/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.ranger.unixusersync.process;
import java.io.IOException;
import java.net.UnknownHostException;
import java.security.KeyStore;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.regex.Pattern;
import javax.security.auth.Subject;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.core.Cookie;
import javax.ws.rs.core.NewCookie;
import org.apache.hadoop.security.SecureClientLogin;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.apache.ranger.plugin.util.URLEncoderUtil;
import org.apache.ranger.unixusersync.config.UserGroupSyncConfig;
import org.apache.ranger.unixusersync.model.GetXGroupListResponse;
import org.apache.ranger.unixusersync.model.GetXUserGroupListResponse;
import org.apache.ranger.unixusersync.model.GetXUserListResponse;
import org.apache.ranger.unixusersync.model.MUserInfo;
import org.apache.ranger.unixusersync.model.UgsyncAuditInfo;
import org.apache.ranger.unixusersync.model.UserGroupInfo;
import org.apache.ranger.unixusersync.model.XGroupInfo;
import org.apache.ranger.unixusersync.model.XUserGroupInfo;
import org.apache.ranger.unixusersync.model.XUserInfo;
import org.apache.ranger.usergroupsync.UserGroupSink;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.sun.jersey.api.client.ClientResponse;
public class PolicyMgrUserGroupBuilder implements UserGroupSink {
private static final Logger LOG = Logger.getLogger(PolicyMgrUserGroupBuilder.class);
private static final String AUTHENTICATION_TYPE = "hadoop.security.authentication";
private String AUTH_KERBEROS = "kerberos";
private static final String PRINCIPAL = "ranger.usersync.kerberos.principal";
private static final String KEYTAB = "ranger.usersync.kerberos.keytab";
private static final String NAME_RULE = "hadoop.security.auth_to_local";
public static final String PM_USER_LIST_URI = "/service/xusers/users/"; // GET
private static final String PM_ADD_USER_GROUP_INFO_URI = "/service/xusers/users/userinfo"; // POST
public static final String PM_GROUP_LIST_URI = "/service/xusers/groups/"; // GET
private static final String PM_ADD_GROUP_URI = "/service/xusers/groups/"; // POST
public static final String PM_USER_GROUP_MAP_LIST_URI = "/service/xusers/groupusers/"; // GET
private static final String PM_DEL_USER_GROUP_LINK_URI = "/service/xusers/group/${groupName}/user/${userName}"; // DELETE
private static final String PM_ADD_LOGIN_USER_URI = "/service/users/default"; // POST
private static final String PM_AUDIT_INFO_URI = "/service/xusers/ugsync/auditinfo/"; // POST
private static final String GROUP_SOURCE_EXTERNAL ="1";
private static final String RANGER_ADMIN_COOKIE_NAME = "RANGERADMINSESSIONID";
private static String LOCAL_HOSTNAME = "unknown";
private String recordsToPullPerCall = "1000";
private boolean isMockRun = false;
private String policyMgrBaseUrl;
private Cookie sessionId=null;
private boolean isValidRangerCookie=false;
List<NewCookie> cookieList=new ArrayList<>();
private UserGroupSyncConfig config = UserGroupSyncConfig.getInstance();
private UserGroupInfo usergroupInfo = new UserGroupInfo();
private List<XGroupInfo> xgroupList;
private List<XUserInfo> xuserList;
private List<XUserGroupInfo> xusergroupList;
private HashMap<String,XUserInfo> userId2XUserInfoMap;
private HashMap<String,XUserInfo> userName2XUserInfoMap;
private HashMap<String,XGroupInfo> groupName2XGroupInfoMap;
private String authenticationType = null;
String principal;
String keytab;
String nameRules;
Map<String, String> userMap;
Map<String, String> groupMap;
private int noOfNewUsers;
private int noOfNewGroups;
private int noOfModifiedUsers;
private int noOfModifiedGroups;
private HashSet<String> newUserList = new HashSet<String>();
private HashSet<String> modifiedUserList = new HashSet<String>();
private HashSet<String> newGroupList = new HashSet<String>();
private HashSet<String> modifiedGroupList = new HashSet<String>();
private boolean isRangerCookieEnabled;
boolean isStartupFlag = false;
private volatile RangerUgSyncRESTClient uGSyncClient;
static {
try {
LOCAL_HOSTNAME = java.net.InetAddress.getLocalHost().getCanonicalHostName();
} catch (UnknownHostException e) {
LOCAL_HOSTNAME = "unknown";
}
}
public static void main(String[] args) throws Throwable {
PolicyMgrUserGroupBuilder ugbuilder = new PolicyMgrUserGroupBuilder();
ugbuilder.init();
}
synchronized public void init() throws Throwable {
xgroupList = new ArrayList<XGroupInfo>();
xuserList = new ArrayList<XUserInfo>();
xusergroupList = new ArrayList<XUserGroupInfo>();
userId2XUserInfoMap = new HashMap<String,XUserInfo>();
userName2XUserInfoMap = new HashMap<String,XUserInfo>();
groupName2XGroupInfoMap = new HashMap<String,XGroupInfo>();
userMap = new LinkedHashMap<String, String>();
groupMap = new LinkedHashMap<String, String>();
recordsToPullPerCall = config.getMaxRecordsPerAPICall();
policyMgrBaseUrl = config.getPolicyManagerBaseURL();
isMockRun = config.isMockRunEnabled();
noOfNewUsers = 0;
noOfModifiedUsers = 0;
noOfNewGroups = 0;
noOfModifiedGroups = 0;
isStartupFlag = true;
isRangerCookieEnabled = config.isUserSyncRangerCookieEnabled();
if (isMockRun) {
LOG.setLevel(Level.DEBUG);
}
sessionId=null;
String keyStoreFile = config.getSSLKeyStorePath();
String trustStoreFile = config.getSSLTrustStorePath();
String keyStoreFilepwd = config.getSSLKeyStorePathPassword();
String trustStoreFilepwd = config.getSSLTrustStorePathPassword();
String keyStoreType = KeyStore.getDefaultType();
String trustStoreType = KeyStore.getDefaultType();
authenticationType = config.getProperty(AUTHENTICATION_TYPE,"simple");
try {
principal = SecureClientLogin.getPrincipal(config.getProperty(PRINCIPAL,""), LOCAL_HOSTNAME);
} catch (IOException ignored) {
// do nothing
}
keytab = config.getProperty(KEYTAB,"");
nameRules = config.getProperty(NAME_RULE,"DEFAULT");
uGSyncClient = new RangerUgSyncRESTClient(policyMgrBaseUrl, keyStoreFile, keyStoreFilepwd, keyStoreType,
trustStoreFile, trustStoreFilepwd, trustStoreType, authenticationType, principal, keytab,
config.getPolicyMgrUserName(), config.getPolicyMgrPassword());
String userGroupRoles = config.getGroupRoleRules();
if (userGroupRoles != null && !userGroupRoles.isEmpty()) {
getRoleForUserGroups(userGroupRoles);
}
buildUserGroupInfo();
if (LOG.isDebugEnabled()) {
LOG.debug("PolicyMgrUserGroupBuilder.init()==> PolMgrBaseUrl : "+policyMgrBaseUrl+" KeyStore File : "+keyStoreFile+" TrustStore File : "+trustStoreFile+ "Authentication Type : "+authenticationType);
}
}
private void buildUserGroupInfo() throws Throwable {
if(authenticationType != null && AUTH_KERBEROS.equalsIgnoreCase(authenticationType) && SecureClientLogin.isKerberosCredentialExists(principal, keytab)){
if(LOG.isDebugEnabled()) {
LOG.debug("==> Kerberos Environment : Principal is " + principal + " and Keytab is " + keytab);
}
}
