diff --git a/agents-common/pom.xml b/agents-common/pom.xml
index d7b626015f..95cf2557f4 100644
--- a/agents-common/pom.xml
+++ b/agents-common/pom.xml
@@ -171,6 +171,25 @@
ranger-plugins-cred
${project.version}
+
+ org.apache.ranger
+ ugsync-util
+ ${project.version}
+
+
+ log4j
+ *
+
+
+ org.apache.logging.log4j
+ *
+
+
+ org.slf4j
+ *
+
+
+
org.mockito
mockito-core
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
index 31e6375832..af18880889 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
@@ -45,7 +45,6 @@
import org.apache.ranger.plugin.util.ServiceDefUtil;
import org.apache.ranger.plugin.util.ServicePolicies;
import org.apache.ranger.plugin.util.StringTokenReplacer;
-import org.apache.ranger.plugin.util.RangerUserStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -213,9 +212,7 @@ public PolicyEngine(ServicePolicies servicePolicies, RangerPluginContext pluginC
}
}
- RangerAuthContext currAuthContext = pluginContext.getAuthContext();
- RangerUserStore userStore = currAuthContext != null ? currAuthContext.getUserStoreUtil().getUserStore() : null;
- RangerAuthContext authContext = new RangerAuthContext(null, zoneMatcher, roles, userStore);
+ RangerAuthContext authContext = new RangerAuthContext(pluginContext.getAuthContext(), zoneMatcher, roles);
this.pluginContext.setAuthContext(authContext);
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java
index 1bb4d6925b..40e4d44e62 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java
@@ -25,21 +25,47 @@
import org.apache.ranger.plugin.contextenricher.RangerContextEnricher;
import org.apache.ranger.plugin.policyengine.RangerPolicyEngine;
import org.apache.ranger.plugin.policyengine.RangerSecurityZoneMatcher;
+import org.apache.ranger.plugin.util.RangerCommonConstants;
import org.apache.ranger.plugin.util.RangerRoles;
import org.apache.ranger.plugin.util.RangerRolesUtil;
import org.apache.ranger.plugin.util.RangerUserStore;
import org.apache.ranger.plugin.util.RangerUserStoreUtil;
+import org.apache.ranger.ugsyncutil.transform.Mapper;
+import org.apache.ranger.ugsyncutil.util.UgsyncCommonConstants.CaseConversion;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import java.util.ArrayList;
import java.util.HashSet;
+import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
+import static org.apache.ranger.ugsyncutil.util.UgsyncCommonConstants.toCaseConversion;
+
public class RangerAuthContext {
+ private static final Logger LOG = LoggerFactory.getLogger(RangerAuthContext.class);
+
private final Map requestContextEnrichers;
private final RangerSecurityZoneMatcher zoneMatcher;
private RangerRolesUtil rolesUtil;
private RangerUserStoreUtil userStoreUtil;
+ private Mapper userNameTransformer;
+ private Mapper groupNameTransformer;
+ private CaseConversion userNameCaseConversion;
+ private CaseConversion groupNameCaseConversion;
+
+ public RangerAuthContext(RangerAuthContext prevContext, RangerSecurityZoneMatcher zoneMatcher, RangerRoles roles) {
+ this(null, zoneMatcher, roles, prevContext != null ? prevContext.getUserStoreUtil().getUserStore() : null);
+
+ if (prevContext != null) {
+ this.userNameTransformer = prevContext.userNameTransformer;
+ this.groupNameTransformer = prevContext.groupNameTransformer;
+ this.userNameCaseConversion = prevContext.userNameCaseConversion;
+ this.groupNameCaseConversion = prevContext.groupNameCaseConversion;
+ }
+ }
public RangerAuthContext(Map requestContextEnrichers, RangerSecurityZoneMatcher zoneMatcher, RangerRoles roles, RangerUserStore userStore) {
this.requestContextEnrichers = requestContextEnrichers != null ? requestContextEnrichers : new ConcurrentHashMap<>();
@@ -127,4 +153,118 @@ public RangerUserStoreUtil getUserStoreUtil() {
public void setUserStore(RangerUserStore userStore) {
this.userStoreUtil = new RangerUserStoreUtil(userStore);
}
+
+ public Mapper getUserNameTransformer() {
+ return userNameTransformer;
+ }
+
+ public Mapper getGroupNameTransformer() {
+ return groupNameTransformer;
+ }
+
+ public CaseConversion getUserNameCaseConversion() {
+ return userNameCaseConversion;
+ }
+
+ public CaseConversion getGroupNameCaseConversion() {
+ return groupNameCaseConversion;
+ }
+
+ public void onServiceConfigsUpdate(Map serviceConfigs) {
+ String userNameCaseConversion = null;
+ String groupNameCaseConversion = null;
+ Mapper userNameTransformer = null;
+ Mapper groupNameTransformer = null;
+
+ if (MapUtils.isNotEmpty(serviceConfigs)) {
+ LOG.debug("==> onServiceConfigsUpdate({})", serviceConfigs.keySet());
+
+ userNameCaseConversion = serviceConfigs.get(RangerCommonConstants.PLUGINS_CONF_USERNAME_CASE_CONVERSION_PARAM);
+ groupNameCaseConversion = serviceConfigs.get(RangerCommonConstants.PLUGINS_CONF_GROUPNAME_CASE_CONVERSION_PARAM);
+
+ String mappingUserNameHandler = serviceConfigs.get(RangerCommonConstants.PLUGINS_CONF_MAPPING_USERNAME_HANDLER);
+
+ if (mappingUserNameHandler != null) {
+ try {
+ Class regExClass = (Class) Class.forName(mappingUserNameHandler);
+
+ userNameTransformer = regExClass.newInstance();
+
+ String baseProperty = RangerCommonConstants.PLUGINS_CONF_MAPPING_USERNAME;
+
+ userNameTransformer.init(baseProperty, getAllRegexPatterns(baseProperty, serviceConfigs), serviceConfigs.get(RangerCommonConstants.PLUGINS_CONF_MAPPING_SEPARATOR));
+ } catch (ClassNotFoundException cne) {
+ LOG.error("Failed to load {}", mappingUserNameHandler, cne);
+ } catch (Throwable te) {
+ LOG.error("Failed to instantiate {}", mappingUserNameHandler, te);
+ }
+ }
+
+ String mappingGroupNameHandler = serviceConfigs.get(RangerCommonConstants.PLUGINS_CONF_MAPPING_GROUPNAME_HANDLER);
+
+ if (mappingGroupNameHandler != null) {
+ try {
+ Class regExClass = (Class) Class.forName(mappingGroupNameHandler);
+
+ groupNameTransformer = regExClass.newInstance();
+
+ String baseProperty = RangerCommonConstants.PLUGINS_CONF_MAPPING_GROUPNAME;
+
+ groupNameTransformer.init(baseProperty, getAllRegexPatterns(baseProperty, serviceConfigs), serviceConfigs.get(RangerCommonConstants.PLUGINS_CONF_MAPPING_SEPARATOR));
+ } catch (ClassNotFoundException cne) {
+ LOG.error("Failed to load {}", mappingGroupNameHandler, cne);
+ } catch (Throwable te) {
+ LOG.error("Failed to instantiate {}", mappingGroupNameHandler, te);
+ }
+ }
+ }
+
+ setUserNameCaseConversion(userNameCaseConversion);
+ setGroupNameCaseConversion(groupNameCaseConversion);
+ setUserNameTransformer(userNameTransformer);
+ setGroupNameTransformer(groupNameTransformer);
+ }
+
+ private void setUserNameTransformer(Mapper userNameTransformer) {
+ this.userNameTransformer = userNameTransformer;
+ }
+
+ private void setGroupNameTransformer(Mapper groupNameTransformer) {
+ this.groupNameTransformer = groupNameTransformer;
+ }
+
+ private void setUserNameCaseConversion(String userNameCaseConversion) {
+ this.userNameCaseConversion = toCaseConversion(userNameCaseConversion);
+ }
+
+ private void setGroupNameCaseConversion(String groupNameCaseConversion) {
+ this.groupNameCaseConversion = toCaseConversion(groupNameCaseConversion);
+ }
+
+ private List getAllRegexPatterns(String baseProperty, Map serviceConfig) {
+ LOG.debug("==> getAllRegexPatterns({})", baseProperty);
+
+ List regexPatterns = new ArrayList<>();
+ String baseRegex = serviceConfig != null ? serviceConfig.get(baseProperty) : null;
