This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch ranger-2.8
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.8 by this push:
new 83e6ddc9e RANGER-5215: policy evaluation to apply same user/group name
transformations as usersync (#751)
83e6ddc9e is described below
commit 83e6ddc9eb73ad8917c95efe1ef5c4e3e94dfc54
Author: dhavalshah9131 <[email protected]>
AuthorDate: Sun Nov 30 04:22:42 2025 +0530
RANGER-5215: policy evaluation to apply same user/group name
transformations as usersync (#751)
---
agents-common/pom.xml | 19 +++
.../ranger/plugin/policyengine/PolicyEngine.java | 5 +-
.../ranger/plugin/service/RangerAuthContext.java | 140 +++++++++++++++++++++
.../ranger/plugin/service/RangerBasePlugin.java | 19 ++-
.../service/RangerDefaultRequestProcessor.java | 75 +++++++++++
.../ranger/plugin/util/RangerCommonConstants.java | 9 ++
.../apache/ranger/plugin/util/ServicePolicies.java | 1 +
distro/src/main/assembly/admin-web.xml | 1 +
distro/src/main/assembly/hbase-agent.xml | 1 +
distro/src/main/assembly/hdfs-agent.xml | 1 +
distro/src/main/assembly/hive-agent.xml | 1 +
distro/src/main/assembly/kms.xml | 2 +
distro/src/main/assembly/knox-agent.xml | 1 +
distro/src/main/assembly/plugin-atlas.xml | 1 +
distro/src/main/assembly/plugin-elasticsearch.xml | 1 +
distro/src/main/assembly/plugin-kafka.xml | 1 +
distro/src/main/assembly/plugin-kms.xml | 2 +
distro/src/main/assembly/plugin-kylin.xml | 1 +
distro/src/main/assembly/plugin-ozone.xml | 1 +
distro/src/main/assembly/plugin-presto.xml | 1 +
distro/src/main/assembly/plugin-solr.xml | 1 +
distro/src/main/assembly/plugin-sqoop.xml | 1 +
distro/src/main/assembly/plugin-trino.xml | 1 +
distro/src/main/assembly/plugin-yarn.xml | 1 +
distro/src/main/assembly/ranger-tools.xml | 2 +
distro/src/main/assembly/sample-client.xml | 1 +
distro/src/main/assembly/storm-agent.xml | 1 +
distro/src/main/assembly/tagsync.xml | 1 +
distro/src/main/assembly/usersync.xml | 1 +
.../java/org/apache/ranger/biz/ServiceDBStore.java | 27 +++-
.../main/java/org/apache/ranger/biz/XUserMgr.java | 3 -
.../org/apache/ranger/common/PropertiesUtil.java | 102 +++++++++++++++
.../ranger/common/RangerServicePoliciesCache.java | 3 +
.../java/org/apache/ranger/rest/ServiceREST.java | 1 +
ugsync-util/pom.xml | 18 +++
.../ugsyncutil/transform}/AbstractMapper.java | 27 ++--
.../ranger/ugsyncutil/transform}/Mapper.java | 6 +-
.../apache/ranger/ugsyncutil/transform}/RegEx.java | 11 +-
.../ugsyncutil/util/UgsyncCommonConstants.java | 35 ++++++
.../ranger/ugsyncutil/transform}/TestRegEx.java | 2 +-
.../unixusersync/config/UserGroupSyncConfig.java | 36 ++----
.../process/PolicyMgrUserGroupBuilder.java | 8 +-
.../usergroupsync/AbstractUserGroupSource.java | 64 +++++-----
.../process/TestFileSourceUserGroupBuilder.java | 10 +-
.../ranger/usergroupsync/TestLdapUserGroup.java | 5 +-
45 files changed, 544 insertions(+), 107 deletions(-)
diff --git a/agents-common/pom.xml b/agents-common/pom.xml
index d7b626015..95cf2557f 100644
--- a/agents-common/pom.xml
+++ b/agents-common/pom.xml
@@ -171,6 +171,25 @@
<artifactId>ranger-plugins-cred</artifactId>
<version>${project.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.apache.ranger</groupId>
+ <artifactId>ugsync-util</artifactId>
+ <version>${project.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>*</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>*</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>*</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
index 31e637583..af1888088 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
@@ -45,7 +45,6 @@
import org.apache.ranger.plugin.util.ServiceDefUtil;
import org.apache.ranger.plugin.util.ServicePolicies;
import org.apache.ranger.plugin.util.StringTokenReplacer;
-import org.apache.ranger.plugin.util.RangerUserStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -213,9 +212,7 @@ public PolicyEngine(ServicePolicies servicePolicies,
RangerPluginContext pluginC
}
}
- RangerAuthContext currAuthContext = pluginContext.getAuthContext();
- RangerUserStore userStore = currAuthContext != null ?
currAuthContext.getUserStoreUtil().getUserStore() : null;
- RangerAuthContext authContext = new RangerAuthContext(null,
zoneMatcher, roles, userStore);
+ RangerAuthContext authContext = new
RangerAuthContext(pluginContext.getAuthContext(), zoneMatcher, roles);
this.pluginContext.setAuthContext(authContext);
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java
b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java
index 1bb4d6925..40e4d44e6 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java
@@ -25,21 +25,47 @@
import org.apache.ranger.plugin.contextenricher.RangerContextEnricher;
import org.apache.ranger.plugin.policyengine.RangerPolicyEngine;
import org.apache.ranger.plugin.policyengine.RangerSecurityZoneMatcher;
+import org.apache.ranger.plugin.util.RangerCommonConstants;
import org.apache.ranger.plugin.util.RangerRoles;
import org.apache.ranger.plugin.util.RangerRolesUtil;
import org.apache.ranger.plugin.util.RangerUserStore;
import org.apache.ranger.plugin.util.RangerUserStoreUtil;
+import org.apache.ranger.ugsyncutil.transform.Mapper;
+import org.apache.ranger.ugsyncutil.util.UgsyncCommonConstants.CaseConversion;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import java.util.ArrayList;
import java.util.HashSet;
+import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
+import static
org.apache.ranger.ugsyncutil.util.UgsyncCommonConstants.toCaseConversion;
+
public class RangerAuthContext {
+ private static final Logger LOG =
LoggerFactory.getLogger(RangerAuthContext.class);
+
private final Map<RangerContextEnricher, Object> requestContextEnrichers;
private final RangerSecurityZoneMatcher zoneMatcher;
private RangerRolesUtil rolesUtil;
private RangerUserStoreUtil userStoreUtil;
+ private Mapper userNameTransformer;
+ private Mapper groupNameTransformer;
+ private CaseConversion userNameCaseConversion;
+ private CaseConversion groupNameCaseConversion;
+
+ public RangerAuthContext(RangerAuthContext prevContext,
RangerSecurityZoneMatcher zoneMatcher, RangerRoles roles) {
+ this(null, zoneMatcher, roles, prevContext != null ?
prevContext.getUserStoreUtil().getUserStore() : null);
+
+ if (prevContext != null) {
+ this.userNameTransformer = prevContext.userNameTransformer;
+ this.groupNameTransformer = prevContext.groupNameTransformer;
+ this.userNameCaseConversion = prevContext.userNameCaseConversion;
+ this.groupNameCaseConversion = prevContext.groupNameCaseConversion;
+ }
+ }
public RangerAuthContext(Map<RangerContextEnricher, Object>
requestContextEnrichers, RangerSecurityZoneMatcher zoneMatcher, RangerRoles
roles, RangerUserStore userStore) {
this.requestContextEnrichers = requestContextEnrichers != null ?
requestContextEnrichers : new ConcurrentHashMap<>();
@@ -127,4 +153,118 @@ public RangerUserStoreUtil getUserStoreUtil() {
public void setUserStore(RangerUserStore userStore) {
this.userStoreUtil = new RangerUserStoreUtil(userStore);
}
+
+ public Mapper getUserNameTransformer() {
+ return userNameTransformer;
+ }
+
+ public Mapper getGroupNameTransformer() {
+ return groupNameTransformer;
+ }
+
+ public CaseConversion getUserNameCaseConversion() {
+ return userNameCaseConversion;
+ }
+
+ public CaseConversion getGroupNameCaseConversion() {
+ return groupNameCaseConversion;
+ }
+
+ public void onServiceConfigsUpdate(Map<String, String> serviceConfigs) {
+ String userNameCaseConversion = null;
+ String groupNameCaseConversion = null;
+ Mapper userNameTransformer = null;
+ Mapper groupNameTransformer = null;
+
+ if (MapUtils.isNotEmpty(serviceConfigs)) {
+ LOG.debug("==> onServiceConfigsUpdate({})",
serviceConfigs.keySet());
+
+ userNameCaseConversion =
serviceConfigs.get(RangerCommonConstants.PLUGINS_CONF_USERNAME_CASE_CONVERSION_PARAM);
+ groupNameCaseConversion =
serviceConfigs.get(RangerCommonConstants.PLUGINS_CONF_GROUPNAME_CASE_CONVERSION_PARAM);
+
+ String mappingUserNameHandler =
serviceConfigs.get(RangerCommonConstants.PLUGINS_CONF_MAPPING_USERNAME_HANDLER);
+
+ if (mappingUserNameHandler != null) {
+ try {
+ Class<Mapper> regExClass = (Class<Mapper>)
Class.forName(mappingUserNameHandler);
+
+ userNameTransformer = regExClass.newInstance();
+
+ String baseProperty =
RangerCommonConstants.PLUGINS_CONF_MAPPING_USERNAME;
+
+ userNameTransformer.init(baseProperty,
getAllRegexPatterns(baseProperty, serviceConfigs),
serviceConfigs.get(RangerCommonConstants.PLUGINS_CONF_MAPPING_SEPARATOR));
+ } catch (ClassNotFoundException cne) {
+ LOG.error("Failed to load {}", mappingUserNameHandler,
cne);
+ } catch (Throwable te) {
+ LOG.error("Failed to instantiate {}",
mappingUserNameHandler, te);
+ }
+ }
+
+ String mappingGroupNameHandler =
serviceConfigs.get(RangerCommonConstants.PLUGINS_CONF_MAPPING_GROUPNAME_HANDLER);
+
+ if (mappingGroupNameHandler != null) {
+ try {
+ Class<Mapper> regExClass = (Class<Mapper>)
Class.forName(mappingGroupNameHandler);
+
+ groupNameTransformer = regExClass.newInstance();
+
+ String baseProperty =
RangerCommonConstants.PLUGINS_CONF_MAPPING_GROUPNAME;
+
+ groupNameTransformer.init(baseProperty,
getAllRegexPatterns(baseProperty, serviceConfigs),
serviceConfigs.get(RangerCommonConstants.PLUGINS_CONF_MAPPING_SEPARATOR));
+ } catch (ClassNotFoundException cne) {
+ LOG.error("Failed to load {}", mappingGroupNameHandler,
cne);
+ } catch (Throwable te) {
+ LOG.error("Failed to instantiate {}",
mappingGroupNameHandler, te);
+ }
+ }
+ }
+
+ setUserNameCaseConversion(userNameCaseConversion);
+ setGroupNameCaseConversion(groupNameCaseConversion);
+ setUserNameTransformer(userNameTransformer);
+ setGroupNameTransformer(groupNameTransformer);
+ }
+
+ private void setUserNameTransformer(Mapper userNameTransformer) {
+ this.userNameTransformer = userNameTransformer;
+ }
+
+ private void setGroupNameTransformer(Mapper groupNameTransformer) {
+ this.groupNameTransformer = groupNameTransformer;
+ }
+
+ private void setUserNameCaseConversion(String userNameCaseConversion) {
+ this.userNameCaseConversion = toCaseConversion(userNameCaseConversion);
+ }
+
+ private void setGroupNameCaseConversion(String groupNameCaseConversion) {
+ this.groupNameCaseConversion =
toCaseConversion(groupNameCaseConversion);
+ }
+
+ private List<String> getAllRegexPatterns(String baseProperty, Map<String,
String> serviceConfig) {
+ LOG.debug("==> getAllRegexPatterns({})", baseProperty);
+
+ List<String> regexPatterns = new ArrayList<>();
+ String baseRegex = serviceConfig != null ?
