RANGER-1024 : Improve implementation of java patch PatchPersmissionModel_J10003 to handle large amount of users
Signed-off-by: Velmurugan Periasamy <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/9fd001ca Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/9fd001ca Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/9fd001ca Branch: refs/heads/master Commit: 9fd001cae7b4366cbd59a77146137a7088f4a805 Parents: 07696a7 Author: pradeep agrawal <[email protected]> Authored: Tue Jun 14 21:34:48 2016 +0530 Committer: Velmurugan Periasamy <[email protected]> Committed: Fri Jun 17 00:11:47 2016 -0400 ---------------------------------------------------------------------- .../patch/PatchPersmissionModel_J10003.java | 118 +++++++++++++++++-- 1 file changed, 106 insertions(+), 12 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9fd001ca/security-admin/src/main/java/org/apache/ranger/patch/PatchPersmissionModel_J10003.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchPersmissionModel_J10003.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchPersmissionModel_J10003.java index 764bb5d..3a3bed2 100644 --- a/security-admin/src/main/java/org/apache/ranger/patch/PatchPersmissionModel_J10003.java +++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchPersmissionModel_J10003.java @@ -17,18 +17,26 @@ package org.apache.ranger.patch; +import java.io.IOException; +import java.nio.charset.Charset; +import java.nio.charset.StandardCharsets; +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.Paths; import java.util.ArrayList; import java.util.List; +import org.apache.commons.lang.StringUtils; import org.apache.log4j.Logger; import org.apache.ranger.db.RangerDaoManager; import org.apache.ranger.entity.XXPortalUser; import org.apache.ranger.service.XPortalUserService; - import org.apache.ranger.biz.XUserMgr; +import org.apache.ranger.common.RangerConstants; import org.apache.ranger.util.CLIUtil; import org.apache.ranger.view.VXPortalUser; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import org.springframework.util.CollectionUtils; @Component public class PatchPersmissionModel_J10003 extends BaseLoader { @@ -44,9 +52,19 @@ public class PatchPersmissionModel_J10003 extends BaseLoader { @Autowired RangerDaoManager daoManager; + private static boolean grantAllUsers=false; + private static String usersListFileName=null; + private final static Charset ENCODING = StandardCharsets.UTF_8; public static void main(String[] args) { logger.info("main()"); try { + if(args!=null && args.length>0){ + if(StringUtils.equalsIgnoreCase("ALL", args[0])){ + grantAllUsers=true; + }else if(!StringUtils.isEmpty(args[0])){ + usersListFileName=args[0]; + } + } PatchPersmissionModel_J10003 loader = (PatchPersmissionModel_J10003) CLIUtil .getBean(PatchPersmissionModel_J10003.class); @@ -75,22 +93,98 @@ public class PatchPersmissionModel_J10003 extends BaseLoader { } public void assignPermissionToExistingUsers() { - int countUserPermissionUpdated = 1; - List<XXPortalUser> allPortalUser = daoManager.getXXPortalUser().findAllXPortalUser(); - List<VXPortalUser> vPortalUsers = new ArrayList<VXPortalUser>(); - for (XXPortalUser xPortalUser : allPortalUser) { - VXPortalUser vPortalUser = xPortalUserService.populateViewBean(xPortalUser); - vPortalUsers.add(vPortalUser); - vPortalUser.setUserRoleList(daoManager.getXXPortalUserRole().findXPortalUserRolebyXPortalUserId(vPortalUser.getId())); - xUserMgr.assignPermissionToUser(vPortalUser, false); - countUserPermissionUpdated += 1; - logger.info("Permissions assigned/updated on base of User's Role, UserId [" + xPortalUser.getId() + "]"); + int countUserPermissionUpdated = 0; + Long userCount=daoManager.getXXPortalUser().getAllCount(); + List<XXPortalUser> xXPortalUsers=null; + Long patchModeMaxLimit=Long.valueOf(500L); + try{ + if (userCount!