache/ranger/unixusersync/model/UserGroupList.java copy to security-admin/src/main/java/org/apache/ranger/view/VXUsersGroupRoleAssignments.java index 4553d02..848a2c1 100644 --- a/ugsync/src/main/java/org/apache/ranger/unixusersync/model/UserGroupList.java +++ b/security-admin/src/main/java/org/apache/ranger/view/VXUsersGroupRoleAssignments.java @@ -17,41 +17,50 @@ * under the License. */ -package org.apache.ranger.unixusersync.model; - -import java.util.List; - -import javax.xml.bind.annotation.XmlRootElement; +package org.apache.ranger.view; import org.codehaus.jackson.annotate.JsonAutoDetect; -import org.codehaus.jackson.annotate.JsonIgnoreProperties; import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility; +import org.codehaus.jackson.annotate.JsonIgnoreProperties; import org.codehaus.jackson.map.annotate.JsonSerialize; +import javax.xml.bind.annotation.XmlRootElement; +import java.util.List; +import java.util.Map; + @JsonAutoDetect(getterVisibility = Visibility.NONE, setterVisibility = Visibility.NONE, fieldVisibility = Visibility.ANY) @JsonSerialize(include = JsonSerialize.Inclusion.NON_NULL) @JsonIgnoreProperties(ignoreUnknown = true) @XmlRootElement -public class UserGroupList { +public class VXUsersGroupRoleAssignments { + + List<String> users; + + Map<String, String> groupRoleAssignments; - String user; - - List<String> groups; + Map<String, String> userRoleAssignments; - public String getUser() { - return user; + public List<String> getUsers() { + return users; } - public void setUser(String user) { - this.user = user; + public void setUsers(List<String> users) { + this.users = users; } - public List<String> getGroups() { - return groups; + public Map<String, String> getGroupRoleAssignments() { + return groupRoleAssignments; } - public void setGroups(List<String> groups) { - this.groups = groups; + public void setGroupRoleAssignments(Map<String, String> groupRoleAssignments) { + this.groupRoleAssignments = groupRoleAssignments; } + public Map<String, String> getUserRoleAssignments() { + return userRoleAssignments; + } + + public void setUserRoleAssignments(Map<String, String> userRoleAssignments) { + this.userRoleAssignments = userRoleAssignments; + } } \ No newline at end of file diff --git a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java index 8dc05b0..72080fc 100644 --- a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java +++ b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java @@ -28,8 +28,11 @@ import java.util.HashMap; import java.util.LinkedHashMap; import java.util.List; import java.util.Map; +import java.util.Set; +import java.util.HashSet; import java.util.StringTokenizer; import java.util.regex.Pattern; +import java.lang.reflect.Type; import javax.security.auth.Subject; import javax.servlet.http.HttpServletResponse; @@ -50,32 +53,30 @@ import org.apache.ranger.usergroupsync.UserGroupSink; import com.google.common.collect.Table; import com.google.gson.Gson; import com.google.gson.GsonBuilder; +import com.google.gson.reflect.TypeToken; import com.sun.jersey.api.client.ClientResponse; public class LdapPolicyMgrUserGroupBuilder implements UserGroupSink { private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder.class); - - private static final String AUTHENTICATION_TYPE = "hadoop.security.authentication"; + + private static final String AUTHENTICATION_TYPE = "hadoop.security.authentication"; private String AUTH_KERBEROS = "kerberos"; private static final String PRINCIPAL = "ranger.usersync.kerberos.principal"; private static final String KEYTAB = "ranger.usersync.kerberos.keytab"; private static final String NAME_RULE = "hadoop.security.auth_to_local"; - - public static final String PM_USER_LIST_URI = "/service/xusers/users/"; // GET + private static final String PM_ADD_USER_GROUP_INFO_URI = "/service/xusers/users/userinfo"; // POST - + public static final String PM_UPDATE_USERS_ROLES_URI = "/service/xusers/users/roleassignments"; // PUT + private static final String PM_ADD_GROUP_USER_INFO_URI = "/service/xusers/groups/groupinfo"; // POST - - public static final String PM_GROUP_LIST_URI = "/service/xusers/groups/"; // GET + private static final