if (authenticationType != null && AUTH_KERBEROS.equalsIgnoreCase(authenticationType) && SecureClientLogin.isKerberosCredentialExists(principal, keytab)) {
try {
LOG.info("Using principal = " + principal + " and keytab = " + keytab);
Subject sub = SecureClientLogin.loginUserFromKeytab(principal, keytab, nameRules);
Subject.doAs(sub, new PrivilegedAction<Void>() {
@Override
public Void run() {
try {
buildGroupList();
buildUserList();
buildUserGroupLinkList();
rebuildUserGroupMap();
} catch (Exception e) {
LOG.error("Failed to build Group List : ", e);
}
return null;
}
});
} catch (Exception e) {
LOG.error("Failed to Authenticate Using given Principal and Keytab : ",e);
}
} else {
buildGroupList();
buildUserList();
buildUserGroupLinkList();
rebuildUserGroupMap();
if (LOG.isDebugEnabled()) {
this.print();
}
}
}
private void rebuildUserGroupMap() {
for(XUserInfo user : xuserList) {
addUserToList(user);
}
for(XGroupInfo group : xgroupList) {
addGroupToList(group);
}
for(XUserGroupInfo ug : xusergroupList) {
addUserGroupToList(ug);
}
}
private void addUserToList(XUserInfo aUserInfo) {
if (! xuserList.contains(aUserInfo)) {
xuserList.add(aUserInfo);
}
String userId = aUserInfo.getId();
if (userId != null) {
userId2XUserInfoMap.put(userId, aUserInfo);
}
String userName = aUserInfo.getName();
if (userName != null) {
userName2XUserInfoMap.put(userName, aUserInfo);
}
if (LOG.isDebugEnabled()) {
LOG.debug("PolicyMgrUserGroupBuilder:addUserToList() xuserList.size() = " + xuserList.size());
}
}
private void addGroupToList(XGroupInfo aGroupInfo) {
if (! xgroupList.contains(aGroupInfo) ) {
xgroupList.add(aGroupInfo);
}
if (aGroupInfo.getName() != null) {
groupName2XGroupInfoMap.put(aGroupInfo.getName(), aGroupInfo);
}
if (LOG.isDebugEnabled()) {
LOG.debug("PolicyMgrUserGroupBuilder:addGroupToList() xgroupList.size() = " + xgroupList.size());
}
}
private void addUserGroupToList(XUserGroupInfo ugInfo) {
String userId = ugInfo.getUserId();
if (userId != null) {
XUserInfo user = userId2XUserInfoMap.get(userId);
if (user != null) {
List<String> groups = user.getGroups();
if (! groups.contains(ugInfo.getGroupName())) {
groups.add(ugInfo.getGroupName());
}
}
}
}
private void addUserGroupInfoToList(XUserInfo userInfo, XGroupInfo groupInfo) {
String userId = userInfo.getId();
if (userId != null) {
XUserInfo user = userId2XUserInfoMap.get(userId);
if (user != null) {
List<String> groups = user.getGroups();
if (! groups.contains(groupInfo.getName())) {
groups.add(groupInfo.getName());
}
}
}
}
private void delUserGroupFromList(XUserInfo userInfo, XGroupInfo groupInfo) {
List<String> groups = userInfo.getGroups();
if (groups.contains(groupInfo.getName())) {
groups.remove(groupInfo.getName());
}
}
private void print() {
LOG.debug("Number of users read [" + xuserList.size() + "]");
for(XUserInfo user : xuserList) {
LOG.debug("USER: " + user.getName());
for(String group : user.getGroups()) {
LOG.debug("\tGROUP: " + group);
}
}
}
@Override
public void addOrUpdateUser(String userName, List<String> groups) throws Throwable {
XUserInfo user = userName2XUserInfoMap.get(userName);
if (groups == null) {
groups = new ArrayList<String>();
}
if (user == null) { // Does not exists
//noOfNewUsers++;
newUserList.add(userName);
for (String group : groups) {
if (groupName2XGroupInfoMap.containsKey(group) && !newGroupList.contains(group)) {
modifiedGroupList.add(group);
} else {
//LOG.info("Adding new group " + group + " for user = " + userName);
newGroupList.add(group);
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("INFO: addPMAccount(" + userName + ")");
}
if (! isMockRun) {
if (addMUser(userName) == null) {
String msg = "Failed to add portal user";
LOG.error(msg);
throw new Exception(msg);
}
}
//* Build the user group info object and do the rest call
if ( ! isMockRun ) {
// If the rest call to ranger admin fails,
// propagate the failure to the caller for retry in next sync cycle.
if (addUserGroupInfo(userName,groups) == null ) {
String msg = "Failed to add addorUpdate user group info";
LOG.error(msg);
throw new Exception(msg);
}
}
}
else { // Validate group memberships
List<String> oldGroups = user.getGroups();
List<String> addGroups = new ArrayList<String>();
List<String> delGroups = new ArrayList<String>();
List<String> updateGroups = new ArrayList<String>();
Set<String> cumulativeGroups = new HashSet<>();
XGroupInfo tempXGroupInfo=null;
for(String group : groups) {
if (! oldGroups.contains(group)) {
addGroups.add(group);
if (!groupName2XGroupInfoMap.containsKey(group)) {
newGroupList.add(group);
} else {
modifiedGroupList.add(group);
}
}else{
tempXGroupInfo=groupName2XGroupInfoMap.get(group);
if(tempXGroupInfo!=null && ! GROUP_SOURCE_EXTERNAL.equals(tempXGroupInfo.getGroupSource())){
updateGroups.add(group);
}
}
}
for(String group : oldGroups) {
if (! groups.contains(group) ) {
delGroups.add(group);
}
}
for(String g : addGroups) {
if (LOG.isDebugEnabled()) {
LOG.debug("INFO: addPMXAGroupToUser(" + userName + "," + g + ")");
}
}
for(String g : delGroups) {
if (LOG.isDebugEnabled()) {
LOG.debug("INFO: delPMXAGroupFromUser(" + userName + "," + g + ")");
}
}
for(String g : updateGroups) {
if (LOG.isDebugEnabled()) {
LOG.debug("INFO: updatePMXAGroupToUser(" + userName + "," + g + ")");
}
}
if (isMockRun) {
if (LOG.isDebugEnabled()) {
LOG.debug("PolicyMgrUserGroupBuilder.addOrUpdateUser(): Mock Run enabled and hence not sending updates to Ranger admin!");
}
return;
}
if (!delGroups.isEmpty()) {
delXUserGroupInfo(user, delGroups);
//Remove groups from user mapping
user.deleteGroups(delGroups);
if (LOG.isDebugEnabled()) {
LOG.debug("PolicyMgrUserGroupBuilder.addUserGroupInfo(): groups for " + userName + " after delete = " + user.getGroups());
}
}
if (!delGroups.isEmpty() || !addGroups.isEmpty() || !updateGroups.isEmpty()) {
cumulativeGroups = new HashSet<>(user.getGroups());
cumulativeGroups.addAll(addGroups);
cumulativeGroups.addAll(updateGroups);
if (LOG.isDebugEnabled()) {
LOG.debug("PolicyMgrUserGroupBuilder.addUserGroupInfo(): cumulative groups for " + userName + " = " + cumulativeGroups);
}
UserGroupInfo ugInfo = new UserGroupInfo();
XUserInfo obj = addXUserInfo(userName);
Set<String> userRoleList = new HashSet<>();
if (userMap.containsKey(userName)) {
// Add the user role that is defined in user role assignments
userRoleList.add(userMap.get(userName));
}
for (String group : cumulativeGroups) {
String value = groupMap.get(group);
if (value != null) {
userRoleList.add(value);
}
}
if (!userRoleList.isEmpty()) {
obj.setUserRoleList(new ArrayList<>(userRoleList));
}
if (LOG.isDebugEnabled()) {
LOG.debug("PolicyMgrUserGroupBuilder.addUserGroupInfo() user role list for " + userName + " = " + obj.getUserRoleList());
}
ugInfo.setXuserInfo(obj);
ugInfo.setXgroupInfo(getXGroupInfoList(new ArrayList<>(cumulativeGroups)));
try {
// If the rest call to ranger admin fails,
// propagate the failure to the caller for retry in next
// sync cycle.