+
+ LOG.debug("baseRegex = {}, pluginConfig = {}", baseRegex, serviceConfig == null ? null : serviceConfig.keySet());
+
+ if (baseRegex != null) {
+ regexPatterns.add(baseRegex);
+
+ for (int i = 1; true; i++) {
+ String nextRegex = serviceConfig.get(baseProperty + "." + i);
+
+ if (nextRegex == null) {
+ break;
+ }
+
+ regexPatterns.add(nextRegex);
+ }
+ }
+
+ LOG.debug("<== getAllRegexPatterns({}): ret={}", baseProperty, regexPatterns);
+
+ return regexPatterns;
+ }
}
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
index b02915b00e..9f8b4f9b6c 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
@@ -356,7 +356,6 @@ public void setPolicies(ServicePolicies policies) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> setPolicies(" + policies + ")");
}
- this.serviceConfigs = (policies != null && policies.getServiceConfig() != null) ? policies.getServiceConfig() : new HashMap<>();
if (pluginConfig.isEnableImplicitUserStoreEnricher() && policies != null && !ServiceDefUtil.isUserStoreEnricherPresent(policies)) {
String retrieverClassName = pluginConfig.get(RangerUserStoreEnricher.USERSTORE_RETRIEVER_CLASSNAME_OPTION, RangerAdminUserStoreRetriever.class.getCanonicalName());
String retrieverPollIntMs = pluginConfig.get(RangerUserStoreEnricher.USERSTORE_REFRESHER_POLLINGINTERVAL_OPTION, Integer.toString(60 * 1000));
@@ -370,8 +369,8 @@ public void setPolicies(ServicePolicies policies) {
isUserStoreEnricherAddedImplcitly = ServiceDefUtil.addUserStoreEnricherIfNeeded(policies, retrieverClassName, retrieverPollIntMs);
}
}
-
- String isSyncPolicyRefresh = this.pluginConfig == null ? null : this.serviceConfigs.get(this.pluginConfig.getPropertyPrefix() + ".policy.refresh.synchronous");
+// String isSyncPolicyRefresh = this.pluginConfig == null ? null : this.serviceConfigs.get(this.pluginConfig.getPropertyPrefix() + ".policy.refresh.synchronous");
+ String isSyncPolicyRefresh = this.pluginConfig == null ? null : (this.serviceConfigs == null ? null : this.serviceConfigs.get(this.pluginConfig.getPropertyPrefix() + ".policy.refresh.synchronous"));
this.synchronousPolicyRefresh = Boolean.parseBoolean(isSyncPolicyRefresh);
if (this.synchronousPolicyRefresh) {
LOG.info("synchronousPolicyRefresh = {}", this.synchronousPolicyRefresh);
@@ -500,6 +499,8 @@ public void setPolicies(ServicePolicies policies) {
newPolicyEngine.setTrustedProxyAddresses(pluginConfig.getTrustedProxyAddresses());
}
+ setServiceConfigs(policies.getServiceConfig());
+
LOG.info("Switching policy engine from [" + getPolicyVersion() + "]");
this.policyEngine = newPolicyEngine;
LOG.info("Switched policy engine to [" + getPolicyVersion() + "]");
@@ -1422,6 +1423,18 @@ private static void overrideACLs(final RangerResourceACLs chainedResourceACLs, R
}
}
+ private void setServiceConfigs(Map serviceConfigs) {
+ Map oldServiceConfigs = this.serviceConfigs;
+
+ this.serviceConfigs = serviceConfigs != null ? serviceConfigs : new HashMap<>();
+
+ RangerAuthContext authContext = this.pluginContext.getAuthContext();
+
+ if (authContext != null && !Objects.equals(oldServiceConfigs, this.serviceConfigs)) {
+ authContext.onServiceConfigsUpdate(this.serviceConfigs);
+ }
+ }
+
private static AuditProviderFactory getAuditProviderFactory(String serviceName) {
AuditProviderFactory ret = AuditProviderFactory.getInstance();
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerDefaultRequestProcessor.java b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerDefaultRequestProcessor.java
index c381ad467b..5669872e87 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerDefaultRequestProcessor.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerDefaultRequestProcessor.java
@@ -31,15 +31,20 @@
import org.apache.ranger.plugin.policyengine.RangerMutableResource;
import org.apache.ranger.plugin.policyengine.RangerPluginContext;
import org.apache.ranger.plugin.util.RangerAccessRequestUtil;
+import org.apache.ranger.plugin.util.RangerCommonConstants;
import org.apache.ranger.plugin.util.RangerPerfTracer;
import org.apache.ranger.plugin.util.RangerUserStoreUtil;
+import org.apache.ranger.ugsyncutil.transform.Mapper;
+import org.apache.ranger.ugsyncutil.util.UgsyncCommonConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
+import java.util.Objects;
import java.util.Set;
+import java.util.stream.Collectors;
public class RangerDefaultRequestProcessor implements RangerAccessRequestProcessor {
@@ -103,6 +108,17 @@ public void preProcess(RangerAccessRequest request) {
reqImpl.setClusterType(pluginContext.getClusterType());
}
+ RangerPluginConfig config = policyEngine.getPluginContext().getConfig();
+
+ boolean isNameTransformationSupported = config.getBoolean(config.getPropertyPrefix() + RangerCommonConstants.PLUGIN_CONFIG_SUFFIX_NAME_TRANSFORMATION, false);
+
+ LOG.debug("isNameTransformationSupported = {}", isNameTransformationSupported);
+
+ if (isNameTransformationSupported) {
+ reqImpl.setUser(getTransformedUser(policyEngine, request));
+ reqImpl.setUserGroups(getTransformedGroups(policyEngine, request));
+ }
+
convertEmailToUsername(reqImpl);
updateUserGroups(reqImpl);
@@ -166,6 +182,65 @@ public void enrich(RangerAccessRequest request) {
}
}
+ private String getTransformedUser(PolicyEngine policyEngine, RangerAccessRequest request) {
+ RangerAuthContext authContext = policyEngine.getPluginContext().getAuthContext();
+ boolean toLowerCase = authContext.getUserNameCaseConversion() == UgsyncCommonConstants.CaseConversion.TO_LOWER;
+ boolean toUpperCase = authContext.getUserNameCaseConversion() == UgsyncCommonConstants.CaseConversion.TO_UPPER;
+ Mapper nameTransformer = authContext.getUserNameTransformer();
+
+ if (toLowerCase || toUpperCase || nameTransformer != null) {
+ String user = request.getUser();
+
+ if (toLowerCase) {
+ user = user.toLowerCase();
+ } else if (toUpperCase) {
+ user = user.toUpperCase();
+ }
+
+ if (nameTransformer != null) {
+ user = nameTransformer.transform(user);
+ }
+
+ LOG.debug("Original username = {}, Transformed username = {}", request.getUser(), user);
+
+ return user;
+ }
+
+ return request.getUser();
+ }
+
+ private Set getTransformedGroups(PolicyEngine policyEngine, RangerAccessRequest request) {
+ if (CollectionUtils.isNotEmpty(request.getUserGroups())) {
+ RangerAuthContext authContext = policyEngine.getPluginContext().getAuthContext();
+ boolean toLowerCase = authContext.getGroupNameCaseConversion() == UgsyncCommonConstants.CaseConversion.TO_LOWER;
+ boolean toUpperCase = authContext.getGroupNameCaseConversion() == UgsyncCommonConstants.CaseConversion.TO_UPPER;
+ Mapper nameTransformer = authContext.getGroupNameTransformer();
+
+ if (toLowerCase || toUpperCase || nameTransformer != null) {
+ return request.getUserGroups().stream()
+ .filter(Objects::nonNull)
+ .map(group -> {
+ String originalGroup = group;
+
+ if (toLowerCase) {
+ group = group.toLowerCase();
+ } else if (toUpperCase) {
+ group = group.toUpperCase();
+ }
+
+ String transformedGroup = nameTransformer.transform(group);
+
+ LOG.debug("Original group name = {}, Transformed group name = {}", originalGroup, transformedGroup);
+
+ return transformedGroup;
+ })
+ .collect(Collectors.toSet());
+ }
+ }
+
+ return request.getUserGroups();
