You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2015/08/11 00:35:52 UTC
[01/14] incubator-ranger git commit: RANGER-591: UserSync process
performance issue due to user group cache inconsistency - Additional changes
Repository: incubator-ranger
Updated Branches:
refs/heads/tag-policy 31a65f48a -> 9a6e641fa
RANGER-591: UserSync process performance issue due to user group cache inconsistency - Additional changes
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/e22fbb10
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/e22fbb10
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/e22fbb10
Branch: refs/heads/tag-policy
Commit: e22fbb10716e34738a35788bbce573545688388e
Parents: d8e3225
Author: rmani <rm...@hortonworks.com>
Authored: Thu Jul 30 16:27:42 2015 -0700
Committer: rmani <rm...@hortonworks.com>
Committed: Thu Jul 30 16:27:42 2015 -0700
----------------------------------------------------------------------
.../org/apache/ranger/unixusersync/model/XUserInfo.java | 9 ---------
1 file changed, 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e22fbb10/ugsync/src/main/java/org/apache/ranger/unixusersync/model/XUserInfo.java
----------------------------------------------------------------------
diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/model/XUserInfo.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/model/XUserInfo.java
index ca22818..babaf46 100644
--- a/ugsync/src/main/java/org/apache/ranger/unixusersync/model/XUserInfo.java
+++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/model/XUserInfo.java
@@ -28,7 +28,6 @@ public class XUserInfo {
private String description ;
private List<String> groupNameList = new ArrayList<String>() ;
- private List<String> groupIdList = new ArrayList<String>() ;
public String getId() {
return id;
@@ -56,14 +55,6 @@ public class XUserInfo {
public List<String> getGroupNameList() {
return groupNameList;
}
-
- public List<String> getGroupIdList() {
- return groupIdList;
- }
-
- public void setGroupIdList(List<String> groupIdList) {
- this.groupIdList = groupIdList;
- }
public List<String> getGroups() {
return groupNameList;
[05/14] incubator-ranger git commit: RANGER-583 changed
test/resources/log4j.properties files to remove warning during maven test
phase
Posted by ma...@apache.org.
RANGER-583 changed test/resources/log4j.properties files to remove warning during maven test phase
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/68a4352b
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/68a4352b
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/68a4352b
Branch: refs/heads/tag-policy
Commit: 68a4352b3e2ee3ba6c2f9904104641b7a387065b
Parents: edf2af7
Author: Alok Lal <al...@hortonworks.com>
Authored: Tue Jul 28 14:41:15 2015 -0700
Committer: Alok Lal <al...@apache.org>
Committed: Wed Aug 5 12:02:43 2015 -0700
----------------------------------------------------------------------
agents-common/src/test/resources/log4j.properties | 3 +--
agents-cred/src/test/resources/log4j.properties | 16 ++++++++++++++++
hbase-agent/src/test/resources/log4j.properties | 5 ++---
hive-agent/src/test/resource/log4j.properties | 9 ++++++---
security-admin/src/test/resources/log4j.properties | 3 +--
5 files changed, 26 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/68a4352b/agents-common/src/test/resources/log4j.properties
----------------------------------------------------------------------
diff --git a/agents-common/src/test/resources/log4j.properties b/agents-common/src/test/resources/log4j.properties
index bd8197d..cb409e8 100644
--- a/agents-common/src/test/resources/log4j.properties
+++ b/agents-common/src/test/resources/log4j.properties
@@ -15,12 +15,11 @@
##-- To prevent junits from cluttering the build run by default all test runs send output to null appender
log4j.appender.devnull=org.apache.log4j.varia.NullAppender
-log4j.rootLogger=FATAL, devnull
+ranger.root.logger=FATAL,devnull
##-- uncomment the following line during during development/debugging so see debug messages during test run to be emitted to console
# ranger.root.logger=DEBUG,console
-# Define the root logger to the system property "hbase.root.logger".
log4j.rootLogger=${ranger.root.logger}
# Logging Threshold
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/68a4352b/agents-cred/src/test/resources/log4j.properties
----------------------------------------------------------------------
diff --git a/agents-cred/src/test/resources/log4j.properties b/agents-cred/src/test/resources/log4j.properties
new file mode 100644
index 0000000..c2463a7
--- /dev/null
+++ b/agents-cred/src/test/resources/log4j.properties
@@ -0,0 +1,16 @@
+# Define some default values that can be overridden by system properties
+ranger.root.logger=FATAL,console
+# Define the root logger to the system property "hbase.root.logger".
+log4j.rootLogger=${ranger.root.logger}
+
+# Logging Threshold
+log4j.threshold=ALL
+
+#
+# console
+# Add "console" to rootlogger above if you want to use this
+#
+log4j.appender.console=org.apache.log4j.ConsoleAppender
+log4j.appender.console.target=System.err
+log4j.appender.console.layout=org.apache.log4j.PatternLayout
+log4j.appender.console.layout.ConversionPattern=%d{ISO8601} %-5p [%t] %c{2}: %m%n
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/68a4352b/hbase-agent/src/test/resources/log4j.properties
----------------------------------------------------------------------
diff --git a/hbase-agent/src/test/resources/log4j.properties b/hbase-agent/src/test/resources/log4j.properties
index 12e172b..cb409e8 100644
--- a/hbase-agent/src/test/resources/log4j.properties
+++ b/hbase-agent/src/test/resources/log4j.properties
@@ -15,12 +15,11 @@
##-- To prevent junits from cluttering the build run by default all test runs send output to null appender
log4j.appender.devnull=org.apache.log4j.varia.NullAppender
-log4j.rootLogger=FATAL, devnull
+ranger.root.logger=FATAL,devnull
##-- uncomment the following line during during development/debugging so see debug messages during test run to be emitted to console
-# ranger.root.logger=WARN,console
+# ranger.root.logger=DEBUG,console
-# Define the root logger to the system property "hbase.root.logger".
log4j.rootLogger=${ranger.root.logger}
# Logging Threshold
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/68a4352b/hive-agent/src/test/resource/log4j.properties
----------------------------------------------------------------------
diff --git a/hive-agent/src/test/resource/log4j.properties b/hive-agent/src/test/resource/log4j.properties
index c44bc46..f7ab2ba 100644
--- a/hive-agent/src/test/resource/log4j.properties
+++ b/hive-agent/src/test/resource/log4j.properties
@@ -13,9 +13,12 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-# Define some default values that can be overridden by system properties
-ranger.root.logger=INFO,console
-# Define the root logger to the system property "hbase.root.logger".
+##-- To prevent junits from cluttering the build run by default all test runs send output to null appender
+log4j.appender.devnull=org.apache.log4j.varia.NullAppender
+ranger.root.logger=FATAL,devnull
+
+##-- uncomment the following line during during development/debugging so see debug messages during test run to be emitted to console
+# ranger.root.logger=DEBUG,console
log4j.rootLogger=${ranger.root.logger}
# Logging Threshold
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/68a4352b/security-admin/src/test/resources/log4j.properties
----------------------------------------------------------------------
diff --git a/security-admin/src/test/resources/log4j.properties b/security-admin/src/test/resources/log4j.properties
index bd8197d..cb409e8 100644
--- a/security-admin/src/test/resources/log4j.properties
+++ b/security-admin/src/test/resources/log4j.properties
@@ -15,12 +15,11 @@
##-- To prevent junits from cluttering the build run by default all test runs send output to null appender
log4j.appender.devnull=org.apache.log4j.varia.NullAppender
-log4j.rootLogger=FATAL, devnull
+ranger.root.logger=FATAL,devnull
##-- uncomment the following line during during development/debugging so see debug messages during test run to be emitted to console
# ranger.root.logger=DEBUG,console
-# Define the root logger to the system property "hbase.root.logger".
log4j.rootLogger=${ranger.root.logger}
# Logging Threshold
[12/14] incubator-ranger git commit: RANGER-598: Update Ranger config
migration script to work with Ranger 0.5
Posted by ma...@apache.org.
RANGER-598: Update Ranger config migration script to work with Ranger 0.5
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/416e13a7
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/416e13a7
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/416e13a7
Branch: refs/heads/tag-policy
Commit: 416e13a71842f883179d10ae995137bf69b756e6
Parents: d1cf555
Author: Velmurugan Periasamy <ve...@apache.org>
Authored: Fri Aug 7 14:09:21 2015 -0400
Committer: Velmurugan Periasamy <ve...@apache.org>
Committed: Fri Aug 7 14:09:21 2015 -0400
----------------------------------------------------------------------
.../bin/import_ranger_to_ambari.py | 1214 ++++++++++
.../bin/ranger_admin_install.properties | 33 +
.../ambari2.0-hdp2.2-ranger0.40/doc/README.TXT | 74 +
.../bin/import_ranger_to_ambari.py | 2253 ++++++++++++++++++
.../bin/ranger_admin_install.properties | 33 +
.../ambari2.1-hdp2.3-ranger0.50/doc/README.TXT | 78 +
migration-util/bin/import_ranger_to_ambari.py | 1214 ----------
.../bin/ranger_admin_install.properties | 33 -
migration-util/doc/README.TXT | 74 -
9 files changed, 3685 insertions(+), 1321 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/416e13a7/migration-util/ambari2.0-hdp2.2-ranger0.40/bin/import_ranger_to_ambari.py
----------------------------------------------------------------------
diff --git a/migration-util/ambari2.0-hdp2.2-ranger0.40/bin/import_ranger_to_ambari.py b/migration-util/ambari2.0-hdp2.2-ranger0.40/bin/import_ranger_to_ambari.py
new file mode 100755
index 0000000..7b99b2f
--- /dev/null
+++ b/migration-util/ambari2.0-hdp2.2-ranger0.40/bin/import_ranger_to_ambari.py
@@ -0,0 +1,1214 @@
+import os
+import sys
+import urllib2
+import base64
+import httplib
+import json
+import time
+from xml.etree import ElementTree as ET
+import datetime
+from subprocess import Popen, PIPE
+import re
+
+
+def port_ranger_installation_to_ambari():
+ print('preparing advanged configurations for ranger')
+ flag_ranger_admin_present, ranger_admin_properties_from_file = get_ranger_admin_install_properties()
+ if flag_ranger_admin_present:
+ print('ranger admin service is installed, making configurations as required by ambari.')
+ if create_ranger_service_in_ambari():
+ print('ranger service is added sucessfully in ambari')
+ if create_ranger_service_components_in_ambari('RANGER_ADMIN'):
+ print('ranger service component is added successfully in ambari')
+ if register_ranger_admin_host_in_ambari():
+ print('ranger admin host is registered successfully in ambari')
+ if add_advanced_ranger_configurations(1, ranger_admin_properties_from_file):
+ print('ranger-admin advanced configurations added successfully in ambari, kindly run ranger-usersync to complete ranger service install')
+ else:
+ print('ranger advanced configurations added failed in ambari')
+ else:
+ print('ranger admin host registration failed in ambari')
+ else:
+ print('ranger service component add failed in ambari')
+ else:
+ print('ranger service add failed in ambari')
+ else:
+ print('ranger admin and usersync services are not installed, not importing configurations to ambari.')
+
+
+def port_ranger_usersync_installation_to_ambari():
+ print ('preparing configurations for ranger user-sync')
+ flag_ranger_usersync_present, ranger_usersync_properties_from_file = get_ranger_usersync_install_properties()
+ if flag_ranger_usersync_present:
+ print('ranger usersync service is installed, making configurations as required by ambari.')
+ if create_ranger_service_components_in_ambari('RANGER_USERSYNC'):
+ print('ranger service component is added successfully in ambari')
+ if register_ranger_usersync_host_in_ambari():
+ print('ranger usersync host is registered successfully in ambari')
+ if add_advanced_ranger_configurations(2, ranger_usersync_properties_from_file):
+ print('ranger advanced configurations added successfully in ambari')
+ if call_ranger_installed():
+ print('ranger service installed successfully in ambari.')
+ else:
+ print('ranger service install failed in ambari')
+ else:
+ print('ranger advanced configurations added failed in ambari')
+ else:
+ print('ranger usersync host registration failed in ambari')
+ else:
+ print('ranger service add failed in ambari')
+ else:
+ print('ranger admin and usersync services are not installed, not importing configurations to ambari.')
+
+
+def create_ranger_service_in_ambari():
+ print('creating ranger service in ambari')
+ ranger_create_url = ambari_service_url + '/' + ranger_service_name
+ request_result = call_ambari_api(ranger_create_url, 'POST', ambari_username_password, '')
+ if request_result is not None:
+ response_code = request_result.getcode()
+ response = json.loads(json.JSONEncoder().encode(request_result.read()))
+ if (response_code == 201 and response is not None):
+ print('ranger service created successfully in ambari.')
+ return True
+ elif (response_code == 409 and response is not None):
+ print('ranger service is already created in ambari.')
+ return True
+ else:
+ print('ranger service creation failed in ambari.')
+ return False
+
+def create_ranger_service_components_in_ambari(ranger_service_component_name):
+ print('adding ranger servcie components in ambari')
+ ranger_service_components = '{"components":[{"ServiceComponentInfo":{"component_name":"' + ranger_service_component_name + '"}}]}'
+ print('creating ranger service in ambari')
+ ranger_service_component_create_url = ambari_service_url + '?ServiceInfo/service_name=' + ranger_service_name
+ request_result = call_ambari_api(ranger_service_component_create_url, 'POST', ambari_username_password, ranger_service_components)
+ if request_result is not None:
+ response_code = request_result.getcode()
+ response = json.loads(json.JSONEncoder().encode(request_result.read()))
+ if (response_code == 201 and response is not None):
+ print('ranger service component : ' + ranger_service_component_name + ', created successfully in ambari.')
+ return True
+ elif (response_code == 409 and response is not None):
+ print('ranger service component : ' + ranger_service_component_name + ', is already present in ambari.')
+ return True
+ else:
+ print('ranger service component creation for : ' + ranger_service_component_name + ', failed in ambari.')
+ return False
+
+def register_ranger_admin_host_in_ambari():
+ print('adding ranger servcie components in ambari')
+ print('creating ranger admin service in ambari')
+ ranger_service_component_create_url = ambari_cluster_url + '/hosts/' + ranger_admin_fqdn + '/host_components/' + admin_component_name
+ request_result = call_ambari_api(ranger_service_component_create_url, 'POST', ambari_username_password, '')
+ if request_result is not None:
+ response_code = request_result.getcode()
+ response = json.loads(json.JSONEncoder().encode(request_result.read()))
+ if response_code == 201 and response is not None:
+ print('ranger admin host registered successfully in ambari.')
+ return True
+ elif (response_code == 409 and response is not None):
+ print('ranger admin host is already registered ambari.')
+ return True
+ else:
+ print('ranger admin host registration failed in ambari.')
+ return False
+
+
+def register_ranger_usersync_host_in_ambari():
+ print('adding ranger servcie components in ambari')
+ print('creating ranger admin service in ambari')
+ ranger_host_register_url = ambari_cluster_url + '/hosts/' + ranger_admin_fqdn + '/host_components/' + usersync_component_name
+ request_result = call_ambari_api(ranger_host_register_url, 'POST', ambari_username_password, '')
+ if request_result is not None:
+ response_code = request_result.getcode()
+ response = json.loads(json.JSONEncoder().encode(request_result.read()))
+ if (response_code == 201 and response is not None):
+ print('ranger usersync host registered successfully in ambari.')
+ return True
+ elif (response_code == 409 and response is not None):
+ print('ranger usersync host is already registered ambari.')
+ return True
+ else:
+ print('ranger usersync host registration failed in ambari.')
+ return False
+
+
+def add_advanced_ranger_configurations(add_admin_or_usersync, ranger_service_properties_from_file):
+ print('creating advanced configurations to be added to ambari.')
+ ranger_config_data = ''
+ advanced_admin_properties = dict()
+ advanced_ranger_site_properties = dict()
+ advanced_ranger_env_properties = dict()
+ advanced_user_sync_properties = dict()
+ date_time_stamp = getDateTimeNow()
+
+ if (add_admin_or_usersync == 1):
+ if not ((str(ranger_service_properties_from_file['db_root_password']).strip() == '') or
+ (str(ranger_service_properties_from_file['db_root_user']).strip() == '' )) :
+ advanced_admin_properties['DB_FLAVOR'] = ranger_service_properties_from_file['DB_FLAVOR']
+ advanced_admin_properties['SQL_COMMAND_INVOKER'] = ranger_service_properties_from_file['SQL_COMMAND_INVOKER']
+ advanced_admin_properties['SQL_CONNECTOR_JAR'] = ranger_service_properties_from_file['SQL_CONNECTOR_JAR']
+ advanced_admin_properties['db_root_user'] = ranger_service_properties_from_file['db_root_user']
+ advanced_admin_properties['db_root_password'] = ranger_service_properties_from_file['db_root_password']
+ advanced_admin_properties['db_host'] = ranger_service_properties_from_file['db_host']
+ advanced_admin_properties['db_name'] = ranger_service_properties_from_file['db_name']
+ advanced_admin_properties['db_user'] = ranger_service_properties_from_file['jdbc.user']
+ advanced_admin_properties['db_password'] = ranger_service_properties_from_file['jdbc.password']
+ advanced_admin_properties['audit_db_name'] = ranger_service_properties_from_file['audit_db_name']
+ advanced_admin_properties['audit_db_user'] = ranger_service_properties_from_file['auditDB.jdbc.user']
+ advanced_admin_properties['audit_db_password'] = ranger_service_properties_from_file['auditDB.jdbc.password']
+ advanced_admin_properties['policymgr_external_url'] = ranger_service_properties_from_file['xa.webapp.url.root']
+ advanced_admin_properties['policymgr_http_enabled'] = ranger_service_properties_from_file['http.enabled']
+ advanced_admin_properties['authentication_method'] = get_authentication_method()
+ advanced_admin_properties['remoteLoginEnabled'] = ranger_service_properties_from_file.get('remoteLoginEnabled','false')
+ advanced_admin_properties['authServiceHostName'] = ranger_service_properties_from_file.get('authServiceHostName','localhost')
+ advanced_admin_properties['authServicePort'] = ranger_service_properties_from_file.get('authServicePort','5151')
+ advanced_admin_properties['xa_ldap_url'] = ranger_service_properties_from_file['xa_ldap_url']
+ advanced_admin_properties['xa_ldap_userDNpattern'] = ranger_service_properties_from_file['xa_ldap_userDNpattern']
+ advanced_admin_properties['xa_ldap_groupSearchBase'] = ranger_service_properties_from_file['xa_ldap_groupSearchBase']
+ advanced_admin_properties['xa_ldap_groupSearchFilter'] = ranger_service_properties_from_file['xa_ldap_groupSearchFilter']
+ advanced_admin_properties['xa_ldap_groupRoleAttribute'] = ranger_service_properties_from_file['xa_ldap_groupRoleAttribute']
+ advanced_admin_properties['xa_ldap_ad_domain'] = ranger_service_properties_from_file['xa_ldap_ad_domain']
+ advanced_admin_properties['xa_ldap_ad_url'] = ranger_service_properties_from_file['xa_ldap_ad_url']
+
+ advanced_ranger_site_properties['HTTP_SERVICE_PORT'] = ranger_service_properties_from_file['http.service.port']
+ advanced_ranger_site_properties['HTTPS_SERVICE_PORT'] = ranger_service_properties_from_file['https.service.port']
+ advanced_ranger_site_properties['HTTPS_KEYSTORE_FILE'] = ranger_service_properties_from_file['https.attrib.keystoreFile']
+ advanced_ranger_site_properties['HTTPS_KEYSTORE_PASS'] = ranger_service_properties_from_file['https.attrib.keystorePass']
+ advanced_ranger_site_properties['HTTPS_KEY_ALIAS'] = ranger_service_properties_from_file['https.attrib.keyAlias']
+ advanced_ranger_site_properties['HTTPS_CLIENT_AUTH'] = ranger_service_properties_from_file['https.attrib.clientAuth']
+ advanced_ranger_site_properties['HTTP_ENABLED'] = ranger_service_properties_from_file['http.enabled']
+
+ advanced_ranger_env_properties['ranger_user'] = 'ranger'
+ advanced_ranger_env_properties['ranger_group'] = 'ranger'
+ advanced_ranger_env_properties['ranger_admin_log_dir'] = '/var/log/ranger/admin'
+ advanced_ranger_env_properties['ranger_usersync_log_dir'] = '/var/log/ranger/usersync'
+ advanced_ranger_env_properties['ranger_admin_username'] = 'amb_ranger_admin'
+ advanced_ranger_env_properties['ranger_admin_password'] = 'ambari123'
+ advanced_ranger_env_properties['admin_password'] = 'admin'
+
+ ranger_config_data = '[{"Clusters":{"desired_config":[{"type":"admin-properties", "service_config_version_note": "Initial configuration for Ranger Admin service" ,"tag":"' + str(
+ date_time_stamp) + '","properties":' + json.dumps(
+ advanced_admin_properties) + ', "properties_attributes": {"final": "true"}},{"type":"ranger-site", "service_config_version_note": "Initial configuration for Ranger Admin service" ,"tag":"' + str(
+ date_time_stamp) + '","properties":' + json.dumps(
+ advanced_ranger_site_properties) + ', "properties_attributes": {"final": "false"}},{"type":"ranger-env", "service_config_version_note": "Initial configuration for Ranger Admin service" ,"tag":"' + str(
+ date_time_stamp) + '","properties":' + json.dumps(advanced_ranger_env_properties) + ', "properties_attributes": {"final": "false"}}]}}]'
+
+
+ print ('####################### admin_properties configuration :')
+ for each_key in advanced_admin_properties:
+ print str(each_key) + ' = ' + str(advanced_admin_properties[each_key])
+
+ print ('####################### ranger_site_properties configuration :')
+ for each_key in advanced_ranger_site_properties:
+ print str(each_key) + ' = ' + str(advanced_ranger_site_properties[each_key])
+
+ print ('####################### ranger_env_properties configuration :')
+ for each_key in advanced_ranger_env_properties:
+ print str(each_key) + ' = ' + str(advanced_ranger_env_properties[each_key])
+
+
+ else:
+ print('either db_root_user or db_root_password value is missing from ranger_admin_install.properties file, please set appropriate value and run the script again.')
+ sys.exit(1)
+
+ elif (add_admin_or_usersync == 2):
+ advanced_user_sync_properties['SYNC_SOURCE'] = ranger_service_properties_from_file['SYNC_SOURCE']
+ advanced_user_sync_properties['MIN_UNIX_USER_ID_TO_SYNC'] = ranger_service_properties_from_file['usergroupSync.unix.minUserId']
+ advanced_user_sync_properties['SYNC_INTERVAL'] = ranger_service_properties_from_file['usergroupSync.sleepTimeInMillisBetweenSyncCycle']
+ advanced_user_sync_properties['SYNC_LDAP_URL'] = ranger_service_properties_from_file['ldapGroupSync.ldapUrl'] \
+ if str(ranger_service_properties_from_file['SYNC_SOURCE']).strip().lower() == 'ldap' else ' '
+ advanced_user_sync_properties['SYNC_LDAP_BIND_DN'] = ranger_service_properties_from_file['ldapGroupSync.ldapBindDn'] \
+ if str(ranger_service_properties_from_file['SYNC_SOURCE']).strip().lower() == 'ldap' else ' '
+ advanced_user_sync_properties['SYNC_LDAP_BIND_PASSWORD'] = ranger_service_properties_from_file['ldapGroupSync.ldapBindPassword'] \
+ if str(ranger_service_properties_from_file['SYNC_SOURCE']).strip().lower() == 'ldap' else ' '
+ advanced_user_sync_properties['CRED_KEYSTORE_FILENAME'] = ranger_service_properties_from_file['ldapGroupSync.ldapBindKeystore']
+ advanced_user_sync_properties['SYNC_LDAP_USER_SEARCH_BASE'] = ranger_service_properties_from_file['ldapGroupSync.userSearchBase'] \
+ if str(ranger_service_properties_from_file['SYNC_SOURCE']).strip().lower() == 'ldap' else ' '
+ advanced_user_sync_properties['SYNC_LDAP_USER_SEARCH_SCOPE'] = ranger_service_properties_from_file['ldapGroupSync.userSearchScope']
+ advanced_user_sync_properties['SYNC_LDAP_USER_OBJECT_CLASS'] = ranger_service_properties_from_file['ldapGroupSync.userObjectClass']
+ advanced_user_sync_properties['SYNC_LDAP_USER_SEARCH_FILTER'] = ranger_service_properties_from_file['ldapGroupSync.userSearchFilter'] \
+ if str(ranger_service_properties_from_file['SYNC_SOURCE']).strip().lower() == 'ldap' else ' '
+ advanced_user_sync_properties['SYNC_LDAP_USER_NAME_ATTRIBUTE'] = ranger_service_properties_from_file['ldapGroupSync.userNameAttribute']
+ advanced_user_sync_properties['SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE'] = ranger_service_properties_from_file['ldapGroupSync.userGroupNameAttribute']
+ advanced_user_sync_properties['SYNC_LDAP_USERNAME_CASE_CONVERSION'] = ranger_service_properties_from_file['ldapGroupSync.username.caseConversion']
+ advanced_user_sync_properties['SYNC_LDAP_GROUPNAME_CASE_CONVERSION'] = ranger_service_properties_from_file['ldapGroupSync.groupname.caseConversion']
+ advanced_user_sync_properties['logdir'] = ranger_service_properties_from_file['logdir']
+
+ ranger_config_data = '[{"Clusters":{"desired_config":[{"type":"usersync-properties", "service_config_version_note": "Initial configuration for Ranger Usersync service" ,"tag":"' + str(
+ date_time_stamp) + '","properties":' + json.dumps(advanced_user_sync_properties) + ', "properties_attributes": {"final": "false"}}]}}]'
+
+ print ('####################### user_sync_properties configuration :')
+ for each_key in advanced_user_sync_properties:
+ print str(each_key) + ' = ' + str(advanced_user_sync_properties[each_key])
+
+ else:
+ print ('invalid option for to add configuration to ranger.')
