You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ga...@apache.org on 2016/04/29 11:34:57 UTC
[2/4] incubator-ranger git commit: RANGER-951 : Modify ranger-admin
to put stackdef for specified components
RANGER-951 : Modify ranger-admin to put stackdef for specified components
Signed-off-by: Gautam Borad <ga...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/296de339
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/296de339
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/296de339
Branch: refs/heads/master
Commit: 296de339ae174ff2c5c4a16c8f81a1bb38defbb3
Parents: 26f959f
Author: Pradeep Agrawal <pr...@freestoneinfotech.com>
Authored: Thu Apr 28 15:26:36 2016 +0530
Committer: Gautam Borad <ga...@apache.org>
Committed: Fri Apr 29 15:03:36 2016 +0530
----------------------------------------------------------------------
.../plugin/store/EmbeddedServiceDefsUtil.java | 37 ++++++++++++++++++--
security-admin/scripts/install.properties | 4 +++
security-admin/scripts/setup.sh | 5 +++
security-admin/scripts/update_property.py | 12 +++++--
.../conf.dist/ranger-admin-default-site.xml | 4 +++
.../resources/conf.dist/ranger-admin-site.xml | 4 +++
6 files changed, 60 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/296de339/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
index b67c52d..7ec8d98 100755
--- a/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
@@ -21,7 +21,10 @@ package org.apache.ranger.plugin.store;
import java.io.InputStream;
import java.io.InputStreamReader;
-
+import java.util.HashSet;
+import java.util.Set;
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
@@ -43,6 +46,10 @@ public class EmbeddedServiceDefsUtil {
private static final Log LOG = LogFactory.getLog(EmbeddedServiceDefsUtil.class);
+ // following servicedef list should be reviewed/updated whenever a new embedded service-def is added
+ private static final String DEFAULT_BOOTSTRAP_SERVICEDEF_LIST = "tag,hdfs,hbase,hive,kms,knox,storm,yarn,kafka,solr";
+ private static final String PROPERTY_SUPPORTED_SERVICE_DEFS = "ranger.supportedcomponents";
+ private Set<String> supportedServiceDefs;
public static final String EMBEDDED_SERVICEDEF_TAG_NAME = "tag";
public static final String EMBEDDED_SERVICEDEF_HDFS_NAME = "hdfs";
public static final String EMBEDDED_SERVICEDEF_HBASE_NAME = "hbase";
@@ -99,6 +106,7 @@ public class EmbeddedServiceDefsUtil {
gsonBuilder = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z").setPrettyPrinting().create();
+ supportedServiceDefs =getSupportedServiceDef();
/*
* Maintaining the following service-def create-order is critical for the
* the legacy service-defs (HDFS/HBase/Hive/Knox/Storm) to be assigned IDs
@@ -172,10 +180,10 @@ public class EmbeddedServiceDefsUtil {
}
RangerServiceDef ret = null;
-
+ boolean createServiceDef = (CollectionUtils.isEmpty(supportedServiceDefs) || supportedServiceDefs.contains(serviceDefName));
try {
ret = store.getServiceDefByName(serviceDefName);
- if(ret == null && createEmbeddedServiceDefs) {
+ if(ret == null && createEmbeddedServiceDefs && createServiceDef) {
ret = loadEmbeddedServiceDef(serviceDefName);
LOG.info("creating embedded service-def " + serviceDefName);
@@ -220,4 +228,27 @@ public class EmbeddedServiceDefsUtil {
return ret;
}
+
+ private Set<String> getSupportedServiceDef(){
+ Set<String> supportedServiceDef =new HashSet<String>();
+ try{
+ String ranger_supportedcomponents=RangerConfiguration.getInstance().get(PROPERTY_SUPPORTED_SERVICE_DEFS, DEFAULT_BOOTSTRAP_SERVICEDEF_LIST);
+ if(StringUtils.isBlank(ranger_supportedcomponents) || "all".equalsIgnoreCase(ranger_supportedcomponents)){
+ ranger_supportedcomponents=DEFAULT_BOOTSTRAP_SERVICEDEF_LIST;
+ }
+ String[] supportedComponents=ranger_supportedcomponents.split(",");
+ if(supportedComponents!=null && supportedComponents.length>0){
+ for(String element:supportedComponents){
+ if(!StringUtils.isBlank(element)){
+ element=element.toLowerCase();
+ if(!supportedServiceDef.contains(element)){
+ supportedServiceDef.add(element);
+ }
+ }
+ }
+ }
+ }catch(Exception ex){
+ }
+ return supportedServiceDef;