if (addUserGroupInfo(ugInfo) == null) {
String msg = "Failed to add user group info";
LOG.error(msg);
throw new Exception(msg);
}
} catch (Throwable t) {
LOG.error("PolicyMgrUserGroupBuilder.addUserGroupInfo failed with exception: "
+ t.getMessage()
+ ", for user-group entry: "
+ ugInfo);
}
}
if (isStartupFlag) {
UserGroupInfo ugInfo = new UserGroupInfo();
XUserInfo obj = addXUserInfo(userName);
if (obj != null && updateGroups.isEmpty()
&& addGroups.isEmpty() && delGroups.isEmpty()) {
Set<String> userRoleList = new HashSet<>();
if (userMap.containsKey(userName)) {
// Add the user role that is defined in user role assignments
userRoleList.add(userMap.get(userName));
}
for (String group : groups) {
String value = groupMap.get(group);
if (value != null) {
userRoleList.add(value);
}
}
obj.setUserRoleList(new ArrayList<>(userRoleList));
ugInfo.setXuserInfo(obj);
ugInfo.setXgroupInfo(getXGroupInfoList(groups));
try {
// If the rest call to ranger admin fails,
// propagate the failure to the caller for retry in next
// sync cycle.
if (addUserGroupInfo(ugInfo) == null) {
String msg = "Failed to add user group info";
LOG.error(msg);
throw new Exception(msg);
}
} catch (Throwable t) {
LOG.error("PolicyMgrUserGroupBuilder.addUserGroupInfo failed with exception: "
+ t.getMessage()
+ ", for user-group entry: "
+ ugInfo);
}
}
modifiedGroupList.addAll(oldGroups);
if (LOG.isDebugEnabled()) {
LOG.debug("Adding user to modified user list: " + userName + ": " + oldGroups);
}
modifiedUserList.add(userName);
} else {
if (!addGroups.isEmpty() || !delGroups.isEmpty() || !updateGroups.isEmpty()) {
modifiedUserList.add(userName);
}
modifiedGroupList.addAll(updateGroups);
modifiedGroupList.addAll(delGroups);
}
}
}
private void buildGroupList() {
if (LOG.isDebugEnabled()) {
LOG.debug("==> PolicyMgrUserGroupBuilder.buildGroupList()");
}
int totalCount = 100;
int retrievedCount = 0;
String relativeUrl = PM_GROUP_LIST_URI;
while (retrievedCount < totalCount) {
String response = null;
ClientResponse clientResp = null;
Map<String, String> queryParams = new HashMap<String, String>();
queryParams.put("pageSize", recordsToPullPerCall);
queryParams.put("startIndex", String.valueOf(retrievedCount));
Gson gson = new GsonBuilder().create();
if (isRangerCookieEnabled) {
response = cookieBasedGetEntity(relativeUrl, retrievedCount);
} else {
try {
clientResp = uGSyncClient.get(relativeUrl, queryParams);
if (clientResp != null) {
response = clientResp.getEntity(String.class);
}
} catch (Exception e) {
LOG.error("Failed to get response, Error is : " + e.getMessage());
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("RESPONSE: [" + response + "]");
}
GetXGroupListResponse groupList = gson.fromJson(response, GetXGroupListResponse.class);
LOG.info("Group List : "+groupList);
totalCount = groupList.getTotalCount();
if (groupList.getXgroupInfoList() != null) {
xgroupList.addAll(groupList.getXgroupInfoList());
retrievedCount = xgroupList.size();
for (XGroupInfo g : groupList.getXgroupInfoList()) {
if (LOG.isDebugEnabled()) {
LOG.debug("GROUP: Id:" + g.getId() + ", Name: " + g.getName() + ", Description: "
+ g.getDescription());
}
}
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== PolicyMgrUserGroupBuilder.buildGroupList()");
}
}
private void buildUserList() {
if (LOG.isDebugEnabled()) {
LOG.debug("==> PolicyMgrUserGroupBuilder.buildUserList()");
}
int totalCount = 100;
int retrievedCount = 0;
String relativeUrl = PM_USER_LIST_URI;
while (retrievedCount < totalCount) {
String response = null;
ClientResponse clientResp = null;
Map<String, String> queryParams = new HashMap<String, String>();
queryParams.put("pageSize", recordsToPullPerCall);
queryParams.put("startIndex", String.valueOf(retrievedCount));
Gson gson = new GsonBuilder().create();
if (isRangerCookieEnabled) {
response = cookieBasedGetEntity(relativeUrl, retrievedCount);
} else {
try {
clientResp = uGSyncClient.get(relativeUrl, queryParams);
if (clientResp != null) {
response = clientResp.getEntity(String.class);
}
} catch (Exception e) {
LOG.error("Failed to get response, Error is : "+e.getMessage());
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("RESPONSE: [" + response + "]");
}
GetXUserListResponse userList = gson.fromJson(response, GetXUserListResponse.class);
totalCount = userList.getTotalCount();
if (userList.getXuserInfoList() != null) {
xuserList.addAll(userList.getXuserInfoList());
retrievedCount = xuserList.size();
for (XUserInfo u : userList.getXuserInfoList()) {
if (LOG.isDebugEnabled()) {
LOG.debug("USER: Id:" + u.getId() + ", Name: " + u.getName() + ", Description: "
+ u.getDescription());
}
}
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== PolicyMgrUserGroupBuilder.buildUserList()");
}
}
private void buildUserGroupLinkList() {
if (LOG.isDebugEnabled()) {
LOG.debug("==> PolicyMgrUserGroupBuilder.buildUserGroupLinkList()");
}
int totalCount = 100;
int retrievedCount = 0;
String relativeUrl = PM_USER_GROUP_MAP_LIST_URI;
while (retrievedCount < totalCount) {
String response = null;
ClientResponse clientResp = null;
Map<String, String> queryParams = new HashMap<String, String>();
queryParams.put("pageSize", recordsToPullPerCall);
queryParams.put("startIndex", String.valueOf(retrievedCount));
Gson gson = new GsonBuilder().create();
if (isRangerCookieEnabled) {
response = cookieBasedGetEntity(relativeUrl, retrievedCount);
} else {
try {
clientResp = uGSyncClient.get(relativeUrl, queryParams);
if (clientResp != null) {
response = clientResp.getEntity(String.class);
}
} catch (Exception e) {
LOG.error("Failed to get response, Error is : " + e.getMessage());
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("RESPONSE: [" + response + "]");
}