+ sys.exit(1)
+
+
+ confirm_configurations = raw_input('please confirm the above configuration values y/n (n) : ')
+ if(confirm_configurations == ''):
+ confirm_configurations = 'n'
+ print ('input registered as ' + str(confirm_configurations))
+
+ if(confirm_configurations.lower() == 'y'):
+ ranger_config_request_url = ambari_cluster_url
+ request_result = call_ambari_api(ranger_config_request_url, 'PUT', ambari_username_password, str(ranger_config_data))
+ if request_result is not None:
+ response_code = request_result.getcode()
+ response = json.loads(json.JSONEncoder().encode(request_result.read()))
+ if response_code == 200 and response is not None:
+ print('ranger advanced configuration added successfully in ambari.')
+ return True
+ else:
+ print('ranger advanced configuration add failed in ambari.')
+ return False
+ else:
+ print('ranger advanced configuration add failed in ambari.')
+ return False
+ else:
+ print ('exiting installation without configuration !')
+ sys.exit(0)
+
+
+def call_ranger_installed():
+ print('changing state of ranger services from init to installed.')
+ ranger_state_change_request = '{"RequestInfo":{"context":"Install Ranger Service","operation_level":{"level":"CLUSTER","cluster_name":"' + str(
+ cluster_name) + '"}},"Body":{"ServiceInfo":{"state":"INSTALLED"}}}'
+ ranger_state_change_url = ambari_service_url + '?ServiceInfo/state=INIT'
+ request_result = call_ambari_api(ranger_state_change_url, 'PUT', ambari_username_password, ranger_state_change_request)
+ if request_result is not None:
+ response_code = request_result.getcode()
+ response = json.loads(json.JSONEncoder().encode(request_result.read()))
+ if (response_code == 200 and response is not None):
+ print('ranger state changed to install successfully in ambari.')
+ return True
+ if (response_code == 409 and response is not None):
+ print('ranger is already installed in ambari.')
+ return True
+ if response_code == 202 and response is not None:
+ print('ranger state changed to install posted in ambari, checking for updated status waiting for 30 seconds')
+ parsed_response = json.loads(response)
+ response_href_url = parsed_response['href']
+ response_request_id = parsed_response['Requests']['id']
+ response_status = parsed_response['Requests']['status']
+ if response_status != 'Installed':
+ print('Received response but status is not installed, verifying installation to be successful.')
+ flag_ranger_installed = True
+ time.sleep(30)
+ while flag_ranger_installed:
+ print('checking request status')
+ ambari_request_url = ambari_cluster_url + '/requests/' + str(response_request_id)
+ request_status_result = call_ambari_api(ambari_request_url, 'GET', ambari_username_password, '')
+ if request_status_result is not None:
+ response_code = request_status_result.getcode()
+ response_status = json.loads(json.JSONEncoder().encode(request_status_result.read()))
+ if (response_code == 200 and 'FAILED' in response_status):
+ print('ranger install failed in ambari.')
+ flag_ranger_installed = True
+ if (response_code == 200 ):
+ print('ranger install is pending in ambari.')
+ flag_ranger_installed = True
+ if (response_code == 200 and ('PENDING' in response_status or 'INTERNAL_REQUEST' in response_status)):
+ print('ranger install is pending in ambari.')
+ flag_ranger_installed = True
+ if (response_code == 200 and 'COMPLETED' in response_status):
+ print('ranger installed successfully in ambari.')
+ flag_ranger_installed = False
+ else:
+ flag_ranger_installed = True
+ return not flag_ranger_installed
+ else:
+ print('ranger state changed to install failed in ambari.')
+ return False
+
+
+def get_ranger_usersync_install_properties():
+ print('preparing advanced configurations for ranger User-sync')
+ flag_hadoop_present = check_hadoop_dir_present(hdp_current_dir)
+ flag_ranger_usersync_present = False
+ ranger_usersync_current_dir = os.path.join(hdp_current_dir, 'ranger-usersync')
+ ranger_usersync_properties_from_file = dict()
+ print('checking for ranger-usersync service to be present')
+ flag_ranger_usersync_present, ranger_usersync__installed_version = check_ranger_usersync_install(ranger_usersync_current_dir)
+ if flag_ranger_usersync_present:
+ print('ranger usersync is installed, getting existing properties for ambari import')
+ print('got ranger usersync values from install.properties file, need to configure ambari for ranger service.')
+ ranger_usersync_properties_from_file = get_additional_properties_for_usersync(ranger_usersync_properties_from_file)
+ return flag_ranger_usersync_present, ranger_usersync_properties_from_file
+
+
+def get_ranger_admin_install_properties():
+ ranger_admin_current_dir = os.path.join(hdp_current_dir, 'ranger-admin')
+ flag_hadoop_present = check_hadoop_dir_present(hdp_current_dir)
+ flag_ranger_admin_present = False
+ ranger_admin_properties_from_file = dict()
+
+ if flag_hadoop_present:
+ print('hadoop directory is present, checking ranger admin installation.')
+ flag_ranger_admin_present, ranger_admin_installed_version = check_ranger_admin_install(ranger_admin_current_dir)
+
+ if flag_ranger_admin_present:
+ print('ranger admin is present.getting existing configurations to port to ambari.')
+ if os.path.isfile("ranger_admin_install.properties"):
+ print('ranger_install_properties_path exists, getting existing properties for ambari port')
+ ranger_admin_properties_from_file = import_properties_from_file("ranger_admin_install.properties")
+ if not (ranger_admin_properties_from_file['db_root_user'] == '' or ranger_admin_properties_from_file['db_root_password'] == ''):
+ print 'db_root_username and db_root_password are not blank.'
+ print 'value for db_root_user = ' + str(ranger_admin_properties_from_file['db_root_user'])
+ print 'value for db_root_password = ' + str(ranger_admin_properties_from_file['db_root_password'])
+ else:
+ print 'db_root_username or db_root_password are blank, please provide proper values in ranger_admin_install.properties. exiting installation without any changes.'
+ sys.exit(1)
+
+ print('got ranger admin values from ranger_admin_install.properties file, need to configure ambari for ranger service.')
+ print('getting additional properties required by ranger services')
+ ranger_admin_properties_from_file = get_additional_properties_for_admin(ranger_admin_properties_from_file)
+
+ return flag_ranger_admin_present, ranger_admin_properties_from_file
+
+
+def check_hadoop_dir_present(hdp_current_dir_path):
+ flag_hadoop_dir_present = False
+ if os.path.isdir(hdp_current_dir_path):
+ print('hadoop is installed.')
+ flag_hadoop_dir_present = True
+ return flag_hadoop_dir_present
+
+
+def check_ranger_admin_install(ranger_admin_current_dir):
+ flag_ranger_dir_present = False
+ ranger_current_installed_version = ''
+ print('checking ranger service path folder')
+ if os.path.isdir(ranger_admin_current_dir):
+ print('ranger admin is installed.')
+ if os.path.islink(ranger_admin_current_dir):
+ flag_ranger_dir_present = True
+ print('ranger admin link found getting current version from link.')
+ ranger_home_path = os.path.realpath(ranger_admin_current_dir)
+ ranger_current_installed_version = ranger_home_path.split('/')[4]
+ return flag_ranger_dir_present, ranger_current_installed_version
+
+
+def check_ranger_usersync_install(ranger_usersync_current_dir):
+ flag_ranger_dir_present = False
+ ranger_current_installed_version = ''
+ print('checking ranger service path folder')
+ if os.path.isdir(ranger_usersync_current_dir):
+ print('ranger user-sync is installed.')
+ if os.path.islink(ranger_usersync_current_dir):
+ flag_ranger_dir_present = True
+ print('ranger admin link found getting current version from link.')
+ ranger_home_path = os.path.realpath(ranger_usersync_current_dir)
+ ranger_current_installed_version = ranger_home_path.split('/')[4]
+ return flag_ranger_dir_present, ranger_current_installed_version
+
+
+def get_additional_properties_for_admin(ranger_admin_properties_from_file):
+ ranger_conf_path = '/etc/ranger/admin/conf'
+ ranger_webserver_properties_path = os.path.join(ranger_conf_path, 'ranger_webserver.properties')
+ ranger_ldap_properties_path = os.path.join(ranger_conf_path, 'xa_ldap.properties')
+ ranger_system_properties_path = os.path.join(ranger_conf_path, 'xa_system.properties')
+ ranger_unixauth_properties_path = os.path.join(ranger_conf_path, 'ranger_jaas', 'unixauth.properties')
+ try:
+ ranger_admin_properties_from_file = import_properties_from_file(ranger_webserver_properties_path, ranger_admin_properties_from_file)
+ ranger_admin_properties_from_file = import_properties_from_file(ranger_ldap_properties_path, ranger_admin_properties_from_file)
+ ranger_admin_properties_from_file = import_properties_from_file(ranger_system_properties_path, ranger_admin_properties_from_file)
+ ranger_admin_properties_from_file = import_properties_from_file(ranger_unixauth_properties_path, ranger_admin_properties_from_file)
+ except Exception, e:
+ print "Error loading property files: ", str(e)
+
+ print('getting db flavor, library and command invoker')
+ xa_system_properties_db_dialect = ranger_admin_properties_from_file['jdbc.dialect']
+ print('xa_system_properties_db_dialect = ' + xa_system_properties_db_dialect)
+ xa_system_properties_url = ranger_admin_properties_from_file['jdbc.url']
+ print('xa_system_properties_url = ' + xa_system_properties_url)
+ if ('mysql'.lower() in xa_system_properties_db_dialect.lower() and 'mysql'.lower() in xa_system_properties_url.lower()):
+ print('db dialect and jdbc url are set as MYSQL setting db_flavour and sql command invoker as mysql')
+ ranger_admin_properties_from_file['DB_FLAVOR'] = 'MYSQL'
+ ranger_admin_properties_from_file['SQL_COMMAND_INVOKER'] = 'mysql'
+ ranger_admin_properties_from_file['SQL_CONNECTOR_JAR'] = '/usr/share/java/mysql-connector-java.jar'
+ elif ('oracle'.lower() in xa_system_properties_db_dialect and 'oracle'.lower() in xa_system_properties_url.lower()):
+ print('db dialect and jdbc url are set as Oracle setting db_flavour and sql command invoker as oracle')
+ ranger_admin_properties_from_file['DB_FLAVOR'] = 'ORACLE'
+ ranger_admin_properties_from_file['SQL_COMMAND_INVOKER'] = 'sqlplus'
+ ranger_admin_properties_from_file['SQL_CONNECTOR_JAR'] = '/usr/share/java/ojdbc6.jar'
+ else:
+ print('found unsupported DB_FLAVOUR, please configure as MYSQL or ORACLE, which are supported for now.exitting for now')
+ sys.exit(1)
+
+ xa_system_properties_jdbc_url = ranger_admin_properties_from_file['jdbc.url']
+ print('found jdbc url configured as : ' + str(xa_system_properties_jdbc_url) + ' , getting db host from configured jdbc url')
+ xa_database_host_name = xa_system_properties_jdbc_url.split(':')
+ xa_database_host = xa_database_host_name[3].split('/')[2]
+ xa_database_name = xa_database_host_name[3].split('/')[3]
+ print('found db host as : ' + str(xa_database_host))
+ print('found db name as : ' + str(xa_database_name))
+ ranger_admin_properties_from_file['db_host'] = xa_database_host
+ ranger_admin_properties_from_file['db_name'] = xa_database_name
+
+ xa_system_properties_audit_jdbc_url = ranger_admin_properties_from_file['auditDB.jdbc.url']
+ print('found audit jdbc url configured as : ' + str(xa_system_properties_audit_jdbc_url) + ' , getting db host from configured jdbc url')
+ xa_audit_database_host_name = xa_system_properties_audit_jdbc_url.split(':')
+
+ xa_audit_database_host = xa_audit_database_host_name[3].split('/')[2]
+ xa_audit_database_name = xa_audit_database_host_name[3].split('/')[3]
+ print('found xa_audit_database_name as : ' + str(xa_audit_database_name))
+ ranger_admin_properties_from_file['audit_db_host'] = xa_audit_database_host
+ ranger_admin_properties_from_file['audit_db_name'] = xa_audit_database_name
+
+ xa_db_password = ''
+ xa_audit_db_password = ''
+
+ libpath = os.path.join(hdp_version_dir, 'ranger-admin', 'cred', 'lib', '*')
+ aliasKey = 'policydb.jdbc.password'
+ aliasValue = ''
+ filepath = os.path.join(hdp_version_dir, 'ranger-admin', 'ews', 'webapp', 'WEB-INF', 'classes', 'conf', '.jceks', 'rangeradmin.jceks')
+
+ getorcreateorlist = 'get'
+
+ statuscode, value = call_keystore(libpath, aliasKey, aliasValue, filepath, getorcreateorlist)
+ if statuscode == 0:
+ xa_db_password = value.strip()
+
+ aliasKey = 'auditdb.jdbc.password'
+ statuscode, value = call_keystore(libpath, aliasKey, aliasValue, filepath, getorcreateorlist)
+ if statuscode == 0:
+ xa_audit_db_password = value.strip()
+
+ ranger_admin_properties_from_file['jdbc.password'] = xa_db_password
+ ranger_admin_properties_from_file['auditDB.jdbc.password'] = xa_audit_db_password
+ return ranger_admin_properties_from_file
+
+
+def get_additional_properties_for_usersync(ranger_usersync_properties_from_file):
+ ranger_conf_path = '/etc/ranger/usersync/conf'
+ unix_auth_properties_path = os.path.join(ranger_conf_path, 'unixauthservice.properties')
+ ranger_usersync_properties_from_file = import_properties_from_file(unix_auth_properties_path, ranger_usersync_properties_from_file)
+ if (('unix'.lower()) in str(ranger_usersync_properties_from_file['usergroupSync.source.impl.class']).lower()):
+ print('sync_source is unix')
+ ranger_usersync_properties_from_file['SYNC_SOURCE'] = 'unix'
+ if (('ldap'.lower()) in str(ranger_usersync_properties_from_file['usergroupSync.source.impl.class']).lower()):
+ print('sync source is ldap')
+ ranger_usersync_properties_from_file['SYNC_SOURCE'] = 'ldap'
+ return ranger_usersync_properties_from_file
+
+
+def port_ranger_hdfs_plugin_to_ambari():
+ print('Trying to add ranger hdfs plugin.')
+ flag_hdfs_plugin_installed, hdfs_plugin_install_properties, hdfs_site_xml_properties = get_hdfs_plugin_configuration()
+ if flag_hdfs_plugin_installed and hdfs_plugin_install_properties is not None and hdfs_site_xml_properties is not None:
+ hdfs_site_xml_properties['dfs.permissions.enabled'] = 'true'
+ print('hdfs plugin is installed and enabled, adding to configurations')
+ advanced_ranger_hdfs_plugin_properties = dict()
+
+ advanced_ranger_hdfs_plugin_properties['policy_user'] = 'ambari-qa'
+ advanced_ranger_hdfs_plugin_properties['hadoop.rpc.protection'] = '-'
+ advanced_ranger_hdfs_plugin_properties['common.name.for.certificate'] = '-'
+ advanced_ranger_hdfs_plugin_properties['ranger-hdfs-plugin-enabled'] = 'Yes'
+ advanced_ranger_hdfs_plugin_properties['REPOSITORY_CONFIG_USERNAME'] = 'hadoop'
+ advanced_ranger_hdfs_plugin_properties['REPOSITORY_CONFIG_PASSWORD'] = 'hadoop'
+ advanced_ranger_hdfs_plugin_properties['XAAUDIT.DB.IS_ENABLED'] = hdfs_plugin_install_properties['xasecure.audit.db.is.enabled']
+ advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.IS_ENABLED'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.is.enabled']
+ advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.destination.directory']
+ advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.directory']
+ advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.directory']
+ advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.destination.file']
+ advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.destination.flush.interval.seconds']
+ advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = hdfs_plugin_install_properties[
+ 'xasecure.audit.hdfs.config.destination.rollover.interval.seconds']
+ advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = hdfs_plugin_install_properties[
+ 'xasecure.audit.hdfs.config.destination.open.retry.interval.seconds']
+ advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.file']
+ advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds']
+ advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = hdfs_plugin_install_properties[
+ 'xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds']
+ advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.max.file.count']
+ advanced_ranger_hdfs_plugin_properties['SSL_KEYSTORE_FILE_PATH'] = hdfs_plugin_install_properties['xasecure.policymgr.clientssl.keystore']
+ advanced_ranger_hdfs_plugin_properties['SSL_KEYSTORE_PASSWORD'] = hdfs_plugin_install_properties['xasecure.policymgr.clientssl.keystore.password']
+ advanced_ranger_hdfs_plugin_properties['SSL_TRUSTSTORE_FILE_PATH'] = hdfs_plugin_install_properties['xasecure.policymgr.clientssl.truststore']
+ advanced_ranger_hdfs_plugin_properties['SSL_TRUSTSTORE_PASSWORD'] = hdfs_plugin_install_properties['xasecure.policymgr.clientssl.truststore.password']
+
+ date_time_stamp = getDateTimeNow()
+ plugin_configuration_data = '[{"Clusters":{"desired_config":[{"type":"hdfs-site", "service_config_version_note": "Initial configuration for Ranger HDFS plugin" ,"tag":"' + str(date_time_stamp) + '","properties":' + str(
+ json.dumps(hdfs_site_xml_properties)) + ', "properties_attributes": {"final": "false"}},{"type": "ranger-hdfs-plugin-properties", "service_config_version_note": "Initial configuration for Ranger HDFS plugin" , "tag": "' + str(
+ date_time_stamp) + '", "properties":' + json.dumps(advanced_ranger_hdfs_plugin_properties) + ',"properties_attributes": {"final": "false"}}]}}]'
+
+ print ('####################### hdfs_site_xml configuration :')
+ for each_key in hdfs_site_xml_properties:
+ print str(each_key) + ' = ' + str(hdfs_site_xml_properties[each_key])
+
+ print ('####################### ranger_hdfs_plugin_properties configuration :')
+ for each_key in advanced_ranger_hdfs_plugin_properties:
+ print str(each_key) + ' = ' + str(advanced_ranger_hdfs_plugin_properties[each_key])
+
+ confirm_configurations = raw_input('please confirm the above configuration values y/n (n) : ')
+ if(confirm_configurations == ''):
+ confirm_configurations = 'n'
+ print ('Input registered as ' + str(confirm_configurations))
+
+
+ if(confirm_configurations.lower() == 'y'):
+ ranger_config_request_url = ambari_cluster_url
+ request_result = call_ambari_api(ranger_config_request_url, 'PUT', ambari_username_password, str(plugin_configuration_data))
+ if request_result is not None:
+ response_code = request_result.getcode()
+ response = json.loads(json.JSONEncoder().encode(request_result.read()))
+ if response_code == 200 and response is not None:
+ print('ranger hdfs plugin configuration added successfully in ambari.')
+ return True
+ else:
+ print('ranger hdfs plugin configuration add failed in ambari.')
+ return False
+ else:
+ print('ranger hdfs plugin configuration add failed in ambari.')
+ return False
+ else:
+ print ('exiting installation without configuration !')
+ sys.exit(0)
+ else:
+ print('ranger hdfs plugin configuration add failed in ambari.')
+ return False
+
+
+
+def port_ranger_hive_plugin_to_ambari():
+ print('Trying to add ranger hive plugin.')
+ flag_hive_plugin_installed, hive_plugin_install_properties, hive_server2_xml_properties = get_hive_plugin_configuration()
+ if flag_hive_plugin_installed and hive_plugin_install_properties is not None and hive_server2_xml_properties is not None:
+ hive_server2_xml_properties['hive.security.authorization.enabled'] = 'true'
+ hive_server2_xml_properties['hive.security.authorization.manager'] = 'com.xasecure.authorization.hive.authorizer.XaSecureHiveAuthorizerFactory'
+ hive_server2_xml_properties['hive.security.authenticator.manager'] = 'org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator'
+ hive_server2_xml_properties['hive.conf.restricted.list'] = 'hive.security.authorization.enabled, hive.security.authorization.manager,hive.security.authenticator.manager'
+ print('hive plugin is installed and enabled, adding to configurations')
+ advanced_ranger_hive_plugin_properties = dict()
+
+ advanced_ranger_hive_plugin_properties['policy_user'] = 'ambari-qa'
+ advanced_ranger_hive_plugin_properties['jdbc.driverClassName'] = 'org.apache.hive.jdbc.HiveDriver'
+ advanced_ranger_hive_plugin_properties['common.name.for.certificate'] = '-'
+ advanced_ranger_hive_plugin_properties['ranger-hive-plugin-enabled'] = 'Yes'
+ advanced_ranger_hive_plugin_properties['REPOSITORY_CONFIG_USERNAME'] = 'hive'
+ advanced_ranger_hive_plugin_properties['REPOSITORY_CONFIG_PASSWORD'] = 'hive'
+ advanced_ranger_hive_plugin_properties['XAAUDIT.DB.IS_ENABLED'] = hive_plugin_install_properties['xasecure.audit.db.is.enabled']
+ advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.IS_ENABLED'] = hive_plugin_install_properties['xasecure.audit.hdfs.is.enabled']
+ advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.destination.directory']
+ advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.directory']
+ advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.directory']
+ advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.destination.file']
+ advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.destination.flush.interval.seconds']
+ advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = hive_plugin_install_properties[
+ 'xasecure.audit.hdfs.config.destination.rollover.interval.seconds']
+ advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = hive_plugin_install_properties[
+ 'xasecure.audit.hdfs.config.destination.open.retry.interval.seconds']
+ advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.file']
+ advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds']
+ advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = hive_plugin_install_properties[
+ 'xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds']
+ advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.max.file.count']
+ advanced_ranger_hive_plugin_properties['SSL_KEYSTORE_FILE_PATH'] = hive_plugin_install_properties['xasecure.policymgr.clientssl.keystore']
+ advanced_ranger_hive_plugin_properties['SSL_KEYSTORE_PASSWORD'] = hive_plugin_install_properties['xasecure.policymgr.clientssl.keystore.password']
+ advanced_ranger_hive_plugin_properties['SSL_TRUSTSTORE_FILE_PATH'] = hive_plugin_install_properties['xasecure.policymgr.clientssl.truststore']
+ advanced_ranger_hive_plugin_properties['SSL_TRUSTSTORE_PASSWORD'] = hive_plugin_install_properties['xasecure.policymgr.clientssl.truststore.password']
+ advanced_ranger_hive_plugin_properties['UPDATE_XAPOLICIES_ON_GRANT_REVOKE'] = hive_plugin_install_properties['xasecure.hive.update.xapolicies.on.grant.revoke']
+
+ date_time_stamp = getDateTimeNow()
+ plugin_configuration_data = '[{"Clusters":{"desired_config":[{"type":"hiveserver2-site", "service_config_version_note": "Initial configuration for Ranger HIVE plugin" ,"tag":"' + str(date_time_stamp) + '","properties":' + str(
+ json.dumps(hive_server2_xml_properties)) + ', "properties_attributes": {"final": "false"}},{"type": "ranger-hive-plugin-properties", "service_config_version_note": "Initial configuration for Ranger HIVE plugin" ,"tag":"' + str(
+ date_time_stamp) + '", "properties":' + json.dumps(advanced_ranger_hive_plugin_properties) + ',"properties_attributes": {"final": "false"}}]}}]'
+
+
+ print ('####################### hive_server2_xml configuration :')
+ for each_key in hive_server2_xml_properties:
+ print str(each_key) + ' = ' + str(hive_server2_xml_properties[each_key])
+
+ print ('####################### ranger_hive_plugin_properties configuration :')
+ for each_key in advanced_ranger_hive_plugin_properties:
+ print str(each_key) + ' = ' + str(advanced_ranger_hive_plugin_properties[each_key])
+
+ confirm_configurations = raw_input('please confirm the above configuration values y/n (n) : ')
+ if(confirm_configurations == ''):
+ confirm_configurations = 'n'
+ print ('Input registered as ' + str(confirm_configurations))
+
+
+ if(confirm_configurations.lower() == 'y'):
+ ranger_config_request_url = ambari_cluster_url
+ request_result = call_ambari_api(ranger_config_request_url, 'PUT', ambari_username_password, str(plugin_configuration_data))
+ if request_result is not None:
+ response_code = request_result.getcode()
+ response = json.loads(json.JSONEncoder().encode(request_result.read()))
+ if response_code == 200 and response is not None:
+ print('ranger hive plugin configuration added successfully in ambari.')
+ return True
+ else:
+ print('ranger hive plugin configuration add failed in ambari.')