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/296de339/security-admin/scripts/install.properties
----------------------------------------------------------------------
diff --git a/security-admin/scripts/install.properties b/security-admin/scripts/install.properties
index 3913254..d2cbf45 100644
--- a/security-admin/scripts/install.properties
+++ b/security-admin/scripts/install.properties
@@ -79,6 +79,10 @@ audit_solr_zookeepers=
policymgr_external_url=http://localhost:6080
policymgr_http_enabled=true
+#Add Supported Components list below separated by semi-colon, default value is empty string to support all components
+#Example : policymgr_supportedcomponents=hive,hbase,hdfs
+policymgr_supportedcomponents=
+
#
# ------- PolicyManager CONFIG - END ---------------
#
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/296de339/security-admin/scripts/setup.sh
----------------------------------------------------------------------
diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh
index 51daf6d..9633363 100755
--- a/security-admin/scripts/setup.sh
+++ b/security-admin/scripts/setup.sh
@@ -68,6 +68,7 @@ audit_db_user=''
audit_db_password=''
policymgr_external_url=$(get_prop 'policymgr_external_url' $PROPFILE)
policymgr_http_enabled=$(get_prop 'policymgr_http_enabled' $PROPFILE)
+policymgr_supportedcomponents=$(get_prop 'policymgr_supportedcomponents' $PROPFILE)
unix_user=$(get_prop 'unix_user' $PROPFILE)
unix_group=$(get_prop 'unix_group' $PROPFILE)
authentication_method=$(get_prop 'authentication_method' $PROPFILE)
@@ -609,6 +610,10 @@ update_properties() {
newPropertyValue="${policymgr_http_enabled}"
updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
+ propertyName=ranger.supportedcomponents
+ newPropertyValue="${policymgr_supportedcomponents}"
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
+
propertyName=ranger.jpa.jdbc.user
newPropertyValue="${db_user}"
updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/296de339/security-admin/scripts/update_property.py
----------------------------------------------------------------------
diff --git a/security-admin/scripts/update_property.py b/security-admin/scripts/update_property.py
index ba2aec8..338fbf5 100644
--- a/security-admin/scripts/update_property.py
+++ b/security-admin/scripts/update_property.py
@@ -34,7 +34,13 @@ def write_properties_to_xml(xml_path, property_name='', property_value=''):
if __name__ == '__main__':
if(len(sys.argv) > 1):
- parameter_name = sys.argv[1] if len(sys.argv) > 1 else None
- parameter_value = sys.argv[2] if len(sys.argv) > 2 else None
- ranger_admin_site_xml_path = sys.argv[3] if len(sys.argv) > 3 else None
+ if(len(sys.argv) > 3):
+ parameter_name = sys.argv[1] if len(sys.argv) > 1 else None
+ parameter_value = sys.argv[2] if len(sys.argv) > 2 else None
+ ranger_admin_site_xml_path = sys.argv[3] if len(sys.argv) > 3 else None
+ else:
+ if(len(sys.argv) > 2):
+ parameter_name = sys.argv[1] if len(sys.argv) > 1 else None
+ parameter_value = ""
+ ranger_admin_site_xml_path = sys.argv[2] if len(sys.argv) > 2 else None
write_properties_to_xml(ranger_admin_site_xml_path,parameter_name,parameter_value)
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/296de339/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml b/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
index 8305f07..0d6679c 100644
--- a/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
+++ b/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
@@ -463,4 +463,8 @@
<value>rangerlogger</value>
<description></description>
</property>
+ <property>
+ <name>ranger.supportedcomponents</name>
+ <value></value>
+ </property>
</configuration>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/296de339/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml b/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
index 7d748c5..e3f9f03 100644
--- a/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
+++ b/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
@@ -271,4 +271,8 @@
<value></value>
</property>
<!-- Kerberos Properties ENDs-->
+ <property>
+ <name>ranger.supportedcomponents</name>
+ <value></value>
+ </property>
</configuration>