ranger git commit: RANGER-1491 : Automatically map group of external users to Administrator Role
Repository: ranger Updated Branches: refs/heads/master 0878d19e9 -> 9f5721bbe RANGER-1491 : Automatically map group of external users to Administrator Role Signed-off-by: Gautam Borad Project: http://git-wip-us.apache.org/repos/asf/ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/9f5721bb Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/9f5721bb Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/9f5721bb Branch: refs/heads/master Commit: 9f5721bbed8057586e63a5ea5552ddecf5cc67ca Parents: 0878d19 Author: Bhavik Patel Authored: Mon Aug 7 15:47:00 2017 +0530 Committer: Gautam Borad Committed: Fri Aug 11 12:12:57 2017 +0530 -- .../java/org/apache/ranger/biz/UserMgr.java | 96 +-- .../java/org/apache/ranger/biz/XUserMgr.java| 169 +++ .../org/apache/ranger/service/XUserService.java | 8 +- .../java/org/apache/ranger/view/VXUser.java | 1 + .../java/org/apache/ranger/biz/TestUserMgr.java | 4 +- .../org/apache/ranger/biz/TestXUserMgr.java | 141 ++ .../process/LdapPolicyMgrUserGroupBuilder.java | 156 -- .../config/UserGroupSyncConfig.java | 53 .../ranger/unixusersync/model/XUserInfo.java| 20 +- .../process/PolicyMgrUserGroupBuilder.java | 281 --- unixauthservice/scripts/install.properties | 16 ++ unixauthservice/scripts/setup.py| 18 ++ .../templates/installprop2xml.properties| 4 + .../templates/ranger-ugsync-template.xml| 16 ++ 14 files changed, 777 insertions(+), 206 deletions(-) -- http://git-wip-us.apache.org/repos/asf/ranger/blob/9f5721bb/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java -- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java index 6f77832..c1145e7 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java @@ -142,6 +142,7 @@ public class UserMgr { Collection userRoleList) { XXPortalUser user = mapVXPortalUserToXXPortalUser(userProfile); checkAdminAccess(); +xUserMgr.checkAccessRoles((List) userRoleList); user = createUser(user, userStatus, userRoleList); return user; @@ -174,9 +175,13 @@ public class UserMgr { ArrayList roleList = new ArrayList(); Collection reqRoleList = userProfile.getUserRoleList(); if (reqRoleList != null && reqRoleList.size() > 0) { - for (String role : reqRoleList) { - roleList.add(role); - } +for (String role : reqRoleList) { +if (role != null) { +roleList.add(role); +} else { +roleList.add(RangerConstants.ROLE_USER); +} +} } else { roleList.add(RangerConstants.ROLE_USER); } @@ -1104,16 +1109,18 @@ public class UserMgr { checkAdminAccess(); logger.info("create:" + userProfile.getLoginId()); XXPortalUser xXPortalUser = null; +Collection existingRoleList = null; +Collection reqRoleList = null; String loginId = userProfile.getLoginId(); String emailAddress = userProfile.getEmailAddress(); - if (loginId != null && !loginId.isEmpty()) { +if (loginId != null && !loginId.isEmpty()) { xXPortalUser = this.findByLoginId(loginId); if (xXPortalUser == null) { if (!stringUtil.isEmpty(emailAddress)) { xXPortalUser = this.findByEmailAddress(emailAddress); if (xXPortalUser == null) { - xXPortalUser = this.createUser(userProfile, +xXPortalUser = this.createUser(userProfile, RangerCommonEnums.STATUS_ENABLED); } else { throw restErrorUtil @@ -1125,9 +1132,9 @@ public class UserMgr { MessageEnums.OPER_NOT_ALLOWED_FOR_STATE); } } else { - userProfile.setEmailAddress(null); -
ranger git commit: RANGER-1491:Automatically map group of external users to Administrator Role
Repository: ranger Updated Branches: refs/heads/ranger-0.7 694ff57f1 -> 99abbcfa9 RANGER-1491:Automatically map group of external users to Administrator Role Signed-off-by: Gautam Borad Project: http://git-wip-us.apache.org/repos/asf/ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/99abbcfa Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/99abbcfa Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/99abbcfa Branch: refs/heads/ranger-0.7 Commit: 99abbcfa99667b60ae5f217db4bce44ac01bfdce Parents: 694ff57 Author: Bhavik Patel Authored: Tue Aug 8 10:59:54 2017 +0530 Committer: Gautam Borad Committed: Fri Aug 11 12:13:08 2017 +0530 -- .../java/org/apache/ranger/biz/UserMgr.java | 63 +- .../java/org/apache/ranger/biz/XUserMgr.java| 87 +--- .../org/apache/ranger/service/XUserService.java | 7 +- .../java/org/apache/ranger/view/VXUser.java | 1 + .../java/org/apache/ranger/biz/TestUserMgr.java | 4 +- .../org/apache/ranger/biz/TestXUserMgr.java | 45 - .../process/LdapPolicyMgrUserGroupBuilder.java | 123 +++- .../config/UserGroupSyncConfig.java | 41 .../ranger/unixusersync/model/XUserInfo.java| 20 +- .../process/PolicyMgrUserGroupBuilder.java | 201 ++- unixauthservice/scripts/install.properties | 15 ++ unixauthservice/scripts/setup.py| 17 ++ .../templates/installprop2xml.properties| 4 + .../templates/ranger-ugsync-template.xml| 16 ++ 14 files changed, 588 insertions(+), 56 deletions(-) -- http://git-wip-us.apache.org/repos/asf/ranger/blob/99abbcfa/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java -- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java index be16f75..f27bfc1 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java @@ -142,6 +142,7 @@ public class UserMgr { Collection userRoleList) { XXPortalUser user = mapVXPortalUserToXXPortalUser(userProfile); checkAdminAccess(); +xUserMgr.checkAccessRoles((List) userRoleList); user = createUser(user, userStatus, userRoleList); return user; @@ -175,7 +176,11 @@ public class UserMgr { Collection reqRoleList = userProfile.getUserRoleList(); if (reqRoleList != null && reqRoleList.size() > 0) { for (String role : reqRoleList) { - roleList.add(role); +if (role != null) { +roleList.add(role); +} else { + roleList.add(RangerConstants.ROLE_USER); +} } } else { roleList.add(RangerConstants.ROLE_USER); @@ -1109,6 +1114,8 @@ public class UserMgr { checkAdminAccess(); logger.info("create:" + userProfile.getLoginId()); XXPortalUser xXPortalUser = null; +Collection existingRoleList = null; +Collection reqRoleList = null; String loginId = userProfile.getLoginId(); String emailAddress = userProfile.getEmailAddress(); @@ -1143,13 +1150,59 @@ public class UserMgr { */ } } +VXPortalUser userProfileRes = null; if (xXPortalUser != null) { - return mapXXPortalUserToVXPortalUserForDefaultAccount(xXPortalUser); - } else { - return null; - } +userProfileRes = mapXXPortalUserToVXPortalUserForDefaultAccount(xXPortalUser); +if (userProfile.getUserRoleList() != null +&& userProfile.getUserRoleList().size() > 0 +&& ((List) userProfile.getUserRoleList()).get(0) != null) { +reqRoleList = userProfile.getUserRoleList(); +existingRoleList = this.getRolesByLoginId(loginId); +XXPortalUser xxPortalUser = daoManager.getXXPortalUser() + .findByLoginId(userProfile.getLoginId()); +if (xxPortalUser != null && xxPortalUser.getUserSource() == RangerCommonEnums.USER_EXTERNAL) { +