+ return False
+ else:
+ print('ranger hive plugin configuration add failed in ambari.')
+ return False
+ else:
+ print ('exiting installation without configuration !')
+ sys.exit(0)
+ else:
+ print('ranger hive plugin configuration add failed in ambari.')
+ return False
+
+
+
+def port_ranger_hbase_plugin_to_ambari():
+ print('Trying to add ranger Hbase plugin.')
+ flag_hbase_plugin_installed, hbase_plugin_install_properties, hbase_site_xml_properties = get_hbase_plugin_configuration()
+ if flag_hbase_plugin_installed and hbase_plugin_install_properties is not None and hbase_site_xml_properties is not None:
+ print('Hbase plugin is installed and enabled, adding to configurations')
+ advanced_ranger_hbase_plugin_properties = dict()
+
+ advanced_ranger_hbase_plugin_properties['policy_user'] = 'ambari-qa'
+ advanced_ranger_hbase_plugin_properties['common.name.for.certificate'] = '-'
+ advanced_ranger_hbase_plugin_properties['ranger-hbase-plugin-enabled'] = 'Yes'
+ advanced_ranger_hbase_plugin_properties['REPOSITORY_CONFIG_USERNAME'] = 'hbase'
+ advanced_ranger_hbase_plugin_properties['REPOSITORY_CONFIG_PASSWORD'] = 'hbase'
+ advanced_ranger_hbase_plugin_properties['XAAUDIT.DB.IS_ENABLED'] = hbase_plugin_install_properties['xasecure.audit.db.is.enabled']
+ advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.IS_ENABLED'] = hbase_plugin_install_properties['xasecure.audit.hdfs.is.enabled']
+ advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.destination.directory']
+ advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.directory']
+ advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.directory']
+ advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.destination.file']
+ advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.destination.flush.interval.seconds']
+ advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = hbase_plugin_install_properties[
+ 'xasecure.audit.hdfs.config.destination.rollover.interval.seconds']
+ advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = hbase_plugin_install_properties[
+ 'xasecure.audit.hdfs.config.destination.open.retry.interval.seconds']
+ advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.file']
+ advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds']
+ advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = hbase_plugin_install_properties[
+ 'xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds']
+ advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.max.file.count']
+ advanced_ranger_hbase_plugin_properties['SSL_KEYSTORE_FILE_PATH'] = hbase_plugin_install_properties['xasecure.policymgr.clientssl.keystore']
+ advanced_ranger_hbase_plugin_properties['SSL_KEYSTORE_PASSWORD'] = hbase_plugin_install_properties['xasecure.policymgr.clientssl.keystore.password']
+ advanced_ranger_hbase_plugin_properties['SSL_TRUSTSTORE_FILE_PATH'] = hbase_plugin_install_properties['xasecure.policymgr.clientssl.truststore']
+ advanced_ranger_hbase_plugin_properties['SSL_TRUSTSTORE_PASSWORD'] = hbase_plugin_install_properties['xasecure.policymgr.clientssl.truststore.password']
+ advanced_ranger_hbase_plugin_properties['UPDATE_XAPOLICIES_ON_GRANT_REVOKE'] = hbase_plugin_install_properties['xasecure.hbase.update.xapolicies.on.grant.revoke']
+
+ date_time_stamp = getDateTimeNow()
+ plugin_configuration_data = '[{"Clusters":{"desired_config":[{"type":"hbase-site", "service_config_version_note": "Initial configuration for Ranger HBASE plugin" ,"tag":"' + str(date_time_stamp) + '","properties":' + str(
+ json.dumps(hbase_site_xml_properties)) + ', "properties_attributes": {"final": "false"}},{"type": "ranger-hbase-plugin-properties","service_config_version_note": "Initial configuration for Ranger HBASE plugin" ,"tag":"' + str(
+ date_time_stamp) + '", "properties":' + json.dumps(advanced_ranger_hbase_plugin_properties) + ',"properties_attributes": {"final": "false"}}]}}]'
+
+ print ('####################### hbase_site_xml configuration :')
+ for each_key in hbase_site_xml_properties:
+ print str(each_key) + ' = ' + str(hbase_site_xml_properties[each_key])
+
+ print ('####################### ranger_hbase_plugin_properties configuration :')
+ for each_key in advanced_ranger_hbase_plugin_properties:
+ print str(each_key) + ' = ' + str(advanced_ranger_hbase_plugin_properties[each_key])
+
+ confirm_configurations = raw_input('please confirm the above configuration values y/n (n) : ')
+ if(confirm_configurations == ''):
+ confirm_configurations = 'n'
+ print ('Input registered as ' + str(confirm_configurations))
+
+
+ if(confirm_configurations.lower() == 'y'):
+ ranger_config_request_url = ambari_cluster_url
+ request_result = call_ambari_api(ranger_config_request_url, 'PUT', ambari_username_password, str(plugin_configuration_data))
+ if request_result is not None:
+ response_code = request_result.getcode()
+ response = json.loads(json.JSONEncoder().encode(request_result.read()))
+ if response_code == 200 and response is not None:
+ print('ranger hbase plugin configuration added successfully in ambari.')
+ return True
+ else:
+ print('ranger hbase plugin configuration add failed in ambari.')
+ return False
+ else:
+ print ('ranger hbase plugin configuration add failed in ambari.')
+ return False
+ else:
+ print ('exiting installation without configuration !')
+ sys.exit(0)
+ else:
+ print ('ranger hbase plugin configuration add failed in ambari.')
+ return False
+
+
+
+def port_ranger_knox_plugin_to_ambari():
+ print('trying to add ranger knox plugin.')
+ flag_knox_plugin_installed, knox_plugin_install_properties = get_knox_plugin_configuration()
+ if flag_knox_plugin_installed and knox_plugin_install_properties is not None:
+ print('Knox plugin is installed and enabled, adding to configurations')
+ advanced_ranger_knox_plugin_properties = dict()
+
+ advanced_ranger_knox_plugin_properties['policy_user'] = 'ambari-qa'
+ advanced_ranger_knox_plugin_properties['common.name.for.certificate'] = '-'
+ advanced_ranger_knox_plugin_properties['ranger-knox-plugin-enabled'] = 'Yes'
+ advanced_ranger_knox_plugin_properties['REPOSITORY_CONFIG_USERNAME'] = 'admin'
+ advanced_ranger_knox_plugin_properties['REPOSITORY_CONFIG_PASSWORD'] = 'admin-password'
+ advanced_ranger_knox_plugin_properties['KNOX_HOME'] = '/usr/hdp/current/knox-server'
+ advanced_ranger_knox_plugin_properties['XAAUDIT.DB.IS_ENABLED'] = knox_plugin_install_properties['xasecure.audit.db.is.enabled']
+ advanced_ranger_knox_plugin_properties['XAAUDIT.HDFS.IS_ENABLED'] = knox_plugin_install_properties['xasecure.audit.hdfs.is.enabled']
+ advanced_ranger_knox_plugin_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = knox_plugin_install_properties['xasecure.audit.hdfs.config.destination.directory']
+ advanced_ranger_knox_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = knox_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.directory']
+ advanced_ranger_knox_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = knox_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.directory']
+ advanced_ranger_knox_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = knox_plugin_install_properties['xasecure.audit.hdfs.config.destination.file']
+ advanced_ranger_knox_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = knox_plugin_install_properties['xasecure.audit.hdfs.config.destination.flush.interval.seconds']
+ advanced_ranger_knox_plugin_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = knox_plugin_install_properties[
+ 'xasecure.audit.hdfs.config.destination.rollover.interval.seconds']
+ advanced_ranger_knox_plugin_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = knox_plugin_install_properties[
+ 'xasecure.audit.hdfs.config.destination.open.retry.interval.seconds']
+ advanced_ranger_knox_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = knox_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.file']
+ advanced_ranger_knox_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = knox_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds']
+ advanced_ranger_knox_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = knox_plugin_install_properties[
+ 'xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds']
+ advanced_ranger_knox_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = knox_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.max.file.count']
+
+ knox_ssl_keystore_password = ''
+ knox_ssl_truststore_password = ''
+
+ libpath = os.path.join(hdp_version_dir, 'ranger-knox-plugin', 'install', 'lib', '*')
+ aliasKey = 'sslkeystore'
+ aliasValue = ''
+ filepath = os.path.join('/etc/ranger', knox_plugin_install_properties['xasecure.audit.repository.name'], 'cred.jceks')
+ getorcreateorlist = 'get'
+
+ statuscode, value = call_keystore(libpath, aliasKey, aliasValue, filepath, getorcreateorlist)
+ if statuscode == 0:
+ knox_ssl_keystore_password = value.strip()
+
+ aliasKey = 'ssltruststore'
+ statuscode, value = call_keystore(libpath, aliasKey, aliasValue, filepath, getorcreateorlist)
+ if statuscode == 0:
+ knox_ssl_truststore_password = value.strip()
+
+ advanced_ranger_knox_plugin_properties['SSL_KEYSTORE_FILE_PATH'] = knox_plugin_install_properties['xasecure.policymgr.clientssl.keystore']
+ advanced_ranger_knox_plugin_properties['SSL_KEYSTORE_PASSWORD'] = knox_ssl_keystore_password
+ advanced_ranger_knox_plugin_properties['SSL_TRUSTSTORE_FILE_PATH'] = knox_plugin_install_properties['xasecure.policymgr.clientssl.truststore']
+ advanced_ranger_knox_plugin_properties['SSL_TRUSTSTORE_PASSWORD'] = knox_ssl_truststore_password
+
+ date_time_stamp = getDateTimeNow()
+ plugin_configuration_data = '[{"Clusters":{"desired_config":[{"type": "ranger-knox-plugin-properties", "service_config_version_note": "Initial configuration for Ranger KNOX plugin" ,"tag":"' + str(date_time_stamp) + '", "properties":' + json.dumps(
+ advanced_ranger_knox_plugin_properties) + ',"properties_attributes": {"final": "false"}}]}}]'
+
+ print ('####################### ranger_knox_plugin_properties configuration :')
+ for each_key in advanced_ranger_knox_plugin_properties:
+ print str(each_key) + ' = ' + str(advanced_ranger_knox_plugin_properties[each_key])
+
+ confirm_configurations = raw_input('please confirm the above configuration values y/n (n) : ')
+ if(confirm_configurations == ''):
+ confirm_configurations = 'n'
+ print ('input registered as ' + str(confirm_configurations))
+
+
+ if(confirm_configurations.lower() == 'y'):
+ ranger_config_request_url = ambari_cluster_url
+ request_result = call_ambari_api(ranger_config_request_url, 'PUT', ambari_username_password, str(plugin_configuration_data))
+ if request_result is not None:
+ response_code = request_result.getcode()
+ response = json.loads(json.JSONEncoder().encode(request_result.read()))
+ if response_code == 200 and response is not None:
+ print('ranger knox plugin configuration added successfully in ambari.')
+ return True
+ else:
+ print('ranger knox plugin configuration add failed in ambari.')
+ return False
+ else:
+ print('ranger knox plugin configuration add failed in ambari.')
+ return False
+ else:
+ print ('exiting installation without configuration !')
+ sys.exit(0)
+ else:
+ print('ranger knox plugin configuration add failed in ambari.')
+ return False
+
+
+def port_ranger_storm_plugin_to_ambari():
+ print('Trying to add ranger storm plugin.')
+ flag_storm_plugin_installed, storm_plugin_install_properties = get_storm_plugin_configuration()
+ if flag_storm_plugin_installed and storm_plugin_install_properties is not None:
+ print('Storm plugin is installed and enabled, adding to configurations')
+ advanced_ranger_storm_plugin_properties = dict()
+
+ advanced_ranger_storm_plugin_properties['policy_user'] = 'storm'
+ advanced_ranger_storm_plugin_properties['common.name.for.certificate'] = '-'
+ advanced_ranger_storm_plugin_properties['ranger-storm-plugin-enabled'] = 'Yes'
+ advanced_ranger_storm_plugin_properties['REPOSITORY_CONFIG_USERNAME'] = 'stormtestuser@EXAMPLE.COM'
+ advanced_ranger_storm_plugin_properties['REPOSITORY_CONFIG_PASSWORD'] = 'stormtestuser'
+ advanced_ranger_storm_plugin_properties['XAAUDIT.DB.IS_ENABLED'] = storm_plugin_install_properties['xasecure.audit.db.is.enabled']
+ advanced_ranger_storm_plugin_properties['XAAUDIT.HDFS.IS_ENABLED'] = storm_plugin_install_properties['xasecure.audit.hdfs.is.enabled']
+ advanced_ranger_storm_plugin_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = storm_plugin_install_properties['xasecure.audit.hdfs.config.destination.directory']
+ advanced_ranger_storm_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = storm_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.directory']
+ advanced_ranger_storm_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = storm_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.directory']
+ advanced_ranger_storm_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = storm_plugin_install_properties['xasecure.audit.hdfs.config.destination.file']
+ advanced_ranger_storm_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = storm_plugin_install_properties['xasecure.audit.hdfs.config.destination.flush.interval.seconds']
+ advanced_ranger_storm_plugin_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = storm_plugin_install_properties[
+ 'xasecure.audit.hdfs.config.destination.rollover.interval.seconds']
+ advanced_ranger_storm_plugin_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = storm_plugin_install_properties[
+ 'xasecure.audit.hdfs.config.destination.open.retry.interval.seconds']
+ advanced_ranger_storm_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = storm_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.file']
+ advanced_ranger_storm_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = storm_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds']
+ advanced_ranger_storm_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = storm_plugin_install_properties[
+ 'xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds']
+ advanced_ranger_storm_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = storm_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.max.file.count']
+ advanced_ranger_storm_plugin_properties['SSL_KEYSTORE_FILE_PATH'] = storm_plugin_install_properties['xasecure.policymgr.clientssl.keystore']
+ advanced_ranger_storm_plugin_properties['SSL_KEYSTORE_PASSWORD'] = storm_plugin_install_properties['xasecure.policymgr.clientssl.keystore.password']
+ advanced_ranger_storm_plugin_properties['SSL_TRUSTSTORE_FILE_PATH'] = storm_plugin_install_properties['xasecure.policymgr.clientssl.truststore']
+ advanced_ranger_storm_plugin_properties['SSL_TRUSTSTORE_PASSWORD'] = storm_plugin_install_properties['xasecure.policymgr.clientssl.truststore.password']
+
+ date_time_stamp = getDateTimeNow()
+ plugin_configuration_data = '[{"Clusters":{"desired_config":[{"type": "ranger-storm-plugin-properties", "service_config_version_note": "Initial configuration for Ranger STORM plugin" ,"tag":"' + str(date_time_stamp) + '", "properties":' + json.dumps(
+ advanced_ranger_storm_plugin_properties) + ',"properties_attributes": {"final": "false"}}]}}]'
+
+ print ('####################### ranger_storm_plugin_properties configuration :')
+ for each_key in advanced_ranger_storm_plugin_properties:
+ print str(each_key) + ' = ' + str(advanced_ranger_storm_plugin_properties[each_key])
+
+ confirm_configurations = raw_input('please confirm the above configuration values y/n (n) : ')
+ if(confirm_configurations == ''):
+ confirm_configurations = 'n'
+ print ('Input registered as ' + str(confirm_configurations))
+
+
+ if(confirm_configurations.lower() == 'y'):
+ ranger_config_request_url = ambari_cluster_url
+ request_result = call_ambari_api(ranger_config_request_url, 'PUT', ambari_username_password, str(plugin_configuration_data))
+ if request_result is not None:
+ response_code = request_result.getcode()
+ response = json.loads(json.JSONEncoder().encode(request_result.read()))
+ if response_code == 200 and response is not None:
+ print('ranger storm plugin configuration added successfully in ambari.')
+ return True
+ else:
+ print('ranger storm plugin configuration add failed in ambari.')
+ return False
+ else:
+ print('ranger storm plugin configuration add failed in ambari.')
+ return False
+ else:
+ print ('exiting installation without configuration !')
+ sys.exit(0)
+ else:
+ print('ranger storm plugin configuration add failed in ambari.')
+ return False
+
+
+
+def get_hdfs_plugin_configuration():
+ flag_hdfs_plugin_installed = False
+ hdfs_plugin_install_properties = dict()
+ print('hdfs plugin is present and installed to ranger,getting additional properties from installed files .')
+ base_hadoop_conf_path = '/etc/hadoop/conf/'
+ hdfs_site_xml_path = os.path.join(base_hadoop_conf_path, 'hdfs-site.xml')
+ hdfs_site_xml_properties = import_properties_from_xml(hdfs_site_xml_path)
+ xasecure_audit_xml_path = os.path.join(base_hadoop_conf_path, 'xasecure-audit.xml')
+ hdfs_plugin_install_properties = import_properties_from_xml(xasecure_audit_xml_path, hdfs_plugin_install_properties)
+ xasecure_hdfs_security_xml_path = os.path.join(base_hadoop_conf_path, 'xasecure-hdfs-security.xml')
+ hdfs_plugin_install_properties = import_properties_from_xml(xasecure_hdfs_security_xml_path, hdfs_plugin_install_properties)
+ xasecure_policy_ssl_xml_path = os.path.join(base_hadoop_conf_path, 'xasecure-policymgr-ssl.xml')
+ hdfs_plugin_install_properties = import_properties_from_xml(xasecure_policy_ssl_xml_path, hdfs_plugin_install_properties)
+ flag_plugin_installed = check_plugin_enabled('hdfs', hdfs_plugin_install_properties)
+ if(flag_plugin_installed):
+ flag_hdfs_plugin_installed = True
+ return flag_hdfs_plugin_installed, hdfs_plugin_install_properties, hdfs_site_xml_properties
+
+
+def get_hive_plugin_configuration():
+ flag_hive_plugin_installed = False
+ hive_plugin_install_properties = dict()
+ print('hive plugin is present and installed to ranger, configuring to setup in ambari.')
+ base_hive_conf_path = '/etc/hive/conf/'
+ hive_server2_xml_path = os.path.join(base_hive_conf_path, 'hiveserver2-site.xml')
+ hive_server2_xml_properties = import_properties_from_xml(hive_server2_xml_path)
+ xasecure_audit_xml_path = os.path.join(base_hive_conf_path, 'xasecure-audit.xml')
+ hive_plugin_install_properties = import_properties_from_xml(xasecure_audit_xml_path, hive_plugin_install_properties)
+ xasecure_hive_security_xml_path = os.path.join(base_hive_conf_path, 'xasecure-hive-security.xml')
+ hive_plugin_install_properties = import_properties_from_xml(xasecure_hive_security_xml_path, hive_plugin_install_properties)
+ xasecure_policy_ssl_xml_path = os.path.join(base_hive_conf_path, 'xasecure-policymgr-ssl.xml')
+ hive_plugin_install_properties = import_properties_from_xml(xasecure_policy_ssl_xml_path, hive_plugin_install_properties)
+ hive_security_xml_path = os.path.join(base_hive_conf_path, 'xasecure-hive-security.xml')
+ hive_plugin_install_properties = import_properties_from_xml(hive_security_xml_path, hive_plugin_install_properties)
+ flag_plugin_installed = check_plugin_enabled('hive', hive_plugin_install_properties)
+ if(flag_plugin_installed):
+ flag_hive_plugin_installed = True
+ return flag_hive_plugin_installed, hive_plugin_install_properties, hive_server2_xml_properties
+
+
+def get_hbase_plugin_configuration():
+ flag_hbase_plugin_installed = False
+ hbase_plugin_install_properties = dict()
+ print('hbase plugin is present and installed to ranger, configuring to setup in ambari.')
+ base_hbase_conf_path = '/etc/hbase/conf/'
+ hbase_site_xml_path = os.path.join(base_hbase_conf_path, 'hbase-site.xml')
+ hbase_site_xml_properties = import_properties_from_xml(hbase_site_xml_path)
+ xasecure_audit_xml_path = os.path.join(base_hbase_conf_path, 'xasecure-audit.xml')
+ hbase_plugin_install_properties = import_properties_from_xml(xasecure_audit_xml_path, hbase_plugin_install_properties)
+ xasecure_hbase_security_xml_path = os.path.join(base_hbase_conf_path, 'xasecure-hbase-security.xml')
+ hbase_plugin_install_properties = import_properties_from_xml(xasecure_hbase_security_xml_path, hbase_plugin_install_properties)
+ xasecure_policy_ssl_xml_path = os.path.join(base_hbase_conf_path, 'xasecure-policymgr-ssl.xml')
+ hbase_plugin_install_properties = import_properties_from_xml(xasecure_policy_ssl_xml_path, hbase_plugin_install_properties)
+ hbase_security_xml_path = os.path.join(base_hbase_conf_path, 'xasecure-hbase-security.xml')
+ hbase_plugin_install_properties = import_properties_from_xml(hbase_security_xml_path, hbase_plugin_install_properties)
+ flag_plugin_installed = check_plugin_enabled('hbase', hbase_plugin_install_properties)
+ if(flag_plugin_installed):
+ flag_hbase_plugin_installed = True
+ return flag_hbase_plugin_installed, hbase_plugin_install_properties, hbase_site_xml_properties
+
+
+def get_knox_plugin_configuration():
+ flag_knox_plugin_installed = False
+ knox_plugin_install_properties = dict()
+ print('knox plugin is present and installed to ranger, configuring to setup in ambari.')
+ base_knox_conf_path = '/etc/knox/conf/'
+ xasecure_audit_xml_path = os.path.join(base_knox_conf_path, 'xasecure-audit.xml')
+ knox_plugin_install_properties = import_properties_from_xml(xasecure_audit_xml_path, knox_plugin_install_properties)
+ xasecure_knox_security_xml_path = os.path.join(base_knox_conf_path, 'xasecure-knox-security.xml')
+ knox_plugin_install_properties = import_properties_from_xml(xasecure_knox_security_xml_path, knox_plugin_install_properties)
+ xasecure_policy_ssl_xml_path = os.path.join(base_knox_conf_path, 'xasecure-policymgr-ssl.xml')
+ knox_plugin_install_properties = import_properties_from_xml(xasecure_policy_ssl_xml_path, knox_plugin_install_properties)
+ flag_plugin_installed = check_plugin_enabled('knox', knox_plugin_install_properties)
+ if(flag_plugin_installed):
+ flag_knox_plugin_installed = True
+ return flag_knox_plugin_installed, knox_plugin_install_properties
+
+
+
+def get_storm_plugin_configuration():
+ flag_storm_plugin_installed = False
+ storm_plugin_install_properties = dict()
+ print('storm plugin is present and installed to ranger, configuring to setup in ambari.')
+ base_knox_conf_path = '/etc/storm/conf/'
+ xasecure_audit_xml_path = os.path.join(base_knox_conf_path, 'xasecure-audit.xml')
+ storm_plugin_install_properties = import_properties_from_xml(xasecure_audit_xml_path, storm_plugin_install_properties)
+ xasecure_storm_security_xml_path = os.path.join(base_knox_conf_path, 'xasecure-storm-security.xml')
+ storm_plugin_install_properties = import_properties_from_xml(xasecure_storm_security_xml_path, storm_plugin_install_properties)
+ xasecure_policy_ssl_xml_path = os.path.join(base_knox_conf_path, 'xasecure-policymgr-ssl.xml')
+ storm_plugin_install_properties = import_properties_from_xml(xasecure_policy_ssl_xml_path, storm_plugin_install_properties)
+ flag_plugin_installed = check_plugin_enabled('storm', storm_plugin_install_properties)
+ if(flag_plugin_installed):
+ flag_storm_plugin_installed = True
+ return flag_storm_plugin_installed, storm_plugin_install_properties
+
+
+
+
+def check_plugin_enabled(component_name, component_plugin_install_properties):
+ flag_plugin_installed = False
+ if not (str(component_plugin_install_properties['xasecure.audit.repository.name']).strip() == ''):
+ repo_base_path = os.path.join('/etc/ranger', component_plugin_install_properties['xasecure.audit.repository.name'])
+ print('repo_base_path = ' + str(repo_base_path))
+ if os.path.exists(repo_base_path):
+ print('Plugin is installed for component ' + component_name)
+ flag_plugin_installed = True
+ return flag_plugin_installed
+
+
+def call_ambari_api(ambari_url, method, username_password, data):
+ try:
+ url = ambari_url
+ base64string = base64.encodestring('{0}'.format(username_password)).replace('\n', '')
+ headers = {"X-Requested-By": "ambari"}
+ request = urllib2.Request(url, data, headers, 'compressed')
+ request.get_method = lambda: method
+ request.add_header("Authorization", "Basic {0}".format(base64string))
+ result = urllib2.urlopen(request)
+ return result
+ except urllib2.URLError, e:
+ if isinstance(e, urllib2.HTTPError):
+ print("HTTP Code: {0}".format(e.code))
+ print("HTTP Data: {0}".format(e.read()))
+ return e
+ else:
+ print("Error: {0}".format(e.reason))
+ print ('ambari server is not reachable, please make sure valid ambari server url has been provided and ambari server is started.')