String PM_ADD_GROUP_URI = "/service/xusers/groups/"; // POST - + private static final String PM_DEL_USER_GROUP_LINK_URI = "/service/xusers/group/${groupName}/user/${userName}"; // DELETE - - public static final String PM_USER_GROUP_MAP_LIST_URI = "/service/xusers/groupusers/"; // GET - + public static final String PM_GET_GROUP_USER_MAP_LIST_URI = "/service/xusers/groupusers/groupName/${groupName}"; // GET - + private static final String PM_ADD_LOGIN_USER_URI = "/service/users/default"; // POST private static final String PM_AUDIT_INFO_URI = "/service/xusers/ugsync/auditinfo/"; // POST @@ -95,8 +96,6 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder private UserGroupInfo usergroupInfo = new UserGroupInfo(); private GroupUserInfo groupuserInfo = new GroupUserInfo(); private volatile RangerUgSyncRESTClient ldapUgSyncClient; - - Table<String, String, String> groupsUsersTable; private String authenticationType = null; String principal; @@ -113,7 +112,7 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder LOCAL_HOSTNAME = "unknown"; } } - + synchronized public void init() throws Throwable { recordsToPullPerCall = config.getMaxRecordsPerAPICall(); policyMgrBaseUrl = config.getPolicyManagerBaseURL(); @@ -169,7 +168,7 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder } } - + private XGroupInfo addGroupInfo(final String groupName, Map<String, String> groupAttrs){ XGroupInfo ret = null; XGroupInfo group = null; @@ -203,17 +202,17 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder return null; } else { return getAddedGroupInfo(group); - } + } } - + private XGroupInfo addXGroupInfo(String aGroupName, Map<String, String> groupAttrs) { - + XGroupInfo addGroup = new XGroupInfo(); - + addGroup.setName(aGroupName); - + addGroup.setDescription(aGroupName + " - add from Unix box"); - + addGroup.setGroupType("1"); addGroup.setGroupSource(GROUP_SOURCE_EXTERNAL); @@ -224,7 +223,7 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder return addGroup; } - private XGroupInfo getAddedGroupInfo(XGroupInfo group){ + private XGroupInfo getAddedGroupInfo(XGroupInfo group){ XGroupInfo ret = null; String response = null; ClientResponse clientRes = null; @@ -304,7 +303,7 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder if (LOG.isDebugEnabled()) { LOG.debug("INFO: addPMXAUser(" + userName + ")"); } - + if (! isMockRun) { user = addXUserInfo(userName, userAttrs); } @@ -343,7 +342,7 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder return getUsergroupInfo(ret); } } - + private XUserInfo addXUserInfo(String aUserName, Map<String, String> userAttrs) { if (LOG.isDebugEnabled()) { @@ -359,17 +358,19 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder Gson gson = new Gson(); xuserInfo.setOtherAttributes(gson.toJson(userAttrs)); } - if (userMap.containsKey(aUserName)) { - List<String> roleList = new ArrayList<String>(); - roleList.add(userMap.get(aUserName)); - xuserInfo.setUserRoleList(roleList); - } + List<String> roleList = new ArrayList<String>(); + if (userMap.containsKey(aUserName)) { + roleList.add(userMap.get(aUserName)); + }else{ + roleList.add("ROLE_USER"); + } + xuserInfo.setUserRoleList(roleList); usergroupInfo.setXuserInfo(xuserInfo); if(LOG.isDebugEnabled()) { LOG.debug("<== LdapPolicyMgrUserGroupBuilder.addXUserInfo " + aUserName + " and " + userAttrs); } - + return xuserInfo; } @@ -378,7 +379,6 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder if(LOG.isDebugEnabled()) { LOG.debug("==> LdapPolicyMgrUserGroupBuilder.addXUserGroupInfo "); } - List<XGroupInfo> xGroupInfoList = new ArrayList<XGroupInfo>(); if (CollectionUtils.isNotEmpty(aGroupList)) { @@ -388,24 +388,24 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder addXUserGroupInfo(aUserInfo, group); } } - + usergroupInfo.setXgroupInfo(xGroupInfoList); if(LOG.isDebugEnabled()) { LOG.debug("<== LdapPolicyMgrUserGroupBuilder.addXUserGroupInfo "); } } - + private XUserGroupInfo addXUserGroupInfo(XUserInfo aUserInfo, XGroupInfo aGroupInfo) { - - + + XUserGroupInfo ugInfo = new XUserGroupInfo(); - + ugInfo.setUserId(aUserInfo.getId()); - + ugInfo.setGroupName(aGroupInfo.getName()); - + // ugInfo.setParentGroupId("1"); - + return