Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RANGER-5110: Update the FQDN of users and groups whenever it changes #516

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

RANGER-5110: Update the FQDN of users and groups whenever it changes #516

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
60 changes: 32 additions & 28 deletions ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -294,6 +294,13 @@ public void addOrUpdateUsersGroups(Map<String, Map<String, String>> sourceGroups
if (!isStartupFlag && computeDeletes) {
LOG.info("Computing deleted users/groups");

userCache.clear();
groupCache.clear();
groupUsersCache.clear();
groupNameMap.clear();
userNameMap.clear();
buildUserGroupInfo();

if (MapUtils.isNotEmpty(sourceGroups)) {
updateDeletedGroups(sourceGroups);
}
Expand Down Expand Up @@ -734,8 +741,6 @@ private void computeGroupDelta(Map<String, Map<String, String>> sourceGroups) {
XGroupInfo curGroup = groupCache.get(groupName);
String curSyncSource = curGroup.getSyncSource();
String curGroupAttrsStr = curGroup.getOtherAttributes();
Map<String, String> curGroupAttrs = curGroup.getOtherAttrsMap();
String curGroupDN = MapUtils.isEmpty(curGroupAttrs) ? groupName : curGroupAttrs.get(UgsyncCommonConstants.FULL_NAME);
String newSyncSource = newGroupAttrs.get(UgsyncCommonConstants.SYNC_SOURCE);

if (isStartupFlag && !isSyncSourceValidationEnabled && (!StringUtils.equalsIgnoreCase(curSyncSource, newSyncSource))) {
Expand All @@ -747,16 +752,6 @@ private void computeGroupDelta(Map<String, Map<String, String>> sourceGroups) {
noOfModifiedGroups++;
groupNameMap.put(groupDN, groupName);
} else {
if (MapUtils.isNotEmpty(curGroupAttrs) && !StringUtils.equalsIgnoreCase(groupDN, curGroupDN)) { // skip update
LOG.debug("[{}]: SyncSource update skipped, current group DN = {} new user DN = {}", groupName, curGroupDN, groupDN);

if (StringUtils.equalsIgnoreCase(curGroupAttrsStr, newGroupAttrsStr)) {
groupNameMap.put(groupDN, groupName);
}

continue;
}

if (StringUtils.isEmpty(curSyncSource) || (!StringUtils.equalsIgnoreCase(curGroupAttrsStr, newGroupAttrsStr) && StringUtils.equalsIgnoreCase(curSyncSource, newSyncSource))) { // update
if (StringUtils.isEmpty(curSyncSource)) {
LOG.debug("[{}]: SyncSource updated to {}, previously empty", groupName, newSyncSource);
Expand Down Expand Up @@ -824,8 +819,6 @@ private void computeUserDelta(Map<String, Map<String, String>> sourceUsers) {
XUserInfo curUser = userCache.get(userName);
String curSyncSource = curUser.getSyncSource();
String curUserAttrsStr = curUser.getOtherAttributes();
Map<String, String> curUserAttrs = curUser.getOtherAttrsMap();
String curUserDN = MapUtils.isEmpty(curUserAttrs) ? userName : curUserAttrs.get(UgsyncCommonConstants.FULL_NAME);
String newSyncSource = newUserAttrs.get(UgsyncCommonConstants.SYNC_SOURCE);

if (isStartupFlag && !isSyncSourceValidationEnabled && (!StringUtils.equalsIgnoreCase(curSyncSource, newSyncSource))) {
Expand All @@ -838,17 +831,6 @@ private void computeUserDelta(Map<String, Map<String, String>> sourceUsers) {
noOfModifiedGroups++;
userNameMap.put(userDN, userName);
} else {
if (MapUtils.isNotEmpty(curUserAttrs) && !StringUtils.equalsIgnoreCase(userDN, curUserDN)) { // skip update
// Same username with different DN already exists
LOG.debug("[{}]: SyncSource update skipped, current user DN = {} new user DN = {}", userName, curUserDN, userDN);

if (StringUtils.equalsIgnoreCase(curUserAttrsStr, newUserAttrsStr)) {
userNameMap.put(userDN, userName);
}