serviceConfig.get(baseProperty) : null;
+
+ LOG.debug("baseRegex = {}, pluginConfig = {}", baseRegex,
serviceConfig == null ? null : serviceConfig.keySet());
+
+ if (baseRegex != null) {
+ regexPatterns.add(baseRegex);
+
+ for (int i = 1; true; i++) {
+ String nextRegex = serviceConfig.get(baseProperty + "." + i);
+
+ if (nextRegex == null) {
+ break;
+ }
+
+ regexPatterns.add(nextRegex);
+ }
+ }
+
+ LOG.debug("<== getAllRegexPatterns({}): ret={}", baseProperty,
regexPatterns);
+
+ return regexPatterns;
+ }
}
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
index b02915b00..9f8b4f9b6 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
@@ -356,7 +356,6 @@ public void setPolicies(ServicePolicies policies) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> setPolicies(" + policies + ")");
}
- this.serviceConfigs = (policies != null &&
policies.getServiceConfig() != null) ? policies.getServiceConfig() : new
HashMap<>();
if (pluginConfig.isEnableImplicitUserStoreEnricher() &&
policies != null && !ServiceDefUtil.isUserStoreEnricherPresent(policies)) {
String retrieverClassName =
pluginConfig.get(RangerUserStoreEnricher.USERSTORE_RETRIEVER_CLASSNAME_OPTION,
RangerAdminUserStoreRetriever.class.getCanonicalName());
String retrieverPollIntMs =
pluginConfig.get(RangerUserStoreEnricher.USERSTORE_REFRESHER_POLLINGINTERVAL_OPTION,
Integer.toString(60 * 1000));
@@ -370,8 +369,8 @@ public void setPolicies(ServicePolicies policies) {
isUserStoreEnricherAddedImplcitly =
ServiceDefUtil.addUserStoreEnricherIfNeeded(policies, retrieverClassName,
retrieverPollIntMs);
}
}
-
- String isSyncPolicyRefresh = this.pluginConfig == null ? null :
this.serviceConfigs.get(this.pluginConfig.getPropertyPrefix() +
".policy.refresh.synchronous");
+// String isSyncPolicyRefresh = this.pluginConfig == null ? null :
this.serviceConfigs.get(this.pluginConfig.getPropertyPrefix() +
".policy.refresh.synchronous");
+ String isSyncPolicyRefresh = this.pluginConfig == null ? null :
(this.serviceConfigs == null ? null :
this.serviceConfigs.get(this.pluginConfig.getPropertyPrefix() +
".policy.refresh.synchronous"));
this.synchronousPolicyRefresh =
Boolean.parseBoolean(isSyncPolicyRefresh);
if (this.synchronousPolicyRefresh) {
LOG.info("synchronousPolicyRefresh = {}",
this.synchronousPolicyRefresh);
@@ -500,6 +499,8 @@ public void setPolicies(ServicePolicies policies) {
newPolicyEngine.setTrustedProxyAddresses(pluginConfig.getTrustedProxyAddresses());
}
+ setServiceConfigs(policies.getServiceConfig());
+
LOG.info("Switching policy engine from
[" + getPolicyVersion() + "]");
this.policyEngine =
newPolicyEngine;
LOG.info("Switched policy engine to ["
+ getPolicyVersion() + "]");
@@ -1422,6 +1423,18 @@ private static void overrideACLs(final
RangerResourceACLs chainedResourceACLs, R
}
}
+ private void setServiceConfigs(Map<String, String> serviceConfigs) {
+ Map<String, String> oldServiceConfigs = this.serviceConfigs;
+
+ this.serviceConfigs = serviceConfigs != null ? serviceConfigs : new
HashMap<>();
+
+ RangerAuthContext authContext = this.pluginContext.getAuthContext();
+
+ if (authContext != null && !Objects.equals(oldServiceConfigs,
this.serviceConfigs)) {
+ authContext.onServiceConfigsUpdate(this.serviceConfigs);
+ }
+ }
+
private static AuditProviderFactory getAuditProviderFactory(String
serviceName) {
AuditProviderFactory ret = AuditProviderFactory.getInstance();
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerDefaultRequestProcessor.java
b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerDefaultRequestProcessor.java
index c381ad467..5669872e8 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerDefaultRequestProcessor.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerDefaultRequestProcessor.java
@@ -31,15 +31,20 @@
import org.apache.ranger.plugin.policyengine.RangerMutableResource;
import org.apache.ranger.plugin.policyengine.RangerPluginContext;
import org.apache.ranger.plugin.util.RangerAccessRequestUtil;
+import org.apache.ranger.plugin.util.RangerCommonConstants;
import org.apache.ranger.plugin.util.RangerPerfTracer;
import org.apache.ranger.plugin.util.RangerUserStoreUtil;
+import org.apache.ranger.ugsyncutil.transform.Mapper;
+import org.apache.ranger.ugsyncutil.util.UgsyncCommonConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
+import java.util.Objects;
import java.util.Set;
+import java.util.stream.Collectors;
public class RangerDefaultRequestProcessor implements
RangerAccessRequestProcessor {
@@ -103,6 +108,17 @@ public void preProcess(RangerAccessRequest request) {
reqImpl.setClusterType(pluginContext.getClusterType());
}
+ RangerPluginConfig config =
policyEngine.getPluginContext().getConfig();
+
+ boolean isNameTransformationSupported =
config.getBoolean(config.getPropertyPrefix() +
RangerCommonConstants.PLUGIN_CONFIG_SUFFIX_NAME_TRANSFORMATION, false);
+
+ LOG.debug("isNameTransformationSupported = {}",
isNameTransformationSupported);
+
+ if (isNameTransformationSupported) {
+ reqImpl.setUser(getTransformedUser(policyEngine, request));
+ reqImpl.setUserGroups(getTransformedGroups(policyEngine,
request));
+ }
+
convertEmailToUsername(reqImpl);
updateUserGroups(reqImpl);
@@ -166,6 +182,65 @@ public void enrich(RangerAccessRequest request) {
}
}
+ private String getTransformedUser(PolicyEngine policyEngine,
RangerAccessRequest request) {
+ RangerAuthContext authContext =
policyEngine.getPluginContext().getAuthContext();
+ boolean toLowerCase =
authContext.getUserNameCaseConversion() ==
UgsyncCommonConstants.CaseConversion.TO_LOWER;
+ boolean toUpperCase =
authContext.getUserNameCaseConversion() ==
UgsyncCommonConstants.CaseConversion.TO_UPPER;
+ Mapper nameTransformer =
authContext.getUserNameTransformer();
+
+ if (toLowerCase || toUpperCase || nameTransformer != null) {
+ String user = request.getUser();
+
+ if (toLowerCase) {
+ user = user.toLowerCase();
+ } else if (toUpperCase) {
+ user = user.toUpperCase();
+ }
+
+ if (nameTransformer != null) {
+ user = nameTransformer.transform(user);
+ }
+
+ LOG.debug("Original username = {}, Transformed username = {}",
request.getUser(), user);
+
+ return user;
+ }
+
+ return request.getUser();
+ }
+
+ private Set<String> getTransformedGroups(PolicyEngine policyEngine,
RangerAccessRequest request) {
+ if (CollectionUtils.isNotEmpty(request.getUserGroups())) {
+ RangerAuthContext authContext =
policyEngine.getPluginContext().getAuthContext();
+ boolean toLowerCase =
authContext.getGroupNameCaseConversion() ==
UgsyncCommonConstants.CaseConversion.TO_LOWER;
+ boolean toUpperCase =
authContext.getGroupNameCaseConversion() ==
UgsyncCommonConstants.CaseConversion.TO_UPPER;
+ Mapper nameTransformer =
authContext.getGroupNameTransformer();
+
+ if (toLowerCase || toUpperCase || nameTransformer != null) {
+ return request.getUserGroups().stream()
+ .filter(Objects::nonNull)
+ .map(group -> {
+ String originalGroup = group;
+
+ if (toLowerCase) {
+ group = group.toLowerCase();
+ } else if (toUpperCase) {
+ group = group.toUpperCase();
+ }
+
+ String transformedGroup =
nameTransformer.transform(group);
+
+ LOG.debug("Original group name = {}, Transformed
group name = {}", originalGroup, transformedGroup);
+
+ return transformedGroup;
+ })
+ .collect(Collectors.toSet());
+ }
+ }
+
+ return request.getUserGroups();
+ }
+
private void setResourceServiceDef(RangerAccessRequest request) {
RangerAccessResource resource = request.getResource();
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerCommonConstants.java
b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerCommonConstants.java
index 9d6e1f0b5..8a0ba8d71 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerCommonConstants.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerCommonConstants.java
@@ -39,6 +39,15 @@ private RangerCommonConstants() {
public static final String RANGER_ADMIN_SUFFIX_IN_PLACE_TAG_UPDATES
= ".supports.in.place.tag.updates";
public static final String PLUGIN_CONFIG_SUFFIX_IN_PLACE_TAG_UPDATES
= ".supports.in.place.tag.updates";
+ public static final String PLUGIN_CONFIG_SUFFIX_NAME_TRANSFORMATION
= ".supports.name.transformation";
+
+ public static final String PLUGINS_CONF_USERNAME_CASE_CONVERSION_PARAM
= "ranger.plugins.conf.ldap.username.caseconversion";
+ public static final String
PLUGINS_CONF_GROUPNAME_CASE_CONVERSION_PARAM =
"ranger.plugins.conf.ldap.groupname.caseconversion";
+ public static final String PLUGINS_CONF_MAPPING_USERNAME
= "ranger.plugins.conf.mapping.username.regex";
+ public static final String PLUGINS_CONF_MAPPING_GROUPNAME
= "ranger.plugins.conf.mapping.groupname.regex";
+ public static final String PLUGINS_CONF_MAPPING_USERNAME_HANDLER
= "ranger.plugins.conf.mapping.username.handler";
+ public static final String PLUGINS_CONF_MAPPING_GROUPNAME_HANDLER
= "ranger.plugins.conf.mapping.groupname.handler";