GetXUserGroupListResponse usergroupList = gson.fromJson(response, GetXUserGroupListResponse.class);
totalCount = usergroupList.getTotalCount();
if (usergroupList.getXusergroupInfoList() != null) {
xusergroupList.addAll(usergroupList.getXusergroupInfoList());
retrievedCount = xusergroupList.size();
for (XUserGroupInfo ug : usergroupList.getXusergroupInfoList()) {
if (LOG.isDebugEnabled()) {
LOG.debug("USER_GROUP: UserId:" + ug.getUserId() + ", Name: " + ug.getGroupName());
}
}
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== PolicyMgrUserGroupBuilder.buildUserGroupLinkList()");
}
}
private UserGroupInfo addUserGroupInfo(String userName, List<String> groups){
if(LOG.isDebugEnabled()) {
LOG.debug("==> PolicyMgrUserGroupBuilder.addUserGroupInfo " + userName + " and groups");
}
UserGroupInfo ret = null;
XUserInfo user = null;
if (LOG.isDebugEnabled()) {
LOG.debug("INFO: addPMXAUser(" + userName + ")");
}
if (! isMockRun) {
user = addXUserInfo(userName);
if (!groups.isEmpty() && user != null) {
for (String group : groups) {
String value = groupMap.get(group);
if (value != null) {
List<String> userRoleList = new ArrayList<String>();
userRoleList.add(value);
if (userMap.containsKey(user.getName())) {
List<String> userRole = new ArrayList<String>();
userRole.add(userMap.get(user.getName()));
user.setUserRoleList(userRole);
} else {
user.setUserRoleList(userRoleList);
}
}
}
}
usergroupInfo.setXuserInfo(user);
}
for(String g : groups) {
if (LOG.isDebugEnabled()) {
LOG.debug("INFO: addPMXAGroupToUser(" + userName + "," + g + ")");
}
}
if (! isMockRun ) {
addXUserGroupInfo(user, groups);
}
if (authenticationType != null && AUTH_KERBEROS.equalsIgnoreCase(authenticationType) && SecureClientLogin.isKerberosCredentialExists(principal, keytab)){
try {
Subject sub = SecureClientLogin.loginUserFromKeytab(principal, keytab, nameRules);
final UserGroupInfo result = ret;
ret = Subject.doAs(sub, new PrivilegedAction<UserGroupInfo>() {
@Override
public UserGroupInfo run() {
try {
return getUsergroupInfo(result);
} catch (Exception e) {
LOG.error("Failed to add User Group Info : ", e);
}
return null;
}
});
return ret;
} catch (Exception e) {
LOG.error("Failed to Authenticate Using given Principal and Keytab : " , e);
}
return null;
}else{
return getUsergroupInfo(ret);
}
}
private UserGroupInfo getUsergroupInfo(UserGroupInfo ret) {
if(LOG.isDebugEnabled()){
LOG.debug("==> PolicyMgrUserGroupBuilder.getUsergroupInfo(UserGroupInfo ret)");
}
String response = null;
ClientResponse clientResp = null;
String relativeUrl = PM_ADD_USER_GROUP_INFO_URI;
Gson gson = new GsonBuilder().create();
String jsonString = gson.toJson(usergroupInfo);
if (LOG.isDebugEnabled()) {
LOG.debug("USER GROUP MAPPING" + jsonString);
}
if(isRangerCookieEnabled){
response = cookieBasedUploadEntity(usergroupInfo,relativeUrl);
}
else{
try {
clientResp = uGSyncClient.post(relativeUrl, null, usergroupInfo);
if (clientResp != null) {
response = clientResp.getEntity(String.class);
}
}
catch(Throwable t){
LOG.error("Failed to get response, Error is : ", t);
}
}
if ( LOG.isDebugEnabled() ) {
LOG.debug("RESPONSE: [" + response + "]");
}
ret = gson.fromJson(response, UserGroupInfo.class);
if ( ret != null) {
XUserInfo xUserInfo = ret.getXuserInfo();
addUserToList(xUserInfo);
for(XGroupInfo xGroupInfo : ret.getXgroupInfo()) {
addGroupToList(xGroupInfo);
addUserGroupInfoToList(xUserInfo,xGroupInfo);
}
}
if(LOG.isDebugEnabled()){
LOG.debug("<== PolicyMgrUserGroupBuilder.getUsergroupInfo (UserGroupInfo ret)");
}
return ret;
}
private UserGroupInfo getUserGroupInfo(UserGroupInfo usergroupInfo) {
UserGroupInfo ret = null;
if(LOG.isDebugEnabled()){
LOG.debug("==> PolicyMgrUserGroupBuilder.getUsergroupInfo(UserGroupInfo ret, UserGroupInfo usergroupInfo)");
}
String response = null;
ClientResponse clientResp = null;
String relativeURL = PM_ADD_USER_GROUP_INFO_URI;
Gson gson = new GsonBuilder().create();
String jsonString = gson.toJson(usergroupInfo);
if (LOG.isDebugEnabled()) {
LOG.debug("USER GROUP MAPPING" + jsonString);
}
if(isRangerCookieEnabled){
response = cookieBasedUploadEntity(usergroupInfo,relativeURL);
}
else{
try {
clientResp = uGSyncClient.post(relativeURL, null, usergroupInfo);
if (clientResp != null) {
response = clientResp.getEntity(String.class);
}
}catch(Throwable t){
LOG.error("Failed to get response, Error is : ", t);
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("RESPONSE: [" + response + "]");
}
ret = gson.fromJson(response, UserGroupInfo.class);
if ( ret != null) {
XUserInfo xUserInfo = ret.getXuserInfo();
addUserToList(xUserInfo);
for (XGroupInfo xGroupInfo : ret.getXgroupInfo()) {
addGroupToList(xGroupInfo);
addUserGroupInfoToList(xUserInfo, xGroupInfo);
}
}
if(LOG.isDebugEnabled()){
LOG.debug("<== PolicyMgrUserGroupBuilder.getUsergroupInfo(UserGroupInfo ret, UserGroupInfo usergroupInfo)");
}
return ret;
}
private String tryUploadEntityWithCookie(Object obj, String apiURL) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> PolicyMgrUserGroupBuilder.tryUploadEntityWithCookie()");
}
String response = null;
ClientResponse clientResp = null;
try{
clientResp = uGSyncClient.post(apiURL, null, obj, sessionId);
}
catch(Throwable t){
LOG.error("Failed to get response, Error is : ", t);
}
if (clientResp != null) {
if (!(clientResp.toString().contains(apiURL))) {
clientResp.setStatus(HttpServletResponse.SC_NOT_FOUND);
sessionId = null;
isValidRangerCookie = false;
} else if (clientResp.getStatus() == HttpServletResponse.SC_UNAUTHORIZED) {
sessionId = null;
isValidRangerCookie = false;
} else if (clientResp.getStatus() == HttpServletResponse.SC_NO_CONTENT || clientResp.getStatus() == HttpServletResponse.SC_OK) {
List<NewCookie> respCookieList = clientResp.getCookies();
for (NewCookie cookie : respCookieList) {