+ return e
+ except httplib.BadStatusLine:
+ print("ambari service is not reachable, please restart the service and then try again")
+ return None
+
+
+def import_properties_from_file(install_properties_path, properties_from_file=None):
+ if properties_from_file is None:
+ print('properties_from_file is none initializing to dict')
+ properties_from_file = dict()
+ if os.path.isfile(install_properties_path):
+ install_properties_file = open(install_properties_path)
+ for each_line in install_properties_file.read().split('\n'):
+ each_line = each_line.strip()
+ if len(each_line) == 0: continue
+ if '#https.service.port' in each_line:
+ each_line = each_line.strip('#')
+ if '#' in each_line: continue
+ key, value = each_line.strip().split("=", 1)
+ key = key.strip()
+ value = value.strip()
+ properties_from_file[key] = value
+ else:
+ print('Property file not found at path : ' + str(install_properties_path))
+ return properties_from_file
+
+
+def import_properties_from_xml(xml_path, properties_from_xml=None):
+ print('getting values from file : ' + str(xml_path))
+ if os.path.isfile(xml_path):
+ xml = ET.parse(xml_path)
+ root = xml.getroot()
+ if properties_from_xml is None:
+ properties_from_xml = dict()
+ for child in root.findall('property'):
+ name = child.find("name").text.strip()
+ value = child.find("value").text.strip() if child.find("value").text is not None else ""
+ properties_from_xml[name] = value
+ else:
+ print('XML file not found at path : ' + str(xml_path))
+ return properties_from_xml
+
+
+def get_authentication_method():
+ print('Getting authentication method for ranger services')
+ ranger_conf_path = '/etc/ranger/admin/conf'
+ security_appln_context_path = os.path.join(ranger_conf_path,'security-applicationContext.xml')
+ print ('security_appln_context_path = ' + security_appln_context_path)
+ app_context_xml_tree = ET.parse(security_appln_context_path)
+ app_context_xml_root = app_context_xml_tree.getroot()
+ reference_auth_method = None
+ authentication_method = None
+ for child_nodes in app_context_xml_root.getiterator():
+ if( ('authentication-provider' in str(child_nodes.tag)) and not('-ref' in str(child_nodes.attrib)) ):
+ reference_auth_method = child_nodes.attrib['ref']
+
+ if( reference_auth_method is not None and 'jaasAuthProvider' in reference_auth_method):
+ authentication_method = 'UNIX'
+ elif( reference_auth_method is not None and 'activeDirectoryAuthenticationProvider' in reference_auth_method):
+ authentication_method = 'ACTIVE_DIRECTORY'
+ elif( reference_auth_method is not None and 'ldapAuthProvider' in reference_auth_method):
+ authentication_method = 'LDAP'
+ else:
+ authentication_method = 'NONE'
+
+ return authentication_method
+
+
+
+def call_keystore(libpath, aliasKey, aliasValue, filepath, getorcreateorlist):
+ finalLibPath = libpath.replace('\\', '/').replace('//', '/')
+ finalFilePath = 'jceks://file/' + filepath.replace('\\', '/').replace('//', '/')
+ if getorcreateorlist == 'create':
+ commandtorun = ['java', '-cp', finalLibPath, 'com.hortonworks.credentialapi.buildks', 'create', aliasKey, '-value', aliasValue, '-provider', finalFilePath]
+ p = Popen(commandtorun, stdin=PIPE, stdout=PIPE, stderr=PIPE)
+ output, error = p.communicate()
+ statuscode = p.returncode
+ return statuscode
+ elif getorcreateorlist == 'get':
+ commandtorun = ['java', '-cp', finalLibPath, 'com.hortonworks.credentialapi.buildks', 'get', aliasKey, '-provider', finalFilePath]
+ p = Popen(commandtorun, stdin=PIPE, stdout=PIPE, stderr=PIPE)
+ output, error = p.communicate()
+ statuscode = p.returncode
+ return statuscode, output
+ elif getorcreateorlist == 'list':
+ commandtorun = ['java', '-cp', finalLibPath, 'org.apache.ranger.credentialapi.buildks', 'list', '-provider', finalFilePath]
+ p = Popen(commandtorun, stdin=PIPE, stdout=PIPE, stderr=PIPE)
+ output, error = p.communicate()
+ statuscode = p.returncode
+ return statuscode, output
+ else:
+ print('proper command not received for input need get or create')
+
+
+def get_hdp_version():
+ return_code = -1
+ hdp_output = ''
+ hdp_version = None
+ match = None
+ statuscode = -1
+ try:
+ command_to_run = 'hdp-select status hadoop-client'
+ output = Popen(command_to_run, stdin=PIPE, stdout=PIPE, stderr=PIPE, shell=True)
+ return_code, error = output.communicate()
+ statuscode = output.returncode
+ except Exception, e:
+ print('Error : ' + str(e))
+ if statuscode == 0:
+ hdp_version = re.sub('hadoop-client - ', '', return_code)
+ hdp_version = hdp_version.rstrip()
+ match = re.match('[0-9]+.[0-9]+.[0-9]+.[0-9]+-[0-9]+', hdp_version)
+ print ('hdp_version = ' + hdp_version)
+ else:
+ print('Unable to determine the current version because of a non-zero return code of {0}'.format(str(return_code)))
+
+ if match is None:
+ print('Failed to get extracted version')
+ return None
+ else:
+ return hdp_version
+
+def getDateTimeNow():
+ return datetime.datetime.now().strftime("%Y%m%d%H%M%S")
+
+
+if __name__ == '__main__':
+
+
+ if len(sys.argv) > 1:
+ function_to_call = sys.argv[1] if len(sys.argv) > 1 else None
+ base_url = sys.argv[2] if len(sys.argv) > 2 else None
+ print ('base url = ' + base_url)
+ ambari_username_password = sys.argv[3] if len(sys.argv) > 3 else None
+ print ('ambari_username_password = ' + ambari_username_password)
+ cluster_name = sys.argv[4] if len(sys.argv) > 4 else None
+ print ('cluster_name = ' + cluster_name)
+ ranger_admin_fqdn = sys.argv[5] if len(sys.argv) > 5 else None
+ print ('ranger_admin_fqdn = ' + ranger_admin_fqdn)
+ ranger_service_name = 'RANGER'
+ admin_component_name = 'RANGER_ADMIN'
+ usersync_component_name = 'RANGER_USERSYNC'
+ ambari_cluster_url = str(base_url) + '/api/v1/clusters/' + str(cluster_name)
+ ambari_service_url = str(ambari_cluster_url) + '/services'
+ hdp_dir = os.path.join('/usr', 'hdp')
+ hdp_current_dir = os.path.join(hdp_dir, 'current')
+ hdp_version = get_hdp_version()
+ print('Found hdp_version = ' + str(hdp_version))
+ hdp_version_dir = os.path.join(hdp_dir, hdp_version)
+ if function_to_call is not None and len(function_to_call) > 0:
+ print('Found first argument as : ' + function_to_call)
+ function_to_call = int(function_to_call)
+ if function_to_call == 1:
+ print('Porting ranger admin installation details to ambari.')
+ port_ranger_installation_to_ambari()
+ elif function_to_call == 2:
+ print('Porting ranger User-sync installation details to ambari.')
+ port_ranger_usersync_installation_to_ambari()
+ elif function_to_call == 3:
+ print('Porting ranger hdfs plugin details to ambari.')
+ port_ranger_hdfs_plugin_to_ambari()
+ elif function_to_call == 4:
+ print('Porting ranger Hive plugin details to ambari.')
+ port_ranger_hive_plugin_to_ambari()
+ elif function_to_call == 5:
+ print('Porting ranger Hbase plugin details to ambari.')
+ port_ranger_hbase_plugin_to_ambari()
+ elif function_to_call == 6:
+ print('Porting ranger Knox plugin details to ambari.')
+ port_ranger_knox_plugin_to_ambari()
+ elif function_to_call == 7:
+ print('Porting ranger Storm plugin details to ambari.')
+ port_ranger_storm_plugin_to_ambari()
+ else:
+ print ('Unsupported option passed for installation, please pass proper supported option')
+
+ else:
+ print('Usage :'
+ '\n python import_ranger_to_ambari.py {install option eg. 1} { ambari server url (eg. http://100.100.100.100:8080) } {ambari server username password (eg. demo_user:demo_pass) } {cluster name (eg. ambari_cluster)} {FQDN of host having Ranger Admin or Ranger Usersync or plugins installe (eg. ambari.server.com)} '
+ '\n Actual call will be like : python ranger_port_script.py 1 http://100.100.100.100:8080 demo_user:demo_pass ambari_cluster ambari.server.com'
+ '\n Pass first parameter as 1 for Ranger integration with Ambari.'
+ '\n Pass first parameter as 2 for Ranger User-sync integration with Ambari.'
+ '\n Pass first parameter as 3 for Ranger Hdfs Plugin integration with Ambari.'
+ '\n Pass first parameter as 4 for Ranger Hive Plugin integration with Ambari.'
+ '\n Pass first parameter as 5 for Ranger Hbase Plugin integration with Ambari.'
+ '\n Pass first parameter as 6 for Ranger Knox Plugin integration with Ambari.'
+ '\n Pass first parameter as 7 for Ranger Storm Plugin integration with Ambari.')
+
+ sys.exit(0)
+
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/416e13a7/migration-util/ambari2.0-hdp2.2-ranger0.40/bin/ranger_admin_install.properties
----------------------------------------------------------------------
diff --git a/migration-util/ambari2.0-hdp2.2-ranger0.40/bin/ranger_admin_install.properties b/migration-util/ambari2.0-hdp2.2-ranger0.40/bin/ranger_admin_install.properties
new file mode 100755
index 0000000..f892a60
--- /dev/null
+++ b/migration-util/ambari2.0-hdp2.2-ranger0.40/bin/ranger_admin_install.properties
@@ -0,0 +1,33 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# This file provides list of deployment variables for the Policy Manager Web Application to be migrated to Ambari server
+#
+
+# Below are the mandatory parameters, required to be filled in by the user.
+
+#
+# DB password for the DB admin user-id
+#
+# For example:
+# db_root_user=root
+# db_root_user=SYS
+#
+# Mandatory properties for migration to be filled by user prior to migration.
+# db_root_user = needs to be updated by user before running the migration script.
+# db_root_password = needs to be updated by user before running the migration script.
+db_root_user=
+db_root_password=
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/416e13a7/migration-util/ambari2.0-hdp2.2-ranger0.40/doc/README.TXT
----------------------------------------------------------------------
diff --git a/migration-util/ambari2.0-hdp2.2-ranger0.40/doc/README.TXT b/migration-util/ambari2.0-hdp2.2-ranger0.40/doc/README.TXT
new file mode 100755
index 0000000..f466e9d
--- /dev/null
+++ b/migration-util/ambari2.0-hdp2.2-ranger0.40/doc/README.TXT
@@ -0,0 +1,74 @@
+Utility to Migrate Ranger Config into Ambari (from a previous manual install)
+-----------------------------------------------------------------------------
+
+Pre-requisites:
+----------------
+ * Ambari Server (2.0.0) installed on one of the host of the cluster.
+ * Ranger service is manually installed outside Ambari.
+ * If user had Ambari 1.7.0 installed, Ambari needs to be upgraded to 2.0.0, before this script is run.
+ * Ranger service is expected to be up and running.
+ * Whichever component plugin needs to imported, that component should be up and running in Ambari server.
+ * Whichever component plugin needs to be imported, that plugin needs to be installed as well as enabled independently by the user.
+ * The installation folder paths for each component is as follows :
+ * For Ranger Admin service: /usr/hdp/<hdp_vers>/ranger-admin
+ * For Ranger Usersync service: /usr/hdp/<hdp_vers>/ranger-usersync
+ * For Ranger Hbase plugin: /usr/hdp/<hdp_vers>/ranger-hbase-plugin
+ * For Ranger Hdfs plugin: /usr/hdp/<hdp_vers>/ranger-hdfs-plugin
+ * For Ranger Hive plugin: /usr/hdp/<hdp_vers>/ranger-hive-plugin
+ * For Ranger Knox plugin: /usr/hdp/<hdp_vers>/ranger-knox-plugin
+ * For Ranger Storm plugin: /usr/hdp/<hdp_vers>/ranger-storm-plugin
+
+Pre Install:
+------------
+ * Please take a backup of existing ranger DB and configurations, in case required.
+ * Please take a backup of existing ambari DB and configurations, in case required.
+ * You must have an existing MySQL Server or Oracle Server database instance running to be used by Ranger.
+ * Ensure that the access for the DB Admin user (root in case of MySQL or SYS in case of Oracle) is enabled in DB server from any host.
+ * Execute the following command on the Ambari Server host.
+ * Replace database-type with mysql or oracle and /jdbc/driver/path based on the location of the MySQL or Oracle JDBC driver:
+
+ ambari-server setup --jdbc-db={database-type} --jdbc-driver={/jdbc/driver/path}
+
+Steps to Add Ranger in a Ambari HDP cluster:
+--------------------------------------------
+ * In order to know about usage of the script, Execute the command:
+ python import_ranger_to_ambari.py
+ * Migration script locates the existing config in post-install properties files used by the service.
+ * This script will collect required configs from the independently installed Ranger service configurations
+ and after verification from the user, post it to the specified Ambari Server.
+ * Set appropriate values in the <component>_install.properties template file, only if required.
+ For Ranger Admin service, ranger_admin_install.properties
+ * For script to use proper values, mandatory properties to be filled by user are as follows :
+ 1) During Ranger_Admin installation migration db_root_username and db_root_password are mandatory,
+ which can be set in the ranger_admin_install.properties
+
+To import Ranger (Admin and User-Sync) service and plugins we need to run the python script using command line as shown below,
+with valid input parameters, from the host where specific Ranger component has been installed / enabled :
+
+python import_ranger_to_ambari.py {install option} {ambari server url} {ambari server admin username:password} {cluster name} {FQDN of host having Ranger Admin or Ranger Usersync or plugins installed}
+
+for example the actual command will be as :
+
+python import_ranger_to_ambari.py 1 http://100.100.100.100:8080 admin:admin ambari_cluster rangerambari-feb09-rhel6-mp-sec-6.cs1cloud.internal
+
+First parameter (install option) is to mention the service type to be ported to Ambari that is,
+ 1 for adding Ranger service and Ranger Admin component to Ambari.
+ 2 for adding Ranger User sync component to Ambari.
+ 3 to import Ranger Hdfs Plugin configs to Ambari.
+ 4 to import Ranger Hive Plugin configs to Ambari.
+ 5 to import Ranger Hbase Plugin configs to Ambari.
+ 6 to import Ranger Knox Plugin configs to Ambari.
+ 7 to import Ranger Storm Plugin configs to Ambari.
+
+ * After running the script with first parameter as 1, Ranger service should be visible as Ambari service and Ranger-Admin should be visible.
+ * After running with 2 Ranger-Usersync should also be visible as its component, like-wise for the respective plugins.
+ * After executing the script with options 3 to 7 - please visit Ambari UI and restart the individual component, after the UI reflects the changes.
+
+Debugging:
+----------
+ * Make sure to back up the ranger config and DB prior to running the scripts.
+ * It is possible that the service-components may be added to Ambari but the installation may fail. In that case, look for the logs from Ambari-UI.
+ * If any of the pre-requisite is not met this might happen, in that case, try installation from Ambari-UI itself.
+ * If the services are configured and not started it may show up as Install Pending, reinstall both Admin and User-sync from Ambari UI, and then start the services.
+ * In case if the services are installed and in stopped state, restart them from Ambari-UI.
+
[04/14] incubator-ranger git commit: RANGER-600 Bump up the version
number of assembly plugin to avoid a known bug during assembly phase
Posted by ma...@apache.org.
RANGER-600 Bump up the version number of assembly plugin to avoid a known bug during assembly phase
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/edf2af7a
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/edf2af7a
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/edf2af7a
Branch: refs/heads/tag-policy
Commit: edf2af7aa11ab64c8f4a63936001baa3e9da46e9
Parents: 2d931db
Author: Alok Lal <al...@apache.org>
Authored: Wed Aug 5 11:00:13 2015 -0700
Committer: Alok Lal <al...@apache.org>
Committed: Wed Aug 5 11:00:13 2015 -0700
----------------------------------------------------------------------
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/edf2af7a/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 2ae8d3d..4b73a61 100644
--- a/pom.xml
+++ b/pom.xml
@@ -369,7 +369,7 @@
</plugin>
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
- <version>2.2-beta-5</version>
+ <version>2.3</version>
<configuration>
<descriptors>
<descriptor>src/main/assembly/hdfs-agent.xml</descriptor>
[14/14] incubator-ranger git commit: Merge branch 'master' into
tag-policy
Posted by ma...@apache.org.
Merge branch 'master' into tag-policy
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/9a6e641f
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/9a6e641f
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/9a6e641f
Branch: refs/heads/tag-policy
Commit: 9a6e641fa9a79ef7558cc01ea212f8f974abaac0
Parents: 31a65f4 e169b27
Author: Madhan Neethiraj <ma...@apache.org>
Authored: Mon Aug 10 09:49:06 2015 -0700
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Mon Aug 10 09:49:06 2015 -0700
----------------------------------------------------------------------
.../plugin/errors/ValidationErrorCode.java | 123 +
.../model/validation/RangerPolicyValidator.java | 361 +--
.../validation/RangerServiceDefValidator.java | 113 +-
.../validation/RangerServiceValidator.java | 68 +-
.../validation/ValidationFailureDetails.java | 21 +-
.../ValidationFailureDetailsBuilder.java | 2 +-
.../plugin/errors/TestValidationErrorCode.java | 86 +
.../TestValidationFailureDetails.java | 58 -
.../src/test/resources/log4j.properties | 3 +-
agents-cred/src/test/resources/log4j.properties | 16 +
hbase-agent/src/test/resources/log4j.properties | 5 +-
hive-agent/src/test/resource/log4j.properties | 9 +-
kms/scripts/db_setup.py | 23 +-
kms/scripts/dba_script.py | 26 +-
.../bin/import_ranger_to_ambari.py | 1214 ++++++++++
.../bin/ranger_admin_install.properties | 33 +
.../ambari2.0-hdp2.2-ranger0.40/doc/README.TXT | 74 +
.../bin/import_ranger_to_ambari.py | 2253 ++++++++++++++++++
.../bin/ranger_admin_install.properties | 33 +
.../ambari2.1-hdp2.3-ranger0.50/doc/README.TXT | 78 +
migration-util/bin/import_ranger_to_ambari.py | 1214 ----------
.../bin/ranger_admin_install.properties | 33 -
migration-util/doc/README.TXT | 74 -
security-admin/scripts/setup.sh | 16 +
.../src/test/resources/log4j.properties | 3 +-
.../ranger/unixusersync/model/XUserInfo.java | 9 -
26 files changed, 4182 insertions(+), 1766 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9a6e641f/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceValidator.java
----------------------------------------------------------------------
diff --cc agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceValidator.java
index 7c8c552,847bc9a..9169fd9
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceValidator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceValidator.java
@@@ -26,9 -26,9 +26,10 @@@ import java.util.Set
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+ import org.apache.ranger.plugin.errors.ValidationErrorCode;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
import org.apache.ranger.plugin.store.ServiceStore;
import com.google.common.collect.Sets;
[13/14] incubator-ranger git commit: Revert "RANGER-600 Bump up the
version number of assembly plugin to avoid a known bug during assembly phase"
Posted by ma...@apache.org.
Revert "RANGER-600 Bump up the version number of assembly plugin to avoid a known bug during assembly phase"
This reverts commit edf2af7aa11ab64c8f4a63936001baa3e9da46e9.
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/e169b271
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/e169b271
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/e169b271
Branch: refs/heads/tag-policy
Commit: e169b2713edd100cc238f5d417a9e46ac70f595c
Parents: 416e13a
Author: Alok Lal <al...@apache.org>
Authored: Fri Aug 7 13:42:06 2015 -0700
Committer: Alok Lal <al...@apache.org>
Committed: Fri Aug 7 13:42:06 2015 -0700
----------------------------------------------------------------------
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e169b271/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 4b73a61..2ae8d3d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -369,7 +369,7 @@
</plugin>
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
- <version>2.3</version>
+ <version>2.2-beta-5</version>
<configuration>
<descriptors>
<descriptor>src/main/assembly/hdfs-agent.xml</descriptor>
[10/14] incubator-ranger git commit: RANGER-598: Update Ranger config
migration script to work with Ranger 0.5
Posted by ma...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/416e13a7/migration-util/ambari2.1-hdp2.3-ranger0.50/bin/ranger_admin_install.properties
----------------------------------------------------------------------
diff --git a/migration-util/ambari2.1-hdp2.3-ranger0.50/bin/ranger_admin_install.properties b/migration-util/ambari2.1-hdp2.3-ranger0.50/bin/ranger_admin_install.properties
new file mode 100755
index 0000000..f892a60
--- /dev/null
+++ b/migration-util/ambari2.1-hdp2.3-ranger0.50/bin/ranger_admin_install.properties
@@ -0,0 +1,33 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# This file provides list of deployment variables for the Policy Manager Web Application to be migrated to Ambari server
+#
+
+# Below are the mandatory parameters, required to be filled in by the user.
+
+#
+# DB password for the DB admin user-id
+#
+# For example:
+# db_root_user=root
+# db_root_user=SYS
+#
+# Mandatory properties for migration to be filled by user prior to migration.
+# db_root_user = needs to be updated by user before running the migration script.
+# db_root_password = needs to be updated by user before running the migration script.
+db_root_user=
+db_root_password=
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/416e13a7/migration-util/ambari2.1-hdp2.3-ranger0.50/doc/README.TXT
----------------------------------------------------------------------
diff --git a/migration-util/ambari2.1-hdp2.3-ranger0.50/doc/README.TXT b/migration-util/ambari2.1-hdp2.3-ranger0.50/doc/README.TXT
new file mode 100755
index 0000000..bd56e8d
--- /dev/null
+++ b/migration-util/ambari2.1-hdp2.3-ranger0.50/doc/README.TXT
@@ -0,0 +1,78 @@
+Utility to Migrate Ranger Config into Ambari-2.1.0 (from a previous manual install of Ranger service and plugins)
+-----------------------------------------------------------------------------
+
+Pre-requisites:
+----------------
+ * Ambari Server (2.1.0) installed on one of the host of the cluster.
+ * Ranger service is manually installed outside Ambari.
+ * If user had Ambari 1.7.0 installed or Ambari 2.0.0, Ambari needs to be upgraded to 2.1.0, before this script is run.
+ * HDP 2.3 Components should be installed.
+ * Ranger service is expected to be up and running.
+ * Whichever component plugin needs to imported, that component should be up and running in Ambari server.
+ * Whichever component plugin needs to be imported, that plugin needs to be installed as well as enabled independently by the user outside Ambari.
+ * The installation folder paths for each component is as follows :
+ * For Ranger Admin service: /usr/hdp/<hdp_vers>/ranger-admin
+ * For Ranger Usersync service: /usr/hdp/<hdp_vers>/ranger-usersync
+ * For Ranger Hbase plugin: /usr/hdp/<hdp_vers>/ranger-hbase-plugin
+ * For Ranger Hdfs plugin: /usr/hdp/<hdp_vers>/ranger-hdfs-plugin
+ * For Ranger Hive plugin: /usr/hdp/<hdp_vers>/ranger-hive-plugin
+ * For Ranger Knox plugin: /usr/hdp/<hdp_vers>/ranger-knox-plugin
+ * For Ranger Storm plugin: /usr/hdp/<hdp_vers>/ranger-storm-plugin
+
+Pre Install:
+------------
+ * Please take a backup of existing ranger DB and configurations, in case required.
+ * Please take a backup of existing ambari DB and configurations, in case required.
+ * You must have an existing MySQL Server, Oracle Server, or Postgres database instance running to be used by Ranger.
+ * Ensure that the access for the DB Admin user (root in case of MySQL or SYS in case of Oracle) is enabled in DB server from any host.
+ * Execute the following command on the Ambari Server host.
+ * Replace database-type with mysql or oracle and /jdbc/driver/path based on the location of the MySQL or Oracle JDBC driver:
+
+ ambari-server setup --jdbc-db={database-type} --jdbc-driver={/jdbc/driver/path}
+
+Steps to Add Ranger in a Ambari HDP cluster:
+--------------------------------------------
+ * In order to know about usage of the script, Execute the command:
+ python import_ranger_to_ambari.py
+ * Migration script locates the existing config in post-install properties files used by the service.
+ * This script will collect required configs from the independently installed Ranger service configurations
+ and after verification from the user, post it to the specified Ambari Server.
+ * Set appropriate values in the <component>_install.properties template file, only if required.
+ For Ranger Admin service, ranger_admin_install.properties
+ * For script to use proper values, mandatory properties to be filled by user are as follows :
+ 1) During Ranger_Admin installation migration db_root_username and db_root_password are mandatory,
+ which can be set in the ranger_admin_install.properties
+
+To import Ranger (Admin and User-Sync) service and plugins we need to run the python script using command line as shown below,
+with valid input parameters, from the host where specific Ranger component has been installed / enabled :
+
+python import_ranger_to_ambari.py {install option} {ambari server url} {ambari server admin username:password} {cluster name} {FQDN of host having Ranger Admin or Ranger Usersync or plugins installed}
+
+for example the actual command will be as :
+
+python import_ranger_to_ambari.py 1 http://100.100.100.100:8080 admin:admin ambari_cluster rangerambari-feb09-rhel6-mp-sec-6.cs1cloud.internal
+
+First parameter (install option) is to mention the service type to be ported to Ambari that is,
+ 1 for adding Ranger service and Ranger Admin component to Ambari.
