This is an automated email from the ASF dual-hosted git repository.
abhay pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new dd7c773 RANGER-3562: Redesign post commit tasks for updating
ref-tables when policy/role is updated - Part 2
dd7c773 is described below
commit dd7c773dee6d8f15ffcb14304d71b79c29fdf082
Author: Abhay Kulkarni <[email protected]>
AuthorDate: Wed Jan 5 15:24:39 2022 -0800
RANGER-3562: Redesign post commit tasks for updating ref-tables when
policy/role is updated - Part 2
---
.../java/org/apache/ranger/biz/PolicyRefUpdater.java | 18 +++---------------
.../java/org/apache/ranger/biz/RoleRefUpdater.java | 18 +++---------------
.../resources/stability-tests/ranger-policy/app.conf | 6 +++---
.../resources/stability-tests/ranger-policy/start.sh | 2 +-
4 files changed, 10 insertions(+), 34 deletions(-)
diff --git
a/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
b/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
index f8f0ee9..b1f331b 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
@@ -176,11 +176,7 @@ public class PolicyRefUpdater {
continue;
}
PolicyPrincipalAssociator associator = new
PolicyPrincipalAssociator(PRINCIPAL_TYPE.ROLE, role, xPolicy);
- if (associator.doAssociate(false)) {
- if (LOG.isDebugEnabled()) {
- LOG.debug("Role name: " + role + "
specified in policy does not exist in ranger admin.");
- }
- } else {
+ if (!associator.doAssociate(false)) {
if (isAdmin) {
rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(associator);
} else {
@@ -200,11 +196,7 @@ public class PolicyRefUpdater {
}
PolicyPrincipalAssociator associator = new
PolicyPrincipalAssociator(PRINCIPAL_TYPE.GROUP, group, xPolicy);
- if (associator.doAssociate(false)) {
- if (LOG.isDebugEnabled()) {
- LOG.debug("Group name: " + group + "
specified in policy does not exist in ranger admin.");
- }
- } else {
+ if (!associator.doAssociate(false)) {
if (isAdmin) {
rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(associator);
} else {
@@ -221,11 +213,7 @@ public class PolicyRefUpdater {
continue;
}
PolicyPrincipalAssociator associator = new
PolicyPrincipalAssociator(PRINCIPAL_TYPE.USER, user, xPolicy);
- if (associator.doAssociate(false)) {
- if (LOG.isDebugEnabled()) {
- LOG.debug("User name: " + user + "
specified in policy does not exist in ranger admin.");
- }
- } else {
+ if (!associator.doAssociate(false)) {
if (isAdmin) {
rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(associator);
} else {
diff --git
a/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java
b/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java
index 0e5ccd3..6ada7ee 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java
@@ -107,11 +107,7 @@ public class RoleRefUpdater {
}
RolePrincipalAssociator associator = new
RolePrincipalAssociator(PolicyRefUpdater.PRINCIPAL_TYPE.USER, roleUser, roleId);
- if (associator.doAssociate(false)) {
- if (LOG.isDebugEnabled()) {
- LOG.debug("User name: " +
roleUser + " specified in role does not exist in ranger admin.");
- }
- } else {
+ if (!associator.doAssociate(false)) {
if (isCreateNonExistentUGs) {
rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(associator);
} else {
@@ -129,11 +125,7 @@ public class RoleRefUpdater {
}
RolePrincipalAssociator associator = new
RolePrincipalAssociator(PolicyRefUpdater.PRINCIPAL_TYPE.GROUP, roleGroup,
roleId);
- if (associator.doAssociate(false)) {
- if (LOG.isDebugEnabled()) {
- LOG.debug("Group name: " +
roleGroup + " specified in role does not exist in ranger admin.");
- }
- } else {
+ if (!associator.doAssociate(false)) {
if (isCreateNonExistentUGs) {
rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(associator);
} else {
@@ -152,11 +144,7 @@ public class RoleRefUpdater {
RolePrincipalAssociator associator = new
RolePrincipalAssociator(PolicyRefUpdater.PRINCIPAL_TYPE.ROLE, roleRole, roleId);
- if (associator.doAssociate(false)) {
- if (LOG.isDebugEnabled()) {
- LOG.debug("Group name: " +
roleRole + " specified in role does not exist in ranger admin.");
- }
- } else {
+ if (!associator.doAssociate(false)) {
throw
restErrorUtil.createRESTException("Role with name: " + roleRole + " does not
exist ", MessageEnums.INVALID_INPUT_DATA);
}
}
diff --git
a/security-admin/src/test/resources/stability-tests/ranger-policy/app.conf
b/security-admin/src/test/resources/stability-tests/ranger-policy/app.conf
index fff4277..9229907 100644
--- a/security-admin/src/test/resources/stability-tests/ranger-policy/app.conf
+++ b/security-admin/src/test/resources/stability-tests/ranger-policy/app.conf
@@ -17,7 +17,7 @@
MAX_ITERATION=10 # Max number of iteration performed by each
python client
ADM_HOST="http://localhost:6080" # Ranger ADMIN URL
USERNAME="admin" # Ranger administrator user, as we should
be able to create/update/delete policies/users/groups/roles
-PASSWORD="admin123" # Ranger administrator password
-SERVICE_NAME="test_hdfs" # Ranger service name, against which
policies will be created
+PASSWORD="rangerR0cks!" # Ranger administrator password
+SERVICE_NAME="dev_hdfs" # Ranger service name, against which
policies will be created
MAX_CLIENT=5 # Max number of python clients
-LOG_DIR=log # The default log directory
\ No newline at end of file
+LOG_DIR=log # The default log directory
diff --git
a/security-admin/src/test/resources/stability-tests/ranger-policy/start.sh
b/security-admin/src/test/resources/stability-tests/ranger-policy/start.sh
index fd00387..9844d88 100755
--- a/security-admin/src/test/resources/stability-tests/ranger-policy/start.sh
+++ b/security-admin/src/test/resources/stability-tests/ranger-policy/start.sh
@@ -91,7 +91,7 @@ idx=1
while [ $idx -le $MAX_CLIENT ]
do
LOG $INFO "Initiating: 'python ./test-hdfs-policy.py --startIndex $idx
--maxIteration $MAX_ITERATION --incrementBy $MAX_CLIENT --host $ADM_HOST
--username $USERNAME --password $PASSWORD --serviceName $SERVICE_NAME >
$SCRIPT_LOG_DIR/script-$idx.log 2>&1 &'"
- python ./test-hdfs-policy.py --startIndex $idx --maxIteration
$MAX_ITERATION --incrementBy $MAX_CLIENT --host $ADM_HOST --username $USERNAME
--password $PASSWORD --serviceName $SERVICE_NAME >
$SCRIPT_LOG_DIR/script-$idx.log 2>&1 &
+ python3 ./test-hdfs-policy.py --startIndex $idx --maxIteration
$MAX_ITERATION --incrementBy $MAX_CLIENT --host $ADM_HOST --username $USERNAME
--password $PASSWORD --serviceName $SERVICE_NAME >
$SCRIPT_LOG_DIR/script-$idx.log 2>&1 &
idx=`expr $idx + 1`
done