if (cookie.getName().equalsIgnoreCase(RANGER_ADMIN_COOKIE_NAME)) {
if (!(sessionId.getValue().equalsIgnoreCase(cookie.toCookie().getValue()))) {
sessionId = cookie.toCookie();
}
isValidRangerCookie = true;
break;
}
}
}
if (clientResp.getStatus() != HttpServletResponse.SC_OK && clientResp.getStatus() != HttpServletResponse.SC_NO_CONTENT
&& clientResp.getStatus() != HttpServletResponse.SC_BAD_REQUEST) {
sessionId = null;
isValidRangerCookie = false;
}
clientResp.bufferEntity();
response = clientResp.getEntity(String.class);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== PolicyMgrUserGroupBuilder.tryUploadEntityWithCookie()");
}
return response;
}
private String tryUploadEntityWithCred(Object obj,String apiURL){
if(LOG.isDebugEnabled()){
LOG.debug("==> PolicyMgrUserGroupBuilder.tryUploadEntityInfoWithCred()");
}
String response = null;
ClientResponse clientResp = null;
Gson gson = new GsonBuilder().create();
String jsonString = gson.toJson(obj);
if ( LOG.isDebugEnabled() ) {
LOG.debug("USER GROUP MAPPING" + jsonString);
}
try{
clientResp = uGSyncClient.post(apiURL, null, obj);
}
catch(Throwable t){
LOG.error("Failed to get response, Error is : ", t);
}
if (clientResp != null) {
if (!(clientResp.toString().contains(apiURL))) {
clientResp.setStatus(HttpServletResponse.SC_NOT_FOUND);
} else if (clientResp.getStatus() == HttpServletResponse.SC_UNAUTHORIZED) {
LOG.warn("Credentials response from ranger is 401.");
} else if (clientResp.getStatus() == HttpServletResponse.SC_OK || clientResp.getStatus() == HttpServletResponse.SC_NO_CONTENT) {
cookieList = clientResp.getCookies();
for (NewCookie cookie : cookieList) {
if (cookie.getName().equalsIgnoreCase(RANGER_ADMIN_COOKIE_NAME)) {
sessionId = cookie.toCookie();
isValidRangerCookie = true;
LOG.info("valid cookie saved ");
break;
}
}
}
if (clientResp.getStatus() != HttpServletResponse.SC_OK && clientResp.getStatus() != HttpServletResponse.SC_NO_CONTENT
&& clientResp.getStatus() != HttpServletResponse.SC_BAD_REQUEST) {
sessionId = null;
isValidRangerCookie = false;
}
clientResp.bufferEntity();
response = clientResp.getEntity(String.class);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== PolicyMgrUserGroupBuilder.tryUploadEntityInfoWithCred()");
}
return response;
}
private UserGroupInfo addUserGroupInfo(UserGroupInfo usergroupInfo){
if(LOG.isDebugEnabled()) {
LOG.debug("==> PolicyMgrUserGroupBuilder.addUserGroupInfo");
}
UserGroupInfo ret = null;
if (authenticationType != null && AUTH_KERBEROS.equalsIgnoreCase(authenticationType) && SecureClientLogin.isKerberosCredentialExists(principal, keytab)) {
try {
Subject sub = SecureClientLogin.loginUserFromKeytab(principal, keytab, nameRules);
final UserGroupInfo ugInfo = usergroupInfo;
ret = Subject.doAs(sub, new PrivilegedAction<UserGroupInfo>() {
@Override
public UserGroupInfo run() {
try {
return getUserGroupInfo(ugInfo);
} catch (Exception e) {
LOG.error("Failed to add User Group Info : ", e);
}
return null;
}
});
return ret;
} catch (Exception e) {
LOG.error("Failed to Authenticate Using given Principal and Keytab : ",e);
}
} else {
try {
ret = getUserGroupInfo(usergroupInfo);
} catch (Throwable t) {
LOG.error("Failed to add User Group Info : ", t);
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== PolicyMgrUserGroupBuilder.addUserGroupInfo");
}
return ret;
}
private XUserInfo addXUserInfo(String aUserName) {
XUserInfo xuserInfo = new XUserInfo();
xuserInfo.setName(aUserName);
xuserInfo.setDescription(aUserName + " - add from Unix box");
List<String> roleList = new ArrayList<String>();
if (userMap.containsKey(aUserName)) {
roleList.add(userMap.get(aUserName));
}else{
roleList.add("ROLE_USER");
}
xuserInfo.setUserRoleList(roleList);
usergroupInfo.setXuserInfo(xuserInfo);
return xuserInfo;
}
private XGroupInfo addXGroupInfo(String aGroupName) {
XGroupInfo addGroup = new XGroupInfo();
addGroup.setName(aGroupName);
addGroup.setDescription(aGroupName + " - add from Unix box");
addGroup.setGroupType("1");
addGroup.setGroupSource(GROUP_SOURCE_EXTERNAL);
return addGroup;
}
private void addXUserGroupInfo(XUserInfo aUserInfo, List<String> aGroupList) {
List<XGroupInfo> xGroupInfoList = new ArrayList<XGroupInfo>();
for(String groupName : aGroupList) {
XGroupInfo group = groupName2XGroupInfoMap.get(groupName);
if (group == null) {
group = addXGroupInfo(groupName);
}
xGroupInfoList.add(group);
addXUserGroupInfo(aUserInfo, group);
}
usergroupInfo.setXgroupInfo(xGroupInfoList);
}
private List<XGroupInfo> getXGroupInfoList(List<String> aGroupList) {
List<XGroupInfo> xGroupInfoList = new ArrayList<XGroupInfo>();
for(String groupName : aGroupList) {
XGroupInfo group = groupName2XGroupInfoMap.get(groupName);
if (group == null) {
group = addXGroupInfo(groupName);
}else if(!GROUP_SOURCE_EXTERNAL.equals(group.getGroupSource())){
group.setGroupSource(GROUP_SOURCE_EXTERNAL);
}
xGroupInfoList.add(group);
}
return xGroupInfoList;
}
private XUserGroupInfo addXUserGroupInfo(XUserInfo aUserInfo, XGroupInfo aGroupInfo) {
XUserGroupInfo ugInfo = new XUserGroupInfo();
ugInfo.setUserId(aUserInfo.getId());
ugInfo.setGroupName(aGroupInfo.getName());
// ugInfo.setParentGroupId("1");
return ugInfo;
}
private void delXUserGroupInfo(final XUserInfo aUserInfo, List<String> aGroupList) {
for(String groupName : aGroupList) {
final XGroupInfo group = groupName2XGroupInfoMap.get(groupName);
if (group != null) {
if (authenticationType != null && AUTH_KERBEROS.equalsIgnoreCase(authenticationType) && SecureClientLogin.isKerberosCredentialExists(principal, keytab)) {
try {
if (LOG.isDebugEnabled()) {
LOG.debug("Using principal = " + principal + " and keytab = " + keytab);
}
Subject sub = SecureClientLogin.loginUserFromKeytab(principal, keytab, nameRules);
Subject.doAs(sub, new PrivilegedAction<Void>() {
