RANGER-1435: Allow different files to be specified for unix based usersync - ranger-0.6
diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
index eac0073..760fc4a 100644
--- a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
+++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
@@ -58,6 +58,12 @@
public static final String UGSYNC_ENABLED_PROP = "ranger.usersync.enabled" ;
public static final String UGSYNC_PM_URL_PROP = "ranger.usersync.policymanager.baseURL" ;
+
+ public static final String UGSYNC_UNIX_PASSWORD_FILE = "ranger.usersync.unix.password.file";
+ public static final String DEFAULT_UGSYNC_UNIX_PASSWORD_FILE = "/etc/passwd";
+
+ public static final String UGSYNC_UNIX_GROUP_FILE = "ranger.usersync.unix.group.file";
+ public static final String DEFAULT_UGSYNC_UNIX_GROUP_FILE = "/etc/group";
public static final String UGSYNC_MIN_USERID_PROP = "ranger.usersync.unix.minUserId" ;
@@ -355,6 +361,24 @@
return val;
}
+ public String getUnixPasswordFile() {
+ String val = prop.getProperty(UGSYNC_UNIX_PASSWORD_FILE);
+ if ( val == null ) {
+ val = DEFAULT_UGSYNC_UNIX_PASSWORD_FILE;
+ }
+
+ return val;
+ }
+
+ public String getUnixGroupFile() {
+ String val = prop.getProperty(UGSYNC_UNIX_GROUP_FILE);
+ if ( val == null ) {
+ val = DEFAULT_UGSYNC_UNIX_GROUP_FILE;
+ }
+
+ return val;
+ }
+
public String getUnixBackend() {
String val = prop.getProperty(UGSYNC_UNIX_BACKEND);
if ( val == null ) {
diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
index c71bc90..8a6a18d 100644
--- a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
+++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
@@ -41,10 +41,6 @@
private static final Logger LOG = Logger.getLogger(UnixUserGroupBuilder.class) ;
private final static String OS = System.getProperty("os.name") ;
- // kept for legacy support
- public static final String UNIX_USER_PASSWORD_FILE = "/etc/passwd" ;
- public static final String UNIX_GROUP_FILE = "/etc/group" ;
-
/** Shell commands to get users and groups */
static final String LINUX_GET_ALL_USERS_CMD = "getent passwd" ;
static final String LINUX_GET_ALL_GROUPS_CMD = "getent group" ;
@@ -78,6 +74,9 @@
private int minimumUserId = 0 ;
private int minimumGroupId = 0 ;
+ private String unixPasswordFile;
+ private String unixGroupFile;
+
private long passwordFileModifiedAt = 0 ;
private long groupFileModifiedAt = 0 ;
@@ -90,6 +89,8 @@
public UnixUserGroupBuilder() {
minimumUserId = Integer.parseInt(config.getMinUserId()) ;
minimumGroupId = Integer.parseInt(config.getMinGroupId()) ;
+ unixPasswordFile = config.getUnixPasswordFile();
+ unixGroupFile = config.getUnixGroupFile();
LOG.debug("Minimum UserId: " + minimumUserId + ", minimum GroupId: " + minimumGroupId) ;
@@ -114,12 +115,12 @@
if (useNss)
return System.currentTimeMillis() - lastUpdateTime > timeout ;
- long TempPasswordFileModifiedAt = new File(UNIX_USER_PASSWORD_FILE).lastModified() ;
+ long TempPasswordFileModifiedAt = new File(unixPasswordFile).lastModified() ;
if (passwordFileModifiedAt != TempPasswordFileModifiedAt) {
return true ;
}
- long TempGroupFileModifiedAt = new File(UNIX_GROUP_FILE).lastModified() ;
+ long TempGroupFileModifiedAt = new File(unixGroupFile).lastModified() ;
if (groupFileModifiedAt != TempGroupFileModifiedAt) {
return true ;
}
@@ -187,7 +188,7 @@
try {
if (!useNss) {
- File file = new File(UNIX_USER_PASSWORD_FILE);
+ File file = new File(unixPasswordFile);
passwordFileModifiedAt = file.lastModified();
FileInputStream fis = new FileInputStream(file);
reader = new BufferedReader(new InputStreamReader(fis, StandardCharsets.UTF_8));
@@ -376,7 +377,7 @@
try {
if (!useNss) {
- File file = new File(UNIX_GROUP_FILE);
+ File file = new File(unixGroupFile);
groupFileModifiedAt = file.lastModified();
FileInputStream fis = new FileInputStream(file);
reader = new BufferedReader(new InputStreamReader(fis, StandardCharsets.UTF_8));
diff --git a/ugsync/src/test/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilderTest.java b/ugsync/src/test/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilderTest.java
index e4d5456..9839ba9 100644
--- a/ugsync/src/test/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilderTest.java
+++ b/ugsync/src/test/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilderTest.java
@@ -42,6 +42,8 @@
@Test
public void testBuilderPasswd() throws Throwable {
config.setProperty("ranger.usersync.unix.backend", "passwd");
+ config.setProperty(UserGroupSyncConfig.UGSYNC_UNIX_PASSWORD_FILE, "/etc/passwd");
+ config.setProperty(UserGroupSyncConfig.UGSYNC_UNIX_GROUP_FILE, "/etc/group");
UnixUserGroupBuilder builder = new UnixUserGroupBuilder();
builder.init();
@@ -105,4 +107,24 @@
assertNull(users.get("root"));
}
+ @Test
+ public void testUnixPasswdAndGroupFile() throws Throwable {
+ config.setProperty("ranger.usersync.unix.backend", "passwd");
+ config.setProperty(UserGroupSyncConfig.UGSYNC_UNIX_PASSWORD_FILE, "src/test/resources/passwordFile.txt");
+ config.setProperty(UserGroupSyncConfig.UGSYNC_UNIX_GROUP_FILE, "src/test/resources/groupFile.txt");
+
+ UnixUserGroupBuilder builder = new UnixUserGroupBuilder();
+ builder.init();
+
+ Map<String, String> groups = builder.getGroupId2groupNameMap();
+ String name = groups.get("1028");
+ assertThat(name, anyOf(equalTo("wheel"), equalTo("sam")));
+
+ Map<String, List<String>> users = builder.getUser2GroupListMap();
+ List<String> usergroups = users.get("sam");
+ assertNotNull(usergroups);
+ assertThat(usergroups, anyOf(hasItem("wheel"), hasItem("sam")));
+
+ }
+
}
diff --git a/ugsync/src/test/resources/groupFile.txt b/ugsync/src/test/resources/groupFile.txt
new file mode 100644
index 0000000..89f7564
--- /dev/null
+++ b/ugsync/src/test/resources/groupFile.txt
@@ -0,0 +1,6 @@
+users:x:100:sam,bob,tom,user1,user2
+sam:x:1028:
+bob:x:1029:
+tom:x:1030:
+user1:x:1031:
+user2:x:1032:
\ No newline at end of file
diff --git a/ugsync/src/test/resources/passwordFile.txt b/ugsync/src/test/resources/passwordFile.txt
new file mode 100644
index 0000000..0e8e10b
--- /dev/null
+++ b/ugsync/src/test/resources/passwordFile.txt
@@ -0,0 +1,5 @@
+sam:x:1021:1028::/home/sam:/bin/bash
+bob:x:1022:1029::/home/bob:/bin/bash
+tom:x:1023:1030::/home/tom:/bin/bash
+user1:x:1024:1031::/home/user1:/bin/bash
+user2:x:1025:1032::/home/user2:/bin/bash
\ No newline at end of file