RANGER-5215 : Policy authroisation fails for Ranger Plugins in case of users/groups converted by Ranger userysnc as per given Regex

[dhavalshah9131]

What changes were proposed in this pull request?

Problem Statement:

Currently, when Ranger Usersync is configured with case conversion and special character replacement using regex, it transforms the original user/group names from the source (e.g., AD/LDAP) before storing them in the Ranger Admin database.

Example:

Original name in LDAP/AD: John-jacobs Usersync configuration:

• ranger.usersync.ldap.username.caseconversion = lower
• ranger.usersync.mapping.username.regex = s/[-]/_/g
• Transformed and stored name in Ranger: john_jacobs

Issue:

If a Ranger plugin (e.g., Hive) uses the original name John-jacobs during authorization checks, it fails because Ranger Admin only recognizes the transformed name john_jacobs.

Error Example:

Permission denied: user [John-jacobs] does not have [SELECT] privilege on [vehicle/cars/*] Solution:

To ensure consistency, the same transformation logic used by Usersync must also be applied on the plugin side before authorization. This transformation should be made available as a utility library packaged with the plugins.

Configurability:

This feature must be configurable at the plugin level via a property (e.g., ranger.plugin.<serviceType>.supports.name.transformation), allowing users to enable or disable it based on their environment needs.

In ranger-admin-site.xml

ranger.plugins.ldap.username.caseconversion ranger.plugins.ldap.groupname.caseconversion ranger.plugins.mapping.username.handler ranger.plugins.mapping.groupname.handler ranger.plugins.mapping.regex.separator ranger.plugins.mapping.username.regex ranger.plugins.mapping.groupname.regex

How was this patch tested?

(Please explain how this patch was tested. Ex: unit tests, manual tests) 1.) Build successful with unit test. 2.) Manul testing