@Override
public Void run() {
try {
delXUserGroupInfo(aUserInfo, group);
} catch (Exception e) {
LOG.error("Failed to build Group List : ", e);
}
return null;
}
});
} catch (Exception e) {
LOG.error("Failed to Authenticate Using given Principal and Keytab : ",e);
}
} else {
delXUserGroupInfo(aUserInfo, group);
}
}
}
}
private void delXUserGroupInfo(XUserInfo aUserInfo, XGroupInfo aGroupInfo) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> PolicyMgrUserGroupBuilder.delXUserGroupInfo()");
}
String groupName = aGroupInfo.getName();
String userName = aUserInfo.getName();
try {
ClientResponse response = null;
String relativeURL = PM_DEL_USER_GROUP_LINK_URI.replaceAll(Pattern.quote("${groupName}"),
URLEncoderUtil.encodeURIParam(groupName)).replaceAll(Pattern.quote("${userName}"), URLEncoderUtil.encodeURIParam(userName));
if (isRangerCookieEnabled) {
if (sessionId != null && isValidRangerCookie) {
response = uGSyncClient.delete(relativeURL, null, sessionId);
if (response != null) {
if (!(response.toString().contains(relativeURL))) {
response.setStatus(HttpServletResponse.SC_NOT_FOUND);
sessionId = null;
isValidRangerCookie = false;
} else if (response.getStatus() == HttpServletResponse.SC_UNAUTHORIZED) {
LOG.warn("response from ranger is 401 unauthorized");
sessionId = null;
isValidRangerCookie = false;
} else if (response.getStatus() == HttpServletResponse.SC_NO_CONTENT
|| response.getStatus() == HttpServletResponse.SC_OK) {
cookieList = response.getCookies();
for (NewCookie cookie : cookieList) {
if (cookie.getName().equalsIgnoreCase(RANGER_ADMIN_COOKIE_NAME)) {
sessionId = cookie.toCookie();
isValidRangerCookie = true;
break;
}
}
}
if (response.getStatus() != HttpServletResponse.SC_OK && response.getStatus() != HttpServletResponse.SC_NO_CONTENT
&& response.getStatus() != HttpServletResponse.SC_BAD_REQUEST) {
sessionId = null;
isValidRangerCookie = false;
}
}
} else {
response = uGSyncClient.delete(relativeURL, null);
if (response != null) {
if (!(response.toString().contains(relativeURL))) {
response.setStatus(HttpServletResponse.SC_NOT_FOUND);
} else if (response.getStatus() == HttpServletResponse.SC_UNAUTHORIZED) {
LOG.warn("Credentials response from ranger is 401.");
} else if (response.getStatus() == HttpServletResponse.SC_OK
|| response.getStatus() == HttpServletResponse.SC_NO_CONTENT) {
cookieList = response.getCookies();
for (NewCookie cookie : cookieList) {
if (cookie.getName().equalsIgnoreCase(RANGER_ADMIN_COOKIE_NAME)) {
sessionId = cookie.toCookie();
isValidRangerCookie = true;
LOG.info("valid cookie saved ");
break;
}
}
}
if (response.getStatus() != HttpServletResponse.SC_OK && response.getStatus() != HttpServletResponse.SC_NO_CONTENT
&& response.getStatus() != HttpServletResponse.SC_BAD_REQUEST) {
sessionId = null;
isValidRangerCookie = false;
}
}
}
} else {
response = uGSyncClient.delete(relativeURL, null);
}
if ( LOG.isDebugEnabled() ) {
LOG.debug("RESPONSE: [" + response.toString() + "]");
}
if (response.getStatus() == 200) {
delUserGroupFromList(aUserInfo, aGroupInfo);
}
} catch (Exception e) {
LOG.warn( "ERROR: Unable to delete GROUP: " + groupName + " from USER:" + userName , e);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== PolicyMgrUserGroupBuilder.delXUserGroupInfo()");
}
}
private MUserInfo addMUser(String aUserName) {
MUserInfo ret = null;
MUserInfo userInfo = new MUserInfo();
userInfo.setLoginId(aUserName);
userInfo.setFirstName(aUserName);
userInfo.setLastName(aUserName);
String str[] = new String[1];
if (userMap.containsKey(aUserName)) {
str[0] = userMap.get(aUserName);
}
userInfo.setUserRoleList(str);
if (authenticationType != null && AUTH_KERBEROS.equalsIgnoreCase(authenticationType) && SecureClientLogin.isKerberosCredentialExists(principal, keytab)) {
try {
Subject sub = SecureClientLogin.loginUserFromKeytab(principal, keytab, nameRules);
final MUserInfo result = ret;
final MUserInfo userInfoFinal = userInfo;
ret = Subject.doAs(sub, new PrivilegedAction<MUserInfo>() {
@Override
public MUserInfo run() {
try {
return getMUser(userInfoFinal, result);
} catch (Exception e) {
LOG.error("Failed to add User : ", e);
}
return null;
}
});
return ret;
} catch (Exception e) {
LOG.error("Failed to Authenticate Using given Principal and Keytab : " , e);
}
return null;
} else {
return getMUser(userInfo, ret);
}
}
private MUserInfo getMUser(MUserInfo userInfo, MUserInfo ret) {
if(LOG.isDebugEnabled()){
LOG.debug("==> PolicyMgrUserGroupBuilder.getMUser()");
}
String response = null;
ClientResponse clientResp = null;
Gson gson = new GsonBuilder().create();
if (isRangerCookieEnabled) {
response = cookieBasedUploadEntity(userInfo, PM_ADD_LOGIN_USER_URI);
} else {
String relativeUrl = PM_ADD_LOGIN_USER_URI;
try {
clientResp = uGSyncClient.post(relativeUrl, null, userInfo);
if (clientResp != null) {
response = clientResp.getEntity(String.class);
}
} catch (Exception e) {
LOG.error("Failed to get response, Error is : " + e.getMessage());
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("RESPONSE[" + response + "]");
}
ret = gson.fromJson(response, MUserInfo.class);
if (LOG.isDebugEnabled()) {
LOG.debug("MUser Creation successful " + ret);
LOG.debug("<== PolicyMgrUserGroupBuilder.getMUser()");
}
return ret;
}
private String cookieBasedUploadEntity(Object obj, String apiURL ) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> PolicyMgrUserGroupBuilder.cookieBasedUploadEntity()");
}
String response = null;
if (sessionId != null && isValidRangerCookie) {
response = tryUploadEntityWithCookie(obj, apiURL);
}
else{
response = tryUploadEntityWithCred(obj, apiURL);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== PolicyMgrUserGroupBuilder.cookieBasedUploadEntity()");
}
return response;
}