ugInfo; } @@ -480,8 +480,8 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder } } else { groupUserInfo = getGroupUserInfo(groupName); - } - + } + List<String> oldUsers = new ArrayList<String>(); Map<String, List<String>> oldUserMap = new HashMap<String, List<String>>(); if (groupUserInfo != null && groupUserInfo.getXuserInfo() != null) { @@ -493,10 +493,10 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder LOG.debug("Returned users for group " + groupUserInfo.getXgroupInfo().getName() + " are: " + oldUsers); } } - + List<String> addUsers = new ArrayList<String>(); List<String> delUsers = new ArrayList<String>(); - + for (String user : oldUsers) { if (!users.contains(user)) { delUsers.add(user); @@ -515,18 +515,114 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder LOG.debug("addUsers = " + addUsers); } delXGroupUserInfo(groupName, delUsers); - - //* Add user to group mapping in the x_group_user table. + + //* Add user to group mapping in the x_group_user table. //* Here the assumption is that the user already exists in x_portal_user table. if ( ! isMockRun ) { - // If the rest call to ranger admin fails, + // If the rest call to ranger admin fails, // propagate the failure to the caller for retry in next sync cycle. - if (addGroupUserInfo(groupName, groupAttrs, addUsers) == null ) { + GroupUserInfo ret = addGroupUserInfo(groupName, groupAttrs, addUsers); + if (ret == null ) { String msg = "Failed to add addorUpdate group user info"; LOG.error(msg); throw new Exception(msg); } } + + // Update roles for both deleted & new users in this group when role assignments are configured. + if (!groupMap.isEmpty() || !userMap.isEmpty()) { + UsersGroupRoleAssignments ugRoleAssignments = new UsersGroupRoleAssignments(); + List<String> allUsers = new ArrayList<>(); + if (!delUsers.isEmpty()) { + allUsers.addAll(delUsers); + } + if (!addUsers.isEmpty()) { + allUsers.addAll(addUsers); + } + if (!allUsers.isEmpty()) { + ugRoleAssignments.setUsers(allUsers); + ugRoleAssignments.setGroupRoleAssignments(groupMap); + ugRoleAssignments.setUserRoleAssignments(userMap); + if (updateRoles(ugRoleAssignments) == null) { + LOG.error("Unable to update roles for " + allUsers); + } + } + } + } + + private List<String> updateRoles(UsersGroupRoleAssignments ugRoleAssignments) { + if (LOG.isDebugEnabled()) { + LOG.debug("LdapPolicyMgrUserGroupBuilder.updateUserRole(" + ugRoleAssignments.getUsers() + ")"); + } + + if (authenticationType != null && AUTH_KERBEROS.equalsIgnoreCase(authenticationType) && SecureClientLogin.isKerberosCredentialExists(principal, keytab)){ + try { + Subject sub = SecureClientLogin.loginUserFromKeytab(principal, keytab, nameRules); + final UsersGroupRoleAssignments result = ugRoleAssignments; + List<String> ret = Subject.doAs(sub, new PrivilegedAction<List<String>>() { + @Override + public List<String> run() { + try { + return updateUsersRoles(result); + } catch (Exception e) { + LOG.error("Failed to add User Group Info : ", e); + } + return null; + } + }); + return ret; + } catch (Exception e) { + LOG.error("Failed to Authenticate Using given Principal and Keytab : " , e); + } + return null; + }else{ + return updateUsersRoles(ugRoleAssignments); + } + } + + private List<String> updateUsersRoles(UsersGroupRoleAssignments ugRoleAssignments) { + if(LOG.isDebugEnabled()){ + LOG.debug("==> LdapPolicyMgrUserGroupBuilder.updateUserRoles(" + ugRoleAssignments.getUsers() + ")"); + } + List<String> ret = null; + try { + String response = null; + ClientResponse clientRes = null; + Gson gson = new GsonBuilder().create(); + String jsonString = gson.toJson(ugRoleAssignments); + String url = PM_UPDATE_USERS_ROLES_URI; + + if (LOG.isDebugEnabled()) { + LOG.debug("USER role MAPPING" + jsonString); + } + if (isRangerCookieEnabled) { + response = cookieBasedUploadEntity(ugRoleAssignments, url); + } else { + try { + clientRes = ldapUgSyncClient.post(url, null, ugRoleAssignments); + if (clientRes != null) { + response = clientRes.getEntity(String.class); + } + } catch (Throwable t) { + LOG.error("Failed to get response, Error is : ", t); + } + } + if (LOG.isDebugEnabled()) { + LOG.debug("RESPONSE: [" + response + "]"); + } + Type listType = new TypeToken<ArrayList<String>>() { + }.getType(); + ret = new Gson().fromJson(response, listType); + + } catch (Exception e) { + + LOG.warn( "ERROR: Unable to update roles for: " + ugRoleAssignments.getUsers(), e); + } + + if(LOG.isDebugEnabled()){ + LOG.debug("<== LdapPolicyMgrUserGroupBuilder.updateUserRoles(" + ret + ")"); + } + return ret; } @Override @@ -692,7 +788,7 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder LOG.debug("<== LdapPolicyMgrUserGroupBuilder.delXUserGroupInfo()"); } } - + private GroupUserInfo addGroupUserInfo(String groupName, Map<String, String> groupAttrs, List<String> users){ if(LOG.isDebugEnabled()) { LOG.debug("==> LdapPolicyMgrUserGroupBuilder.addGroupUserInfo " + groupName + " and " + users); @@ -738,7 +834,7 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder return getGroupUserInfo(ret); } } - + private void addXGroupUserInfo(XGroupInfo aGroupInfo, List<String> aUserList) { List<XUserInfo> xUserInfoList = new ArrayList<XUserInfo>(); @@ -760,32 +856,7 @@ private static final Logger LOG = Logger.getLogger(LdapPolicyMgrUserGroupBuilder ClientResponse clientRes = null; String relativeUrl = PM_ADD_GROUP_USER_INFO_URI; Gson gson = new GsonBuilder().create(); - - - if (groupuserInfo != null - && groupuserInfo.getXgroupInfo() != null - && groupuserInfo.getXuserInfo() != null - && groupMap - .containsKey(groupuserInfo.getXgroupInfo().getName()) - && groupuserInfo.getXuserInfo().size() > 0) { - List<String> userRoleList = new ArrayList<String>(); - userRoleList.add(groupMap.get(groupuserInfo.getXgroupInfo() - .getName())); - int i = groupuserInfo.getXuserInfo().size(); - for (int j = 0; j < i; j++) { - if (userMap.containsKey(groupuserInfo.getXuserInfo().get(j) - .getName())) { - List<String> userRole = new ArrayList<String>(); - userRole.add(userMap.get(groupuserInfo.getXuserInfo() - .get(j).getName())); - groupuserInfo.getXuserInfo().get(j) - .setUserRoleList(userRole); - } else { - groupuserInfo.getXuserInfo().get(j) - .setUserRoleList(userRoleList); - } - } - } + String jsonString = gson.toJson(groupuserInfo); if (LOG.isDebugEnabled()) { LOG.debug("GROUP USER MAPPING" + jsonString); diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/model/UserGroupList.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/model/UsersGroupRoleAssignments.java similarity index 66% rename from ugsync/src/main/java/org/apache/ranger/unixusersync/model/UserGroupList.java rename to ugsync/src/main/java/org/apache/ranger/unixusersync/model/UsersGroupRoleAssignments.java index 4553d02..e6cabdb 100644 --- a/ugsync/src/main/java/org/apache/ranger/unixusersync/model/UserGroupList.java +++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/model/UsersGroupRoleAssignments.java @@ -20,6 +20,7 @@ package org.apache.ranger.unixusersync.model; import java.util.List; +import java.util.Map; import javax.xml.bind.annotation.XmlRootElement; @@ -32,26 +33,35 @@ import org.codehaus.jackson.map.annotate.JsonSerialize; @JsonSerialize(include = JsonSerialize.Inclusion.NON_NULL) @JsonIgnoreProperties(ignoreUnknown = true) @XmlRootElement -public class UserGroupList { +public class UsersGroupRoleAssignments { - String user; + List<String> users; - List<String> groups; + Map<String, String> groupRoleAssignments; - public String getUser() { - return user; + Map<String, String> userRoleAssignments; + + public List<String> getUsers() { + return users; + } + + public void setUsers(List<String> users) { + this.users = users; } - public void setUser(String user) { - this.user = user; + public Map<String, String> getGroupRoleAssignments() { + return groupRoleAssignments; } - public List<String> getGroups() { - return groups; + public void setGroupRoleAssignments(Map<String, String> groupRoleAssignments) { + this.groupRoleAssignments = groupRoleAssignments; } - public void setGroups(List<String> groups) { - this.groups = groups; + public Map<String, String> getUserRoleAssignments() { + return userRoleAssignments; } + public void setUserRoleAssignments(Map<String, String> userRoleAssignments) { + this.userRoleAssignments = userRoleAssignments; + } } \ No newline at end of file