+ 2 for adding Ranger User sync component to Ambari.
+ 3 for adding Ranger KMS component to Ambari.
+ 4 to import Ranger Hdfs Plugin configs to Ambari.
+ 5 to import Ranger Yarn Plugin configs to Ambari.
+ 6 to import Ranger Hive Plugin configs to Ambari.
+ 7 to import Ranger Hbase Plugin configs to Ambari.
+ 8 to import Ranger Knox Plugin configs to Ambari.
+ 9 to import Ranger Storm Plugin configs to Ambari.
+ 10 to import Ranger Storm Plugin configs to Ambari.
+
+ * After running the script with first parameter as 1, Ranger service should be visible as Ambari service and Ranger-Admin should be visible.
+ * After running with 2 Ranger-Usersync should also be visible as its component, like-wise for the respective plugins.
+ * After executing the script with options 3 to 8 - please visit Ambari UI and restart the individual component, after the UI reflects the changes.
+
+Debugging:
+----------
+ * Make sure to back up the ranger config and DB prior to running the scripts.
+ * It is possible that the service-components may be added to Ambari but the installation may fail. In that case, look for the logs from Ambari-UI.
+ * If any of the pre-requisite is not met this might happen, in that case, try installation from Ambari-UI itself.
+ * If the services are configured and not started it may show up as Install Pending, reinstall both Admin and User-sync from Ambari UI, and then start the services.
+ * In case if the services are installed and in stopped state, restart them from Ambari-UI.
+
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/416e13a7/migration-util/bin/import_ranger_to_ambari.py
----------------------------------------------------------------------
diff --git a/migration-util/bin/import_ranger_to_ambari.py b/migration-util/bin/import_ranger_to_ambari.py
deleted file mode 100644
index 7b99b2f..0000000
--- a/migration-util/bin/import_ranger_to_ambari.py
+++ /dev/null
@@ -1,1214 +0,0 @@
-import os
-import sys
-import urllib2
-import base64
-import httplib
-import json
-import time
-from xml.etree import ElementTree as ET
-import datetime
-from subprocess import Popen, PIPE
-import re
-
-
-def port_ranger_installation_to_ambari():
- print('preparing advanged configurations for ranger')
- flag_ranger_admin_present, ranger_admin_properties_from_file = get_ranger_admin_install_properties()
- if flag_ranger_admin_present:
- print('ranger admin service is installed, making configurations as required by ambari.')
- if create_ranger_service_in_ambari():
- print('ranger service is added sucessfully in ambari')
- if create_ranger_service_components_in_ambari('RANGER_ADMIN'):
- print('ranger service component is added successfully in ambari')
- if register_ranger_admin_host_in_ambari():
- print('ranger admin host is registered successfully in ambari')
- if add_advanced_ranger_configurations(1, ranger_admin_properties_from_file):
- print('ranger-admin advanced configurations added successfully in ambari, kindly run ranger-usersync to complete ranger service install')
- else:
- print('ranger advanced configurations added failed in ambari')
- else:
- print('ranger admin host registration failed in ambari')
- else:
- print('ranger service component add failed in ambari')
- else:
- print('ranger service add failed in ambari')
- else:
- print('ranger admin and usersync services are not installed, not importing configurations to ambari.')
-
-
-def port_ranger_usersync_installation_to_ambari():
- print ('preparing configurations for ranger user-sync')
- flag_ranger_usersync_present, ranger_usersync_properties_from_file = get_ranger_usersync_install_properties()
- if flag_ranger_usersync_present:
- print('ranger usersync service is installed, making configurations as required by ambari.')
- if create_ranger_service_components_in_ambari('RANGER_USERSYNC'):
- print('ranger service component is added successfully in ambari')
- if register_ranger_usersync_host_in_ambari():
- print('ranger usersync host is registered successfully in ambari')
- if add_advanced_ranger_configurations(2, ranger_usersync_properties_from_file):
- print('ranger advanced configurations added successfully in ambari')
- if call_ranger_installed():
- print('ranger service installed successfully in ambari.')
- else:
- print('ranger service install failed in ambari')
- else:
- print('ranger advanced configurations added failed in ambari')
- else:
- print('ranger usersync host registration failed in ambari')
- else:
- print('ranger service add failed in ambari')
- else:
- print('ranger admin and usersync services are not installed, not importing configurations to ambari.')
-
-
-def create_ranger_service_in_ambari():
- print('creating ranger service in ambari')
- ranger_create_url = ambari_service_url + '/' + ranger_service_name
- request_result = call_ambari_api(ranger_create_url, 'POST', ambari_username_password, '')
- if request_result is not None:
- response_code = request_result.getcode()
- response = json.loads(json.JSONEncoder().encode(request_result.read()))
- if (response_code == 201 and response is not None):
- print('ranger service created successfully in ambari.')
- return True
- elif (response_code == 409 and response is not None):
- print('ranger service is already created in ambari.')
- return True
- else:
- print('ranger service creation failed in ambari.')
- return False
-
-def create_ranger_service_components_in_ambari(ranger_service_component_name):
- print('adding ranger servcie components in ambari')
- ranger_service_components = '{"components":[{"ServiceComponentInfo":{"component_name":"' + ranger_service_component_name + '"}}]}'
- print('creating ranger service in ambari')
- ranger_service_component_create_url = ambari_service_url + '?ServiceInfo/service_name=' + ranger_service_name
- request_result = call_ambari_api(ranger_service_component_create_url, 'POST', ambari_username_password, ranger_service_components)
- if request_result is not None:
- response_code = request_result.getcode()
- response = json.loads(json.JSONEncoder().encode(request_result.read()))
- if (response_code == 201 and response is not None):
- print('ranger service component : ' + ranger_service_component_name + ', created successfully in ambari.')
- return True
- elif (response_code == 409 and response is not None):
- print('ranger service component : ' + ranger_service_component_name + ', is already present in ambari.')
- return True
- else:
- print('ranger service component creation for : ' + ranger_service_component_name + ', failed in ambari.')
- return False
-
-def register_ranger_admin_host_in_ambari():
- print('adding ranger servcie components in ambari')
- print('creating ranger admin service in ambari')
- ranger_service_component_create_url = ambari_cluster_url + '/hosts/' + ranger_admin_fqdn + '/host_components/' + admin_component_name
- request_result = call_ambari_api(ranger_service_component_create_url, 'POST', ambari_username_password, '')
- if request_result is not None:
- response_code = request_result.getcode()
- response = json.loads(json.JSONEncoder().encode(request_result.read()))
- if response_code == 201 and response is not None:
- print('ranger admin host registered successfully in ambari.')
- return True
- elif (response_code == 409 and response is not None):
- print('ranger admin host is already registered ambari.')
- return True
- else:
- print('ranger admin host registration failed in ambari.')
- return False
-
-
-def register_ranger_usersync_host_in_ambari():
- print('adding ranger servcie components in ambari')
- print('creating ranger admin service in ambari')
- ranger_host_register_url = ambari_cluster_url + '/hosts/' + ranger_admin_fqdn + '/host_components/' + usersync_component_name
- request_result = call_ambari_api(ranger_host_register_url, 'POST', ambari_username_password, '')
- if request_result is not None:
- response_code = request_result.getcode()
- response = json.loads(json.JSONEncoder().encode(request_result.read()))
- if (response_code == 201 and response is not None):
- print('ranger usersync host registered successfully in ambari.')
- return True
- elif (response_code == 409 and response is not None):
- print('ranger usersync host is already registered ambari.')
- return True
- else:
- print('ranger usersync host registration failed in ambari.')
- return False
-
-
-def add_advanced_ranger_configurations(add_admin_or_usersync, ranger_service_properties_from_file):
- print('creating advanced configurations to be added to ambari.')
- ranger_config_data = ''
- advanced_admin_properties = dict()
- advanced_ranger_site_properties = dict()
- advanced_ranger_env_properties = dict()
- advanced_user_sync_properties = dict()
- date_time_stamp = getDateTimeNow()
-
- if (add_admin_or_usersync == 1):
- if not ((str(ranger_service_properties_from_file['db_root_password']).strip() == '') or
- (str(ranger_service_properties_from_file['db_root_user']).strip() == '' )) :
- advanced_admin_properties['DB_FLAVOR'] = ranger_service_properties_from_file['DB_FLAVOR']
- advanced_admin_properties['SQL_COMMAND_INVOKER'] = ranger_service_properties_from_file['SQL_COMMAND_INVOKER']
- advanced_admin_properties['SQL_CONNECTOR_JAR'] = ranger_service_properties_from_file['SQL_CONNECTOR_JAR']
- advanced_admin_properties['db_root_user'] = ranger_service_properties_from_file['db_root_user']
- advanced_admin_properties['db_root_password'] = ranger_service_properties_from_file['db_root_password']
- advanced_admin_properties['db_host'] = ranger_service_properties_from_file['db_host']
- advanced_admin_properties['db_name'] = ranger_service_properties_from_file['db_name']
- advanced_admin_properties['db_user'] = ranger_service_properties_from_file['jdbc.user']
- advanced_admin_properties['db_password'] = ranger_service_properties_from_file['jdbc.password']
- advanced_admin_properties['audit_db_name'] = ranger_service_properties_from_file['audit_db_name']
- advanced_admin_properties['audit_db_user'] = ranger_service_properties_from_file['auditDB.jdbc.user']
- advanced_admin_properties['audit_db_password'] = ranger_service_properties_from_file['auditDB.jdbc.password']
- advanced_admin_properties['policymgr_external_url'] = ranger_service_properties_from_file['xa.webapp.url.root']
- advanced_admin_properties['policymgr_http_enabled'] = ranger_service_properties_from_file['http.enabled']
- advanced_admin_properties['authentication_method'] = get_authentication_method()
- advanced_admin_properties['remoteLoginEnabled'] = ranger_service_properties_from_file.get('remoteLoginEnabled','false')
- advanced_admin_properties['authServiceHostName'] = ranger_service_properties_from_file.get('authServiceHostName','localhost')
- advanced_admin_properties['authServicePort'] = ranger_service_properties_from_file.get('authServicePort','5151')
- advanced_admin_properties['xa_ldap_url'] = ranger_service_properties_from_file['xa_ldap_url']
- advanced_admin_properties['xa_ldap_userDNpattern'] = ranger_service_properties_from_file['xa_ldap_userDNpattern']
- advanced_admin_properties['xa_ldap_groupSearchBase'] = ranger_service_properties_from_file['xa_ldap_groupSearchBase']
- advanced_admin_properties['xa_ldap_groupSearchFilter'] = ranger_service_properties_from_file['xa_ldap_groupSearchFilter']
- advanced_admin_properties['xa_ldap_groupRoleAttribute'] = ranger_service_properties_from_file['xa_ldap_groupRoleAttribute']
- advanced_admin_properties['xa_ldap_ad_domain'] = ranger_service_properties_from_file['xa_ldap_ad_domain']
- advanced_admin_properties['xa_ldap_ad_url'] = ranger_service_properties_from_file['xa_ldap_ad_url']
-
- advanced_ranger_site_properties['HTTP_SERVICE_PORT'] = ranger_service_properties_from_file['http.service.port']
- advanced_ranger_site_properties['HTTPS_SERVICE_PORT'] = ranger_service_properties_from_file['https.service.port']
- advanced_ranger_site_properties['HTTPS_KEYSTORE_FILE'] = ranger_service_properties_from_file['https.attrib.keystoreFile']
- advanced_ranger_site_properties['HTTPS_KEYSTORE_PASS'] = ranger_service_properties_from_file['https.attrib.keystorePass']
- advanced_ranger_site_properties['HTTPS_KEY_ALIAS'] = ranger_service_properties_from_file['https.attrib.keyAlias']
- advanced_ranger_site_properties['HTTPS_CLIENT_AUTH'] = ranger_service_properties_from_file['https.attrib.clientAuth']
- advanced_ranger_site_properties['HTTP_ENABLED'] = ranger_service_properties_from_file['http.enabled']
-
- advanced_ranger_env_properties['ranger_user'] = 'ranger'
- advanced_ranger_env_properties['ranger_group'] = 'ranger'
- advanced_ranger_env_properties['ranger_admin_log_dir'] = '/var/log/ranger/admin'
- advanced_ranger_env_properties['ranger_usersync_log_dir'] = '/var/log/ranger/usersync'
- advanced_ranger_env_properties['ranger_admin_username'] = 'amb_ranger_admin'
- advanced_ranger_env_properties['ranger_admin_password'] = 'ambari123'
- advanced_ranger_env_properties['admin_password'] = 'admin'
-
- ranger_config_data = '[{"Clusters":{"desired_config":[{"type":"admin-properties", "service_config_version_note": "Initial configuration for Ranger Admin service" ,"tag":"' + str(
- date_time_stamp) + '","properties":' + json.dumps(
- advanced_admin_properties) + ', "properties_attributes": {"final": "true"}},{"type":"ranger-site", "service_config_version_note": "Initial configuration for Ranger Admin service" ,"tag":"' + str(
- date_time_stamp) + '","properties":' + json.dumps(
- advanced_ranger_site_properties) + ', "properties_attributes": {"final": "false"}},{"type":"ranger-env", "service_config_version_note": "Initial configuration for Ranger Admin service" ,"tag":"' + str(
- date_time_stamp) + '","properties":' + json.dumps(advanced_ranger_env_properties) + ', "properties_attributes": {"final": "false"}}]}}]'
-
-
- print ('####################### admin_properties configuration :')
- for each_key in advanced_admin_properties:
- print str(each_key) + ' = ' + str(advanced_admin_properties[each_key])
-
- print ('####################### ranger_site_properties configuration :')
- for each_key in advanced_ranger_site_properties:
- print str(each_key) + ' = ' + str(advanced_ranger_site_properties[each_key])
-
- print ('####################### ranger_env_properties configuration :')
- for each_key in advanced_ranger_env_properties:
- print str(each_key) + ' = ' + str(advanced_ranger_env_properties[each_key])
-
-
- else:
- print('either db_root_user or db_root_password value is missing from ranger_admin_install.properties file, please set appropriate value and run the script again.')
- sys.exit(1)
-
- elif (add_admin_or_usersync == 2):
- advanced_user_sync_properties['SYNC_SOURCE'] = ranger_service_properties_from_file['SYNC_SOURCE']
- advanced_user_sync_properties['MIN_UNIX_USER_ID_TO_SYNC'] = ranger_service_properties_from_file['usergroupSync.unix.minUserId']
- advanced_user_sync_properties['SYNC_INTERVAL'] = ranger_service_properties_from_file['usergroupSync.sleepTimeInMillisBetweenSyncCycle']
- advanced_user_sync_properties['SYNC_LDAP_URL'] = ranger_service_properties_from_file['ldapGroupSync.ldapUrl'] \
- if str(ranger_service_properties_from_file['SYNC_SOURCE']).strip().lower() == 'ldap' else ' '
- advanced_user_sync_properties['SYNC_LDAP_BIND_DN'] = ranger_service_properties_from_file['ldapGroupSync.ldapBindDn'] \
- if str(ranger_service_properties_from_file['SYNC_SOURCE']).strip().lower() == 'ldap' else ' '
- advanced_user_sync_properties['SYNC_LDAP_BIND_PASSWORD'] = ranger_service_properties_from_file['ldapGroupSync.ldapBindPassword'] \
- if str(ranger_service_properties_from_file['SYNC_SOURCE']).strip().lower() == 'ldap' else ' '
- advanced_user_sync_properties['CRED_KEYSTORE_FILENAME'] = ranger_service_properties_from_file['ldapGroupSync.ldapBindKeystore']
- advanced_user_sync_properties['SYNC_LDAP_USER_SEARCH_BASE'] = ranger_service_properties_from_file['ldapGroupSync.userSearchBase'] \
- if str(ranger_service_properties_from_file['SYNC_SOURCE']).strip().lower() == 'ldap' else ' '
- advanced_user_sync_properties['SYNC_LDAP_USER_SEARCH_SCOPE'] = ranger_service_properties_from_file['ldapGroupSync.userSearchScope']
- advanced_user_sync_properties['SYNC_LDAP_USER_OBJECT_CLASS'] = ranger_service_properties_from_file['ldapGroupSync.userObjectClass']
- advanced_user_sync_properties['SYNC_LDAP_USER_SEARCH_FILTER'] = ranger_service_properties_from_file['ldapGroupSync.userSearchFilter'] \
- if str(ranger_service_properties_from_file['SYNC_SOURCE']).strip().lower() == 'ldap' else ' '
- advanced_user_sync_properties['SYNC_LDAP_USER_NAME_ATTRIBUTE'] = ranger_service_properties_from_file['ldapGroupSync.userNameAttribute']
- advanced_user_sync_properties['SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE'] = ranger_service_properties_from_file['ldapGroupSync.userGroupNameAttribute']
- advanced_user_sync_properties['SYNC_LDAP_USERNAME_CASE_CONVERSION'] = ranger_service_properties_from_file['ldapGroupSync.username.caseConversion']
- advanced_user_sync_properties['SYNC_LDAP_GROUPNAME_CASE_CONVERSION'] = ranger_service_properties_from_file['ldapGroupSync.groupname.caseConversion']
- advanced_user_sync_properties['logdir'] = ranger_service_properties_from_file['logdir']
-
- ranger_config_data = '[{"Clusters":{"desired_config":[{"type":"usersync-properties", "service_config_version_note": "Initial configuration for Ranger Usersync service" ,"tag":"' + str(
- date_time_stamp) + '","properties":' + json.dumps(advanced_user_sync_properties) + ', "properties_attributes": {"final": "false"}}]}}]'
-
- print ('####################### user_sync_properties configuration :')
- for each_key in advanced_user_sync_properties:
- print str(each_key) + ' = ' + str(advanced_user_sync_properties[each_key])
-
- else:
- print ('invalid option for to add configuration to ranger.')
- sys.exit(1)
-
-
- confirm_configurations = raw_input('please confirm the above configuration values y/n (n) : ')
- if(confirm_configurations == ''):
- confirm_configurations = 'n'
- print ('input registered as ' + str(confirm_configurations))
-
- if(confirm_configurations.lower() == 'y'):
- ranger_config_request_url = ambari_cluster_url
- request_result = call_ambari_api(ranger_config_request_url, 'PUT', ambari_username_password, str(ranger_config_data))
- if request_result is not None:
- response_code = request_result.getcode()
- response = json.loads(json.JSONEncoder().encode(request_result.read()))
- if response_code == 200 and response is not None:
- print('ranger advanced configuration added successfully in ambari.')
- return True
- else:
- print('ranger advanced configuration add failed in ambari.')
- return False
- else:
- print('ranger advanced configuration add failed in ambari.')
- return False
- else:
- print ('exiting installation without configuration !')
- sys.exit(0)
-
-
-def call_ranger_installed():
- print('changing state of ranger services from init to installed.')
- ranger_state_change_request = '{"RequestInfo":{"context":"Install Ranger Service","operation_level":{"level":"CLUSTER","cluster_name":"' + str(
- cluster_name) + '"}},"Body":{"ServiceInfo":{"state":"INSTALLED"}}}'
- ranger_state_change_url = ambari_service_url + '?ServiceInfo/state=INIT'
- request_result = call_ambari_api(ranger_state_change_url, 'PUT', ambari_username_password, ranger_state_change_request)
- if request_result is not None:
- response_code = request_result.getcode()
- response = json.loads(json.JSONEncoder().encode(request_result.read()))
- if (response_code == 200 and response is not None):
- print('ranger state changed to install successfully in ambari.')
- return True
- if (response_code == 409 and response is not None):
- print('ranger is already installed in ambari.')
- return True
- if response_code == 202 and response is not None:
- print('ranger state changed to install posted in ambari, checking for updated status waiting for 30 seconds')
- parsed_response = json.loads(response)
- response_href_url = parsed_response['href']
- response_request_id = parsed_response['Requests']['id']
- response_status = parsed_response['Requests']['status']
- if response_status != 'Installed':
- print('Received response but status is not installed, verifying installation to be successful.')
- flag_ranger_installed = True
- time.sleep(30)
- while flag_ranger_installed:
- print('checking request status')
- ambari_request_url = ambari_cluster_url + '/requests/' + str(response_request_id)
- request_status_result = call_ambari_api(ambari_request_url, 'GET', ambari_username_password, '')
- if request_status_result is not None:
- response_code = request_status_result.getcode()
- response_status = json.loads(json.JSONEncoder().encode(request_status_result.read()))
- if (response_code == 200 and 'FAILED' in response_status):
- print('ranger install failed in ambari.')
- flag_ranger_installed = True
- if (response_code == 200 ):
- print('ranger install is pending in ambari.')
- flag_ranger_installed = True
- if (response_code == 200 and ('PENDING' in response_status or 'INTERNAL_REQUEST' in response_status)):
- print('ranger install is pending in ambari.')
- flag_ranger_installed = True
- if (response_code == 200 and 'COMPLETED' in response_status):
- print('ranger installed successfully in ambari.')
- flag_ranger_installed = False
- else:
- flag_ranger_installed = True
- return not flag_ranger_installed
- else:
- print('ranger state changed to install failed in ambari.')
- return False
-
-
-def get_ranger_usersync_install_properties():
- print('preparing advanced configurations for ranger User-sync')
- flag_hadoop_present = check_hadoop_dir_present(hdp_current_dir)
- flag_ranger_usersync_present = False
- ranger_usersync_current_dir = os.path.join(hdp_current_dir, 'ranger-usersync')
- ranger_usersync_properties_from_file = dict()
- print('checking for ranger-usersync service to be present')
- flag_ranger_usersync_present, ranger_usersync__installed_version = check_ranger_usersync_install(ranger_usersync_current_dir)
- if flag_ranger_usersync_present:
- print('ranger usersync is installed, getting existing properties for ambari import')
- print('got ranger usersync values from install.properties file, need to configure ambari for ranger service.')
- ranger_usersync_properties_from_file = get_additional_properties_for_usersync(ranger_usersync_properties_from_file)
- return flag_ranger_usersync_present, ranger_usersync_properties_from_file
-
-
-def get_ranger_admin_install_properties():
- ranger_admin_current_dir = os.path.join(hdp_current_dir, 'ranger-admin')
- flag_hadoop_present = check_hadoop_dir_present(hdp_current_dir)
- flag_ranger_admin_present = False
- ranger_admin_properties_from_file = dict()
-
- if flag_hadoop_present:
- print('hadoop directory is present, checking ranger admin installation.')
- flag_ranger_admin_present, ranger_admin_installed_version = check_ranger_admin_install(ranger_admin_current_dir)
-
- if flag_ranger_admin_present:
- print('ranger admin is present.getting existing configurations to port to ambari.')
- if os.path.isfile("ranger_admin_install.properties"):
- print('ranger_install_properties_path exists, getting existing properties for ambari port')
- ranger_admin_properties_from_file = import_properties_from_file("ranger_admin_install.properties")
- if not (ranger_admin_properties_from_file['db_root_user'] == '' or ranger_admin_properties_from_file['db_root_password'] == ''):
- print 'db_root_username and db_root_password are not blank.'
- print 'value for db_root_user = ' + str(ranger_admin_properties_from_file['db_root_user'])
- print 'value for db_root_password = ' + str(ranger_admin_properties_from_file['db_root_password'])
- else:
- print 'db_root_username or db_root_password are blank, please provide proper values in ranger_admin_install.properties. exiting installation without any changes.'
- sys.exit(1)
-
- print('got ranger admin values from ranger_admin_install.properties file, need to configure ambari for ranger service.')
- print('getting additional properties required by ranger services')
- ranger_admin_properties_from_file = get_additional_properties_for_admin(ranger_admin_properties_from_file)
-
- return flag_ranger_admin_present, ranger_admin_properties_from_file
-
-
-def check_hadoop_dir_present(hdp_current_dir_path):
- flag_hadoop_dir_present = False
- if os.path.isdir(hdp_current_dir_path):
- print('hadoop is installed.')
- flag_hadoop_dir_present = True
- return flag_hadoop_dir_present
-
-
-def check_ranger_admin_install(ranger_admin_current_dir):
- flag_ranger_dir_present = False
- ranger_current_installed_version = ''
- print('checking ranger service path folder')
- if os.path.isdir(ranger_admin_current_dir):
- print('ranger admin is installed.')
- if os.path.islink(ranger_admin_current_dir):
- flag_ranger_dir_present = True
- print('ranger admin link found getting current version from link.')
- ranger_home_path = os.path.realpath(ranger_admin_current_dir)
- ranger_current_installed_version = ranger_home_path.split('/')[4]
- return flag_ranger_dir_present, ranger_current_installed_version
-
-
-def check_ranger_usersync_install(ranger_usersync_current_dir):
- flag_ranger_dir_present = False
- ranger_current_installed_version = ''
- print('checking ranger service path folder')
- if os.path.isdir(ranger_usersync_current_dir):
- print('ranger user-sync is installed.')
- if os.path.islink(ranger_usersync_current_dir):
- flag_ranger_dir_present = True
- print('ranger admin link found getting current version from link.')