private String cookieBasedGetEntity(String apiURL ,int retrievedCount) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> PolicyMgrUserGroupBuilder.cookieBasedGetEntity()");
}
String response = null;
if (sessionId != null && isValidRangerCookie) {
response = tryGetEntityWithCookie(apiURL,retrievedCount);
}
else{
response = tryGetEntityWithCred(apiURL,retrievedCount);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== PolicyMgrUserGroupBuilder.cookieBasedGetEntity()");
}
return response;
}
private String tryGetEntityWithCred(String apiURL, int retrievedCount) {
if(LOG.isDebugEnabled()){
LOG.debug("==> PolicyMgrUserGroupBuilder.tryGetEntityWithCred()");
}
String response = null;
ClientResponse clientResp = null;
Map<String, String> queryParams = new HashMap<String, String>();
queryParams.put("pageSize", recordsToPullPerCall);
queryParams.put("startIndex", String.valueOf(retrievedCount));
try{
clientResp = uGSyncClient.get(apiURL, queryParams);
}
catch(Throwable t){
LOG.error("Failed to get response, Error is : ", t);
}
if (clientResp != null) {
if (!(clientResp.toString().contains(apiURL))) {
clientResp.setStatus(HttpServletResponse.SC_NOT_FOUND);
} else if (clientResp.getStatus() == HttpServletResponse.SC_UNAUTHORIZED) {
LOG.warn("Credentials response from ranger is 401.");
} else if (clientResp.getStatus() == HttpServletResponse.SC_OK || clientResp.getStatus() == HttpServletResponse.SC_NO_CONTENT) {
cookieList = clientResp.getCookies();
for (NewCookie cookie : cookieList) {
if (cookie.getName().equalsIgnoreCase(RANGER_ADMIN_COOKIE_NAME)) {
sessionId = cookie.toCookie();
isValidRangerCookie = true;
LOG.info("valid cookie saved ");
break;
}
}
}
if (clientResp.getStatus() != HttpServletResponse.SC_OK && clientResp.getStatus() != HttpServletResponse.SC_NO_CONTENT
&& clientResp.getStatus() != HttpServletResponse.SC_BAD_REQUEST) {
sessionId = null;
isValidRangerCookie = false;
}
clientResp.bufferEntity();
response = clientResp.getEntity(String.class);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== PolicyMgrUserGroupBuilder.tryGetEntityWithCred()");
}
return response;
}
private String tryGetEntityWithCookie(String apiURL, int retrievedCount) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> PolicyMgrUserGroupBuilder.tryGetEntityWithCookie()");
}
String response = null;
ClientResponse clientResp = null;
Map<String, String> queryParams = new HashMap<String, String>();
queryParams.put("pageSize", recordsToPullPerCall);
queryParams.put("startIndex", String.valueOf(retrievedCount));
try{
clientResp = uGSyncClient.get(apiURL, queryParams, sessionId);
}
catch(Throwable t){
LOG.error("Failed to get response, Error is : ", t);
}
if (clientResp != null) {
if (!(clientResp.toString().contains(apiURL))) {
clientResp.setStatus(HttpServletResponse.SC_NOT_FOUND);
sessionId = null;
isValidRangerCookie = false;
} else if (clientResp.getStatus() == HttpServletResponse.SC_UNAUTHORIZED) {
sessionId = null;
isValidRangerCookie = false;
} else if (clientResp.getStatus() == HttpServletResponse.SC_NO_CONTENT || clientResp.getStatus() == HttpServletResponse.SC_OK) {
List<NewCookie> respCookieList = clientResp.getCookies();
for (NewCookie cookie : respCookieList) {
if (cookie.getName().equalsIgnoreCase(RANGER_ADMIN_COOKIE_NAME)) {
if (!(sessionId.getValue().equalsIgnoreCase(cookie.toCookie().getValue()))) {
sessionId = cookie.toCookie();
}
isValidRangerCookie = true;
break;
}
}
}
if (clientResp.getStatus() != HttpServletResponse.SC_OK && clientResp.getStatus() != HttpServletResponse.SC_NO_CONTENT
&& clientResp.getStatus() != HttpServletResponse.SC_BAD_REQUEST) {
sessionId = null;
isValidRangerCookie = false;
}
clientResp.bufferEntity();
response = clientResp.getEntity(String.class);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== PolicyMgrUserGroupBuilder.tryGetEntityWithCookie()");
}
return response;
}
@Override
public void addOrUpdateGroup(String groupName, Map<String, String> groupAttrs) throws Throwable{
XGroupInfo group = groupName2XGroupInfoMap.get(groupName);
if (group == null) { // Does not exists
//* Build the group info object and do the rest call
if ( ! isMockRun ) {
group = addGroupInfo(groupName);
if ( group != null) {
addGroupToList(group);
} else {
String msg = "Failed to add addorUpdate group info";
LOG.error(msg);
throw new Exception(msg);
}
}
}
}
private XGroupInfo addGroupInfo(final String groupName){
XGroupInfo ret = null;
XGroupInfo group = null;
if (LOG.isDebugEnabled()) {
LOG.debug("INFO: addPMXAGroup(" + groupName + ")");
}
if (! isMockRun) {
group = addXGroupInfo(groupName);
}
if (authenticationType != null && AUTH_KERBEROS.equalsIgnoreCase(authenticationType) && SecureClientLogin.isKerberosCredentialExists(principal,keytab)) {
try {
LOG.info("Using principal = " + principal + " and keytab = " + keytab);
Subject sub = SecureClientLogin.loginUserFromKeytab(principal, keytab, nameRules);
final XGroupInfo groupInfo = group;
ret = Subject.doAs(sub, new PrivilegedAction<XGroupInfo>() {
@Override
public XGroupInfo run() {
try {
return getAddedGroupInfo(groupInfo);
} catch (Exception e) {
LOG.error("Failed to build Group List : ", e);
}
return null;
}
});
return ret;
} catch (Exception e) {
LOG.error("Failed to Authenticate Using given Principal and Keytab : ", e);
}
return null;
} else {
return getAddedGroupInfo(group);
}
}
private XGroupInfo getAddedGroupInfo(XGroupInfo group){
XGroupInfo ret = null;
String response = null;
ClientResponse clientResp = null;
Gson gson = new GsonBuilder().create();
String jsonString = gson.toJson(group);
if(isRangerCookieEnabled){
response = cookieBasedUploadEntity(group,PM_ADD_GROUP_URI);
}
else{
String relativeURL = PM_ADD_GROUP_URI;
try {
clientResp = uGSyncClient.post(relativeURL, null, group);