+ }
+
private void setResourceServiceDef(RangerAccessRequest request) {
RangerAccessResource resource = request.getResource();
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerCommonConstants.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerCommonConstants.java
index 9d6e1f0b54..8a0ba8d71a 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerCommonConstants.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerCommonConstants.java
@@ -39,6 +39,15 @@ private RangerCommonConstants() {
public static final String RANGER_ADMIN_SUFFIX_IN_PLACE_TAG_UPDATES = ".supports.in.place.tag.updates";
public static final String PLUGIN_CONFIG_SUFFIX_IN_PLACE_TAG_UPDATES = ".supports.in.place.tag.updates";
+ public static final String PLUGIN_CONFIG_SUFFIX_NAME_TRANSFORMATION = ".supports.name.transformation";
+
+ public static final String PLUGINS_CONF_USERNAME_CASE_CONVERSION_PARAM = "ranger.plugins.conf.ldap.username.caseconversion";
+ public static final String PLUGINS_CONF_GROUPNAME_CASE_CONVERSION_PARAM = "ranger.plugins.conf.ldap.groupname.caseconversion";
+ public static final String PLUGINS_CONF_MAPPING_USERNAME = "ranger.plugins.conf.mapping.username.regex";
+ public static final String PLUGINS_CONF_MAPPING_GROUPNAME = "ranger.plugins.conf.mapping.groupname.regex";
+ public static final String PLUGINS_CONF_MAPPING_USERNAME_HANDLER = "ranger.plugins.conf.mapping.username.handler";
+ public static final String PLUGINS_CONF_MAPPING_GROUPNAME_HANDLER = "ranger.plugins.conf.mapping.groupname.handler";
+ public static final String PLUGINS_CONF_MAPPING_SEPARATOR = "ranger.plugins.conf.mapping.regex.separator";
public static final String RANGER_SUPPORTS_TAGS_DEDUP = ".supports.tags.dedup";
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java
index 51480fae3f..9ccd0d64dc 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java
@@ -444,6 +444,7 @@ static public ServicePolicies copyHeader(ServicePolicies source) {
ret.setPolicyVersion(source.getPolicyVersion());
ret.setAuditMode(source.getAuditMode());
ret.setServiceDef(source.getServiceDef());
+ ret.setServiceConfig(source.getServiceConfig() != null ? new HashMap<>(source.getServiceConfig()) : null);
ret.setPolicyUpdateTime(source.getPolicyUpdateTime());
ret.setSecurityZones(source.getSecurityZones());
ret.setPolicies(Collections.emptyList());
diff --git a/distro/src/main/assembly/admin-web.xml b/distro/src/main/assembly/admin-web.xml
index d07025a2c9..0ebe3164b5 100644
--- a/distro/src/main/assembly/admin-web.xml
+++ b/distro/src/main/assembly/admin-web.xml
@@ -237,6 +237,7 @@
org.eclipse.jdt.core.compiler:ecj:jar:P20140317-1600
org.apache.hadoop:hadoop-auth:jar:${hadoop.version}
org.apache.ranger:ranger-plugins-common
+ org.apache.ranger:ugsync-util
org.slf4j:slf4j-api:jar:${slf4j.version}
org.apache.hadoop:hadoop-common
commons-logging:commons-logging
diff --git a/distro/src/main/assembly/hbase-agent.xml b/distro/src/main/assembly/hbase-agent.xml
index 874972afde..3748b371b7 100644
--- a/distro/src/main/assembly/hbase-agent.xml
+++ b/distro/src/main/assembly/hbase-agent.xml
@@ -46,6 +46,7 @@
org.apache.ranger:ranger-audit-dest-solr
org.apache.ranger:ranger-plugins-cred
org.apache.ranger:ranger-plugins-common
+ org.apache.ranger:ugsync-util
org.apache.ranger:ranger-hbase-plugin
diff --git a/distro/src/main/assembly/hdfs-agent.xml b/distro/src/main/assembly/hdfs-agent.xml
index aed5c9ee71..f45c091d6b 100644
--- a/distro/src/main/assembly/hdfs-agent.xml
+++ b/distro/src/main/assembly/hdfs-agent.xml
@@ -74,6 +74,7 @@
org.apache.ranger:ranger-audit-dest-solr
org.apache.ranger:ranger-plugins-cred
org.apache.ranger:ranger-plugins-common
+ org.apache.ranger:ugsync-util
org.apache.ranger:ranger-hdfs-plugin
diff --git a/distro/src/main/assembly/hive-agent.xml b/distro/src/main/assembly/hive-agent.xml
index 76c699b178..f5f8b5bf29 100644
--- a/distro/src/main/assembly/hive-agent.xml
+++ b/distro/src/main/assembly/hive-agent.xml
@@ -46,6 +46,7 @@
org.apache.ranger:ranger-audit-dest-solr
org.apache.ranger:ranger-plugins-cred
org.apache.ranger:ranger-plugins-common
+ org.apache.ranger:ugsync-util
org.apache.ranger:ranger-hive-plugin
diff --git a/distro/src/main/assembly/kms.xml b/distro/src/main/assembly/kms.xml
index f74f055d06..0d64d6caff 100755
--- a/distro/src/main/assembly/kms.xml
+++ b/distro/src/main/assembly/kms.xml
@@ -214,6 +214,7 @@
org.apache.hadoop:hadoop-auth:jar:${hadoop.version}
org.apache.solr:solr-solrj:jar:${solr.version}
org.apache.ranger:ranger-plugins-common
+ org.apache.ranger:ugsync-util
com.kstruct:gethostname4j:jar:${kstruct.gethostname4j.version}
net.java.dev.jna:jna:jar:${jna.version}
net.java.dev.jna:jna-platform:jar:${jna-platform.version}
@@ -283,6 +284,7 @@
org.apache.ranger:ranger-audit-dest-solr
org.apache.ranger:ranger-plugins-cred
org.apache.ranger:ranger-plugins-common
+ org.apache.ranger:ugsync-util
org.apache.ranger:ranger-kms-plugin
diff --git a/distro/src/main/assembly/knox-agent.xml b/distro/src/main/assembly/knox-agent.xml
index c4f4096870..d407777bfa 100644
--- a/distro/src/main/assembly/knox-agent.xml
+++ b/distro/src/main/assembly/knox-agent.xml
@@ -47,6 +47,7 @@
org.apache.ranger:ranger-audit-dest-solr
org.apache.ranger:ranger-plugins-cred
org.apache.ranger:ranger-plugins-common
+ org.apache.ranger:ugsync-util
org.apache.ranger:ranger-knox-plugin
diff --git a/distro/src/main/assembly/plugin-atlas.xml b/distro/src/main/assembly/plugin-atlas.xml
index e58f4d75c3..5d6b24adcb 100644
--- a/distro/src/main/assembly/plugin-atlas.xml
+++ b/distro/src/main/assembly/plugin-atlas.xml
@@ -47,6 +47,7 @@
org.apache.ranger:ranger-audit-dest-solr
org.apache.ranger:ranger-plugins-cred
org.apache.ranger:ranger-plugins-common
+ org.apache.ranger:ugsync-util
org.apache.ranger:ranger-atlas-plugin
diff --git a/distro/src/main/assembly/plugin-elasticsearch.xml b/distro/src/main/assembly/plugin-elasticsearch.xml
index 069c1f262a..d98234ad9e 100644
--- a/distro/src/main/assembly/plugin-elasticsearch.xml
+++ b/distro/src/main/assembly/plugin-elasticsearch.xml
@@ -52,6 +52,7 @@
org.apache.ranger:ranger-audit-dest-hdfs
org.apache.ranger:ranger-plugins-cred
org.apache.ranger:ranger-plugins-common
+ org.apache.ranger:ugsync-util
org.apache.ranger:ranger-elasticsearch-plugin
diff --git a/distro/src/main/assembly/plugin-kafka.xml b/distro/src/main/assembly/plugin-kafka.xml
index 1069dfcb81..722e367828 100644
--- a/distro/src/main/assembly/plugin-kafka.xml
+++ b/distro/src/main/assembly/plugin-kafka.xml
@@ -43,6 +43,7 @@
org.apache.ranger:ranger-kafka-plugin
org.apache.ranger:ranger-plugins-cred
org.apache.ranger:ranger-plugins-common
+ org.apache.ranger:ugsync-util
lib/ranger-kafka-plugin-impl
diff --git a/distro/src/main/assembly/plugin-kms.xml b/distro/src/main/assembly/plugin-kms.xml
index 28060ee860..2d334528c7 100755
--- a/distro/src/main/assembly/plugin-kms.xml
+++ b/distro/src/main/assembly/plugin-kms.xml
@@ -46,6 +46,7 @@
org.apache.ranger:ranger-audit-dest-solr
org.apache.ranger:ranger-plugins-cred
org.apache.ranger:ranger-plugins-common
+ org.apache.ranger:ugsync-util
org.apache.ranger:ranger-kms-plugin
@@ -84,6 +85,7 @@
org.apache.ranger:ranger-plugins-installer
org.apache.ranger:credentialbuilder
+ org.apache.ranger:ugsync-util