=null && userCount>0){ + List<String> loginIdList=readUserNamesFromFile(usersListFileName); + if(!CollectionUtils.isEmpty(loginIdList)){ + xXPortalUsers=new ArrayList<XXPortalUser>(); + XXPortalUser xXPortalUser=null; + for(String loginId:loginIdList){ + try{ + xXPortalUser=daoManager.getXXPortalUser().findByLoginId(loginId); + if(xXPortalUser!=null){ + xXPortalUsers.add(xXPortalUser); + }else{ + logger.info("User "+loginId+" doesn't exist!"); + } + }catch(Exception ex){ + } + } + countUserPermissionUpdated=assignPermissions(xXPortalUsers); + logger.info("Permissions assigned to "+countUserPermissionUpdated + " of "+loginIdList.size()); + }else if(userCount.compareTo(Long.valueOf(patchModeMaxLimit))<0 || grantAllUsers){ + xXPortalUsers=daoManager.getXXPortalUser().findAllXPortalUser(); + if(!CollectionUtils.isEmpty(xXPortalUsers)){ + countUserPermissionUpdated=assignPermissions(xXPortalUsers); + logger.info("Permissions assigned to "+countUserPermissionUpdated + " of "+xXPortalUsers.size()); + } + }else{ + //if total no. of users are more than 500 then process ADMIN and KEY_ADMIN users only to avoid timeout + xXPortalUsers=daoManager.getXXPortalUser().findByRole(RangerConstants.ROLE_SYS_ADMIN); + if(!CollectionUtils.isEmpty(xXPortalUsers)){ + countUserPermissionUpdated=assignPermissions(xXPortalUsers); + logger.info("Permissions assigned to users having role:"+RangerConstants.ROLE_SYS_ADMIN+". Processed:"+countUserPermissionUpdated + " of total "+xXPortalUsers.size()); + } + xXPortalUsers=daoManager.getXXPortalUser().findByRole(RangerConstants.ROLE_KEY_ADMIN); + if(!CollectionUtils.isEmpty(xXPortalUsers)){ + countUserPermissionUpdated=assignPermissions(xXPortalUsers); + logger.info("Permissions assigned to users having role:"+RangerConstants.ROLE_KEY_ADMIN+". Processed:"+countUserPermissionUpdated + " of total "+xXPortalUsers.size()); + } + logger.info("Please execute this patch separately with argument 'ALL' to assign permission to remaining users "); + System.out.println("Please execute this patch separately with argument 'ALL' to assign module permissions to remaining users!!"); + } + } + }catch(Exception ex){ } - logger.info(countUserPermissionUpdated + " permissions were assigned"); } @Override public void printStats() { } + private int assignPermissions(List<XXPortalUser> xXPortalUsers){ + int countUserPermissionUpdated = 0; + if(!CollectionUtils.isEmpty(xXPortalUsers)){ + for (XXPortalUser xPortalUser : xXPortalUsers) { + try{ + if(xPortalUser!=null){ + VXPortalUser vPortalUser = xPortalUserService.populateViewBean(xPortalUser); + if(vPortalUser!=null){ + vPortalUser.setUserRoleList(daoManager.getXXPortalUserRole().findXPortalUserRolebyXPortalUserId(vPortalUser.getId())); + xUserMgr.assignPermissionToUser(vPortalUser, false); + countUserPermissionUpdated += 1; + logger.info("Permissions assigned/updated on base of User's Role, UserId [" + xPortalUser.getId() + "]"); + } + } + }catch(Exception ex){ + } + } + } + return countUserPermissionUpdated ; + } + + private List<String> readUserNamesFromFile(String aFileName) throws IOException { + List<String> userNames=new ArrayList<String>(); + if(!StringUtils.isEmpty(aFileName)){ + Path path = Paths.get(aFileName); + if (Files.exists(path) && Files.isRegularFile(path)) { + List<String> fileContents=Files.readAllLines(path, ENCODING); + if(fileContents!=null && fileContents.size()>0){ + for(String line:fileContents){ + if(!StringUtils.isEmpty(line) && !userNames.contains(line)){ + try{ + userNames.add(line.trim()); + }catch(Exception ex){ + } + } + } + } + } + } + return userNames; + } }