- ranger_home_path = os.path.realpath(ranger_usersync_current_dir)
- ranger_current_installed_version = ranger_home_path.split('/')[4]
- return flag_ranger_dir_present, ranger_current_installed_version
-
-
-def get_additional_properties_for_admin(ranger_admin_properties_from_file):
- ranger_conf_path = '/etc/ranger/admin/conf'
- ranger_webserver_properties_path = os.path.join(ranger_conf_path, 'ranger_webserver.properties')
- ranger_ldap_properties_path = os.path.join(ranger_conf_path, 'xa_ldap.properties')
- ranger_system_properties_path = os.path.join(ranger_conf_path, 'xa_system.properties')
- ranger_unixauth_properties_path = os.path.join(ranger_conf_path, 'ranger_jaas', 'unixauth.properties')
- try:
- ranger_admin_properties_from_file = import_properties_from_file(ranger_webserver_properties_path, ranger_admin_properties_from_file)
- ranger_admin_properties_from_file = import_properties_from_file(ranger_ldap_properties_path, ranger_admin_properties_from_file)
- ranger_admin_properties_from_file = import_properties_from_file(ranger_system_properties_path, ranger_admin_properties_from_file)
- ranger_admin_properties_from_file = import_properties_from_file(ranger_unixauth_properties_path, ranger_admin_properties_from_file)
- except Exception, e:
- print "Error loading property files: ", str(e)
-
- print('getting db flavor, library and command invoker')
- xa_system_properties_db_dialect = ranger_admin_properties_from_file['jdbc.dialect']
- print('xa_system_properties_db_dialect = ' + xa_system_properties_db_dialect)
- xa_system_properties_url = ranger_admin_properties_from_file['jdbc.url']
- print('xa_system_properties_url = ' + xa_system_properties_url)
- if ('mysql'.lower() in xa_system_properties_db_dialect.lower() and 'mysql'.lower() in xa_system_properties_url.lower()):
- print('db dialect and jdbc url are set as MYSQL setting db_flavour and sql command invoker as mysql')
- ranger_admin_properties_from_file['DB_FLAVOR'] = 'MYSQL'
- ranger_admin_properties_from_file['SQL_COMMAND_INVOKER'] = 'mysql'
- ranger_admin_properties_from_file['SQL_CONNECTOR_JAR'] = '/usr/share/java/mysql-connector-java.jar'
- elif ('oracle'.lower() in xa_system_properties_db_dialect and 'oracle'.lower() in xa_system_properties_url.lower()):
- print('db dialect and jdbc url are set as Oracle setting db_flavour and sql command invoker as oracle')
- ranger_admin_properties_from_file['DB_FLAVOR'] = 'ORACLE'
- ranger_admin_properties_from_file['SQL_COMMAND_INVOKER'] = 'sqlplus'
- ranger_admin_properties_from_file['SQL_CONNECTOR_JAR'] = '/usr/share/java/ojdbc6.jar'
- else:
- print('found unsupported DB_FLAVOUR, please configure as MYSQL or ORACLE, which are supported for now.exitting for now')
- sys.exit(1)
-
- xa_system_properties_jdbc_url = ranger_admin_properties_from_file['jdbc.url']
- print('found jdbc url configured as : ' + str(xa_system_properties_jdbc_url) + ' , getting db host from configured jdbc url')
- xa_database_host_name = xa_system_properties_jdbc_url.split(':')
- xa_database_host = xa_database_host_name[3].split('/')[2]
- xa_database_name = xa_database_host_name[3].split('/')[3]
- print('found db host as : ' + str(xa_database_host))
- print('found db name as : ' + str(xa_database_name))
- ranger_admin_properties_from_file['db_host'] = xa_database_host
- ranger_admin_properties_from_file['db_name'] = xa_database_name
-
- xa_system_properties_audit_jdbc_url = ranger_admin_properties_from_file['auditDB.jdbc.url']
- print('found audit jdbc url configured as : ' + str(xa_system_properties_audit_jdbc_url) + ' , getting db host from configured jdbc url')
- xa_audit_database_host_name = xa_system_properties_audit_jdbc_url.split(':')
-
- xa_audit_database_host = xa_audit_database_host_name[3].split('/')[2]
- xa_audit_database_name = xa_audit_database_host_name[3].split('/')[3]
- print('found xa_audit_database_name as : ' + str(xa_audit_database_name))
- ranger_admin_properties_from_file['audit_db_host'] = xa_audit_database_host
- ranger_admin_properties_from_file['audit_db_name'] = xa_audit_database_name
-
- xa_db_password = ''
- xa_audit_db_password = ''
-
- libpath = os.path.join(hdp_version_dir, 'ranger-admin', 'cred', 'lib', '*')
- aliasKey = 'policydb.jdbc.password'
- aliasValue = ''
- filepath = os.path.join(hdp_version_dir, 'ranger-admin', 'ews', 'webapp', 'WEB-INF', 'classes', 'conf', '.jceks', 'rangeradmin.jceks')
-
- getorcreateorlist = 'get'
-
- statuscode, value = call_keystore(libpath, aliasKey, aliasValue, filepath, getorcreateorlist)
- if statuscode == 0:
- xa_db_password = value.strip()
-
- aliasKey = 'auditdb.jdbc.password'
- statuscode, value = call_keystore(libpath, aliasKey, aliasValue, filepath, getorcreateorlist)
- if statuscode == 0:
- xa_audit_db_password = value.strip()
-
- ranger_admin_properties_from_file['jdbc.password'] = xa_db_password
- ranger_admin_properties_from_file['auditDB.jdbc.password'] = xa_audit_db_password
- return ranger_admin_properties_from_file
-
-
-def get_additional_properties_for_usersync(ranger_usersync_properties_from_file):
- ranger_conf_path = '/etc/ranger/usersync/conf'
- unix_auth_properties_path = os.path.join(ranger_conf_path, 'unixauthservice.properties')
- ranger_usersync_properties_from_file = import_properties_from_file(unix_auth_properties_path, ranger_usersync_properties_from_file)
- if (('unix'.lower()) in str(ranger_usersync_properties_from_file['usergroupSync.source.impl.class']).lower()):
- print('sync_source is unix')
- ranger_usersync_properties_from_file['SYNC_SOURCE'] = 'unix'
- if (('ldap'.lower()) in str(ranger_usersync_properties_from_file['usergroupSync.source.impl.class']).lower()):
- print('sync source is ldap')
- ranger_usersync_properties_from_file['SYNC_SOURCE'] = 'ldap'
- return ranger_usersync_properties_from_file
-
-
-def port_ranger_hdfs_plugin_to_ambari():
- print('Trying to add ranger hdfs plugin.')
- flag_hdfs_plugin_installed, hdfs_plugin_install_properties, hdfs_site_xml_properties = get_hdfs_plugin_configuration()
- if flag_hdfs_plugin_installed and hdfs_plugin_install_properties is not None and hdfs_site_xml_properties is not None:
- hdfs_site_xml_properties['dfs.permissions.enabled'] = 'true'
- print('hdfs plugin is installed and enabled, adding to configurations')
- advanced_ranger_hdfs_plugin_properties = dict()
-
- advanced_ranger_hdfs_plugin_properties['policy_user'] = 'ambari-qa'
- advanced_ranger_hdfs_plugin_properties['hadoop.rpc.protection'] = '-'
- advanced_ranger_hdfs_plugin_properties['common.name.for.certificate'] = '-'
- advanced_ranger_hdfs_plugin_properties['ranger-hdfs-plugin-enabled'] = 'Yes'
- advanced_ranger_hdfs_plugin_properties['REPOSITORY_CONFIG_USERNAME'] = 'hadoop'
- advanced_ranger_hdfs_plugin_properties['REPOSITORY_CONFIG_PASSWORD'] = 'hadoop'
- advanced_ranger_hdfs_plugin_properties['XAAUDIT.DB.IS_ENABLED'] = hdfs_plugin_install_properties['xasecure.audit.db.is.enabled']
- advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.IS_ENABLED'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.is.enabled']
- advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.destination.directory']
- advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.directory']
- advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.directory']
- advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.destination.file']
- advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.destination.flush.interval.seconds']
- advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = hdfs_plugin_install_properties[
- 'xasecure.audit.hdfs.config.destination.rollover.interval.seconds']
- advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = hdfs_plugin_install_properties[
- 'xasecure.audit.hdfs.config.destination.open.retry.interval.seconds']
- advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.file']
- advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds']
- advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = hdfs_plugin_install_properties[
- 'xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds']
- advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.max.file.count']
- advanced_ranger_hdfs_plugin_properties['SSL_KEYSTORE_FILE_PATH'] = hdfs_plugin_install_properties['xasecure.policymgr.clientssl.keystore']
- advanced_ranger_hdfs_plugin_properties['SSL_KEYSTORE_PASSWORD'] = hdfs_plugin_install_properties['xasecure.policymgr.clientssl.keystore.password']
- advanced_ranger_hdfs_plugin_properties['SSL_TRUSTSTORE_FILE_PATH'] = hdfs_plugin_install_properties['xasecure.policymgr.clientssl.truststore']
- advanced_ranger_hdfs_plugin_properties['SSL_TRUSTSTORE_PASSWORD'] = hdfs_plugin_install_properties['xasecure.policymgr.clientssl.truststore.password']
-
- date_time_stamp = getDateTimeNow()
- plugin_configuration_data = '[{"Clusters":{"desired_config":[{"type":"hdfs-site", "service_config_version_note": "Initial configuration for Ranger HDFS plugin" ,"tag":"' + str(date_time_stamp) + '","properties":' + str(
- json.dumps(hdfs_site_xml_properties)) + ', "properties_attributes": {"final": "false"}},{"type": "ranger-hdfs-plugin-properties", "service_config_version_note": "Initial configuration for Ranger HDFS plugin" , "tag": "' + str(
- date_time_stamp) + '", "properties":' + json.dumps(advanced_ranger_hdfs_plugin_properties) + ',"properties_attributes": {"final": "false"}}]}}]'
-
- print ('####################### hdfs_site_xml configuration :')
- for each_key in hdfs_site_xml_properties:
- print str(each_key) + ' = ' + str(hdfs_site_xml_properties[each_key])
-
- print ('####################### ranger_hdfs_plugin_properties configuration :')
- for each_key in advanced_ranger_hdfs_plugin_properties:
- print str(each_key) + ' = ' + str(advanced_ranger_hdfs_plugin_properties[each_key])
-
- confirm_configurations = raw_input('please confirm the above configuration values y/n (n) : ')
- if(confirm_configurations == ''):
- confirm_configurations = 'n'
- print ('Input registered as ' + str(confirm_configurations))
-
-
- if(confirm_configurations.lower() == 'y'):
- ranger_config_request_url = ambari_cluster_url
- request_result = call_ambari_api(ranger_config_request_url, 'PUT', ambari_username_password, str(plugin_configuration_data))
- if request_result is not None:
- response_code = request_result.getcode()
- response = json.loads(json.JSONEncoder().encode(request_result.read()))
- if response_code == 200 and response is not None:
- print('ranger hdfs plugin configuration added successfully in ambari.')
- return True
- else:
- print('ranger hdfs plugin configuration add failed in ambari.')
- return False
- else:
- print('ranger hdfs plugin configuration add failed in ambari.')
- return False
- else:
- print ('exiting installation without configuration !')
- sys.exit(0)
- else:
- print('ranger hdfs plugin configuration add failed in ambari.')
- return False
-
-
-
-def port_ranger_hive_plugin_to_ambari():
- print('Trying to add ranger hive plugin.')
- flag_hive_plugin_installed, hive_plugin_install_properties, hive_server2_xml_properties = get_hive_plugin_configuration()
- if flag_hive_plugin_installed and hive_plugin_install_properties is not None and hive_server2_xml_properties is not None:
- hive_server2_xml_properties['hive.security.authorization.enabled'] = 'true'
- hive_server2_xml_properties['hive.security.authorization.manager'] = 'com.xasecure.authorization.hive.authorizer.XaSecureHiveAuthorizerFactory'
- hive_server2_xml_properties['hive.security.authenticator.manager'] = 'org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator'
- hive_server2_xml_properties['hive.conf.restricted.list'] = 'hive.security.authorization.enabled, hive.security.authorization.manager,hive.security.authenticator.manager'
- print('hive plugin is installed and enabled, adding to configurations')
- advanced_ranger_hive_plugin_properties = dict()
-
- advanced_ranger_hive_plugin_properties['policy_user'] = 'ambari-qa'
- advanced_ranger_hive_plugin_properties['jdbc.driverClassName'] = 'org.apache.hive.jdbc.HiveDriver'
- advanced_ranger_hive_plugin_properties['common.name.for.certificate'] = '-'
- advanced_ranger_hive_plugin_properties['ranger-hive-plugin-enabled'] = 'Yes'
- advanced_ranger_hive_plugin_properties['REPOSITORY_CONFIG_USERNAME'] = 'hive'
- advanced_ranger_hive_plugin_properties['REPOSITORY_CONFIG_PASSWORD'] = 'hive'
- advanced_ranger_hive_plugin_properties['XAAUDIT.DB.IS_ENABLED'] = hive_plugin_install_properties['xasecure.audit.db.is.enabled']
- advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.IS_ENABLED'] = hive_plugin_install_properties['xasecure.audit.hdfs.is.enabled']
- advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.destination.directory']
- advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.directory']
- advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.directory']
- advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.destination.file']
- advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.destination.flush.interval.seconds']
- advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = hive_plugin_install_properties[
- 'xasecure.audit.hdfs.config.destination.rollover.interval.seconds']
- advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = hive_plugin_install_properties[
- 'xasecure.audit.hdfs.config.destination.open.retry.interval.seconds']
- advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.file']
- advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds']
- advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = hive_plugin_install_properties[
- 'xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds']
- advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.max.file.count']
- advanced_ranger_hive_plugin_properties['SSL_KEYSTORE_FILE_PATH'] = hive_plugin_install_properties['xasecure.policymgr.clientssl.keystore']
- advanced_ranger_hive_plugin_properties['SSL_KEYSTORE_PASSWORD'] = hive_plugin_install_properties['xasecure.policymgr.clientssl.keystore.password']
- advanced_ranger_hive_plugin_properties['SSL_TRUSTSTORE_FILE_PATH'] = hive_plugin_install_properties['xasecure.policymgr.clientssl.truststore']
- advanced_ranger_hive_plugin_properties['SSL_TRUSTSTORE_PASSWORD'] = hive_plugin_install_properties['xasecure.policymgr.clientssl.truststore.password']
- advanced_ranger_hive_plugin_properties['UPDATE_XAPOLICIES_ON_GRANT_REVOKE'] = hive_plugin_install_properties['xasecure.hive.update.xapolicies.on.grant.revoke']
-
- date_time_stamp = getDateTimeNow()
- plugin_configuration_data = '[{"Clusters":{"desired_config":[{"type":"hiveserver2-site", "service_config_version_note": "Initial configuration for Ranger HIVE plugin" ,"tag":"' + str(date_time_stamp) + '","properties":' + str(
- json.dumps(hive_server2_xml_properties)) + ', "properties_attributes": {"final": "false"}},{"type": "ranger-hive-plugin-properties", "service_config_version_note": "Initial configuration for Ranger HIVE plugin" ,"tag":"' + str(
- date_time_stamp) + '", "properties":' + json.dumps(advanced_ranger_hive_plugin_properties) + ',"properties_attributes": {"final": "false"}}]}}]'
-
-
- print ('####################### hive_server2_xml configuration :')
- for each_key in hive_server2_xml_properties:
- print str(each_key) + ' = ' + str(hive_server2_xml_properties[each_key])
-
- print ('####################### ranger_hive_plugin_properties configuration :')
- for each_key in advanced_ranger_hive_plugin_properties:
- print str(each_key) + ' = ' + str(advanced_ranger_hive_plugin_properties[each_key])
-
- confirm_configurations = raw_input('please confirm the above configuration values y/n (n) : ')
- if(confirm_configurations == ''):
- confirm_configurations = 'n'
- print ('Input registered as ' + str(confirm_configurations))
-
-
- if(confirm_configurations.lower() == 'y'):
- ranger_config_request_url = ambari_cluster_url
- request_result = call_ambari_api(ranger_config_request_url, 'PUT', ambari_username_password, str(plugin_configuration_data))
- if request_result is not None:
- response_code = request_result.getcode()
- response = json.loads(json.JSONEncoder().encode(request_result.read()))
- if response_code == 200 and response is not None:
- print('ranger hive plugin configuration added successfully in ambari.')
- return True
- else:
- print('ranger hive plugin configuration add failed in ambari.')
- return False
- else:
- print('ranger hive plugin configuration add failed in ambari.')
- return False
- else:
- print ('exiting installation without configuration !')
- sys.exit(0)
- else:
- print('ranger hive plugin configuration add failed in ambari.')
- return False
-
-
-
-def port_ranger_hbase_plugin_to_ambari():
- print('Trying to add ranger Hbase plugin.')
- flag_hbase_plugin_installed, hbase_plugin_install_properties, hbase_site_xml_properties = get_hbase_plugin_configuration()
- if flag_hbase_plugin_installed and hbase_plugin_install_properties is not None and hbase_site_xml_properties is not None:
- print('Hbase plugin is installed and enabled, adding to configurations')
- advanced_ranger_hbase_plugin_properties = dict()
-
- advanced_ranger_hbase_plugin_properties['policy_user'] = 'ambari-qa'
- advanced_ranger_hbase_plugin_properties['common.name.for.certificate'] = '-'
- advanced_ranger_hbase_plugin_properties['ranger-hbase-plugin-enabled'] = 'Yes'
- advanced_ranger_hbase_plugin_properties['REPOSITORY_CONFIG_USERNAME'] = 'hbase'
- advanced_ranger_hbase_plugin_properties['REPOSITORY_CONFIG_PASSWORD'] = 'hbase'
- advanced_ranger_hbase_plugin_properties['XAAUDIT.DB.IS_ENABLED'] = hbase_plugin_install_properties['xasecure.audit.db.is.enabled']
- advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.IS_ENABLED'] = hbase_plugin_install_properties['xasecure.audit.hdfs.is.enabled']
- advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.destination.directory']
- advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.directory']
- advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.directory']
- advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.destination.file']
- advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.destination.flush.interval.seconds']
- advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = hbase_plugin_install_properties[
- 'xasecure.audit.hdfs.config.destination.rollover.interval.seconds']
- advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = hbase_plugin_install_properties[
- 'xasecure.audit.hdfs.config.destination.open.retry.interval.seconds']
- advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.file']
- advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds']
- advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = hbase_plugin_install_properties[
- 'xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds']
- advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.max.file.count']
- advanced_ranger_hbase_plugin_properties['SSL_KEYSTORE_FILE_PATH'] = hbase_plugin_install_properties['xasecure.policymgr.clientssl.keystore']
- advanced_ranger_hbase_plugin_properties['SSL_KEYSTORE_PASSWORD'] = hbase_plugin_install_properties['xasecure.policymgr.clientssl.keystore.password']
- advanced_ranger_hbase_plugin_properties['SSL_TRUSTSTORE_FILE_PATH'] = hbase_plugin_install_properties['xasecure.policymgr.clientssl.truststore']
- advanced_ranger_hbase_plugin_properties['SSL_TRUSTSTORE_PASSWORD'] = hbase_plugin_install_properties['xasecure.policymgr.clientssl.truststore.password']
- advanced_ranger_hbase_plugin_properties['UPDATE_XAPOLICIES_ON_GRANT_REVOKE'] = hbase_plugin_install_properties['xasecure.hbase.update.xapolicies.on.grant.revoke']
-
- date_time_stamp = getDateTimeNow()
- plugin_configuration_data = '[{"Clusters":{"desired_config":[{"type":"hbase-site", "service_config_version_note": "Initial configuration for Ranger HBASE plugin" ,"tag":"' + str(date_time_stamp) + '","properties":' + str(
- json.dumps(hbase_site_xml_properties)) + ', "properties_attributes": {"final": "false"}},{"type": "ranger-hbase-plugin-properties","service_config_version_note": "Initial configuration for Ranger HBASE plugin" ,"tag":"' + str(
- date_time_stamp) + '", "properties":' + json.dumps(advanced_ranger_hbase_plugin_properties) + ',"properties_attributes": {"final": "false"}}]}}]'
-
- print ('####################### hbase_site_xml configuration :')
- for each_key in hbase_site_xml_properties:
- print str(each_key) + ' = ' + str(hbase_site_xml_properties[each_key])
-
- print ('####################### ranger_hbase_plugin_properties configuration :')
- for each_key in advanced_ranger_hbase_plugin_properties:
- print str(each_key) + ' = ' + str(advanced_ranger_hbase_plugin_properties[each_key])
-
- confirm_configurations = raw_input('please confirm the above configuration values y/n (n) : ')
- if(confirm_configurations == ''):
- confirm_configurations = 'n'
- print ('Input registered as ' + str(confirm_configurations))
-
-
- if(confirm_configurations.lower() == 'y'):
- ranger_config_request_url = ambari_cluster_url
- request_result = call_ambari_api(ranger_config_request_url, 'PUT', ambari_username_password, str(plugin_configuration_data))
- if request_result is not None:
- response_code = request_result.getcode()
- response = json.loads(json.JSONEncoder().encode(request_result.read()))
- if response_code == 200 and response is not None:
- print('ranger hbase plugin configuration added successfully in ambari.')
- return True
- else:
- print('ranger hbase plugin configuration add failed in ambari.')
- return False
- else:
- print ('ranger hbase plugin configuration add failed in ambari.')
- return False
- else:
- print ('exiting installation without configuration !')
- sys.exit(0)
- else:
- print ('ranger hbase plugin configuration add failed in ambari.')
- return False
-
-
-
-def port_ranger_knox_plugin_to_ambari():
- print('trying to add ranger knox plugin.')
- flag_knox_plugin_installed, knox_plugin_install_properties = get_knox_plugin_configuration()
- if flag_knox_plugin_installed and knox_plugin_install_properties is not None:
- print('Knox plugin is installed and enabled, adding to configurations')
- advanced_ranger_knox_plugin_properties = dict()
-
- advanced_ranger_knox_plugin_properties['policy_user'] = 'ambari-qa'
- advanced_ranger_knox_plugin_properties['common.name.for.certificate'] = '-'
- advanced_ranger_knox_plugin_properties['ranger-knox-plugin-enabled'] = 'Yes'
- advanced_ranger_knox_plugin_properties['REPOSITORY_CONFIG_USERNAME'] = 'admin'
- advanced_ranger_knox_plugin_properties['REPOSITORY_CONFIG_PASSWORD'] = 'admin-password'
- advanced_ranger_knox_plugin_properties['KNOX_HOME'] = '/usr/hdp/current/knox-server'
- advanced_ranger_knox_plugin_properties['XAAUDIT.DB.IS_ENABLED'] = knox_plugin_install_properties['xasecure.audit.db.is.enabled']
- advanced_ranger_knox_plugin_properties['XAAUDIT.HDFS.IS_ENABLED'] = knox_plugin_install_properties['xasecure.audit.hdfs.is.enabled']
- advanced_ranger_knox_plugin_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = knox_plugin_install_properties['xasecure.audit.hdfs.config.destination.directory']
- advanced_ranger_knox_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = knox_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.directory']
- advanced_ranger_knox_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = knox_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.directory']
- advanced_ranger_knox_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = knox_plugin_install_properties['xasecure.audit.hdfs.config.destination.file']
- advanced_ranger_knox_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = knox_plugin_install_properties['xasecure.audit.hdfs.config.destination.flush.interval.seconds']
- advanced_ranger_knox_plugin_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = knox_plugin_install_properties[
- 'xasecure.audit.hdfs.config.destination.rollover.interval.seconds']
- advanced_ranger_knox_plugin_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = knox_plugin_install_properties[
- 'xasecure.audit.hdfs.config.destination.open.retry.interval.seconds']
- advanced_ranger_knox_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = knox_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.file']
- advanced_ranger_knox_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = knox_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds']
- advanced_ranger_knox_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = knox_plugin_install_properties[
- 'xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds']
- advanced_ranger_knox_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = knox_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.max.file.count']
-
- knox_ssl_keystore_password = ''
- knox_ssl_truststore_password = ''
-
- libpath = os.path.join(hdp_version_dir, 'ranger-knox-plugin', 'install', 'lib', '*')
- aliasKey = 'sslkeystore'
- aliasValue = ''
- filepath = os.path.join('/etc/ranger', knox_plugin_install_properties['xasecure.audit.repository.name'], 'cred.jceks')
- getorcreateorlist = 'get'
-
- statuscode, value = call_keystore(libpath, aliasKey, aliasValue, filepath, getorcreateorlist)
- if statuscode == 0:
- knox_ssl_keystore_password = value.strip()
-
- aliasKey = 'ssltruststore'
- statuscode, value = call_keystore(libpath, aliasKey, aliasValue, filepath, getorcreateorlist)
- if statuscode == 0:
- knox_ssl_truststore_password = value.strip()
-
- advanced_ranger_knox_plugin_properties['SSL_KEYSTORE_FILE_PATH'] = knox_plugin_install_properties['xasecure.policymgr.clientssl.keystore']
- advanced_ranger_knox_plugin_properties['SSL_KEYSTORE_PASSWORD'] = knox_ssl_keystore_password
- advanced_ranger_knox_plugin_properties['SSL_TRUSTSTORE_FILE_PATH'] = knox_plugin_install_properties['xasecure.policymgr.clientssl.truststore']
- advanced_ranger_knox_plugin_properties['SSL_TRUSTSTORE_PASSWORD'] = knox_ssl_truststore_password
-
- date_time_stamp = getDateTimeNow()
- plugin_configuration_data = '[{"Clusters":{"desired_config":[{"type": "ranger-knox-plugin-properties", "service_config_version_note": "Initial configuration for Ranger KNOX plugin" ,"tag":"' + str(date_time_stamp) + '", "properties":' + json.dumps(
- advanced_ranger_knox_plugin_properties) + ',"properties_attributes": {"final": "false"}}]}}]'
-
- print ('####################### ranger_knox_plugin_properties configuration :')
- for each_key in advanced_ranger_knox_plugin_properties:
- print str(each_key) + ' = ' + str(advanced_ranger_knox_plugin_properties[each_key])
-
- confirm_configurations = raw_input('please confirm the above configuration values y/n (n) : ')
- if(confirm_configurations == ''):
- confirm_configurations = 'n'
- print ('input registered as ' + str(confirm_configurations))
-
-
- if(confirm_configurations.lower() == 'y'):
- ranger_config_request_url = ambari_cluster_url
- request_result = call_ambari_api(ranger_config_request_url, 'PUT', ambari_username_password, str(plugin_configuration_data))
- if request_result is not None:
- response_code = request_result.getcode()
- response = json.loads(json.JSONEncoder().encode(request_result.read()))
- if response_code == 200 and response is not None:
- print('ranger knox plugin configuration added successfully in ambari.')