install/lib
diff --git a/distro/src/main/assembly/plugin-kylin.xml b/distro/src/main/assembly/plugin-kylin.xml
index d70c5fba5f..8b2b737482 100644
--- a/distro/src/main/assembly/plugin-kylin.xml
+++ b/distro/src/main/assembly/plugin-kylin.xml
@@ -46,6 +46,7 @@
org.apache.ranger:ranger-audit-dest-solr
org.apache.ranger:ranger-plugins-cred
org.apache.ranger:ranger-plugins-common
+ org.apache.ranger:ugsync-util
org.apache.ranger:ranger-kylin-plugin
diff --git a/distro/src/main/assembly/plugin-ozone.xml b/distro/src/main/assembly/plugin-ozone.xml
index 931743936f..786da93594 100644
--- a/distro/src/main/assembly/plugin-ozone.xml
+++ b/distro/src/main/assembly/plugin-ozone.xml
@@ -81,6 +81,7 @@
org.apache.ranger:ranger-audit-dest-solr
org.apache.ranger:ranger-plugins-cred
org.apache.ranger:ranger-plugins-common
+ org.apache.ranger:ugsync-util
org.apache.ranger:ranger-ozone-plugin
diff --git a/distro/src/main/assembly/plugin-presto.xml b/distro/src/main/assembly/plugin-presto.xml
index c50324c6a1..2db3de4777 100644
--- a/distro/src/main/assembly/plugin-presto.xml
+++ b/distro/src/main/assembly/plugin-presto.xml
@@ -58,6 +58,7 @@
org.apache.ranger:ranger-audit-dest-solr
org.apache.ranger:ranger-plugins-cred
org.apache.ranger:ranger-plugins-common
+ org.apache.ranger:ugsync-util
org.apache.ranger:ranger-presto-plugin
diff --git a/distro/src/main/assembly/plugin-solr.xml b/distro/src/main/assembly/plugin-solr.xml
index c32678db56..d1b4471a1d 100644
--- a/distro/src/main/assembly/plugin-solr.xml
+++ b/distro/src/main/assembly/plugin-solr.xml
@@ -41,6 +41,7 @@
org.apache.ranger:ranger-audit-dest-solr
org.apache.ranger:ranger-plugins-cred
org.apache.ranger:ranger-plugins-common
+ org.apache.ranger:ugsync-util
org.apache.ranger:ranger-solr-plugin
diff --git a/distro/src/main/assembly/plugin-sqoop.xml b/distro/src/main/assembly/plugin-sqoop.xml
index ee9d16346d..b1ade54bf5 100644
--- a/distro/src/main/assembly/plugin-sqoop.xml
+++ b/distro/src/main/assembly/plugin-sqoop.xml
@@ -46,6 +46,7 @@
org.apache.ranger:ranger-audit-dest-solr
org.apache.ranger:ranger-plugins-cred
org.apache.ranger:ranger-plugins-common
+ org.apache.ranger:ugsync-util
org.apache.ranger:ranger-sqoop-plugin
diff --git a/distro/src/main/assembly/plugin-trino.xml b/distro/src/main/assembly/plugin-trino.xml
index b272de0fed..3b591c8361 100644
--- a/distro/src/main/assembly/plugin-trino.xml
+++ b/distro/src/main/assembly/plugin-trino.xml
@@ -31,6 +31,7 @@
org.apache.ranger:ranger-audit-dest-solr
org.apache.ranger:ranger-plugins-cred
org.apache.ranger:ranger-plugins-common
+ org.apache.ranger:ugsync-util
org.apache.ranger:ranger-trino-plugin
diff --git a/distro/src/main/assembly/plugin-yarn.xml b/distro/src/main/assembly/plugin-yarn.xml
index 5fb62d3645..d719eb8f7d 100644
--- a/distro/src/main/assembly/plugin-yarn.xml
+++ b/distro/src/main/assembly/plugin-yarn.xml
@@ -46,6 +46,7 @@
org.apache.ranger:ranger-audit-dest-solr
org.apache.ranger:ranger-plugins-cred
org.apache.ranger:ranger-plugins-common
+ org.apache.ranger:ugsync-util
org.apache.ranger:ranger-yarn-plugin
diff --git a/distro/src/main/assembly/ranger-tools.xml b/distro/src/main/assembly/ranger-tools.xml
index 0ab496076f..78f085afcd 100644
--- a/distro/src/main/assembly/ranger-tools.xml
+++ b/distro/src/main/assembly/ranger-tools.xml
@@ -69,6 +69,8 @@
org.apache.ranger:ranger-audit-dest-hdfs
org.apache.ranger:ranger-audit-dest-solr
org.apache.ranger:ranger-plugins-common
+ org.apache.ranger:ugsync-util
+ org.apache.ranger:ranger-plugins-audit
com.kstruct:gethostname4j:jar:${kstruct.gethostname4j.version}
net.java.dev.jna:jna:jar:${jna.version}
net.java.dev.jna:jna-platform:jar:${jna-platform.version}
diff --git a/distro/src/main/assembly/sample-client.xml b/distro/src/main/assembly/sample-client.xml
index 132154ffd7..5cbff941a0 100644
--- a/distro/src/main/assembly/sample-client.xml
+++ b/distro/src/main/assembly/sample-client.xml
@@ -29,6 +29,7 @@
org.apache.ranger:sample-client
org.apache.ranger:ranger-intg
org.apache.ranger:ranger-plugins-common
+ org.apache.ranger:ugsync-util
org.apache.ranger:ranger-plugins-cred
diff --git a/distro/src/main/assembly/storm-agent.xml b/distro/src/main/assembly/storm-agent.xml
index 350fa1b7b0..c9d9fe46f0 100644
--- a/distro/src/main/assembly/storm-agent.xml
+++ b/distro/src/main/assembly/storm-agent.xml
@@ -46,6 +46,7 @@
org.apache.ranger:ranger-audit-dest-solr
org.apache.ranger:ranger-plugins-cred
org.apache.ranger:ranger-plugins-common
+ org.apache.ranger:ugsync-util
org.apache.ranger:ranger-storm-plugin
diff --git a/distro/src/main/assembly/tagsync.xml b/distro/src/main/assembly/tagsync.xml
index 09d1aedb6d..f3c12fe2d2 100644
--- a/distro/src/main/assembly/tagsync.xml
+++ b/distro/src/main/assembly/tagsync.xml
@@ -57,6 +57,7 @@
org.apache.ranger:credentialbuilder
org.apache.ranger:ranger-plugins-cred
org.apache.ranger:ranger-plugins-common
+ org.apache.ranger:ugsync-util
org.apache.ranger:ranger-util
org.apache.zookeeper:zookeeper:jar:${zookeeper.version}
com.fasterxml.jackson.core:jackson-annotations:jar:${atlas.jackson.version}
diff --git a/distro/src/main/assembly/usersync.xml b/distro/src/main/assembly/usersync.xml
index ca9f8a81c5..8b0c71ceef 100644
--- a/distro/src/main/assembly/usersync.xml
+++ b/distro/src/main/assembly/usersync.xml
@@ -56,6 +56,7 @@
org.apache.httpcomponents:httpclient:jar:${httpcomponents.httpclient.version}
commons-codec:commons-codec
org.apache.ranger:ranger-plugins-common
+ org.apache.ranger:ugsync-util
org.apache.ranger:ranger-common-ha:jar:${project.version}
org.apache.curator:curator-framework:jar:${curator.version}
org.apache.curator:curator-recipes:jar:${curator.version}
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index b3216fd3de..dc3802748f 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -267,6 +267,7 @@ public class ServiceDBStore extends AbstractServiceStore {
private static final String RANGER_PLUGIN_CONFIG_PREFIX = "ranger.plugin.";
public static final String RANGER_PLUGIN_AUDIT_FILTERS = "ranger.plugin.audit.filters";
+ public static final String RANGER_PLUGINS_CONFIG_CONF_PREFIX = "ranger.plugins.conf.";
private static final String DEFAULT_CSV_SANITIZATION_PATTERN = "^[=+\\-@\\t\\r]";
private static final Pattern CSV_SANITIZATION_PATTERN = Pattern.compile(PropertiesUtil.getProperty("ranger.admin.csv.sanitization.pattern", DEFAULT_CSV_SANITIZATION_PATTERN));
@@ -366,6 +367,7 @@ public class ServiceDBStore extends AbstractServiceStore {
private static volatile boolean legacyServiceDefsInitDone = false;
private Boolean populateExistingBaseFields = false;
+ private final String optionUgsyncConfigChange = "ugsyncConfigChange";
public static final String HIDDEN_PASSWORD_STR = "*****";
public static final String CONFIG_KEY_PASSWORD = "password";
@@ -1739,8 +1741,8 @@ public RangerService updateService(RangerService service, Map op
service.setGuid(existing.getGuid());
service.setVersion(existing.getVersion());
service = svcService.update(service);
-
- if (hasTagServiceValueChanged || hasIsEnabledChanged || hasServiceConfigForPluginChanged) {
+ Boolean isUgsyncConfigChange = options != null && options.get(optionUgsyncConfigChange) != null ? (Boolean) options.get(optionUgsyncConfigChange) : Boolean.FALSE;