continue;
}

if (StringUtils.isEmpty(curSyncSource) || (!StringUtils.equalsIgnoreCase(curUserAttrsStr, newUserAttrsStr) && StringUtils.equalsIgnoreCase(curSyncSource, newSyncSource))) { // update
if (StringUtils.isEmpty(curSyncSource)) {
LOG.debug("[{}]: SyncSource updated to {}, previously empty", userName, newSyncSource);
Expand Down Expand Up @@ -1732,15 +1714,26 @@ private void computeDeletedGroups(Map<String, Map<String, String>> sourceGroups)

deletedGroups = new HashMap<>();

Set<String> sourceGroupNames = new HashSet<>();
for (Map<String, String> attrs : sourceGroups.values()) {
sourceGroupNames.add(attrs.get(UgsyncCommonConstants.ORIGINAL_NAME));
}

// Check if the group from cache exists in the sourceGroups. If not, mark as deleted group.
for (XGroupInfo groupInfo : groupCache.values()) {
for (Map.Entry<String, XGroupInfo> entry : groupCache.entrySet()) {
String groupName = entry.getKey();
XGroupInfo groupInfo = entry.getValue();
Map<String, String> groupOtherAttrs = groupInfo.getOtherAttrsMap();
String groupDN = groupOtherAttrs != null ? groupOtherAttrs.get(UgsyncCommonConstants.FULL_NAME) : null;

if (StringUtils.isNotEmpty(groupDN) && !sourceGroups.containsKey(groupDN)
&& StringUtils.equalsIgnoreCase(groupOtherAttrs.get(UgsyncCommonConstants.SYNC_SOURCE), currentSyncSource) &&
StringUtils.equalsIgnoreCase(groupOtherAttrs.get(UgsyncCommonConstants.LDAP_URL), ldapUrl)) {
if (ISHIDDEN.equals(groupInfo.getIsVisible())) {
Copy link
Author

@eubnara eubnara Jan 22, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is bug introduced by typo. Fix it also in this PR.

if (sourceGroupNames.contains(groupName)) {
LOG.info("group " + groupName + " with different DN exists. Skip and wait for it to be updated.");
continue;
}
if (!ISHIDDEN.equals(groupInfo.getIsVisible())) {
groupInfo.setIsVisible(ISHIDDEN);
deletedGroups.put(groupInfo.getName(), groupInfo);
} else {
Expand Down Expand Up @@ -1847,14 +1840,25 @@ private void computeDeletedUsers(Map<String, Map<String, String>> sourceUsers) {

deletedUsers = new HashMap<>();

Set<String> sourceUserNames = new HashSet<>();
for (Map<String, String> attrs : sourceUsers.values()) {
sourceUserNames.add(attrs.get(UgsyncCommonConstants.ORIGINAL_NAME));
}

// Check if the group from cache exists in the sourceGroups. If not, mark as deleted group.
for (XUserInfo userInfo : userCache.values()) {
for (Map.Entry<String, XUserInfo> entry : userCache.entrySet()) {
String username = entry.getKey();
XUserInfo userInfo = entry.getValue();
Map<String, String> userOtherAttrs = userInfo.getOtherAttrsMap();
String userDN = userOtherAttrs != null ? userOtherAttrs.get(UgsyncCommonConstants.FULL_NAME) : null;

if (StringUtils.isNotEmpty(userDN) && !sourceUsers.containsKey(userDN)
&& StringUtils.equalsIgnoreCase(userOtherAttrs.get(UgsyncCommonConstants.SYNC_SOURCE), currentSyncSource)
&& StringUtils.equalsIgnoreCase(userOtherAttrs.get(UgsyncCommonConstants.LDAP_URL), ldapUrl)) {
if (sourceUserNames.contains(username)) {
LOG.info("user " + username + " with different DN exists. Skip and wait for it to be updated.");
continue;
}
if (!ISHIDDEN.equals(userInfo.getIsVisible())) {
userInfo.setIsVisible(ISHIDDEN);
deletedUsers.put(userInfo.getName(), userInfo);
Expand Down