- return True
- else:
- print('ranger knox plugin configuration add failed in ambari.')
- return False
- else:
- print('ranger knox plugin configuration add failed in ambari.')
- return False
- else:
- print ('exiting installation without configuration !')
- sys.exit(0)
- else:
- print('ranger knox plugin configuration add failed in ambari.')
- return False
-
-
-def port_ranger_storm_plugin_to_ambari():
- print('Trying to add ranger storm plugin.')
- flag_storm_plugin_installed, storm_plugin_install_properties = get_storm_plugin_configuration()
- if flag_storm_plugin_installed and storm_plugin_install_properties is not None:
- print('Storm plugin is installed and enabled, adding to configurations')
- advanced_ranger_storm_plugin_properties = dict()
-
- advanced_ranger_storm_plugin_properties['policy_user'] = 'storm'
- advanced_ranger_storm_plugin_properties['common.name.for.certificate'] = '-'
- advanced_ranger_storm_plugin_properties['ranger-storm-plugin-enabled'] = 'Yes'
- advanced_ranger_storm_plugin_properties['REPOSITORY_CONFIG_USERNAME'] = 'stormtestuser@EXAMPLE.COM'
- advanced_ranger_storm_plugin_properties['REPOSITORY_CONFIG_PASSWORD'] = 'stormtestuser'
- advanced_ranger_storm_plugin_properties['XAAUDIT.DB.IS_ENABLED'] = storm_plugin_install_properties['xasecure.audit.db.is.enabled']
- advanced_ranger_storm_plugin_properties['XAAUDIT.HDFS.IS_ENABLED'] = storm_plugin_install_properties['xasecure.audit.hdfs.is.enabled']
- advanced_ranger_storm_plugin_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = storm_plugin_install_properties['xasecure.audit.hdfs.config.destination.directory']
- advanced_ranger_storm_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = storm_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.directory']
- advanced_ranger_storm_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = storm_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.directory']
- advanced_ranger_storm_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = storm_plugin_install_properties['xasecure.audit.hdfs.config.destination.file']
- advanced_ranger_storm_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = storm_plugin_install_properties['xasecure.audit.hdfs.config.destination.flush.interval.seconds']
- advanced_ranger_storm_plugin_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = storm_plugin_install_properties[
- 'xasecure.audit.hdfs.config.destination.rollover.interval.seconds']
- advanced_ranger_storm_plugin_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = storm_plugin_install_properties[
- 'xasecure.audit.hdfs.config.destination.open.retry.interval.seconds']
- advanced_ranger_storm_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = storm_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.file']
- advanced_ranger_storm_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = storm_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds']
- advanced_ranger_storm_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = storm_plugin_install_properties[
- 'xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds']
- advanced_ranger_storm_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = storm_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.max.file.count']
- advanced_ranger_storm_plugin_properties['SSL_KEYSTORE_FILE_PATH'] = storm_plugin_install_properties['xasecure.policymgr.clientssl.keystore']
- advanced_ranger_storm_plugin_properties['SSL_KEYSTORE_PASSWORD'] = storm_plugin_install_properties['xasecure.policymgr.clientssl.keystore.password']
- advanced_ranger_storm_plugin_properties['SSL_TRUSTSTORE_FILE_PATH'] = storm_plugin_install_properties['xasecure.policymgr.clientssl.truststore']
- advanced_ranger_storm_plugin_properties['SSL_TRUSTSTORE_PASSWORD'] = storm_plugin_install_properties['xasecure.policymgr.clientssl.truststore.password']
-
- date_time_stamp = getDateTimeNow()
- plugin_configuration_data = '[{"Clusters":{"desired_config":[{"type": "ranger-storm-plugin-properties", "service_config_version_note": "Initial configuration for Ranger STORM plugin" ,"tag":"' + str(date_time_stamp) + '", "properties":' + json.dumps(
- advanced_ranger_storm_plugin_properties) + ',"properties_attributes": {"final": "false"}}]}}]'
-
- print ('####################### ranger_storm_plugin_properties configuration :')
- for each_key in advanced_ranger_storm_plugin_properties:
- print str(each_key) + ' = ' + str(advanced_ranger_storm_plugin_properties[each_key])
-
- confirm_configurations = raw_input('please confirm the above configuration values y/n (n) : ')
- if(confirm_configurations == ''):
- confirm_configurations = 'n'
- print ('Input registered as ' + str(confirm_configurations))
-
-
- if(confirm_configurations.lower() == 'y'):
- ranger_config_request_url = ambari_cluster_url
- request_result = call_ambari_api(ranger_config_request_url, 'PUT', ambari_username_password, str(plugin_configuration_data))
- if request_result is not None:
- response_code = request_result.getcode()
- response = json.loads(json.JSONEncoder().encode(request_result.read()))
- if response_code == 200 and response is not None:
- print('ranger storm plugin configuration added successfully in ambari.')
- return True
- else:
- print('ranger storm plugin configuration add failed in ambari.')
- return False
- else:
- print('ranger storm plugin configuration add failed in ambari.')
- return False
- else:
- print ('exiting installation without configuration !')
- sys.exit(0)
- else:
- print('ranger storm plugin configuration add failed in ambari.')
- return False
-
-
-
-def get_hdfs_plugin_configuration():
- flag_hdfs_plugin_installed = False
- hdfs_plugin_install_properties = dict()
- print('hdfs plugin is present and installed to ranger,getting additional properties from installed files .')
- base_hadoop_conf_path = '/etc/hadoop/conf/'
- hdfs_site_xml_path = os.path.join(base_hadoop_conf_path, 'hdfs-site.xml')
- hdfs_site_xml_properties = import_properties_from_xml(hdfs_site_xml_path)
- xasecure_audit_xml_path = os.path.join(base_hadoop_conf_path, 'xasecure-audit.xml')
- hdfs_plugin_install_properties = import_properties_from_xml(xasecure_audit_xml_path, hdfs_plugin_install_properties)
- xasecure_hdfs_security_xml_path = os.path.join(base_hadoop_conf_path, 'xasecure-hdfs-security.xml')
- hdfs_plugin_install_properties = import_properties_from_xml(xasecure_hdfs_security_xml_path, hdfs_plugin_install_properties)
- xasecure_policy_ssl_xml_path = os.path.join(base_hadoop_conf_path, 'xasecure-policymgr-ssl.xml')
- hdfs_plugin_install_properties = import_properties_from_xml(xasecure_policy_ssl_xml_path, hdfs_plugin_install_properties)
- flag_plugin_installed = check_plugin_enabled('hdfs', hdfs_plugin_install_properties)
- if(flag_plugin_installed):
- flag_hdfs_plugin_installed = True
- return flag_hdfs_plugin_installed, hdfs_plugin_install_properties, hdfs_site_xml_properties
-
-
-def get_hive_plugin_configuration():
- flag_hive_plugin_installed = False
- hive_plugin_install_properties = dict()
- print('hive plugin is present and installed to ranger, configuring to setup in ambari.')
- base_hive_conf_path = '/etc/hive/conf/'
- hive_server2_xml_path = os.path.join(base_hive_conf_path, 'hiveserver2-site.xml')
- hive_server2_xml_properties = import_properties_from_xml(hive_server2_xml_path)
- xasecure_audit_xml_path = os.path.join(base_hive_conf_path, 'xasecure-audit.xml')
- hive_plugin_install_properties = import_properties_from_xml(xasecure_audit_xml_path, hive_plugin_install_properties)
- xasecure_hive_security_xml_path = os.path.join(base_hive_conf_path, 'xasecure-hive-security.xml')
- hive_plugin_install_properties = import_properties_from_xml(xasecure_hive_security_xml_path, hive_plugin_install_properties)
- xasecure_policy_ssl_xml_path = os.path.join(base_hive_conf_path, 'xasecure-policymgr-ssl.xml')
- hive_plugin_install_properties = import_properties_from_xml(xasecure_policy_ssl_xml_path, hive_plugin_install_properties)
- hive_security_xml_path = os.path.join(base_hive_conf_path, 'xasecure-hive-security.xml')
- hive_plugin_install_properties = import_properties_from_xml(hive_security_xml_path, hive_plugin_install_properties)
- flag_plugin_installed = check_plugin_enabled('hive', hive_plugin_install_properties)
- if(flag_plugin_installed):
- flag_hive_plugin_installed = True
- return flag_hive_plugin_installed, hive_plugin_install_properties, hive_server2_xml_properties
-
-
-def get_hbase_plugin_configuration():
- flag_hbase_plugin_installed = False
- hbase_plugin_install_properties = dict()
- print('hbase plugin is present and installed to ranger, configuring to setup in ambari.')
- base_hbase_conf_path = '/etc/hbase/conf/'
- hbase_site_xml_path = os.path.join(base_hbase_conf_path, 'hbase-site.xml')
- hbase_site_xml_properties = import_properties_from_xml(hbase_site_xml_path)
- xasecure_audit_xml_path = os.path.join(base_hbase_conf_path, 'xasecure-audit.xml')
- hbase_plugin_install_properties = import_properties_from_xml(xasecure_audit_xml_path, hbase_plugin_install_properties)
- xasecure_hbase_security_xml_path = os.path.join(base_hbase_conf_path, 'xasecure-hbase-security.xml')
- hbase_plugin_install_properties = import_properties_from_xml(xasecure_hbase_security_xml_path, hbase_plugin_install_properties)
- xasecure_policy_ssl_xml_path = os.path.join(base_hbase_conf_path, 'xasecure-policymgr-ssl.xml')
- hbase_plugin_install_properties = import_properties_from_xml(xasecure_policy_ssl_xml_path, hbase_plugin_install_properties)
- hbase_security_xml_path = os.path.join(base_hbase_conf_path, 'xasecure-hbase-security.xml')
- hbase_plugin_install_properties = import_properties_from_xml(hbase_security_xml_path, hbase_plugin_install_properties)
- flag_plugin_installed = check_plugin_enabled('hbase', hbase_plugin_install_properties)
- if(flag_plugin_installed):
- flag_hbase_plugin_installed = True
- return flag_hbase_plugin_installed, hbase_plugin_install_properties, hbase_site_xml_properties
-
-
-def get_knox_plugin_configuration():
- flag_knox_plugin_installed = False
- knox_plugin_install_properties = dict()
- print('knox plugin is present and installed to ranger, configuring to setup in ambari.')
- base_knox_conf_path = '/etc/knox/conf/'
- xasecure_audit_xml_path = os.path.join(base_knox_conf_path, 'xasecure-audit.xml')
- knox_plugin_install_properties = import_properties_from_xml(xasecure_audit_xml_path, knox_plugin_install_properties)
- xasecure_knox_security_xml_path = os.path.join(base_knox_conf_path, 'xasecure-knox-security.xml')
- knox_plugin_install_properties = import_properties_from_xml(xasecure_knox_security_xml_path, knox_plugin_install_properties)
- xasecure_policy_ssl_xml_path = os.path.join(base_knox_conf_path, 'xasecure-policymgr-ssl.xml')
- knox_plugin_install_properties = import_properties_from_xml(xasecure_policy_ssl_xml_path, knox_plugin_install_properties)
- flag_plugin_installed = check_plugin_enabled('knox', knox_plugin_install_properties)
- if(flag_plugin_installed):
- flag_knox_plugin_installed = True
- return flag_knox_plugin_installed, knox_plugin_install_properties
-
-
-
-def get_storm_plugin_configuration():
- flag_storm_plugin_installed = False
- storm_plugin_install_properties = dict()
- print('storm plugin is present and installed to ranger, configuring to setup in ambari.')
- base_knox_conf_path = '/etc/storm/conf/'
- xasecure_audit_xml_path = os.path.join(base_knox_conf_path, 'xasecure-audit.xml')
- storm_plugin_install_properties = import_properties_from_xml(xasecure_audit_xml_path, storm_plugin_install_properties)
- xasecure_storm_security_xml_path = os.path.join(base_knox_conf_path, 'xasecure-storm-security.xml')
- storm_plugin_install_properties = import_properties_from_xml(xasecure_storm_security_xml_path, storm_plugin_install_properties)
- xasecure_policy_ssl_xml_path = os.path.join(base_knox_conf_path, 'xasecure-policymgr-ssl.xml')
- storm_plugin_install_properties = import_properties_from_xml(xasecure_policy_ssl_xml_path, storm_plugin_install_properties)
- flag_plugin_installed = check_plugin_enabled('storm', storm_plugin_install_properties)
- if(flag_plugin_installed):
- flag_storm_plugin_installed = True
- return flag_storm_plugin_installed, storm_plugin_install_properties
-
-
-
-
-def check_plugin_enabled(component_name, component_plugin_install_properties):
- flag_plugin_installed = False
- if not (str(component_plugin_install_properties['xasecure.audit.repository.name']).strip() == ''):
- repo_base_path = os.path.join('/etc/ranger', component_plugin_install_properties['xasecure.audit.repository.name'])
- print('repo_base_path = ' + str(repo_base_path))
- if os.path.exists(repo_base_path):
- print('Plugin is installed for component ' + component_name)
- flag_plugin_installed = True
- return flag_plugin_installed
-
-
-def call_ambari_api(ambari_url, method, username_password, data):
- try:
- url = ambari_url
- base64string = base64.encodestring('{0}'.format(username_password)).replace('\n', '')
- headers = {"X-Requested-By": "ambari"}
- request = urllib2.Request(url, data, headers, 'compressed')
- request.get_method = lambda: method
- request.add_header("Authorization", "Basic {0}".format(base64string))
- result = urllib2.urlopen(request)
- return result
- except urllib2.URLError, e:
- if isinstance(e, urllib2.HTTPError):
- print("HTTP Code: {0}".format(e.code))
- print("HTTP Data: {0}".format(e.read()))
- return e
- else:
- print("Error: {0}".format(e.reason))
- print ('ambari server is not reachable, please make sure valid ambari server url has been provided and ambari server is started.')
- return e
- except httplib.BadStatusLine:
- print("ambari service is not reachable, please restart the service and then try again")
- return None
-
-
-def import_properties_from_file(install_properties_path, properties_from_file=None):
- if properties_from_file is None:
- print('properties_from_file is none initializing to dict')
- properties_from_file = dict()
- if os.path.isfile(install_properties_path):
- install_properties_file = open(install_properties_path)
- for each_line in install_properties_file.read().split('\n'):
- each_line = each_line.strip()
- if len(each_line) == 0: continue
- if '#https.service.port' in each_line:
- each_line = each_line.strip('#')
- if '#' in each_line: continue
- key, value = each_line.strip().split("=", 1)
- key = key.strip()
- value = value.strip()
- properties_from_file[key] = value
- else:
- print('Property file not found at path : ' + str(install_properties_path))
- return properties_from_file
-
-
-def import_properties_from_xml(xml_path, properties_from_xml=None):
- print('getting values from file : ' + str(xml_path))
- if os.path.isfile(xml_path):
- xml = ET.parse(xml_path)
- root = xml.getroot()
- if properties_from_xml is None:
- properties_from_xml = dict()
- for child in root.findall('property'):
- name = child.find("name").text.strip()
- value = child.find("value").text.strip() if child.find("value").text is not None else ""
- properties_from_xml[name] = value
- else:
- print('XML file not found at path : ' + str(xml_path))
- return properties_from_xml
-
-
-def get_authentication_method():
- print('Getting authentication method for ranger services')
- ranger_conf_path = '/etc/ranger/admin/conf'
- security_appln_context_path = os.path.join(ranger_conf_path,'security-applicationContext.xml')
- print ('security_appln_context_path = ' + security_appln_context_path)
- app_context_xml_tree = ET.parse(security_appln_context_path)
- app_context_xml_root = app_context_xml_tree.getroot()
- reference_auth_method = None
- authentication_method = None
- for child_nodes in app_context_xml_root.getiterator():
- if( ('authentication-provider' in str(child_nodes.tag)) and not('-ref' in str(child_nodes.attrib)) ):
- reference_auth_method = child_nodes.attrib['ref']
-
- if( reference_auth_method is not None and 'jaasAuthProvider' in reference_auth_method):
- authentication_method = 'UNIX'
- elif( reference_auth_method is not None and 'activeDirectoryAuthenticationProvider' in reference_auth_method):
- authentication_method = 'ACTIVE_DIRECTORY'
- elif( reference_auth_method is not None and 'ldapAuthProvider' in reference_auth_method):
- authentication_method = 'LDAP'
- else:
- authentication_method = 'NONE'
-
- return authentication_method
-
-
-
-def call_keystore(libpath, aliasKey, aliasValue, filepath, getorcreateorlist):
- finalLibPath = libpath.replace('\\', '/').replace('//', '/')
- finalFilePath = 'jceks://file/' + filepath.replace('\\', '/').replace('//', '/')
- if getorcreateorlist == 'create':
- commandtorun = ['java', '-cp', finalLibPath, 'com.hortonworks.credentialapi.buildks', 'create', aliasKey, '-value', aliasValue, '-provider', finalFilePath]
- p = Popen(commandtorun, stdin=PIPE, stdout=PIPE, stderr=PIPE)
- output, error = p.communicate()
- statuscode = p.returncode
- return statuscode
- elif getorcreateorlist == 'get':
- commandtorun = ['java', '-cp', finalLibPath, 'com.hortonworks.credentialapi.buildks', 'get', aliasKey, '-provider', finalFilePath]
- p = Popen(commandtorun, stdin=PIPE, stdout=PIPE, stderr=PIPE)
- output, error = p.communicate()
- statuscode = p.returncode
- return statuscode, output
- elif getorcreateorlist == 'list':
- commandtorun = ['java', '-cp', finalLibPath, 'org.apache.ranger.credentialapi.buildks', 'list', '-provider', finalFilePath]
- p = Popen(commandtorun, stdin=PIPE, stdout=PIPE, stderr=PIPE)
- output, error = p.communicate()
- statuscode = p.returncode
- return statuscode, output
- else:
- print('proper command not received for input need get or create')
-
-
-def get_hdp_version():
- return_code = -1
- hdp_output = ''
- hdp_version = None
- match = None
- statuscode = -1
- try:
- command_to_run = 'hdp-select status hadoop-client'
- output = Popen(command_to_run, stdin=PIPE, stdout=PIPE, stderr=PIPE, shell=True)
- return_code, error = output.communicate()
- statuscode = output.returncode
- except Exception, e:
- print('Error : ' + str(e))
- if statuscode == 0:
- hdp_version = re.sub('hadoop-client - ', '', return_code)
- hdp_version = hdp_version.rstrip()
- match = re.match('[0-9]+.[0-9]+.[0-9]+.[0-9]+-[0-9]+', hdp_version)
- print ('hdp_version = ' + hdp_version)
- else:
- print('Unable to determine the current version because of a non-zero return code of {0}'.format(str(return_code)))
-
- if match is None:
- print('Failed to get extracted version')
- return None
- else:
- return hdp_version
-
-def getDateTimeNow():
- return datetime.datetime.now().strftime("%Y%m%d%H%M%S")
-
-
-if __name__ == '__main__':
-
-
- if len(sys.argv) > 1:
- function_to_call = sys.argv[1] if len(sys.argv) > 1 else None
- base_url = sys.argv[2] if len(sys.argv) > 2 else None
- print ('base url = ' + base_url)
- ambari_username_password = sys.argv[3] if len(sys.argv) > 3 else None
- print ('ambari_username_password = ' + ambari_username_password)
- cluster_name = sys.argv[4] if len(sys.argv) > 4 else None
- print ('cluster_name = ' + cluster_name)
- ranger_admin_fqdn = sys.argv[5] if len(sys.argv) > 5 else None
- print ('ranger_admin_fqdn = ' + ranger_admin_fqdn)
- ranger_service_name = 'RANGER'
- admin_component_name = 'RANGER_ADMIN'
- usersync_component_name = 'RANGER_USERSYNC'
- ambari_cluster_url = str(base_url) + '/api/v1/clusters/' + str(cluster_name)
- ambari_service_url = str(ambari_cluster_url) + '/services'
- hdp_dir = os.path.join('/usr', 'hdp')
- hdp_current_dir = os.path.join(hdp_dir, 'current')
- hdp_version = get_hdp_version()
- print('Found hdp_version = ' + str(hdp_version))
- hdp_version_dir = os.path.join(hdp_dir, hdp_version)
- if function_to_call is not None and len(function_to_call) > 0:
- print('Found first argument as : ' + function_to_call)
- function_to_call = int(function_to_call)
- if function_to_call == 1:
- print('Porting ranger admin installation details to ambari.')
- port_ranger_installation_to_ambari()
- elif function_to_call == 2:
- print('Porting ranger User-sync installation details to ambari.')
- port_ranger_usersync_installation_to_ambari()
- elif function_to_call == 3:
- print('Porting ranger hdfs plugin details to ambari.')
- port_ranger_hdfs_plugin_to_ambari()
- elif function_to_call == 4:
- print('Porting ranger Hive plugin details to ambari.')
- port_ranger_hive_plugin_to_ambari()
- elif function_to_call == 5:
- print('Porting ranger Hbase plugin details to ambari.')
- port_ranger_hbase_plugin_to_ambari()
- elif function_to_call == 6:
- print('Porting ranger Knox plugin details to ambari.')
- port_ranger_knox_plugin_to_ambari()
- elif function_to_call == 7:
- print('Porting ranger Storm plugin details to ambari.')
- port_ranger_storm_plugin_to_ambari()
- else:
- print ('Unsupported option passed for installation, please pass proper supported option')
-
- else:
- print('Usage :'
- '\n python import_ranger_to_ambari.py {install option eg. 1} { ambari server url (eg. http://100.100.100.100:8080) } {ambari server username password (eg. demo_user:demo_pass) } {cluster name (eg. ambari_cluster)} {FQDN of host having Ranger Admin or Ranger Usersync or plugins installe (eg. ambari.server.com)} '
- '\n Actual call will be like : python ranger_port_script.py 1 http://100.100.100.100:8080 demo_user:demo_pass ambari_cluster ambari.server.com'
- '\n Pass first parameter as 1 for Ranger integration with Ambari.'
- '\n Pass first parameter as 2 for Ranger User-sync integration with Ambari.'
- '\n Pass first parameter as 3 for Ranger Hdfs Plugin integration with Ambari.'
- '\n Pass first parameter as 4 for Ranger Hive Plugin integration with Ambari.'
- '\n Pass first parameter as 5 for Ranger Hbase Plugin integration with Ambari.'
- '\n Pass first parameter as 6 for Ranger Knox Plugin integration with Ambari.'
- '\n Pass first parameter as 7 for Ranger Storm Plugin integration with Ambari.')
-
- sys.exit(0)
-
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/416e13a7/migration-util/bin/ranger_admin_install.properties
----------------------------------------------------------------------
diff --git a/migration-util/bin/ranger_admin_install.properties b/migration-util/bin/ranger_admin_install.properties
deleted file mode 100755
index f892a60..0000000
--- a/migration-util/bin/ranger_admin_install.properties
+++ /dev/null
@@ -1,33 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#
-# This file provides list of deployment variables for the Policy Manager Web Application to be migrated to Ambari server
-#
-
-# Below are the mandatory parameters, required to be filled in by the user.
-
-#
-# DB password for the DB admin user-id
-#
-# For example:
-# db_root_user=root
-# db_root_user=SYS
-#
-# Mandatory properties for migration to be filled by user prior to migration.
-# db_root_user = needs to be updated by user before running the migration script.
-# db_root_password = needs to be updated by user before running the migration script.
-db_root_user=
-db_root_password=
[06/14] incubator-ranger git commit: RANGER-594 User friendly error
messages for policy validation error failures and unify error processing for
all 3 types validations
Posted by ma...@apache.org.