if (clientResp != null) {
response = clientResp.getEntity(String.class);
}
if (LOG.isDebugEnabled()) {
LOG.debug("Group" + jsonString);
}
} catch (Throwable t) {
LOG.error("Failed to get response, Error is : ", t);
}
}
if ( LOG.isDebugEnabled() ) {
LOG.debug("RESPONSE: [" + response + "]");
}
ret = gson.fromJson(response, XGroupInfo.class);
return ret;
}
@Override
public void addOrUpdateUser(String user) throws Throwable {
// TODO Auto-generated method stub
}
@Override
public void addOrUpdateGroup(String groupName, List<String> users) throws Throwable {
if (users == null || users.isEmpty()) {
if (groupName2XGroupInfoMap.containsKey(groupName)) {
modifiedGroupList.add(groupName);
} else {
newGroupList.add(groupName);
}
}
addOrUpdateGroup(groupName, new HashMap<String, String>());
}
@Override
public void postUserGroupAuditInfo(UgsyncAuditInfo ugsyncAuditInfo) throws Throwable {
if (! isMockRun) {
addUserGroupAuditInfo(ugsyncAuditInfo);
}
noOfNewUsers = 0;
noOfNewGroups = 0;
noOfModifiedUsers = 0;
noOfModifiedGroups = 0;
isStartupFlag = false;
newUserList.clear();
modifiedUserList.clear();
newGroupList.clear();
modifiedGroupList.clear();
}
private UgsyncAuditInfo addUserGroupAuditInfo(UgsyncAuditInfo auditInfo) {
UgsyncAuditInfo ret = null;
if (auditInfo == null) {
LOG.error("Failed to generate user group audit info");
return ret;
}
noOfNewUsers = newUserList.size();
noOfModifiedUsers = modifiedUserList.size();
noOfNewGroups = newGroupList.size();
noOfModifiedGroups = modifiedGroupList.size();
auditInfo.setNoOfNewUsers(Integer.toUnsignedLong(noOfNewUsers));
auditInfo.setNoOfNewGroups(Integer.toUnsignedLong(noOfNewGroups));
auditInfo.setNoOfModifiedUsers(Integer.toUnsignedLong(noOfModifiedUsers));
auditInfo.setNoOfModifiedGroups(Integer.toUnsignedLong(noOfModifiedGroups));
auditInfo.setSessionId("");
if (LOG.isDebugEnabled()) {
LOG.debug("INFO: addAuditInfo(" + auditInfo.getNoOfNewUsers() + ", " + auditInfo.getNoOfNewGroups()
+ ", " + auditInfo.getNoOfModifiedUsers() + ", " + auditInfo.getNoOfModifiedGroups()
+ ", " + auditInfo.getSyncSource() + ")");
}
if (authenticationType != null
&& AUTH_KERBEROS.equalsIgnoreCase(authenticationType)
&& SecureClientLogin.isKerberosCredentialExists(principal,
keytab)) {
try {
Subject sub = SecureClientLogin.loginUserFromKeytab(principal, keytab, nameRules);
final UgsyncAuditInfo auditInfoFinal = auditInfo;
ret = Subject.doAs(sub, new PrivilegedAction<UgsyncAuditInfo>() {
@Override
public UgsyncAuditInfo run() {
try {
return getUserGroupAuditInfo(auditInfoFinal);
} catch (Exception e) {
LOG.error("Failed to add User : ", e);
}
return null;
}
});
return ret;
} catch (Exception e) {
LOG.error("Failed to Authenticate Using given Principal and Keytab : " , e);
}
return ret;
} else {
return getUserGroupAuditInfo(auditInfo);
}
}
private UgsyncAuditInfo getUserGroupAuditInfo(UgsyncAuditInfo userInfo) {
if(LOG.isDebugEnabled()){
LOG.debug("==> PolicyMgrUserGroupBuilder.getUserGroupAuditInfo()");
}
String response = null;
ClientResponse clientRes = null;
Gson gson = new GsonBuilder().create();
if(isRangerCookieEnabled){
response = cookieBasedUploadEntity(userInfo, PM_AUDIT_INFO_URI);
}
else{
String relativeURL = PM_AUDIT_INFO_URI;
try {
clientRes = uGSyncClient.post(relativeURL, null, userInfo);
if (clientRes != null) {
response = clientRes.getEntity(String.class);
}
}
catch(Throwable t){
LOG.error("Failed to get Response : Error is ", t);
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("RESPONSE[" + response + "]");
}
UgsyncAuditInfo ret = gson.fromJson(response, UgsyncAuditInfo.class);
if (LOG.isDebugEnabled()) {
LOG.debug("AuditInfo Creation successful ");
}
if(LOG.isDebugEnabled()){
LOG.debug("<== PolicyMgrUserGroupBuilder.getUserGroupAuditInfo()");
}
return ret;
}
private void getRoleForUserGroups(String userGroupRolesData) {
String roleDelimiter = config.getRoleDelimiter();
String userGroupDelimiter = config.getUserGroupDelimiter();
String userNameDelimiter = config.getUserGroupNameDelimiter();
if (roleDelimiter == null || roleDelimiter.isEmpty()) {
roleDelimiter = "&";
}
if (userGroupDelimiter == null || userGroupDelimiter.isEmpty()) {
userGroupDelimiter = ":";
}
if (userNameDelimiter == null || userNameDelimiter.isEmpty()) {
userNameDelimiter = ",";
}
StringTokenizer str = new StringTokenizer(userGroupRolesData,
roleDelimiter);
int flag = 0;
String userGroupCheck = null;
String roleName = null;
while (str.hasMoreTokens()) {
flag = 0;
String tokens = str.nextToken();
if (tokens != null && !tokens.isEmpty()) {
StringTokenizer userGroupRoles = new StringTokenizer(tokens,
userGroupDelimiter);
if (userGroupRoles != null) {
while (userGroupRoles.hasMoreElements()) {
String userGroupRolesTokens = userGroupRoles
.nextToken();
if (userGroupRolesTokens != null
&& !userGroupRolesTokens.isEmpty()) {
flag++;
switch (flag) {
case 1:
roleName = userGroupRolesTokens;
break;
case 2:
userGroupCheck = userGroupRolesTokens;
break;
case 3:
StringTokenizer userGroupNames = new StringTokenizer(
userGroupRolesTokens, userNameDelimiter);
if (userGroupNames != null) {
while (userGroupNames.hasMoreElements()) {
String userGroup = userGroupNames
.nextToken();
if (userGroup != null
&& !userGroup.isEmpty()) {
if (userGroupCheck.trim().equalsIgnoreCase("u")) {
userMap.put(userGroup.trim(), roleName.trim());
} else if (userGroupCheck.trim().equalsIgnoreCase("g")) {
groupMap.put(userGroup.trim(),
roleName.trim());
}
}
}
}
break;
default:
userMap.clear();
groupMap.clear();
break;
}
}
}
}
}
}
}
@Override
public void addOrUpdateUser(String user, Map<String, String> userAttrs, List<String> groups) throws Throwable {
}
@Override
public void addOrUpdateGroup(String group, Map<String, String> groupAttrs, List<String> users) throws Throwable {
}
}