+ if (hasTagServiceValueChanged || hasIsEnabledChanged || hasServiceConfigForPluginChanged || isUgsyncConfigChange) {
updatePolicyVersion(service, RangerPolicyDelta.CHANGE_TYPE_SERVICE_CHANGE, null,false);
}
}
@@ -3056,8 +3058,8 @@ public ServicePolicies getServicePoliciesIfUpdated(String serviceName, Long last
}
}
-
if (LOG.isDebugEnabled()) {
+ LOG.debug("getServicePoliciesIfUpdated({}, {}, {}): configs = {}", serviceName, lastKnownVersion, needsBackwardCompatibility, ret == null ? null : ret.getServiceConfig());
LOG.debug("<== ServiceDBStore.getServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + ", " + needsBackwardCompatibility + "): count=" + ((ret == null || ret.getPolicies() == null) ? 0 : ret.getPolicies().size()));
}
@@ -3091,7 +3093,9 @@ public ServicePolicies getServicePolicyDeltas(String serviceName, Long lastKnown
}
ret = getServicePolicies(serviceName, lastKnownVersion, true, SUPPORTS_POLICY_DELTAS, cachedPolicyVersion);
}
-
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceDBStore.getServicePolicyDeltas({}, {}): ret = {}", serviceName, lastKnownVersion, ret == null ? ret : ret.getServiceConfig());
+ }
return ret;
}
@@ -3160,6 +3164,7 @@ private ServicePolicies getServicePolicies(String serviceName, Long lastKnownVer
if (ret != null) {
ret.setPolicyUpdateTime(serviceVersionInfoDbObj == null ? null : serviceVersionInfoDbObj.getPolicyUpdateTime());
ret.setAuditMode(auditMode);
+ ret.setServiceConfig(getServiceConfigForPlugin(serviceDbObj.getId()));
if (ret.getTagPolicies() != null) {
ret.getTagPolicies().setPolicyUpdateTime(tagServiceVersionInfoDbObj == null ? null : tagServiceVersionInfoDbObj.getPolicyUpdateTime());
ret.getTagPolicies().setAuditMode(auditMode);
@@ -3173,6 +3178,7 @@ private ServicePolicies getServicePolicies(String serviceName, Long lastKnownVer
tagPolicies.setServiceId(tagServiceDbObj.getId());
tagPolicies.setServiceName(tagServiceDbObj.getName());
+ tagPolicies.setServiceConfig(getServiceConfigForPlugin(tagServiceDbObj.getId()));
tagPolicies.setPolicyVersion(tagServiceVersionInfoDbObj == null ? null : tagServiceVersionInfoDbObj.getPolicyVersion());
tagPolicies.setPolicyUpdateTime(tagServiceVersionInfoDbObj == null ? null : tagServiceVersionInfoDbObj.getPolicyUpdateTime());
tagPolicies.setPolicies(getServicePoliciesFromDb(tagServiceDbObj));
@@ -3185,6 +3191,7 @@ private ServicePolicies getServicePolicies(String serviceName, Long lastKnownVer
ret.setServiceId(serviceDbObj.getId());
ret.setServiceName(serviceDbObj.getName());
+ ret.setServiceConfig(getServiceConfigForPlugin(ret.getServiceId()));
ret.setPolicyVersion(serviceVersionInfoDbObj == null ? null : serviceVersionInfoDbObj.getPolicyVersion());
ret.setPolicyUpdateTime(serviceVersionInfoDbObj == null ? null : serviceVersionInfoDbObj.getPolicyUpdateTime());
ret.setPolicies(policies);
@@ -3194,6 +3201,7 @@ private ServicePolicies getServicePolicies(String serviceName, Long lastKnownVer
}
if (LOG.isDebugEnabled()) {
+ LOG.debug("ServiceDBStore.getServicePolicies({}, {}): ret = {}", serviceName, lastKnownVersion, ret == null ? null : ret.getServiceConfig());
LOG.debug("<== ServiceDBStore.getServicePolicies(" + serviceName + ", " + lastKnownVersion + "): count=" + ((ret == null || ret.getPolicies() == null) ? 0 : ret.getPolicies().size()) + ", delta-count=" + ((ret == null || ret.getPolicyDeltas() == null) ? 0 : ret.getPolicyDeltas().size()));
}
@@ -6059,6 +6067,9 @@ public String toString() {
@Override
public Map getServiceConfigForPlugin(Long serviceId) {
+ if(LOG.isDebugEnabled()){
+ LOG.debug("==> ServiceDBStore.getServiceConfigForPlugin({})", serviceId);
+ }
Map configs = new HashMap<>();
List xxServiceConfigMaps = daoMgr.getXXServiceConfigMap().findByServiceId(serviceId);
if (CollectionUtils.isNotEmpty(xxServiceConfigMaps)) {
@@ -6068,6 +6079,14 @@ public Map getServiceConfigForPlugin(Long serviceId) {
}
}
}
+ Map rangerPluginsPrefixConfig = PropertiesUtil.getConfigMapWithPrefix(RANGER_PLUGINS_CONFIG_CONF_PREFIX);
+
+ if (MapUtils.isNotEmpty(rangerPluginsPrefixConfig)) {
+ configs.putAll(rangerPluginsPrefixConfig);
+ }
+ if(LOG.isDebugEnabled()){
+ LOG.debug("<== ServiceDBStore.getServiceConfigForPlugin({}): configs = {}", serviceId, configs.keySet());
+ }
return configs;
}
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index a82d6d6c4f..a2e9a336eb 100755
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -138,9 +138,6 @@ public class XUserMgr extends XUserMgrBase {
@Autowired
ServiceDBStore svcStore;
- @Autowired
- GUIDUtil guidUtil;
-
@Autowired
XUgsyncAuditInfoService xUgsyncAuditInfoService;
diff --git a/security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java b/security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java
index 7a3185c521..f0efdfe0c5 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java
@@ -37,6 +37,7 @@
import org.apache.ranger.biz.RangerBizUtil;
import org.apache.ranger.credentialapi.CredentialReader;
import org.apache.ranger.plugin.util.RangerCommonConstants;
+import org.apache.ranger.ugsyncutil.util.UgsyncCommonConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeansException;
@@ -67,6 +68,7 @@ protected void processProperties(
propertiesMap.put(keyStr, System.getProperties().getProperty(keyStr).trim());
}
+ updateRangerPluginsPropertiesForUserGroup(props);
// Let's add our properties now
keySet = props.keySet();
for (Object key : keySet) {
@@ -444,4 +446,104 @@ public static Properties getProps() {
}
return ret;
}
+
+
+ public static Map getConfigMapWithPrefix(String confPrefix) {
+ Map configMap = new HashMap<>();
+
+ for (Map.Entry entry : getPropertiesMap().entrySet()) {
+ String key = entry.getKey();
+
+ if (key.startsWith(confPrefix)) {
+ if (StringUtils.isNotEmpty(entry.getValue())) {
+ configMap.put(key, entry.getValue());
+ }
+ }
+ }
+
+ return configMap;
+ }
+
+ private void updateRangerPluginsPropertiesForUserGroup(Properties props) {
+ if (propertiesMap != null) {
+ String userCaseConv = propertiesMap.get(RangerCommonConstants.PLUGINS_CONF_USERNAME_CASE_CONVERSION_PARAM);
+ String groupCaseConv = propertiesMap.get(RangerCommonConstants.PLUGINS_CONF_GROUPNAME_CASE_CONVERSION_PARAM);
+ String userHandler = propertiesMap.get(RangerCommonConstants.PLUGINS_CONF_MAPPING_USERNAME_HANDLER);
+ String groupHandler = propertiesMap.get(RangerCommonConstants.PLUGINS_CONF_MAPPING_GROUPNAME_HANDLER);
+
+ if (StringUtils.isEmpty(userCaseConv)) {
+ userCaseConv = UgsyncCommonConstants.DEFAULT_UGSYNC_USERNAME_CASE_CONVERSION_VALUE;
+ }
+
+ if (StringUtils.isEmpty(groupCaseConv)) {
+ groupCaseConv = UgsyncCommonConstants.DEFAULT_UGSYNC_GROUPNAME_CASE_CONVERSION_VALUE;
+ }
+
+ if (StringUtils.isEmpty(userHandler)) {
+ userHandler = UgsyncCommonConstants.DEFAULT_SYNC_MAPPING_USERNAME_HANDLER;
+ }
+
+ if (StringUtils.isEmpty(groupHandler)) {
+ groupHandler = UgsyncCommonConstants.DEFAULT_SYNC_MAPPING_GROUPNAME_HANDLER;
+ }
+
+ Map userNameRegex = getAllRegexPatternsConfig(RangerCommonConstants.PLUGINS_CONF_MAPPING_USERNAME);
+ Map groupNameRegex = getAllRegexPatternsConfig(RangerCommonConstants.PLUGINS_CONF_MAPPING_GROUPNAME);
+
+ propertiesMap.put(RangerCommonConstants.PLUGINS_CONF_USERNAME_CASE_CONVERSION_PARAM, userCaseConv);