+ public static final String PLUGINS_CONF_MAPPING_SEPARATOR
= "ranger.plugins.conf.mapping.regex.separator";
public static final String RANGER_SUPPORTS_TAGS_DEDUP
= ".supports.tags.dedup";
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java
b/agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java
index 51480fae3..9ccd0d64d 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java
@@ -444,6 +444,7 @@ static public ServicePolicies copyHeader(ServicePolicies
source) {
ret.setPolicyVersion(source.getPolicyVersion());
ret.setAuditMode(source.getAuditMode());
ret.setServiceDef(source.getServiceDef());
+ ret.setServiceConfig(source.getServiceConfig() != null ? new
HashMap<>(source.getServiceConfig()) : null);
ret.setPolicyUpdateTime(source.getPolicyUpdateTime());
ret.setSecurityZones(source.getSecurityZones());
ret.setPolicies(Collections.emptyList());
diff --git a/distro/src/main/assembly/admin-web.xml
b/distro/src/main/assembly/admin-web.xml
index d07025a2c..0ebe3164b 100644
--- a/distro/src/main/assembly/admin-web.xml
+++ b/distro/src/main/assembly/admin-web.xml
@@ -237,6 +237,7 @@
<include>org.eclipse.jdt.core.compiler:ecj:jar:P20140317-1600</include>
<include>org.apache.hadoop:hadoop-auth:jar:${hadoop.version}</include>
<include>org.apache.ranger:ranger-plugins-common</include>
+ <include>org.apache.ranger:ugsync-util</include>
<include>org.slf4j:slf4j-api:jar:${slf4j.version}</include>
<include>org.apache.hadoop:hadoop-common</include>
<include>commons-logging:commons-logging</include>
diff --git a/distro/src/main/assembly/hbase-agent.xml
b/distro/src/main/assembly/hbase-agent.xml
index 874972afd..3748b371b 100644
--- a/distro/src/main/assembly/hbase-agent.xml
+++ b/distro/src/main/assembly/hbase-agent.xml
@@ -46,6 +46,7 @@
<include>org.apache.ranger:ranger-audit-dest-solr</include>
<include>org.apache.ranger:ranger-plugins-cred</include>
<include>org.apache.ranger:ranger-plugins-common</include>
+ <include>org.apache.ranger:ugsync-util</include>
<include>org.apache.ranger:ranger-hbase-plugin</include>
</includes>
<binaries>
diff --git a/distro/src/main/assembly/hdfs-agent.xml
b/distro/src/main/assembly/hdfs-agent.xml
index aed5c9ee7..f45c091d6 100644
--- a/distro/src/main/assembly/hdfs-agent.xml
+++ b/distro/src/main/assembly/hdfs-agent.xml
@@ -74,6 +74,7 @@
<include>org.apache.ranger:ranger-audit-dest-solr</include>
<include>org.apache.ranger:ranger-plugins-cred</include>
<include>org.apache.ranger:ranger-plugins-common</include>
+ <include>org.apache.ranger:ugsync-util</include>
<include>org.apache.ranger:ranger-hdfs-plugin</include>
</includes>
<binaries>
diff --git a/distro/src/main/assembly/hive-agent.xml
b/distro/src/main/assembly/hive-agent.xml
index 76c699b17..f5f8b5bf2 100644
--- a/distro/src/main/assembly/hive-agent.xml
+++ b/distro/src/main/assembly/hive-agent.xml
@@ -46,6 +46,7 @@
<include>org.apache.ranger:ranger-audit-dest-solr</include>
<include>org.apache.ranger:ranger-plugins-cred</include>
<include>org.apache.ranger:ranger-plugins-common</include>
+ <include>org.apache.ranger:ugsync-util</include>
<include>org.apache.ranger:ranger-hive-plugin</include>
</includes>
<binaries>
diff --git a/distro/src/main/assembly/kms.xml b/distro/src/main/assembly/kms.xml
index f74f055d0..0d64d6caf 100755
--- a/distro/src/main/assembly/kms.xml
+++ b/distro/src/main/assembly/kms.xml
@@ -214,6 +214,7 @@
<include>org.apache.hadoop:hadoop-auth:jar:${hadoop.version}</include>
<include>org.apache.solr:solr-solrj:jar:${solr.version}</include>
<include>org.apache.ranger:ranger-plugins-common</include>
+ <include>org.apache.ranger:ugsync-util</include>
<include>com.kstruct:gethostname4j:jar:${kstruct.gethostname4j.version}</include>
<include>net.java.dev.jna:jna:jar:${jna.version}</include>
<include>net.java.dev.jna:jna-platform:jar:${jna-platform.version}</include>
@@ -283,6 +284,7 @@
<include>org.apache.ranger:ranger-audit-dest-solr</include>
<include>org.apache.ranger:ranger-plugins-cred</include>
<include>org.apache.ranger:ranger-plugins-common</include>
+ <include>org.apache.ranger:ugsync-util</include>
<include>org.apache.ranger:ranger-kms-plugin</include>
</includes>
<binaries>
diff --git a/distro/src/main/assembly/knox-agent.xml
b/distro/src/main/assembly/knox-agent.xml
index c4f409687..d407777bf 100644
--- a/distro/src/main/assembly/knox-agent.xml
+++ b/distro/src/main/assembly/knox-agent.xml
@@ -47,6 +47,7 @@
<include>org.apache.ranger:ranger-audit-dest-solr</include>
<include>org.apache.ranger:ranger-plugins-cred</include>
<include>org.apache.ranger:ranger-plugins-common</include>
+ <include>org.apache.ranger:ugsync-util</include>
<include>org.apache.ranger:ranger-knox-plugin</include>
</includes>
<binaries>
diff --git a/distro/src/main/assembly/plugin-atlas.xml
b/distro/src/main/assembly/plugin-atlas.xml
index e58f4d75c..5d6b24adc 100644
--- a/distro/src/main/assembly/plugin-atlas.xml
+++ b/distro/src/main/assembly/plugin-atlas.xml
@@ -47,6 +47,7 @@
<include>org.apache.ranger:ranger-audit-dest-solr</include>
<include>org.apache.ranger:ranger-plugins-cred</include>
<include>org.apache.ranger:ranger-plugins-common</include>
+ <include>org.apache.ranger:ugsync-util</include>
<include>org.apache.ranger:ranger-atlas-plugin</include>
</includes>
<binaries>
diff --git a/distro/src/main/assembly/plugin-elasticsearch.xml
b/distro/src/main/assembly/plugin-elasticsearch.xml
index 069c1f262..d98234ad9 100644
--- a/distro/src/main/assembly/plugin-elasticsearch.xml
+++ b/distro/src/main/assembly/plugin-elasticsearch.xml
@@ -52,6 +52,7 @@
<include>org.apache.ranger:ranger-audit-dest-hdfs</include>
<include>org.apache.ranger:ranger-plugins-cred</include>
<include>org.apache.ranger:ranger-plugins-common</include>
+ <include>org.apache.ranger:ugsync-util</include>
<include>org.apache.ranger:ranger-elasticsearch-plugin</include>
</includes>
<binaries>
diff --git a/distro/src/main/assembly/plugin-kafka.xml
b/distro/src/main/assembly/plugin-kafka.xml
index 1069dfcb8..722e36782 100644
--- a/distro/src/main/assembly/plugin-kafka.xml
+++ b/distro/src/main/assembly/plugin-kafka.xml
@@ -43,6 +43,7 @@
<include>org.apache.ranger:ranger-kafka-plugin</include>
<include>org.apache.ranger:ranger-plugins-cred</include>
<include>org.apache.ranger:ranger-plugins-common</include>
+ <include>org.apache.ranger:ugsync-util</include>
</includes>
<binaries>
<outputDirectory>lib/ranger-kafka-plugin-impl</outputDirectory>
diff --git a/distro/src/main/assembly/plugin-kms.xml
b/distro/src/main/assembly/plugin-kms.xml
index 28060ee86..2d334528c 100755
--- a/distro/src/main/assembly/plugin-kms.xml
+++ b/distro/src/main/assembly/plugin-kms.xml
@@ -46,6 +46,7 @@
<include>org.apache.ranger:ranger-audit-dest-solr</include>
<include>org.apache.ranger:ranger-plugins-cred</include>
<include>org.apache.ranger:ranger-plugins-common</include>
+ <include>org.apache.ranger:ugsync-util</include>
<include>org.apache.ranger:ranger-kms-plugin</include>
</includes>
<binaries>
@@ -84,6 +85,7 @@
<includes>
<include>org.apache.ranger:ranger-plugins-installer</include>
<include>org.apache.ranger:credentialbuilder</include>
+ <include>org.apache.ranger:ugsync-util</include>
</includes>
<binaries>
<outputDirectory>install/lib</outputDirectory>
diff --git a/distro/src/main/assembly/plugin-kylin.xml
b/distro/src/main/assembly/plugin-kylin.xml
index d70c5fba5..8b2b73748 100644
--- a/distro/src/main/assembly/plugin-kylin.xml
+++ b/distro/src/main/assembly/plugin-kylin.xml
@@ -46,6 +46,7 @@
<include>org.apache.ranger:ranger-audit-dest-solr</include>
<include>org.apache.ranger:ranger-plugins-cred</include>
<include>org.apache.ranger:ranger-plugins-common</include>
+ <include>org.apache.ranger:ugsync-util</include>
<include>org.apache.ranger:ranger-kylin-plugin</include>
</includes>
<binaries>
diff --git a/distro/src/main/assembly/plugin-ozone.xml
b/distro/src/main/assembly/plugin-ozone.xml
index 931743936..786da9359 100644
--- a/distro/src/main/assembly/plugin-ozone.xml
+++ b/distro/src/main/assembly/plugin-ozone.xml
@@ -81,6 +81,7 @@
<include>org.apache.ranger:ranger-audit-dest-solr</include>
<include>org.apache.ranger:ranger-plugins-cred</include>
<include>org.apache.ranger:ranger-plugins-common</include>
+ <include>org.apache.ranger:ugsync-util</include>
<include>org.apache.ranger:ranger-ozone-plugin</include>
</includes>
<binaries>
diff --git a/distro/src/main/assembly/plugin-presto.xml
b/distro/src/main/assembly/plugin-presto.xml
index c50324c6a..2db3de477 100644
--- a/distro/src/main/assembly/plugin-presto.xml
+++ b/distro/src/main/assembly/plugin-presto.xml
@@ -58,6 +58,7 @@
<include>org.apache.ranger:ranger-audit-dest-solr</include>
<include>org.apache.ranger:ranger-plugins-cred</include>
<include>org.apache.ranger:ranger-plugins-common</include>