+ propertiesMap.put(RangerCommonConstants.PLUGINS_CONF_GROUPNAME_CASE_CONVERSION_PARAM, groupCaseConv);
+ propertiesMap.put(RangerCommonConstants.PLUGINS_CONF_MAPPING_USERNAME_HANDLER, userHandler);
+ propertiesMap.put(RangerCommonConstants.PLUGINS_CONF_MAPPING_GROUPNAME_HANDLER, groupHandler);
+ propertiesMap.put(RangerCommonConstants.PLUGINS_CONF_MAPPING_SEPARATOR, getRegexSeparator());
+ propertiesMap.putAll(userNameRegex);
+ propertiesMap.putAll(groupNameRegex);
+
+ props.put(RangerCommonConstants.PLUGINS_CONF_USERNAME_CASE_CONVERSION_PARAM, userCaseConv);
+ props.put(RangerCommonConstants.PLUGINS_CONF_GROUPNAME_CASE_CONVERSION_PARAM, groupCaseConv);
+ props.put(RangerCommonConstants.PLUGINS_CONF_MAPPING_USERNAME_HANDLER, userHandler);
+ props.put(RangerCommonConstants.PLUGINS_CONF_MAPPING_GROUPNAME_HANDLER, groupHandler);
+ props.put(RangerCommonConstants.PLUGINS_CONF_MAPPING_SEPARATOR, getRegexSeparator());
+ props.putAll(userNameRegex);
+ props.putAll(groupNameRegex);
+ }
+ }
+
+ private static String getRegexSeparator() {
+ String ret = UgsyncCommonConstants.DEFAULT_MAPPING_SEPARATOR;
+ String val = PropertiesUtil.getProperty(RangerCommonConstants.PLUGINS_CONF_MAPPING_SEPARATOR);
+
+ if (StringUtils.isNotEmpty(val)) {
+ if (val.length() == 1) {
+ ret = val;
+ } else {
+ LOG.warn("More than one character found in RegEx Separator '{}', using default RegEx Separator '{}'", val, ret);
+ }
+ }
+
+ LOG.info("Using {} as the RegEx Separator", ret);
+
+ return ret;
+ }
+
+ private static Map getAllRegexPatternsConfig(String baseProperty) {
+ Map regexPatterns = new HashMap<>();
+ String baseRegex = PropertiesUtil.getProperty(baseProperty);
+
+ if (baseRegex != null) {
+ regexPatterns.put(baseProperty, baseRegex);
+
+ for (int i = 1; true; i++) {
+ String nextProperty = baseProperty + "." + i;
+ String nextRegex = PropertiesUtil.getProperty(nextProperty);
+
+ if (nextRegex == null) {
+ break;
+ }
+
+ regexPatterns.put(nextProperty, nextRegex);
+ }
+ }
+
+ return regexPatterns;
+ }
}
diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerServicePoliciesCache.java b/security-admin/src/main/java/org/apache/ranger/common/RangerServicePoliciesCache.java
index a1330cf0e8..76c9793839 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/RangerServicePoliciesCache.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/RangerServicePoliciesCache.java
@@ -369,7 +369,10 @@ ServicePolicies getLatestOrCached(String serviceName, ServiceStore serviceStore,
if (isDeltaCacheReinitialized) {
this.deltaCache = new ServicePolicyDeltasCache(lastKnownVersion, servicePoliciesForDeltas);
}
+ LOG.debug("servicePoliciesForDeltas = {}", servicePoliciesForDeltas.getServiceConfig());
ret = servicePoliciesForDeltas;
+
+ LOG.debug("ret = {}", ret.getServiceConfig());
} else {
LOG.warn("Deltas were requested for service:[" + serviceName + "], but could not get them!! lastKnownVersion:[" + lastKnownVersion + "]; Returning cached ServicePolicies:[" + (servicePolicies != null ? servicePolicies.getPolicyVersion() : -1L) + "]");
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index d3fe90a0e8..1e11d52349 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -3281,6 +3281,7 @@ public ServicePolicies getSecureServicePoliciesIfUpdated(
boolean logError = httpCode != HttpServletResponse.SC_NOT_MODIFIED;
throw restErrorUtil.createRESTException(httpCode, logMsg, logError);
}
+ LOG.debug("ServiceREST.getSecureServicePoliciesIfUpdated(): configs ={}", ret == null ? ret : ret.getServiceConfig());
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceREST.getSecureServicePoliciesIfUpdated(" + serviceName + ", " + lastKnownVersion + ", " + lastActivationTime + ", " + pluginId + ", " + clusterName + ", " + supportsPolicyDeltas + "): count=" + ((ret == null || ret.getPolicies() == null) ? 0 : ret.getPolicies().size()));
}
diff --git a/ugsync-util/pom.xml b/ugsync-util/pom.xml
index 51f5592161..fb1bab7fc4 100644
--- a/ugsync-util/pom.xml
+++ b/ugsync-util/pom.xml
@@ -47,6 +47,23 @@
com.google.code.gson
gson
+
+ org.slf4j
+ slf4j-api
+ ${slf4j-api.version}
+
+
+ org.junit.jupiter
+ junit-jupiter-api
+ ${junit.jupiter.version}
+ test
+
+
+ org.junit.vintage
+ junit-vintage-engine
+ ${junit.jupiter.version}
+ test
+
@@ -71,6 +88,7 @@
jaxb-api
2.3.1
+
diff --git a/ugsync/src/main/java/org/apache/ranger/usergroupsync/AbstractMapper.java b/ugsync-util/src/main/java/org/apache/ranger/ugsyncutil/transform/AbstractMapper.java
similarity index 67%
rename from ugsync/src/main/java/org/apache/ranger/usergroupsync/AbstractMapper.java
rename to ugsync-util/src/main/java/org/apache/ranger/ugsyncutil/transform/AbstractMapper.java
index bbbc3c4d13..bc3ef4497e 100644
--- a/ugsync/src/main/java/org/apache/ranger/usergroupsync/AbstractMapper.java
+++ b/ugsync-util/src/main/java/org/apache/ranger/ugsyncutil/transform/AbstractMapper.java
@@ -17,25 +17,24 @@
* under the License.
*/
-package org.apache.ranger.usergroupsync;
+package org.apache.ranger.ugsyncutil.transform;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-public abstract class AbstractMapper implements Mapper {
-
- protected static final Logger logger = LoggerFactory.getLogger(AbstractMapper.class);
-
- @Override
- public void init(String baseProperty) {
- // TODO Auto-generated method stub
+import java.util.List;
- }
+public abstract class AbstractMapper implements Mapper {
+ protected static final Logger logger = LoggerFactory.getLogger(AbstractMapper.class);
- @Override
- public String transform(String attrValue) {
- // TODO Auto-generated method stub
- return null;
- }
+ @Override
+ public void init(String baseProperty, List regexPatterns, String regexSeparator) {
+ // TODO Auto-generated method stub
+ }
+ @Override
+ public String transform(String attrValue) {
+ // TODO Auto-generated method stub
+ return null;
+ }
}
diff --git a/ugsync/src/main/java/org/apache/ranger/usergroupsync/Mapper.java b/ugsync-util/src/main/java/org/apache/ranger/ugsyncutil/transform/Mapper.java
similarity index 84%
rename from ugsync/src/main/java/org/apache/ranger/usergroupsync/Mapper.java
rename to ugsync-util/src/main/java/org/apache/ranger/ugsyncutil/transform/Mapper.java
index 696c665304..f2314407a6 100644
--- a/ugsync/src/main/java/org/apache/ranger/usergroupsync/Mapper.java
+++ b/ugsync-util/src/main/java/org/apache/ranger/ugsyncutil/transform/Mapper.java
@@ -17,10 +17,12 @@
* under the License.
*/
-package org.apache.ranger.usergroupsync;
+package org.apache.ranger.ugsyncutil.transform;
+
+import java.util.List;
public interface Mapper {
- void init(String baseProperty);
+ void init(String baseProperty, List regexPatterns, String regexSeparator);
String transform(String attrValue);
}
diff --git a/ugsync/src/main/java/org/apache/ranger/usergroupsync/RegEx.java b/ugsync-util/src/main/java/org/apache/ranger/ugsyncutil/transform/RegEx.java
similarity index 85%
rename from ugsync/src/main/java/org/apache/ranger/usergroupsync/RegEx.java
rename to ugsync-util/src/main/java/org/apache/ranger/ugsyncutil/transform/RegEx.java
index 9e5ca4ca58..6190a85b08 100644
--- a/ugsync/src/main/java/org/apache/ranger/usergroupsync/RegEx.java
+++ b/ugsync-util/src/main/java/org/apache/ranger/ugsyncutil/transform/RegEx.java
@@ -17,17 +17,14 @@
* under the License.