+ <include>org.apache.ranger:ugsync-util</include>
<include>org.apache.ranger:ranger-presto-plugin</include>
</includes>
<binaries>
diff --git a/distro/src/main/assembly/plugin-solr.xml
b/distro/src/main/assembly/plugin-solr.xml
index c32678db5..d1b4471a1 100644
--- a/distro/src/main/assembly/plugin-solr.xml
+++ b/distro/src/main/assembly/plugin-solr.xml
@@ -41,6 +41,7 @@
<include>org.apache.ranger:ranger-audit-dest-solr</include>
<include>org.apache.ranger:ranger-plugins-cred</include>
<include>org.apache.ranger:ranger-plugins-common</include>
+ <include>org.apache.ranger:ugsync-util</include>
<include>org.apache.ranger:ranger-solr-plugin</include>
</includes>
<binaries>
diff --git a/distro/src/main/assembly/plugin-sqoop.xml
b/distro/src/main/assembly/plugin-sqoop.xml
index ee9d16346..b1ade54bf 100644
--- a/distro/src/main/assembly/plugin-sqoop.xml
+++ b/distro/src/main/assembly/plugin-sqoop.xml
@@ -46,6 +46,7 @@
<include>org.apache.ranger:ranger-audit-dest-solr</include>
<include>org.apache.ranger:ranger-plugins-cred</include>
<include>org.apache.ranger:ranger-plugins-common</include>
+ <include>org.apache.ranger:ugsync-util</include>
<include>org.apache.ranger:ranger-sqoop-plugin</include>
</includes>
<binaries>
diff --git a/distro/src/main/assembly/plugin-trino.xml
b/distro/src/main/assembly/plugin-trino.xml
index b272de0fe..3b591c836 100644
--- a/distro/src/main/assembly/plugin-trino.xml
+++ b/distro/src/main/assembly/plugin-trino.xml
@@ -31,6 +31,7 @@
<include>org.apache.ranger:ranger-audit-dest-solr</include>
<include>org.apache.ranger:ranger-plugins-cred</include>
<include>org.apache.ranger:ranger-plugins-common</include>
+ <include>org.apache.ranger:ugsync-util</include>
<include>org.apache.ranger:ranger-trino-plugin</include>
</includes>
<binaries>
diff --git a/distro/src/main/assembly/plugin-yarn.xml
b/distro/src/main/assembly/plugin-yarn.xml
index 5fb62d364..d719eb8f7 100644
--- a/distro/src/main/assembly/plugin-yarn.xml
+++ b/distro/src/main/assembly/plugin-yarn.xml
@@ -46,6 +46,7 @@
<include>org.apache.ranger:ranger-audit-dest-solr</include>
<include>org.apache.ranger:ranger-plugins-cred</include>
<include>org.apache.ranger:ranger-plugins-common</include>
+ <include>org.apache.ranger:ugsync-util</include>
<include>org.apache.ranger:ranger-yarn-plugin</include>
</includes>
<binaries>
diff --git a/distro/src/main/assembly/ranger-tools.xml
b/distro/src/main/assembly/ranger-tools.xml
index 0ab496076..78f085afc 100644
--- a/distro/src/main/assembly/ranger-tools.xml
+++ b/distro/src/main/assembly/ranger-tools.xml
@@ -69,6 +69,8 @@
<include>org.apache.ranger:ranger-audit-dest-hdfs</include>
<include>org.apache.ranger:ranger-audit-dest-solr</include>
<include>org.apache.ranger:ranger-plugins-common</include>
+ <include>org.apache.ranger:ugsync-util</include>
+ <include>org.apache.ranger:ranger-plugins-audit</include>
<include>com.kstruct:gethostname4j:jar:${kstruct.gethostname4j.version}</include>
<include>net.java.dev.jna:jna:jar:${jna.version}</include>
<include>net.java.dev.jna:jna-platform:jar:${jna-platform.version}</include>
diff --git a/distro/src/main/assembly/sample-client.xml
b/distro/src/main/assembly/sample-client.xml
index 132154ffd..5cbff941a 100644
--- a/distro/src/main/assembly/sample-client.xml
+++ b/distro/src/main/assembly/sample-client.xml
@@ -29,6 +29,7 @@
<include>org.apache.ranger:sample-client</include>
<include>org.apache.ranger:ranger-intg</include>
<include>org.apache.ranger:ranger-plugins-common</include>
+ <include>org.apache.ranger:ugsync-util</include>
<include>org.apache.ranger:ranger-plugins-cred</include>
</includes>
<binaries>
diff --git a/distro/src/main/assembly/storm-agent.xml
b/distro/src/main/assembly/storm-agent.xml
index 350fa1b7b..c9d9fe46f 100644
--- a/distro/src/main/assembly/storm-agent.xml
+++ b/distro/src/main/assembly/storm-agent.xml
@@ -46,6 +46,7 @@
<include>org.apache.ranger:ranger-audit-dest-solr</include>
<include>org.apache.ranger:ranger-plugins-cred</include>
<include>org.apache.ranger:ranger-plugins-common</include>
+ <include>org.apache.ranger:ugsync-util</include>
<include>org.apache.ranger:ranger-storm-plugin</include>
</includes>
<binaries>
diff --git a/distro/src/main/assembly/tagsync.xml
b/distro/src/main/assembly/tagsync.xml
index 09d1aedb6..f3c12fe2d 100644
--- a/distro/src/main/assembly/tagsync.xml
+++ b/distro/src/main/assembly/tagsync.xml
@@ -57,6 +57,7 @@
<include>org.apache.ranger:credentialbuilder</include>
<include>org.apache.ranger:ranger-plugins-cred</include>
<include>org.apache.ranger:ranger-plugins-common</include>
+
<include>org.apache.ranger:ugsync-util</include>
<include>org.apache.ranger:ranger-util</include>
<include>org.apache.zookeeper:zookeeper:jar:${zookeeper.version}</include>
<include>com.fasterxml.jackson.core:jackson-annotations:jar:${atlas.jackson.version}</include>
diff --git a/distro/src/main/assembly/usersync.xml
b/distro/src/main/assembly/usersync.xml
index ca9f8a81c..8b0c71cee 100644
--- a/distro/src/main/assembly/usersync.xml
+++ b/distro/src/main/assembly/usersync.xml
@@ -56,6 +56,7 @@
<include>org.apache.httpcomponents:httpclient:jar:${httpcomponents.httpclient.version}</include>
<include>commons-codec:commons-codec</include>
<include>org.apache.ranger:ranger-plugins-common</include>
+
<include>org.apache.ranger:ugsync-util</include>
<include>org.apache.ranger:ranger-common-ha:jar:${project.version}</include>
<include>org.apache.curator:curator-framework:jar:${curator.version}</include>
<include>org.apache.curator:curator-recipes:jar:${curator.version}</include>
diff --git
a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index b3216fd3d..dc3802748 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -267,6 +267,7 @@ public class ServiceDBStore extends AbstractServiceStore {
private static final String RANGER_PLUGIN_CONFIG_PREFIX =
"ranger.plugin.";
public static final String RANGER_PLUGIN_AUDIT_FILTERS =
"ranger.plugin.audit.filters";
+ public static final String RANGER_PLUGINS_CONFIG_CONF_PREFIX =
"ranger.plugins.conf.";
private static final String DEFAULT_CSV_SANITIZATION_PATTERN =
"^[=+\\-@\\t\\r]";
private static final Pattern CSV_SANITIZATION_PATTERN =
Pattern.compile(PropertiesUtil.getProperty("ranger.admin.csv.sanitization.pattern",
DEFAULT_CSV_SANITIZATION_PATTERN));
@@ -366,6 +367,7 @@ public class ServiceDBStore extends AbstractServiceStore {
private static volatile boolean legacyServiceDefsInitDone = false;
private Boolean populateExistingBaseFields = false;
+ private final String optionUgsyncConfigChange = "ugsyncConfigChange";
public static final String HIDDEN_PASSWORD_STR = "*****";
public static final String CONFIG_KEY_PASSWORD = "password";
@@ -1739,8 +1741,8 @@ public RangerService updateService(RangerService service,
Map<String, Object> op
service.setGuid(existing.getGuid());
service.setVersion(existing.getVersion());
service = svcService.update(service);
-
- if (hasTagServiceValueChanged || hasIsEnabledChanged ||
hasServiceConfigForPluginChanged) {
+ Boolean isUgsyncConfigChange = options != null &&
options.get(optionUgsyncConfigChange) != null ? (Boolean)
options.get(optionUgsyncConfigChange) : Boolean.FALSE;
+ if (hasTagServiceValueChanged || hasIsEnabledChanged ||
hasServiceConfigForPluginChanged || isUgsyncConfigChange) {
updatePolicyVersion(service,
RangerPolicyDelta.CHANGE_TYPE_SERVICE_CHANGE, null,false);
}
}
@@ -3056,8 +3058,8 @@ public ServicePolicies getServicePoliciesIfUpdated(String
serviceName, Long last
}
}
-
if (LOG.isDebugEnabled()) {
+ LOG.debug("getServicePoliciesIfUpdated({}, {}, {}):
configs = {}", serviceName, lastKnownVersion, needsBackwardCompatibility, ret
== null ? null : ret.getServiceConfig());
LOG.debug("<==
ServiceDBStore.getServicePoliciesIfUpdated(" + serviceName + ", " +
lastKnownVersion + ", " + needsBackwardCompatibility + "): count=" + ((ret ==
null || ret.getPolicies() == null) ? 0 : ret.getPolicies().size()));
}
@@ -3091,7 +3093,9 @@ public ServicePolicies getServicePolicyDeltas(String
serviceName, Long lastKnown
}
ret = getServicePolicies(serviceName, lastKnownVersion,
true, SUPPORTS_POLICY_DELTAS, cachedPolicyVersion);
}
-
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<==
ServiceDBStore.getServicePolicyDeltas({}, {}): ret = {}", serviceName,
lastKnownVersion, ret == null ? ret : ret.getServiceConfig());
+ }
return ret;
}
@@ -3160,6 +3164,7 @@ private ServicePolicies getServicePolicies(String
serviceName, Long lastKnownVer
if (ret != null) {
ret.setPolicyUpdateTime(serviceVersionInfoDbObj == null
? null : serviceVersionInfoDbObj.getPolicyUpdateTime());
ret.setAuditMode(auditMode);
+
ret.setServiceConfig(getServiceConfigForPlugin(serviceDbObj.getId()));
if (ret.getTagPolicies() != null) {
ret.getTagPolicies().setPolicyUpdateTime(tagServiceVersionInfoDbObj == null ?
null : tagServiceVersionInfoDbObj.getPolicyUpdateTime());
ret.getTagPolicies().setAuditMode(auditMode);
@@ -3173,6 +3178,7 @@ private ServicePolicies getServicePolicies(String
serviceName, Long lastKnownVer
tagPolicies.setServiceId(tagServiceDbObj.getId());
tagPolicies.setServiceName(tagServiceDbObj.getName());
+
tagPolicies.setServiceConfig(getServiceConfigForPlugin(tagServiceDbObj.getId()));
tagPolicies.setPolicyVersion(tagServiceVersionInfoDbObj == null ? null :
tagServiceVersionInfoDbObj.getPolicyVersion());
tagPolicies.setPolicyUpdateTime(tagServiceVersionInfoDbObj == null ? null :
tagServiceVersionInfoDbObj.getPolicyUpdateTime());
tagPolicies.setPolicies(getServicePoliciesFromDb(tagServiceDbObj));
@@ -3185,6 +3191,7 @@ private ServicePolicies getServicePolicies(String
serviceName, Long lastKnownVer
ret.setServiceId(serviceDbObj.getId());
ret.setServiceName(serviceDbObj.getName());
+
ret.setServiceConfig(getServiceConfigForPlugin(ret.getServiceId()));
ret.setPolicyVersion(serviceVersionInfoDbObj == null ?
null : serviceVersionInfoDbObj.getPolicyVersion());
ret.setPolicyUpdateTime(serviceVersionInfoDbObj == null
? null : serviceVersionInfoDbObj.getPolicyUpdateTime());
ret.setPolicies(policies);
@@ -3194,6 +3201,7 @@ private ServicePolicies getServicePolicies(String
serviceName, Long lastKnownVer
}
if (LOG.isDebugEnabled()) {
+ LOG.debug("ServiceDBStore.getServicePolicies({}, {}):
ret = {}", serviceName, lastKnownVersion, ret == null ? null :
ret.getServiceConfig());
LOG.debug("<== ServiceDBStore.getServicePolicies(" +
serviceName + ", " + lastKnownVersion + "): count=" + ((ret == null ||
ret.getPolicies() == null) ? 0 : ret.getPolicies().size()) + ", delta-count=" +
((ret == null || ret.getPolicyDeltas() == null) ? 0 :
ret.getPolicyDeltas().size()));
}
@@ -6059,6 +6067,9 @@ public String toString() {
@Override
public Map<String, String> getServiceConfigForPlugin(Long serviceId) {
+ if(LOG.isDebugEnabled()){
+ LOG.debug("==>
ServiceDBStore.getServiceConfigForPlugin({})", serviceId);
+ }
Map<String, String> configs = new HashMap<>();
List<XXServiceConfigMap> xxServiceConfigMaps =
daoMgr.getXXServiceConfigMap().findByServiceId(serviceId);
if (CollectionUtils.isNotEmpty(xxServiceConfigMaps)) {
@@ -6068,6 +6079,14 @@ public Map<String, String>
getServiceConfigForPlugin(Long serviceId) {
}
}
}
+ Map<String, String> rangerPluginsPrefixConfig =
PropertiesUtil.getConfigMapWithPrefix(RANGER_PLUGINS_CONFIG_CONF_PREFIX);
+
+ if (MapUtils.isNotEmpty(rangerPluginsPrefixConfig)) {
+ configs.putAll(rangerPluginsPrefixConfig);
+ }
+ if(LOG.isDebugEnabled()){
+ LOG.debug("<==
ServiceDBStore.getServiceConfigForPlugin({}): configs = {}", serviceId,
configs.keySet());
+ }
return configs;
}
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index a82d6d6c4..a2e9a336e 100755
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -138,9 +138,6 @@ public class XUserMgr extends XUserMgrBase {
@Autowired
ServiceDBStore svcStore;
- @Autowired
- GUIDUtil guidUtil;
-
@Autowired
XUgsyncAuditInfoService xUgsyncAuditInfoService;
diff --git
a/security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java
b/security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java
index 7a3185c52..f0efdfe0c 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java
@@ -37,6 +37,7 @@
import org.apache.ranger.biz.RangerBizUtil;
import org.apache.ranger.credentialapi.CredentialReader;
import org.apache.ranger.plugin.util.RangerCommonConstants;
+import org.apache.ranger.ugsyncutil.util.UgsyncCommonConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeansException;
@@ -67,6 +68,7 @@ protected void processProperties(
propertiesMap.put(keyStr,
System.getProperties().getProperty(keyStr).trim());
}
+ updateRangerPluginsPropertiesForUserGroup(props);
// Let's add our properties now
keySet = props.keySet();
for (Object key : keySet) {
@@ -444,4 +446,104 @@ public static Properties getProps() {
}
return ret;
}
+
+
+ public static Map<String, String> getConfigMapWithPrefix(String
confPrefix) {
+ Map<String, String> configMap = new HashMap<>();
+
+ for (Map.Entry<String, String> entry :
getPropertiesMap().entrySet()) {
+ String key = entry.getKey();
+
+ if (key.startsWith(confPrefix)) {
+ if (StringUtils.isNotEmpty(entry.getValue())) {
+ configMap.put(key, entry.getValue());
+ }
+ }
+ }
+
+ return configMap;
+ }
+
+ private void updateRangerPluginsPropertiesForUserGroup(Properties
props) {
+ if (propertiesMap != null) {
+ String userCaseConv =
propertiesMap.get(RangerCommonConstants.PLUGINS_CONF_USERNAME_CASE_CONVERSION_PARAM);
+ String groupCaseConv =
propertiesMap.get(RangerCommonConstants.PLUGINS_CONF_GROUPNAME_CASE_CONVERSION_PARAM);
+ String userHandler =
propertiesMap.get(RangerCommonConstants.PLUGINS_CONF_MAPPING_USERNAME_HANDLER);
+ String groupHandler =
propertiesMap.get(RangerCommonConstants.PLUGINS_CONF_MAPPING_GROUPNAME_HANDLER);
+
+ if (StringUtils.isEmpty(userCaseConv)) {
+ userCaseConv =
UgsyncCommonConstants.DEFAULT_UGSYNC_USERNAME_CASE_CONVERSION_VALUE;
+ }
+
+ if (StringUtils.isEmpty(groupCaseConv)) {
+ groupCaseConv =
UgsyncCommonConstants.DEFAULT_UGSYNC_GROUPNAME_CASE_CONVERSION_VALUE;
+ }
+
+ if (StringUtils.isEmpty(userHandler)) {
+ userHandler =
UgsyncCommonConstants.DEFAULT_SYNC_MAPPING_USERNAME_HANDLER;
+ }
+
+ if (StringUtils.isEmpty(groupHandler)) {
+ groupHandler =
UgsyncCommonConstants.DEFAULT_SYNC_MAPPING_GROUPNAME_HANDLER;
+ }
+
+ Map<String, String> userNameRegex =
getAllRegexPatternsConfig(RangerCommonConstants.PLUGINS_CONF_MAPPING_USERNAME);
+ Map<String, String> groupNameRegex =
getAllRegexPatternsConfig(RangerCommonConstants.PLUGINS_CONF_MAPPING_GROUPNAME);
+
+
propertiesMap.put(RangerCommonConstants.PLUGINS_CONF_USERNAME_CASE_CONVERSION_PARAM,
userCaseConv);
+
propertiesMap.put(RangerCommonConstants.PLUGINS_CONF_GROUPNAME_CASE_CONVERSION_PARAM,
groupCaseConv);
+
propertiesMap.put(RangerCommonConstants.PLUGINS_CONF_MAPPING_USERNAME_HANDLER,
userHandler);
+
propertiesMap.put(RangerCommonConstants.PLUGINS_CONF_MAPPING_GROUPNAME_HANDLER,
groupHandler);
+
propertiesMap.put(RangerCommonConstants.PLUGINS_CONF_MAPPING_SEPARATOR,
getRegexSeparator());
+ propertiesMap.putAll(userNameRegex);
+ propertiesMap.putAll(groupNameRegex);
+
+
props.put(RangerCommonConstants.PLUGINS_CONF_USERNAME_CASE_CONVERSION_PARAM,
userCaseConv);
+
props.put(RangerCommonConstants.PLUGINS_CONF_GROUPNAME_CASE_CONVERSION_PARAM,
groupCaseConv);
+
props.put(RangerCommonConstants.PLUGINS_CONF_MAPPING_USERNAME_HANDLER,
userHandler);
+
props.put(RangerCommonConstants.PLUGINS_CONF_MAPPING_GROUPNAME_HANDLER,
groupHandler);
+
props.put(RangerCommonConstants.PLUGINS_CONF_MAPPING_SEPARATOR,
getRegexSeparator());
+ props.putAll(userNameRegex);