*/
-package org.apache.ranger.usergroupsync;
+package org.apache.ranger.ugsyncutil.transform;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
-import org.apache.ranger.unixusersync.config.UserGroupSyncConfig;
-
public class RegEx extends AbstractMapper {
- private UserGroupSyncConfig config = UserGroupSyncConfig.getInstance();
private LinkedHashMap replacementPattern;
public LinkedHashMap getReplacementPattern() {
@@ -35,18 +32,16 @@ public LinkedHashMap getReplacementPattern() {
}
@Override
- public void init (String baseProperty) {
+ public void init (String baseProperty, List regexPatterns, String regexSeparator) {
logger.info("Initializing for " + baseProperty);
try {
- List regexPatterns = config.getAllRegexPatterns(baseProperty);
- String regexSeparator = config.getRegexSeparator();
populateReplacementPatterns(baseProperty, regexPatterns, regexSeparator);
} catch (Throwable t) {
logger.error("Failed to initialize " + baseProperty, t.fillInStackTrace());
}
}
- protected void populateReplacementPatterns(String baseProperty, List regexPatterns, String regexSeparator) throws Throwable {
+ void populateReplacementPatterns(String baseProperty, List regexPatterns, String regexSeparator) throws Throwable {
replacementPattern = new LinkedHashMap();
String regex = String.format("s%s([^%s]*)%s([^%s]*)%s(g)?", regexSeparator, regexSeparator, regexSeparator, regexSeparator, regexSeparator);
Pattern p = Pattern.compile(regex);
diff --git a/ugsync-util/src/main/java/org/apache/ranger/ugsyncutil/util/UgsyncCommonConstants.java b/ugsync-util/src/main/java/org/apache/ranger/ugsyncutil/util/UgsyncCommonConstants.java
index f20bf91967..eb132b6ab6 100644
--- a/ugsync-util/src/main/java/org/apache/ranger/ugsyncutil/util/UgsyncCommonConstants.java
+++ b/ugsync-util/src/main/java/org/apache/ranger/ugsyncutil/util/UgsyncCommonConstants.java
@@ -20,10 +20,45 @@
package org.apache.ranger.ugsyncutil.util;
public class UgsyncCommonConstants {
+ public enum CaseConversion { NONE, TO_LOWER, TO_UPPER }
public static final String ORIGINAL_NAME = "original_name";
public static final String FULL_NAME = "full_name";
public static final String SYNC_SOURCE = "sync_source";
public static final String LDAP_URL = "ldap_url";
+ public static final String UGSYNC_NONE_CASE_CONVERSION_VALUE = "none";
+ public static final String UGSYNC_LOWER_CASE_CONVERSION_VALUE = "lower";
+ public static final String UGSYNC_UPPER_CASE_CONVERSION_VALUE = "upper";
+
+ public static final String UGSYNC_USERNAME_CASE_CONVERSION_PARAM = "ranger.usersync.ldap.username.caseconversion";
+ public static final String DEFAULT_UGSYNC_USERNAME_CASE_CONVERSION_VALUE = UGSYNC_NONE_CASE_CONVERSION_VALUE;
+
+ public static final String UGSYNC_GROUPNAME_CASE_CONVERSION_PARAM = "ranger.usersync.ldap.groupname.caseconversion";
+ public static final String DEFAULT_UGSYNC_GROUPNAME_CASE_CONVERSION_VALUE = UGSYNC_NONE_CASE_CONVERSION_VALUE;
+
+ public static final String SYNC_MAPPING_USERNAME = "ranger.usersync.mapping.username.regex";
+
+ public static final String SYNC_MAPPING_GROUPNAME = "ranger.usersync.mapping.groupname.regex";
+
+ public static final String SYNC_MAPPING_USERNAME_HANDLER = "ranger.usersync.mapping.username.handler";
+ public static final String DEFAULT_SYNC_MAPPING_USERNAME_HANDLER = "org.apache.ranger.ugsyncutil.transform.RegEx";
+
+ public static final String SYNC_MAPPING_GROUPNAME_HANDLER = "ranger.usersync.mapping.groupname.handler";
+ public static final String DEFAULT_SYNC_MAPPING_GROUPNAME_HANDLER = "org.apache.ranger.ugsyncutil.transform.RegEx";
+
+ public static final String SYNC_MAPPING_SEPARATOR = "ranger.usersync.mapping.regex.separator";
+
+ public static final String DEFAULT_MAPPING_SEPARATOR = "/";
+
+ public static CaseConversion toCaseConversion(String value) {
+ if (UGSYNC_LOWER_CASE_CONVERSION_VALUE.equalsIgnoreCase(value)) {
+ return CaseConversion.TO_LOWER;
+ } else if (UGSYNC_UPPER_CASE_CONVERSION_VALUE.equalsIgnoreCase(value)) {
+ return CaseConversion.TO_UPPER;
+ } else {
+ return CaseConversion.NONE;
+ }
+ }
+
}
diff --git a/ugsync/src/test/java/org/apache/ranger/usergroupsync/TestRegEx.java b/ugsync-util/src/test/java/org/apache/ranger/ugsyncutil/transform/TestRegEx.java
similarity index 99%
rename from ugsync/src/test/java/org/apache/ranger/usergroupsync/TestRegEx.java
rename to ugsync-util/src/test/java/org/apache/ranger/ugsyncutil/transform/TestRegEx.java
index 1be5fc4abc..cc531c649c 100644
--- a/ugsync/src/test/java/org/apache/ranger/usergroupsync/TestRegEx.java
+++ b/ugsync-util/src/test/java/org/apache/ranger/ugsyncutil/transform/TestRegEx.java
@@ -17,7 +17,7 @@
* under the License.
*/
-package org.apache.ranger.usergroupsync;
+package org.apache.ranger.ugsyncutil.transform;
import static org.junit.Assert.*;
diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
index c65e08ffa7..bdcae4b759 100644
--- a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
+++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
@@ -37,6 +37,7 @@
import org.apache.ranger.credentialapi.CredentialReader;
import org.apache.ranger.plugin.util.RangerCommonConstants;
import org.apache.ranger.plugin.util.XMLUtils;
+import org.apache.ranger.ugsyncutil.util.UgsyncCommonConstants;
import org.apache.ranger.unixusersync.ha.UserSyncHAInitializerImpl;
import org.apache.ranger.usergroupsync.UserGroupSink;
import org.apache.ranger.usergroupsync.UserGroupSource;
@@ -247,19 +248,6 @@ public class UserGroupSyncConfig {
private static final String LGSYNC_REFERRAL = "ranger.usersync.ldap.referral";
private static final String DEFAULT_LGSYNC_REFERRAL = "follow";
- public static final String SYNC_MAPPING_USERNAME = "ranger.usersync.mapping.username.regex";
-
- public static final String SYNC_MAPPING_GROUPNAME = "ranger.usersync.mapping.groupname.regex";
-
- private static final String SYNC_MAPPING_USERNAME_HANDLER = "ranger.usersync.mapping.username.handler";
- private static final String DEFAULT_SYNC_MAPPING_USERNAME_HANDLER = "org.apache.ranger.usergroupsync.RegEx";
-
- private static final String SYNC_MAPPING_GROUPNAME_HANDLER = "ranger.usersync.mapping.groupname.handler";
- private static final String DEFAULT_SYNC_MAPPING_GROUPNAME_HANDLER = "org.apache.ranger.usergroupsync.RegEx";
-
- private static final String SYNC_MAPPING_SEPARATOR = "ranger.usersync.mapping.regex.separator";
-
- private static final String DEFAULT_MAPPING_SEPARATOR = "/";
private static final String ROLE_ASSIGNMENT_LIST_DELIMITER = "ranger.usersync.role.assignment.list.delimiter";
private static final String USERS_GROUPS_ASSIGNMENT_LIST_DELIMITER = "ranger.usersync.users.groups.assignment.list.delimiter";
@@ -1068,19 +1056,19 @@ public List getAllRegexPatterns(String baseProperty) throws Throwable {
}
public String getUserSyncMappingUserNameHandler() {
- String val = prop.getProperty(SYNC_MAPPING_USERNAME_HANDLER);
+ String val = prop.getProperty(UgsyncCommonConstants.SYNC_MAPPING_USERNAME_HANDLER);
if(val == null) {
- val = DEFAULT_SYNC_MAPPING_USERNAME_HANDLER;
+ val = UgsyncCommonConstants.DEFAULT_SYNC_MAPPING_USERNAME_HANDLER;
}
return val;
}
public String getUserSyncMappingGroupNameHandler() {
- String val = prop.getProperty(SYNC_MAPPING_GROUPNAME_HANDLER);
+ String val = prop.getProperty(UgsyncCommonConstants.SYNC_MAPPING_GROUPNAME_HANDLER);
if(val == null) {
- val = DEFAULT_SYNC_MAPPING_GROUPNAME_HANDLER;
+ val = UgsyncCommonConstants.DEFAULT_SYNC_MAPPING_GROUPNAME_HANDLER;
}
return val;
}
@@ -1168,14 +1156,10 @@ public boolean isStartTlsEnabled() {
}
public boolean isDeltaSyncEnabled() {
- boolean deltaSyncEnabled;
String val = prop.getProperty(LGSYNC_LDAP_DELTASYNC_ENABLED);
- if(val == null || val.trim().isEmpty()) {
- deltaSyncEnabled = DEFAULT_LGSYNC_LDAP_DELTASYNC_ENABLED;
- } else {
- deltaSyncEnabled = Boolean.valueOf(val);
- }
- return deltaSyncEnabled;
+
+ return StringUtils.isBlank(val) ? DEFAULT_LGSYNC_LDAP_DELTASYNC_ENABLED : Boolean.parseBoolean(val);
+
}
/* Used only for unit testing */
@@ -1368,8 +1352,8 @@ public boolean isUserSyncNameValidationEnabled() {
}
public String getRegexSeparator() {
- String ret = DEFAULT_MAPPING_SEPARATOR;
- String val = prop.getProperty(SYNC_MAPPING_SEPARATOR);
+ String ret = UgsyncCommonConstants.DEFAULT_MAPPING_SEPARATOR;
+ String val = prop.getProperty(UgsyncCommonConstants.SYNC_MAPPING_SEPARATOR);
if(StringUtils.isNotEmpty(val)) {
if (val.length() == 1) {
ret = val;
diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
index 277d33b203..5746d793ea 100644