+ props.putAll(groupNameRegex);
+ }
+ }
+
+ private static String getRegexSeparator() {
+ String ret = UgsyncCommonConstants.DEFAULT_MAPPING_SEPARATOR;
+ String val =
PropertiesUtil.getProperty(RangerCommonConstants.PLUGINS_CONF_MAPPING_SEPARATOR);
+
+ if (StringUtils.isNotEmpty(val)) {
+ if (val.length() == 1) {
+ ret = val;
+ } else {
+ LOG.warn("More than one character found in
RegEx Separator '{}', using default RegEx Separator '{}'", val, ret);
+ }
+ }
+
+ LOG.info("Using {} as the RegEx Separator", ret);
+
+ return ret;
+ }
+
+ private static Map<String, String> getAllRegexPatternsConfig(String
baseProperty) {
+ Map<String, String> regexPatterns = new HashMap<>();
+ String baseRegex =
PropertiesUtil.getProperty(baseProperty);
+
+ if (baseRegex != null) {
+ regexPatterns.put(baseProperty, baseRegex);
+
+ for (int i = 1; true; i++) {
+ String nextProperty = baseProperty + "." + i;
+ String nextRegex =
PropertiesUtil.getProperty(nextProperty);
+
+ if (nextRegex == null) {
+ break;
+ }
+
+ regexPatterns.put(nextProperty, nextRegex);
+ }
+ }
+
+ return regexPatterns;
+ }
}
diff --git
a/security-admin/src/main/java/org/apache/ranger/common/RangerServicePoliciesCache.java
b/security-admin/src/main/java/org/apache/ranger/common/RangerServicePoliciesCache.java
index a1330cf0e..76c979383 100644
---
a/security-admin/src/main/java/org/apache/ranger/common/RangerServicePoliciesCache.java
+++
b/security-admin/src/main/java/org/apache/ranger/common/RangerServicePoliciesCache.java
@@ -369,7 +369,10 @@ ServicePolicies getLatestOrCached(String serviceName,
ServiceStore serviceStore,
if
(isDeltaCacheReinitialized) {
this.deltaCache = new ServicePolicyDeltasCache(lastKnownVersion,
servicePoliciesForDeltas);
}
+
LOG.debug("servicePoliciesForDeltas = {}",
servicePoliciesForDeltas.getServiceConfig());
ret =
servicePoliciesForDeltas;
+
+ LOG.debug("ret
= {}", ret.getServiceConfig());
} else {
LOG.warn("Deltas were requested for service:[" + serviceName + "], but could
not get them!! lastKnownVersion:[" + lastKnownVersion + "]; Returning cached
ServicePolicies:[" + (servicePolicies != null ?
servicePolicies.getPolicyVersion() : -1L) + "]");
diff --git
a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index d3fe90a0e..1e11d5234 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -3281,6 +3281,7 @@ public ServicePolicies getSecureServicePoliciesIfUpdated(
boolean logError = httpCode !=
HttpServletResponse.SC_NOT_MODIFIED;
throw restErrorUtil.createRESTException(httpCode,
logMsg, logError);
}
+ LOG.debug("ServiceREST.getSecureServicePoliciesIfUpdated():
configs ={}", ret == null ? ret : ret.getServiceConfig());
if (LOG.isDebugEnabled()) {
LOG.debug("<==
ServiceREST.getSecureServicePoliciesIfUpdated(" + serviceName + ", " +
lastKnownVersion + ", " + lastActivationTime + ", " + pluginId + ", " +
clusterName + ", " + supportsPolicyDeltas + "): count=" + ((ret == null ||
ret.getPolicies() == null) ? 0 : ret.getPolicies().size()));
}
diff --git a/ugsync-util/pom.xml b/ugsync-util/pom.xml
index 51f559216..fb1bab7fc 100644
--- a/ugsync-util/pom.xml
+++ b/ugsync-util/pom.xml
@@ -47,6 +47,23 @@
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ <version>${slf4j-api.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.junit.jupiter</groupId>
+ <artifactId>junit-jupiter-api</artifactId>
+ <version>${junit.jupiter.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.junit.vintage</groupId>
+ <artifactId>junit-vintage-engine</artifactId>
+ <version>${junit.jupiter.version}</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<profiles>
@@ -71,6 +88,7 @@
<artifactId>jaxb-api</artifactId>
<version>2.3.1</version>
</dependency>
+
</dependencies>
</profile>
</profiles>
diff --git
a/ugsync/src/main/java/org/apache/ranger/usergroupsync/AbstractMapper.java
b/ugsync-util/src/main/java/org/apache/ranger/ugsyncutil/transform/AbstractMapper.java
similarity index 67%
rename from
ugsync/src/main/java/org/apache/ranger/usergroupsync/AbstractMapper.java
rename to
ugsync-util/src/main/java/org/apache/ranger/ugsyncutil/transform/AbstractMapper.java
index bbbc3c4d1..bc3ef4497 100644
--- a/ugsync/src/main/java/org/apache/ranger/usergroupsync/AbstractMapper.java
+++
b/ugsync-util/src/main/java/org/apache/ranger/ugsyncutil/transform/AbstractMapper.java
@@ -17,25 +17,24 @@
* under the License.
*/
-package org.apache.ranger.usergroupsync;
+package org.apache.ranger.ugsyncutil.transform;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-public abstract class AbstractMapper implements Mapper {
-
- protected static final Logger logger =
LoggerFactory.getLogger(AbstractMapper.class);
-
- @Override
- public void init(String baseProperty) {
- // TODO Auto-generated method stub
+import java.util.List;
- }
+public abstract class AbstractMapper implements Mapper {
+ protected static final Logger logger =
LoggerFactory.getLogger(AbstractMapper.class);
- @Override
- public String transform(String attrValue) {
- // TODO Auto-generated method stub
- return null;
- }
+ @Override
+ public void init(String baseProperty, List<String> regexPatterns, String
regexSeparator) {
+ // TODO Auto-generated method stub
+ }
+ @Override
+ public String transform(String attrValue) {
+ // TODO Auto-generated method stub
+ return null;
+ }
}
diff --git a/ugsync/src/main/java/org/apache/ranger/usergroupsync/Mapper.java
b/ugsync-util/src/main/java/org/apache/ranger/ugsyncutil/transform/Mapper.java
similarity index 84%
rename from ugsync/src/main/java/org/apache/ranger/usergroupsync/Mapper.java
rename to
ugsync-util/src/main/java/org/apache/ranger/ugsyncutil/transform/Mapper.java
index 696c66530..f2314407a 100644
--- a/ugsync/src/main/java/org/apache/ranger/usergroupsync/Mapper.java
+++
b/ugsync-util/src/main/java/org/apache/ranger/ugsyncutil/transform/Mapper.java
@@ -17,10 +17,12 @@
* under the License.
*/
-package org.apache.ranger.usergroupsync;
+package org.apache.ranger.ugsyncutil.transform;
+
+import java.util.List;
public interface Mapper {
- void init(String baseProperty);
+ void init(String baseProperty, List<String> regexPatterns, String
regexSeparator);
String transform(String attrValue);
}
diff --git a/ugsync/src/main/java/org/apache/ranger/usergroupsync/RegEx.java
b/ugsync-util/src/main/java/org/apache/ranger/ugsyncutil/transform/RegEx.java
similarity index 85%
rename from ugsync/src/main/java/org/apache/ranger/usergroupsync/RegEx.java
rename to
ugsync-util/src/main/java/org/apache/ranger/ugsyncutil/transform/RegEx.java
index 9e5ca4ca5..6190a85b0 100644
--- a/ugsync/src/main/java/org/apache/ranger/usergroupsync/RegEx.java
+++
b/ugsync-util/src/main/java/org/apache/ranger/ugsyncutil/transform/RegEx.java
@@ -17,17 +17,14 @@
* under the License.
*/
-package org.apache.ranger.usergroupsync;
+package org.apache.ranger.ugsyncutil.transform;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
-import org.apache.ranger.unixusersync.config.UserGroupSyncConfig;
-
public class RegEx extends AbstractMapper {
- private UserGroupSyncConfig config = UserGroupSyncConfig.getInstance();
private LinkedHashMap<String, String> replacementPattern;
public LinkedHashMap<String, String> getReplacementPattern() {
@@ -35,18 +32,16 @@ public LinkedHashMap<String, String>
getReplacementPattern() {
}
@Override
- public void init (String baseProperty) {
+ public void init (String baseProperty, List<String> regexPatterns,
String regexSeparator) {
logger.info("Initializing for " + baseProperty);
try {
- List<String> regexPatterns =
config.getAllRegexPatterns(baseProperty);
- String regexSeparator = config.getRegexSeparator();
populateReplacementPatterns(baseProperty,
regexPatterns, regexSeparator);
} catch (Throwable t) {
logger.error("Failed to initialize " + baseProperty,
t.fillInStackTrace());
}
}
- protected void populateReplacementPatterns(String baseProperty,
List<String> regexPatterns, String regexSeparator) throws Throwable {
+ void populateReplacementPatterns(String baseProperty, List<String>
regexPatterns, String regexSeparator) throws Throwable {
replacementPattern = new LinkedHashMap<String, String>();
String regex = String.format("s%s([^%s]*)%s([^%s]*)%s(g)?",
regexSeparator, regexSeparator, regexSeparator, regexSeparator, regexSeparator);
Pattern p = Pattern.compile(regex);
diff --git
a/ugsync-util/src/main/java/org/apache/ranger/ugsyncutil/util/UgsyncCommonConstants.java
b/ugsync-util/src/main/java/org/apache/ranger/ugsyncutil/util/UgsyncCommonConstants.java
index f20bf9196..eb132b6ab 100644
---
a/ugsync-util/src/main/java/org/apache/ranger/ugsyncutil/util/UgsyncCommonConstants.java
+++
b/ugsync-util/src/main/java/org/apache/ranger/ugsyncutil/util/UgsyncCommonConstants.java
@@ -20,10 +20,45 @@
package org.apache.ranger.ugsyncutil.util;
public class UgsyncCommonConstants {
+ public enum CaseConversion { NONE, TO_LOWER, TO_UPPER }
public static final String ORIGINAL_NAME = "original_name";
public static final String FULL_NAME = "full_name";
public static final String SYNC_SOURCE = "sync_source";
public static final String LDAP_URL = "ldap_url";
+ public static final String UGSYNC_NONE_CASE_CONVERSION_VALUE = "none";
+ public static final String UGSYNC_LOWER_CASE_CONVERSION_VALUE = "lower";
+ public static final String UGSYNC_UPPER_CASE_CONVERSION_VALUE = "upper";
+
+ public static final String UGSYNC_USERNAME_CASE_CONVERSION_PARAM =
"ranger.usersync.ldap.username.caseconversion";
+ public static final String DEFAULT_UGSYNC_USERNAME_CASE_CONVERSION_VALUE =
UGSYNC_NONE_CASE_CONVERSION_VALUE;
+
+ public static final String UGSYNC_GROUPNAME_CASE_CONVERSION_PARAM =
"ranger.usersync.ldap.groupname.caseconversion";
+ public static final String DEFAULT_UGSYNC_GROUPNAME_CASE_CONVERSION_VALUE
= UGSYNC_NONE_CASE_CONVERSION_VALUE;
+
+ public static final String SYNC_MAPPING_USERNAME =
"ranger.usersync.mapping.username.regex";
+
+ public static final String SYNC_MAPPING_GROUPNAME =
"ranger.usersync.mapping.groupname.regex";
+
+ public static final String SYNC_MAPPING_USERNAME_HANDLER =
"ranger.usersync.mapping.username.handler";
+ public static final String DEFAULT_SYNC_MAPPING_USERNAME_HANDLER =
"org.apache.ranger.ugsyncutil.transform.RegEx";
+
+ public static final String SYNC_MAPPING_GROUPNAME_HANDLER =
"ranger.usersync.mapping.groupname.handler";
+ public static final String DEFAULT_SYNC_MAPPING_GROUPNAME_HANDLER =
"org.apache.ranger.ugsyncutil.transform.RegEx";
+
+ public static final String SYNC_MAPPING_SEPARATOR =
"ranger.usersync.mapping.regex.separator";
+
+ public static final String DEFAULT_MAPPING_SEPARATOR = "/";
+
+ public static CaseConversion toCaseConversion(String value) {
+ if (UGSYNC_LOWER_CASE_CONVERSION_VALUE.equalsIgnoreCase(value)) {
+ return CaseConversion.TO_LOWER;
+ } else if (UGSYNC_UPPER_CASE_CONVERSION_VALUE.equalsIgnoreCase(value))
{
+ return CaseConversion.TO_UPPER;
+ } else {
+ return CaseConversion.NONE;
+ }
+ }
+
}
diff --git
a/ugsync/src/test/java/org/apache/ranger/usergroupsync/TestRegEx.java
b/ugsync-util/src/test/java/org/apache/ranger/ugsyncutil/transform/TestRegEx.java
similarity index 99%
rename from ugsync/src/test/java/org/apache/ranger/usergroupsync/TestRegEx.java
rename to
ugsync-util/src/test/java/org/apache/ranger/ugsyncutil/transform/TestRegEx.java
index 1be5fc4ab..cc531c649 100644
--- a/ugsync/src/test/java/org/apache/ranger/usergroupsync/TestRegEx.java
+++
b/ugsync-util/src/test/java/org/apache/ranger/ugsyncutil/transform/TestRegEx.java
@@ -17,7 +17,7 @@
* under the License.
*/
-package org.apache.ranger.usergroupsync;
+package org.apache.ranger.ugsyncutil.transform;
import static org.junit.Assert.*;
diff --git
a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
index c65e08ffa..bdcae4b75 100644
---
a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
+++
b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
@@ -37,6 +37,7 @@
import org.apache.ranger.credentialapi.CredentialReader;
import org.apache.ranger.plugin.util.RangerCommonConstants;
import org.apache.ranger.plugin.util.XMLUtils;
+import org.apache.ranger.ugsyncutil.util.UgsyncCommonConstants;
import org.apache.ranger.unixusersync.ha.UserSyncHAInitializerImpl;
import org.apache.ranger.usergroupsync.UserGroupSink;
import org.apache.ranger.usergroupsync.UserGroupSource;
@@ -247,19 +248,6 @@ public class UserGroupSyncConfig {
private static final String LGSYNC_REFERRAL =
"ranger.usersync.ldap.referral";
private static final String DEFAULT_LGSYNC_REFERRAL = "follow";
- public static final String SYNC_MAPPING_USERNAME =
"ranger.usersync.mapping.username.regex";
-
- public static final String SYNC_MAPPING_GROUPNAME =
"ranger.usersync.mapping.groupname.regex";
-
- private static final String SYNC_MAPPING_USERNAME_HANDLER =
"ranger.usersync.mapping.username.handler";
- private static final String DEFAULT_SYNC_MAPPING_USERNAME_HANDLER =
"org.apache.ranger.usergroupsync.RegEx";
-
- private static final String SYNC_MAPPING_GROUPNAME_HANDLER =
"ranger.usersync.mapping.groupname.handler";
- private static final String DEFAULT_SYNC_MAPPING_GROUPNAME_HANDLER =
"org.apache.ranger.usergroupsync.RegEx";
-
- private static final String SYNC_MAPPING_SEPARATOR =
"ranger.usersync.mapping.regex.separator";
-
- private static final String DEFAULT_MAPPING_SEPARATOR = "/";
private static final String ROLE_ASSIGNMENT_LIST_DELIMITER =
"ranger.usersync.role.assignment.list.delimiter";
private static final String USERS_GROUPS_ASSIGNMENT_LIST_DELIMITER =
"ranger.usersync.users.groups.assignment.list.delimiter";
@@ -1068,19 +1056,19 @@ public List<String> getAllRegexPatterns(String
baseProperty) throws Throwable {
}
public String getUserSyncMappingUserNameHandler() {
- String val = prop.getProperty(SYNC_MAPPING_USERNAME_HANDLER);
+ String val =
prop.getProperty(UgsyncCommonConstants.SYNC_MAPPING_USERNAME_HANDLER);
if(val == null) {
- val = DEFAULT_SYNC_MAPPING_USERNAME_HANDLER;
+ val =
UgsyncCommonConstants.DEFAULT_SYNC_MAPPING_USERNAME_HANDLER;
}
return val;
}
public String getUserSyncMappingGroupNameHandler() {
- String val = prop.getProperty(SYNC_MAPPING_GROUPNAME_HANDLER);
+ String val =
prop.getProperty(UgsyncCommonConstants.SYNC_MAPPING_GROUPNAME_HANDLER);
if(val == null) {
- val = DEFAULT_SYNC_MAPPING_GROUPNAME_HANDLER;
+ val =
UgsyncCommonConstants.DEFAULT_SYNC_MAPPING_GROUPNAME_HANDLER;
}
return val;
}
@@ -1168,14 +1156,10 @@ public boolean isStartTlsEnabled() {
}
public boolean isDeltaSyncEnabled() {
- boolean deltaSyncEnabled;
String val = prop.getProperty(LGSYNC_LDAP_DELTASYNC_ENABLED);
- if(val == null || val.trim().isEmpty()) {
- deltaSyncEnabled =
DEFAULT_LGSYNC_LDAP_DELTASYNC_ENABLED;
- } else {
- deltaSyncEnabled = Boolean.valueOf(val);
- }
- return deltaSyncEnabled;
+
+ return StringUtils.isBlank(val) ?