--- a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
+++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
@@ -160,22 +160,22 @@ public PolicyMgrUserGroupBuilder() {
String userNameCaseConversion = config.getUserNameCaseConversion();
- if (UserGroupSyncConfig.UGSYNC_NONE_CASE_CONVERSION_VALUE.equalsIgnoreCase(userNameCaseConversion)) {
+ if (UgsyncCommonConstants.UGSYNC_NONE_CASE_CONVERSION_VALUE.equalsIgnoreCase(userNameCaseConversion)) {
userNameCaseConversionFlag = false;
}
else {
userNameCaseConversionFlag = true;
- userNameLowerCaseFlag = UserGroupSyncConfig.UGSYNC_LOWER_CASE_CONVERSION_VALUE.equalsIgnoreCase(userNameCaseConversion);
+ userNameLowerCaseFlag = UgsyncCommonConstants.UGSYNC_LOWER_CASE_CONVERSION_VALUE.equalsIgnoreCase(userNameCaseConversion);
}
String groupNameCaseConversion = config.getGroupNameCaseConversion();
- if (UserGroupSyncConfig.UGSYNC_NONE_CASE_CONVERSION_VALUE.equalsIgnoreCase(groupNameCaseConversion)) {
+ if (UgsyncCommonConstants.UGSYNC_NONE_CASE_CONVERSION_VALUE.equalsIgnoreCase(groupNameCaseConversion)) {
groupNameCaseConversionFlag = false;
}
else {
groupNameCaseConversionFlag = true;
- groupNameLowerCaseFlag = UserGroupSyncConfig.UGSYNC_LOWER_CASE_CONVERSION_VALUE.equalsIgnoreCase(groupNameCaseConversion);
+ groupNameLowerCaseFlag = UgsyncCommonConstants.UGSYNC_LOWER_CASE_CONVERSION_VALUE.equalsIgnoreCase(groupNameCaseConversion);
}
}
diff --git a/ugsync/src/main/java/org/apache/ranger/usergroupsync/AbstractUserGroupSource.java b/ugsync/src/main/java/org/apache/ranger/usergroupsync/AbstractUserGroupSource.java
index 18d2d3ef7a..4e171e17b1 100644
--- a/ugsync/src/main/java/org/apache/ranger/usergroupsync/AbstractUserGroupSource.java
+++ b/ugsync/src/main/java/org/apache/ranger/usergroupsync/AbstractUserGroupSource.java
@@ -18,54 +18,54 @@
*/
package org.apache.ranger.usergroupsync;
+import org.apache.ranger.ugsyncutil.transform.Mapper;
+import org.apache.ranger.ugsyncutil.util.UgsyncCommonConstants;
import org.apache.ranger.unixusersync.config.UserGroupSyncConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public abstract class AbstractUserGroupSource {
-
private static final Logger LOG = LoggerFactory.getLogger(AbstractUserGroupSource.class);
- protected UserGroupSyncConfig config = UserGroupSyncConfig.getInstance();
+ protected final UserGroupSyncConfig config = UserGroupSyncConfig.getInstance();
+ protected final Mapper userNameRegExInst;
+ protected final Mapper groupNameRegExInst;
- protected Mapper userNameRegExInst = null;
- protected Mapper groupNameRegExInst = null;
+ public AbstractUserGroupSource() {
+ String mappingUserNameHandler = config.getUserSyncMappingUserNameHandler();
+ String mappingGroupNameHandler = config.getUserSyncMappingGroupNameHandler();
+ Mapper userNameRegExInst = null;
+ Mapper groupNameRegExInst = null;
+ if (mappingUserNameHandler != null) {
+ try {
+ Class regExClass = (Class) Class.forName(mappingUserNameHandler);
- public AbstractUserGroupSource() {
- String mappingUserNameHandler = config.getUserSyncMappingUserNameHandler();
- try {
- if (mappingUserNameHandler != null) {
- Class regExClass = (Class)Class.forName(mappingUserNameHandler);
userNameRegExInst = regExClass.newInstance();
- if (userNameRegExInst != null) {
- userNameRegExInst.init(UserGroupSyncConfig.SYNC_MAPPING_USERNAME);
- } else {
- LOG.error("RegEx handler instance for username is null!");
- }
+
+ userNameRegExInst.init(UgsyncCommonConstants.SYNC_MAPPING_USERNAME, config.getAllRegexPatterns(UgsyncCommonConstants.SYNC_MAPPING_USERNAME), config.getRegexSeparator());
+ } catch (ClassNotFoundException cne) {
+ LOG.error("Failed to load {}: {}", mappingUserNameHandler, cne);
+ } catch (Throwable te) {
+ LOG.error("Failed to instantiate {}: {}", mappingUserNameHandler, te);
}
- } catch (ClassNotFoundException cne) {
- LOG.error("Failed to load " + mappingUserNameHandler + " " + cne);
- } catch (Throwable te) {
- LOG.error("Failed to instantiate " + mappingUserNameHandler + " " + te);
}
- String mappingGroupNameHandler = config.getUserSyncMappingGroupNameHandler();
- try {
- if (mappingGroupNameHandler != null) {
- Class regExClass = (Class)Class.forName(mappingGroupNameHandler);
+ if (mappingGroupNameHandler != null) {
+ try {
+ Class regExClass = (Class) Class.forName(mappingGroupNameHandler);
+
groupNameRegExInst = regExClass.newInstance();
- if (groupNameRegExInst != null) {
- groupNameRegExInst.init(UserGroupSyncConfig.SYNC_MAPPING_GROUPNAME);
- } else {
- LOG.error("RegEx handler instance for groupname is null!");
- }
+
+ groupNameRegExInst.init(UgsyncCommonConstants.SYNC_MAPPING_GROUPNAME, config.getAllRegexPatterns(UgsyncCommonConstants.SYNC_MAPPING_GROUPNAME), config.getRegexSeparator());
+ } catch (ClassNotFoundException cne) {
+ LOG.error("Failed to load {}: {}", mappingGroupNameHandler, cne);
+ } catch (Throwable te) {
+ LOG.error("Failed to instantiate {}: {}", mappingGroupNameHandler, te);
}
- } catch (ClassNotFoundException cne) {
- LOG.error("Failed to load " + mappingGroupNameHandler + " " + cne);
- } catch (Throwable te) {
- LOG.error("Failed to instantiate " + mappingGroupNameHandler + " " + te);
}
- }
+ this.userNameRegExInst = userNameRegExInst;
+ this.groupNameRegExInst = groupNameRegExInst;
+ }
}
diff --git a/ugsync/src/test/java/org/apache/ranger/unixusersync/process/TestFileSourceUserGroupBuilder.java b/ugsync/src/test/java/org/apache/ranger/unixusersync/process/TestFileSourceUserGroupBuilder.java
index 6b01ba7ad0..4cdbe03e66 100644
--- a/ugsync/src/test/java/org/apache/ranger/unixusersync/process/TestFileSourceUserGroupBuilder.java
+++ b/ugsync/src/test/java/org/apache/ranger/unixusersync/process/TestFileSourceUserGroupBuilder.java
@@ -21,6 +21,7 @@
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.assertEquals;
+import org.apache.ranger.ugsyncutil.util.UgsyncCommonConstants;
import org.apache.ranger.unixusersync.config.UserGroupSyncConfig;
import org.apache.ranger.usergroupsync.PolicyMgrUserGroupBuilderTest;
import org.junit.Test;
@@ -90,7 +91,8 @@ public void testUpdateSinkFromCsvFileMisSpelledDelimiterProperty() throws Throwa
sink.init();
fileBuilder.updateSink(sink);
- assertEquals(4, sink.getTotalUsers());
+ assertEquals(4,
+ sink.getTotalUsers());
assertEquals(2, sink.getTotalGroups());
assertTrue(sink.getAllUsers().contains("user1"));
@@ -135,10 +137,10 @@ public void testUpdateSinkWithUserAndGroupMapping() throws Throwable {
config.setProperty(UserGroupSyncConfig.UGSYNC_SOURCE_FILE_PROC, "src/test/resources/usergroups-dns.csv");
config.setProperty(UserGroupSyncConfig.UGSYNC_SOURCE_FILE_DELIMITERER, "|");
- config.setProperty(UserGroupSyncConfig.SYNC_MAPPING_USERNAME, "s/[=]/_/g");
- config.setProperty(UserGroupSyncConfig.SYNC_MAPPING_USERNAME + ".1", "s/[,]//g");
+ config.setProperty(UgsyncCommonConstants.SYNC_MAPPING_USERNAME, "s/[=]/_/g");
+ config.setProperty(UgsyncCommonConstants.SYNC_MAPPING_USERNAME + ".1", "s/[,]//g");
- config.setProperty(UserGroupSyncConfig.SYNC_MAPPING_GROUPNAME, "s/[=]//g");
+ config.setProperty(UgsyncCommonConstants.SYNC_MAPPING_GROUPNAME, "s/[=]//g");
FileSourceUserGroupBuilder fileBuilder = new FileSourceUserGroupBuilder();
fileBuilder.init();
diff --git a/ugsync/src/test/java/org/apache/ranger/usergroupsync/TestLdapUserGroup.java b/ugsync/src/test/java/org/apache/ranger/usergroupsync/TestLdapUserGroup.java
index 2011b5b75b..6a72588525 100644
--- a/ugsync/src/test/java/org/apache/ranger/usergroupsync/TestLdapUserGroup.java
+++ b/ugsync/src/test/java/org/apache/ranger/usergroupsync/TestLdapUserGroup.java
@@ -32,6 +32,7 @@
import org.apache.directory.server.ldap.LdapServer;
import org.apache.directory.server.protocol.shared.transport.TcpTransport;
import org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder;
+import org.apache.ranger.ugsyncutil.util.UgsyncCommonConstants;
import org.apache.ranger.unixusersync.config.UserGroupSyncConfig;
import org.junit.After;
import org.junit.Assert;
@@ -405,8 +406,8 @@ public void testUpdateSinkWithUserGroupMapping() throws Throwable {
config.setGroupSearchEnabled(true);
config.setGroupSearchFirstEnabled(false);
- config.setProperty(UserGroupSyncConfig.SYNC_MAPPING_USERNAME, "s/[=]/_/g");
- config.setProperty(UserGroupSyncConfig.SYNC_MAPPING_GROUPNAME, "s/[=]/_/g");
+ config.setProperty(UgsyncCommonConstants.SYNC_MAPPING_USERNAME, "s/[=]/_/g");
+ config.setProperty(UgsyncCommonConstants.SYNC_MAPPING_GROUPNAME, "s/[=]/_/g");
sink = new PolicyMgrUserGroupBuilderTest();
ldapBuilder.init();