DEFAULT_LGSYNC_LDAP_DELTASYNC_ENABLED : Boolean.parseBoolean(val);
+
}
/* Used only for unit testing */
@@ -1368,8 +1352,8 @@ public boolean isUserSyncNameValidationEnabled() {
}
public String getRegexSeparator() {
- String ret = DEFAULT_MAPPING_SEPARATOR;
- String val = prop.getProperty(SYNC_MAPPING_SEPARATOR);
+ String ret = UgsyncCommonConstants.DEFAULT_MAPPING_SEPARATOR;
+ String val =
prop.getProperty(UgsyncCommonConstants.SYNC_MAPPING_SEPARATOR);
if(StringUtils.isNotEmpty(val)) {
if (val.length() == 1) {
ret = val;
diff --git
a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
index 277d33b20..5746d793e 100644
---
a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
+++
b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
@@ -160,22 +160,22 @@ public PolicyMgrUserGroupBuilder() {
String userNameCaseConversion =
config.getUserNameCaseConversion();
- if
(UserGroupSyncConfig.UGSYNC_NONE_CASE_CONVERSION_VALUE.equalsIgnoreCase(userNameCaseConversion))
{
+ if
(UgsyncCommonConstants.UGSYNC_NONE_CASE_CONVERSION_VALUE.equalsIgnoreCase(userNameCaseConversion))
{
userNameCaseConversionFlag = false;
}
else {
userNameCaseConversionFlag = true;
- userNameLowerCaseFlag =
UserGroupSyncConfig.UGSYNC_LOWER_CASE_CONVERSION_VALUE.equalsIgnoreCase(userNameCaseConversion);
+ userNameLowerCaseFlag =
UgsyncCommonConstants.UGSYNC_LOWER_CASE_CONVERSION_VALUE.equalsIgnoreCase(userNameCaseConversion);
}
String groupNameCaseConversion =
config.getGroupNameCaseConversion();
- if
(UserGroupSyncConfig.UGSYNC_NONE_CASE_CONVERSION_VALUE.equalsIgnoreCase(groupNameCaseConversion))
{
+ if
(UgsyncCommonConstants.UGSYNC_NONE_CASE_CONVERSION_VALUE.equalsIgnoreCase(groupNameCaseConversion))
{
groupNameCaseConversionFlag = false;
}
else {
groupNameCaseConversionFlag = true;
- groupNameLowerCaseFlag =
UserGroupSyncConfig.UGSYNC_LOWER_CASE_CONVERSION_VALUE.equalsIgnoreCase(groupNameCaseConversion);
+ groupNameLowerCaseFlag =
UgsyncCommonConstants.UGSYNC_LOWER_CASE_CONVERSION_VALUE.equalsIgnoreCase(groupNameCaseConversion);
}
}
diff --git
a/ugsync/src/main/java/org/apache/ranger/usergroupsync/AbstractUserGroupSource.java
b/ugsync/src/main/java/org/apache/ranger/usergroupsync/AbstractUserGroupSource.java
index 18d2d3ef7..4e171e17b 100644
---
a/ugsync/src/main/java/org/apache/ranger/usergroupsync/AbstractUserGroupSource.java
+++
b/ugsync/src/main/java/org/apache/ranger/usergroupsync/AbstractUserGroupSource.java
@@ -18,54 +18,54 @@
*/
package org.apache.ranger.usergroupsync;
+import org.apache.ranger.ugsyncutil.transform.Mapper;
+import org.apache.ranger.ugsyncutil.util.UgsyncCommonConstants;
import org.apache.ranger.unixusersync.config.UserGroupSyncConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public abstract class AbstractUserGroupSource {
-
private static final Logger LOG =
LoggerFactory.getLogger(AbstractUserGroupSource.class);
- protected UserGroupSyncConfig config = UserGroupSyncConfig.getInstance();
+ protected final UserGroupSyncConfig config =
UserGroupSyncConfig.getInstance();
+ protected final Mapper userNameRegExInst;
+ protected final Mapper groupNameRegExInst;
- protected Mapper userNameRegExInst = null;
- protected Mapper groupNameRegExInst = null;
+ public AbstractUserGroupSource() {
+ String mappingUserNameHandler =
config.getUserSyncMappingUserNameHandler();
+ String mappingGroupNameHandler =
config.getUserSyncMappingGroupNameHandler();
+ Mapper userNameRegExInst = null;
+ Mapper groupNameRegExInst = null;
+ if (mappingUserNameHandler != null) {
+ try {
+ Class<Mapper> regExClass = (Class<Mapper>)
Class.forName(mappingUserNameHandler);
- public AbstractUserGroupSource() {
- String mappingUserNameHandler =
config.getUserSyncMappingUserNameHandler();
- try {
- if (mappingUserNameHandler != null) {
- Class<Mapper> regExClass =
(Class<Mapper>)Class.forName(mappingUserNameHandler);
userNameRegExInst = regExClass.newInstance();
- if (userNameRegExInst != null) {
-
userNameRegExInst.init(UserGroupSyncConfig.SYNC_MAPPING_USERNAME);
- } else {
- LOG.error("RegEx handler instance for username is null!");
- }
+
+
userNameRegExInst.init(UgsyncCommonConstants.SYNC_MAPPING_USERNAME,
config.getAllRegexPatterns(UgsyncCommonConstants.SYNC_MAPPING_USERNAME),
config.getRegexSeparator());
+ } catch (ClassNotFoundException cne) {
+ LOG.error("Failed to load {}: {}", mappingUserNameHandler,
cne);
+ } catch (Throwable te) {
+ LOG.error("Failed to instantiate {}: {}",
mappingUserNameHandler, te);
}
- } catch (ClassNotFoundException cne) {
- LOG.error("Failed to load " + mappingUserNameHandler + " " + cne);
- } catch (Throwable te) {
- LOG.error("Failed to instantiate " + mappingUserNameHandler + " "
+ te);
}
- String mappingGroupNameHandler =
config.getUserSyncMappingGroupNameHandler();
- try {
- if (mappingGroupNameHandler != null) {
- Class<Mapper> regExClass =
(Class<Mapper>)Class.forName(mappingGroupNameHandler);
+ if (mappingGroupNameHandler != null) {
+ try {
+ Class<Mapper> regExClass = (Class<Mapper>)
Class.forName(mappingGroupNameHandler);
+
groupNameRegExInst = regExClass.newInstance();
- if (groupNameRegExInst != null) {
-
groupNameRegExInst.init(UserGroupSyncConfig.SYNC_MAPPING_GROUPNAME);
- } else {
- LOG.error("RegEx handler instance for groupname is null!");
- }
+
+
groupNameRegExInst.init(UgsyncCommonConstants.SYNC_MAPPING_GROUPNAME,
config.getAllRegexPatterns(UgsyncCommonConstants.SYNC_MAPPING_GROUPNAME),
config.getRegexSeparator());
+ } catch (ClassNotFoundException cne) {
+ LOG.error("Failed to load {}: {}", mappingGroupNameHandler,
cne);
+ } catch (Throwable te) {
+ LOG.error("Failed to instantiate {}: {}",
mappingGroupNameHandler, te);
}
- } catch (ClassNotFoundException cne) {
- LOG.error("Failed to load " + mappingGroupNameHandler + " " + cne);
- } catch (Throwable te) {
- LOG.error("Failed to instantiate " + mappingGroupNameHandler + " "
+ te);
}
- }
+ this.userNameRegExInst = userNameRegExInst;
+ this.groupNameRegExInst = groupNameRegExInst;
+ }
}
diff --git
a/ugsync/src/test/java/org/apache/ranger/unixusersync/process/TestFileSourceUserGroupBuilder.java
b/ugsync/src/test/java/org/apache/ranger/unixusersync/process/TestFileSourceUserGroupBuilder.java
index 6b01ba7ad..4cdbe03e6 100644
---
a/ugsync/src/test/java/org/apache/ranger/unixusersync/process/TestFileSourceUserGroupBuilder.java
+++
b/ugsync/src/test/java/org/apache/ranger/unixusersync/process/TestFileSourceUserGroupBuilder.java
@@ -21,6 +21,7 @@
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.assertEquals;
+import org.apache.ranger.ugsyncutil.util.UgsyncCommonConstants;
import org.apache.ranger.unixusersync.config.UserGroupSyncConfig;
import org.apache.ranger.usergroupsync.PolicyMgrUserGroupBuilderTest;
import org.junit.Test;
@@ -90,7 +91,8 @@ public void
testUpdateSinkFromCsvFileMisSpelledDelimiterProperty() throws Throwa
sink.init();
fileBuilder.updateSink(sink);
- assertEquals(4, sink.getTotalUsers());
+ assertEquals(4,
+ sink.getTotalUsers());
assertEquals(2, sink.getTotalGroups());
assertTrue(sink.getAllUsers().contains("user1"));
@@ -135,10 +137,10 @@ public void testUpdateSinkWithUserAndGroupMapping()
throws Throwable {
config.setProperty(UserGroupSyncConfig.UGSYNC_SOURCE_FILE_PROC,
"src/test/resources/usergroups-dns.csv");
config.setProperty(UserGroupSyncConfig.UGSYNC_SOURCE_FILE_DELIMITERER,
"|");
- config.setProperty(UserGroupSyncConfig.SYNC_MAPPING_USERNAME,
"s/[=]/_/g");
- config.setProperty(UserGroupSyncConfig.SYNC_MAPPING_USERNAME + ".1",
"s/[,]//g");
+ config.setProperty(UgsyncCommonConstants.SYNC_MAPPING_USERNAME,
"s/[=]/_/g");
+ config.setProperty(UgsyncCommonConstants.SYNC_MAPPING_USERNAME + ".1",
"s/[,]//g");
- config.setProperty(UserGroupSyncConfig.SYNC_MAPPING_GROUPNAME,
"s/[=]//g");
+ config.setProperty(UgsyncCommonConstants.SYNC_MAPPING_GROUPNAME,
"s/[=]//g");
FileSourceUserGroupBuilder fileBuilder = new
FileSourceUserGroupBuilder();
fileBuilder.init();
diff --git
a/ugsync/src/test/java/org/apache/ranger/usergroupsync/TestLdapUserGroup.java
b/ugsync/src/test/java/org/apache/ranger/usergroupsync/TestLdapUserGroup.java
index 2011b5b75..6a7258852 100644
---
a/ugsync/src/test/java/org/apache/ranger/usergroupsync/TestLdapUserGroup.java
+++
b/ugsync/src/test/java/org/apache/ranger/usergroupsync/TestLdapUserGroup.java
@@ -32,6 +32,7 @@
import org.apache.directory.server.ldap.LdapServer;
import org.apache.directory.server.protocol.shared.transport.TcpTransport;
import org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder;
+import org.apache.ranger.ugsyncutil.util.UgsyncCommonConstants;
import org.apache.ranger.unixusersync.config.UserGroupSyncConfig;
import org.junit.After;
import org.junit.Assert;
@@ -405,8 +406,8 @@ public void testUpdateSinkWithUserGroupMapping() throws
Throwable {
config.setGroupSearchEnabled(true);
config.setGroupSearchFirstEnabled(false);
- config.setProperty(UserGroupSyncConfig.SYNC_MAPPING_USERNAME,
"s/[=]/_/g");
- config.setProperty(UserGroupSyncConfig.SYNC_MAPPING_GROUPNAME,
"s/[=]/_/g");
+ config.setProperty(UgsyncCommonConstants.SYNC_MAPPING_USERNAME,
"s/[=]/_/g");
+
config.setProperty(UgsyncCommonConstants.SYNC_MAPPING_GROUPNAME, "s/[=]/_/g");
sink = new PolicyMgrUserGroupBuilderTest();
ldapBuilder.init();