RANGER-594 User friendly error messages for policy validation error failures and unify error processing for all 3 types validations
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/79bd7e3c
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/79bd7e3c
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/79bd7e3c
Branch: refs/heads/tag-policy
Commit: 79bd7e3c8dd5903c5ed2089416cb33ef4d566cf7
Parents: 68a4352
Author: Alok Lal <al...@apache.org>
Authored: Tue Aug 4 10:38:44 2015 -0700
Committer: Alok Lal <al...@apache.org>
Committed: Wed Aug 5 13:21:39 2015 -0700
----------------------------------------------------------------------
.../plugin/errors/ValidationErrorCode.java | 25 ++
.../model/validation/RangerPolicyValidator.java | 361 +++++++------------
.../validation/RangerServiceDefValidator.java | 67 ++--
.../validation/RangerServiceValidator.java | 45 +--
.../validation/ValidationFailureDetails.java | 21 +-
.../ValidationFailureDetailsBuilder.java | 2 +-
.../TestValidationFailureDetails.java | 55 ---
7 files changed, 185 insertions(+), 391 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/79bd7e3c/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java b/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
index c40efc9..b458394 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
@@ -60,6 +60,31 @@ public enum ValidationErrorCode {
SERVICE_DEF_VALIDATION_ERR_ENUM_DEF_NO_VALUES(2018, "enum [{0}] does not have any elements"),
SERVICE_DEF_VALIDATION_ERR_ENUM_DEF_INVALID_DEFAULT_INDEX(2019, "default index[{0}] for enum [{1}] is invalid"),
SERVICE_DEF_VALIDATION_ERR_ENUM_DEF_NULL_ENUM_ELEMENT(2020, "An enum element in enum element collection of enum [{0}] is null"),
+
+ // POLICY VALIDATION
+ POLICY_VALIDATION_ERR_UNSUPPORTED_ACTION(3001, "Internal error: method signature isValid(Long) is only supported for DELETE"),
+ POLICY_VALIDATION_ERR_MISSING_FIELD(3002, "Internal error: missing field[{0}]"),
+ POLICY_VALIDATION_ERR_NULL_POLICY_OBJECT(3003, "Internal error: policy object passed in was null"),
+ POLICY_VALIDATION_ERR_INVALID_POLICY_ID(3004, "Invalid policy id provided for update: no policy found for id[{0}]"),
+ POLICY_VALIDATION_ERR_POLICY_NAME_MULTIPLE_POLICIES_WITH_SAME_NAME(3005, "Internal error: multiple policies found with the name[{0}]"),
+ POLICY_VALIDATION_ERR_POLICY_NAME_CONFLICT(3006, "id/name conflict: another policy already exists with name[{0}] for service[{1}, its id is[{2}]"),
+ POLICY_VALIDATION_ERR_INVALID_SERVICE_NAME(3007, "no service found with name[{0}]"),
+ POLICY_VALIDATION_ERR_MISSING_POLICY_ITEMS(3008, "at least one policy item must be specified if audit isn't enabled"),
+ POLICY_VALIDATION_ERR_MISSING_SERVICE_DEF(3009, "Internal error: Service def[{0}] of policy's service[{1}] does not exist!"),
+ POLICY_VALIDATION_ERR_DUPLICATE_POLICY_RESOURCE(3010, "another policy[{0}] with matching resources[{1}] exists for service[{2}]!"),
+ POLICY_VALIDATION_ERR_INVALID_RESOURCE_NO_COMPATIBLE_HIERARCHY(3011, "policy resources [{0}] are not compatible with any resource hierarchy for service def[{1}]! Valid hierarchies are: {2}"),
+ POLICY_VALIDATION_ERR_INVALID_RESOURCE_MISSING_MANDATORY(3012, "policy is missing required resources. Mandatory resources of potential hierarchies are: {0}"),
+ POLICY_VALIDATION_ERR_NULL_RESOURCE_DEF(3013, "Internal error: a resource-def on resource def collection of service-def[{0}] was null"),
+ POLICY_VALIDATION_ERR_MISSING_RESOURCE_DEF_NAME(3014, "Internal error: name of a resource-def on resource def collection of service-def[{0}] was null"),
+ POLICY_VALIDATION_ERR_EXCLUDES_NOT_SUPPORTED(3015, "isExcludes specified as [{0}] for resource [{1}] which doesn't support isExcludes"),
+ POLICY_VALIDATION_ERR_EXCLUDES_REQUIRES_ADMIN(3016, "isExcludes specified as [{0}] for resource [{1}]. Insufficient permissions to create excludes policy."),
+ POLICY_VALIDATION_ERR_RECURSIVE_NOT_SUPPORTED(3017, "isRecursive specified as [{0}] for resource [{1}] which doesn't support isRecursive"),
+ POLICY_VALIDATION_ERR_INVALID_RESOURCE_VALUE_REGEX(3018, "Value[{0}] of resource[{1}] does not conform to the validation regex[{2}] defined on the service-def[{3}]"),
+ POLICY_VALIDATION_ERR_NULL_POLICY_ITEM(3019, "policy items object was null"),
+ POLICY_VALIDATION_ERR_MISSING_USER_AND_GROUPS(3020, "both users and user-groups collections on the policy item were null/empty"),
+ POLICY_VALIDATION_ERR_NULL_POLICY_ITEM_ACCESS(3021, "policy items access object was null"),
+ POLICY_VALIDATION_ERR_POLICY_ITEM_ACCESS_TYPE_INVALID(3022, "access type[{0}] not among valid types for service[{1}]"),
+ POLICY_VALIDATION_ERR_POLICY_ITEM_ACCESS_TYPE_DENY(3023, "access type is set to deny. Currently deny access types are not supported."),
;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/79bd7e3c/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
index 8817049..da817c6 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
@@ -25,6 +25,7 @@ import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.plugin.errors.ValidationErrorCode;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
@@ -71,19 +72,22 @@ public class RangerPolicyValidator extends RangerValidator {
boolean valid = true;
if (action != Action.DELETE) {
- failures.add(new RangerPolicyValidationErrorBuilder()
+ ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_UNSUPPORTED_ACTION;
+ failures.add(new ValidationFailureDetailsBuilder()
.isAnInternalError()
- .becauseOf("method signature isValid(Long) is only supported for DELETE")
- .errorCode(ErrorCode.InternalError_InvalidMethodInvocation)
+ .becauseOf(error.getMessage())
+ .errorCode(error.getErrorCode())
.build());
valid = false;
} else if (id == null) {
- failures.add(new RangerPolicyValidationErrorBuilder()
- .becauseOf("policy id was null/missing")
- .field("id")
- .isMissing()
- .errorCode(ErrorCode.Missing_PolicyId_Delete)
- .build());
+ ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_MISSING_FIELD;
+ failures.add(new ValidationFailureDetailsBuilder()
+ .becauseOf("policy id was null/missing")
+ .field("id")
+ .isMissing()
+ .errorCode(error.getErrorCode())
+ .becauseOf(error.getMessage("id"))
+ .build());
valid = false;
} else if (getPolicy(id) == null) {
if (LOG.isDebugEnabled()) {
@@ -107,34 +111,33 @@ public class RangerPolicyValidator extends RangerValidator {
}
boolean valid = true;
if (policy == null) {
- String message = "policy object passed in was null";
- LOG.debug(message);
- failures.add(new RangerPolicyValidationErrorBuilder()
+ ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_NULL_POLICY_OBJECT;
+ failures.add(new ValidationFailureDetailsBuilder()
.field("policy")
.isMissing()
- .becauseOf(message)
- .errorCode(ErrorCode.Missing_PolicyObject)
+ .becauseOf(error.getMessage())
+ .errorCode(error.getErrorCode())
.build());
valid = false;
} else {
Long id = policy.getId();
if (action == Action.UPDATE) { // id is ignored for CREATE
if (id == null) {
- String message = "policy id was null/empty/blank";
- LOG.debug(message);
- failures.add(new RangerPolicyValidationErrorBuilder()
+ ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_MISSING_FIELD;
+ failures.add(new ValidationFailureDetailsBuilder()
.field("id")
.isMissing()
- .becauseOf(message)
- .errorCode(ErrorCode.Missing_PolicyId_Update)
+ .becauseOf(error.getMessage("id"))
+ .errorCode(error.getErrorCode())
.build());
valid = false;
} else if (getPolicy(id) == null) {
- failures.add(new RangerPolicyValidationErrorBuilder()
+ ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_INVALID_POLICY_ID;
+ failures.add(new ValidationFailureDetailsBuilder()
.field("id")
.isSemanticallyIncorrect()
- .becauseOf("Invalid policy id provided for update: no policy found for id[" + id + "]")
- .errorCode(ErrorCode.Invalid_PolicyId)
+ .becauseOf(error.getMessage(id))
+ .errorCode(error.getErrorCode())
.build());
valid = false;
}
@@ -142,40 +145,42 @@ public class RangerPolicyValidator extends RangerValidator {
String policyName = policy.getName();
String serviceName = policy.getService();
if (StringUtils.isBlank(policyName)) {
- String message = "policy name was null/empty/blank[" + policyName + "]";
- LOG.debug(message);
- failures.add(new RangerPolicyValidationErrorBuilder()
+ ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_MISSING_FIELD;
+ failures.add(new ValidationFailureDetailsBuilder()
.field("name")
.isMissing()
- .becauseOf(message)
- .errorCode(ErrorCode.Missing_PolicyName)
+ .becauseOf(error.getMessage("name"))
+ .errorCode(error.getErrorCode())
.build());
valid = false;
} else {
List<RangerPolicy> policies = getPolicies(serviceName, policyName);
if (CollectionUtils.isNotEmpty(policies)) {
if (policies.size() > 1) {
- failures.add(new RangerPolicyValidationErrorBuilder()
+ ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_POLICY_NAME_MULTIPLE_POLICIES_WITH_SAME_NAME;
+ failures.add(new ValidationFailureDetailsBuilder()
.field("name")
.isAnInternalError()
- .becauseOf("multiple policies found with the name[" + policyName + "]")
- .errorCode(ErrorCode.InternalError_Data_MultiplePoliciesSameName)
+ .becauseOf(error.getMessage(policyName))
+ .errorCode(error.getErrorCode())
.build());
valid = false;
} else if (action == Action.CREATE) { // size == 1
- failures.add(new RangerPolicyValidationErrorBuilder()
+ ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_POLICY_NAME_CONFLICT;
+ failures.add(new ValidationFailureDetailsBuilder()
.field("policy name")
.isSemanticallyIncorrect()
- .becauseOf("A policy already exists with name[" + policyName + "] for service[" + serviceName + "]; its id is[" + policies.iterator().next().getId() + "]")
- .errorCode(ErrorCode.Duplicate_PolicyName_Create)
+ .becauseOf(error.getMessage(policyName, serviceName, policies.iterator().next().getId()))
+ .errorCode(error.getErrorCode())
.build());
valid = false;
} else if (!policies.iterator().next().getId().equals(id)) { // size == 1 && action == UPDATE
- failures.add(new RangerPolicyValidationErrorBuilder()
+ ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_POLICY_NAME_CONFLICT;
+ failures.add(new ValidationFailureDetailsBuilder()
.field("id/name")
.isSemanticallyIncorrect()
- .errorCode(ErrorCode.Duplicate_PolicyName_Update)
- .becauseOf("id/name conflict: another policy already exists with name[" + policyName + "], its id is[" + policies.iterator().next().getId() + "]")
+ .becauseOf(error.getMessage(policyName, serviceName, policies.iterator().next().getId()))
+ .errorCode(error.getErrorCode())
.build());
valid = false;
}
@@ -184,21 +189,23 @@ public class RangerPolicyValidator extends RangerValidator {
RangerService service = null;
boolean serviceNameValid = false;
if (StringUtils.isBlank(serviceName)) {
- failures.add(new RangerPolicyValidationErrorBuilder()
+ ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_MISSING_FIELD;
+ failures.add(new ValidationFailureDetailsBuilder()
.field("service name")
.isMissing()
- .errorCode(ErrorCode.Missing_ServiceName)
- .becauseOf("service name was null/empty/blank")
+ .becauseOf(error.getMessage("service name"))
+ .errorCode(error.getErrorCode())
.build());
valid = false;
} else {
service = getService(serviceName);
if (service == null) {
- failures.add(new RangerPolicyValidationErrorBuilder()
+ ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_INVALID_SERVICE_NAME;
+ failures.add(new ValidationFailureDetailsBuilder()
.field("service name")
.isSemanticallyIncorrect()
- .becauseOf("no service found with name[" + serviceName + "]")
- .errorCode(ErrorCode.Invalid_ServiceName)
+ .becauseOf(error.getMessage(serviceName))
+ .errorCode(error.getErrorCode())
.build());
valid = false;
} else {
@@ -210,24 +217,24 @@ public class RangerPolicyValidator extends RangerValidator {
RangerServiceDef serviceDef = null;
String serviceDefName = null;
if (CollectionUtils.isEmpty(policyItems) && !isAuditEnabled) {
- failures.add(new RangerPolicyValidationErrorBuilder()
+ ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_MISSING_POLICY_ITEMS;
+ failures.add(new ValidationFailureDetailsBuilder()
.field("policy items")
.isMissing()
- .becauseOf("at least one policy item must be specified if audit isn't enabled")
- .errorCode(ErrorCode.Missing_PolicyItems)
+ .becauseOf(error.getMessage())
+ .errorCode(error.getErrorCode())
.build());
valid = false;
} else if (service != null) {
serviceDefName = service.getType();
serviceDef = getServiceDef(serviceDefName);
if (serviceDef == null) {
- String message = String.format("Service def[%s] of policy's service[%s] does not exist!", serviceDefName, serviceName);
- LOG.debug(message);
- failures.add(new RangerPolicyValidationErrorBuilder()
+ ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_MISSING_SERVICE_DEF;
+ failures.add(new ValidationFailureDetailsBuilder()
.field("policy service def")
.isAnInternalError()
- .becauseOf(message)
- .errorCode(ErrorCode.InternalError_Data_MissingServiceDef)
+ .becauseOf(error.getMessage(serviceDefName, serviceName))
+ .errorCode(error.getErrorCode())
.build());
valid = false;
} else {
@@ -283,17 +290,16 @@ public class RangerPolicyValidator extends RangerValidator {
String signature = policySignature.getSignature();
List<RangerPolicy> policies = getPoliciesForResourceSignature(policy.getService(), signature);
if (CollectionUtils.isNotEmpty(policies)) {
+ ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_DUPLICATE_POLICY_RESOURCE;
RangerPolicy matchedPolicy = policies.iterator().next();
// there shouldn't be a matching policy for create. During update only match should be to itself
if (action == Action.CREATE || (action == Action.UPDATE && (policies.size() > 1 || !matchedPolicy.getId().equals(policy.getId())))) {
- String message = String.format("another policy[%s] with matching resources[%s] exists for service[%s]!",
- matchedPolicy.getName(), matchedPolicy.getResources(), policy.getService());
- failures.add(new RangerPolicyValidationErrorBuilder()
- .field("resources")
- .isSemanticallyIncorrect()
- .becauseOf(message)
- .errorCode(ErrorCode.Duplicate_PolicyResource)
- .build());
+ failures.add(new ValidationFailureDetailsBuilder()
+ .field("resources")
+ .isSemanticallyIncorrect()
+ .becauseOf(error.getMessage(matchedPolicy.getName(), matchedPolicy.getResources(), policy.getService()))
+ .errorCode(error.getErrorCode())
+ .build());
valid = false;
}
}
@@ -327,15 +333,13 @@ public class RangerPolicyValidator extends RangerValidator {
*/
Set<List<RangerResourceDef>> candidateHierarchies = filterHierarchies_hierarchyHasAllPolicyResources(policyResources, hierarchies, defHelper);
if (candidateHierarchies.isEmpty()) {
- // let's build a helpful message for user
- String message = String.format("policy resources %s are not compatible with any resource hierarchy for service def[%s]! Valid hierarchies are: %s",
- policyResources.toString(), serviceDef.getName(), toStringHierarchies_all(hierarchies, defHelper));
- failures.add(new RangerPolicyValidationErrorBuilder()
+ ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_INVALID_RESOURCE_NO_COMPATIBLE_HIERARCHY;
+ failures.add(new ValidationFailureDetailsBuilder()
.field("policy resources")
.subField("incompatible")
.isSemanticallyIncorrect()
- .becauseOf(message)
- .errorCode(ErrorCode.Invalid_PolicyResource_NoCompatibleHierarchy)
+ .becauseOf(error.getMessage(policyResources.toString(), serviceDef.getName(), toStringHierarchies_all(hierarchies, defHelper)))
+ .errorCode(error.getErrorCode())
.build());
valid = false;
} else {
@@ -349,12 +353,13 @@ public class RangerPolicyValidator extends RangerValidator {
*/
Set<List<RangerResourceDef>> validHierarchies = filterHierarchies_mandatoryResourcesSpecifiedInPolicy(policyResources, candidateHierarchies, defHelper);
if (validHierarchies.isEmpty()) {
- failures.add(new RangerPolicyValidationErrorBuilder()
+ ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_INVALID_RESOURCE_MISSING_MANDATORY;
+ failures.add(new ValidationFailureDetailsBuilder()
.field("policy resources")
.subField("missing mandatory")
.isSemanticallyIncorrect()
- .errorCode(ErrorCode.Invalid_PolicyResource_MissingMandatory)
- .becauseOf("policy is missing required resources. Mandatory resources of potential hierarchies are: " + toStringHierarchies_mandatory(candidateHierarchies, defHelper))
+ .becauseOf(error.getMessage(toStringHierarchies_mandatory(candidateHierarchies, defHelper)))
+ .errorCode(error.getErrorCode())
.build());
valid = false;
} else {
@@ -457,19 +462,21 @@ public class RangerPolicyValidator extends RangerValidator {
Map<String, RangerPolicyResource> policyResources = getPolicyResourceWithLowerCaseKeys(inputPolicyResources);
for (RangerResourceDef resourceDef : resourceDefs) {
if (resourceDef == null) {
- failures.add(new RangerPolicyValidationErrorBuilder()
+ ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_NULL_RESOURCE_DEF;
+ failures.add(new ValidationFailureDetailsBuilder()
.field("resource-def")
.isAnInternalError()
- .errorCode(ErrorCode.InternalError_Data_NullResourceDef)
- .becauseOf("a resource-def on resource def collection of service-def[" + serviceDefName + "] was null")
+ .becauseOf(error.getMessage(serviceDefName))
+ .errorCode(error.getErrorCode())
.build());
valid = false;
} else if (StringUtils.isBlank(resourceDef.getName())) {
- failures.add(new RangerPolicyValidationErrorBuilder()
+ ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_MISSING_RESOURCE_DEF_NAME;
+ failures.add(new ValidationFailureDetailsBuilder()
.field("resource-def-name")
.isAnInternalError()
- .errorCode(ErrorCode.InternalError_Data_NullResourceDefName)
- .becauseOf("name of a resource-def on resource def collection of service-def[" + serviceDefName + "] was null")
+ .becauseOf(error.getMessage(serviceDefName))
+ .errorCode(error.getErrorCode())
.build());
valid = false;
} else {
@@ -483,34 +490,37 @@ public class RangerPolicyValidator extends RangerValidator {
boolean excludesSupported = Boolean.TRUE.equals(resourceDef.getExcludesSupported()); // could be null
boolean policyResourceIsExcludes = Boolean.TRUE.equals(policyResource.getIsExcludes()); // could be null
if (policyResourceIsExcludes && !excludesSupported) {
- failures.add(new RangerPolicyValidationErrorBuilder()
+ ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_EXCLUDES_NOT_SUPPORTED;
+ failures.add(new ValidationFailureDetailsBuilder()
.field("isExcludes")
.subField(resourceName)
.isSemanticallyIncorrect()
- .errorCode(ErrorCode.Invalid_Excludes_NotSupported)
- .becauseOf("isExcludes specified as [" + policyResourceIsExcludes + "] for resource [" + resourceName + "] which doesn't support isExcludes")
+ .becauseOf(error.getMessage(policyResourceIsExcludes, resourceName))
+ .errorCode(error.getErrorCode())
.build());
valid = false;
}
if (policyResourceIsExcludes && !isAdmin) {
- failures.add(new RangerPolicyValidationErrorBuilder()
+ ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_EXCLUDES_REQUIRES_ADMIN;
+ failures.add(new ValidationFailureDetailsBuilder()
.field("isExcludes")
.subField("isAdmin")
.isSemanticallyIncorrect()
- .becauseOf("isExcludes specified as [" + policyResourceIsExcludes + "] for resource [" + resourceName + "]. Insufficient permissions to create excludes policy.")
- .errorCode(ErrorCode.Invalid_Excludes_RequiresAdmin)
+ .becauseOf(error.getMessage(policyResourceIsExcludes, resourceName))
+ .errorCode(error.getErrorCode())
.build());
valid = false;
}
boolean recursiveSupported = Boolean.TRUE.equals(resourceDef.getRecursiveSupported());
boolean policyIsRecursive = Boolean.TRUE.equals(policyResource.getIsRecursive());
if (policyIsRecursive && !recursiveSupported) {
- failures.add(new RangerPolicyValidationErrorBuilder()
+ ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_RECURSIVE_NOT_SUPPORTED;
+ failures.add(new ValidationFailureDetailsBuilder()
.field("isRecursive")
.subField(resourceName)
.isSemanticallyIncorrect()
- .becauseOf("isRecursive specified as [" + policyIsRecursive + "] for resource [" + resourceName + "] which doesn't support isRecursive")
- .errorCode(ErrorCode.Invalid_Recursive_NotSupported)
+ .becauseOf(error.getMessage(policyIsRecursive, resourceName))
+ .errorCode(error.getErrorCode())
.build());
valid = false;
}
@@ -541,14 +551,13 @@ public class RangerPolicyValidator extends RangerValidator {
if (StringUtils.isBlank(aValue)) {
LOG.debug("resource value was blank");
} else if (!aValue.matches(regEx)) {
- String message = String.format("Value[%s] of resource[%s] does not conform to the validation regex[%s] defined on the service-def[%s]", aValue, name, regEx, serviceDef.getName());
- LOG.debug(message);
- failures.add(new RangerPolicyValidationErrorBuilder()
+ ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_INVALID_RESOURCE_VALUE_REGEX;
+ failures.add(new ValidationFailureDetailsBuilder()
.field("resource-values")
.subField(name)
.isSemanticallyIncorrect()
- .becauseOf(message)
- .errorCode(ErrorCode.Invalid_ResourceValue_RegEx)
+ .becauseOf(error.getMessage(aValue, name, regEx, serviceDef.getName()))
+ .errorCode(error.getErrorCode())
.build());
valid = false;
}
@@ -573,11 +582,12 @@ public class RangerPolicyValidator extends RangerValidator {
} else {
for (RangerPolicyItem policyItem : policyItems) {
if (policyItem == null) {
- failures.add(new RangerPolicyValidationErrorBuilder()
+ ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_NULL_POLICY_ITEM;
+ failures.add(new ValidationFailureDetailsBuilder()
.field("policy item")
.isMissing()
- .becauseOf("policy items object was null")
- .errorCode(ErrorCode.InternalError_Data_NullPolicyItem)
+ .becauseOf(error.getMessage())
+ .errorCode(error.getErrorCode())
.build());
valid = false;
} else {
@@ -605,11 +615,12 @@ public class RangerPolicyValidator extends RangerValidator {
// access items collection can't be empty (unless delegated admin is true) and should be otherwise valid
if (CollectionUtils.isEmpty(policyItem.getAccesses())) {
if (!Boolean.TRUE.equals(policyItem.getDelegateAdmin())) {
- failures.add(new RangerPolicyValidationErrorBuilder()
+ ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_MISSING_FIELD;
+ failures.add(new ValidationFailureDetailsBuilder()
.field("policy item accesses")
.isMissing()
- .becauseOf("policy items accesses collection was null")
- .errorCode(ErrorCode.Missing_PolicyItemAccesses)
+ .becauseOf(error.getMessage("policy item accesses"))
+ .errorCode(error.getErrorCode())
.build());
valid = false;
} else {
@@ -620,11 +631,12 @@ public class RangerPolicyValidator extends RangerValidator {
}
// both users and user-groups collections can't be empty
if (CollectionUtils.isEmpty(policyItem.getUsers()) && CollectionUtils.isEmpty(policyItem.getGroups())) {
- failures.add(new RangerPolicyValidationErrorBuilder()
+ ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_MISSING_USER_AND_GROUPS;
+ failures.add(new ValidationFailureDetailsBuilder()
.field("policy item users/user-groups")
.isMissing()
- .becauseOf("both users and user-groups collections on the policy item were null/empty")
- .errorCode(ErrorCode.Missing_PolicyItemUserGroup)
+ .becauseOf(error.getMessage())
+ .errorCode(error.getErrorCode())
.build());
valid = false;
}
@@ -648,11 +660,12 @@ public class RangerPolicyValidator extends RangerValidator {
Set<String> accessTypes = getAccessTypes(serviceDef);
for (RangerPolicyItemAccess access : accesses) {
if (access == null) {
- failures.add(new RangerPolicyValidationErrorBuilder()
+ ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_NULL_POLICY_ITEM_ACCESS;
+ failures.add(new ValidationFailureDetailsBuilder()
.field("policy item access")
.isMissing()
- .becauseOf("policy items access object was null")
- .errorCode(ErrorCode.InternalError_Data_NullPolicyItemAccess)
+ .becauseOf(error.getMessage())
+ .errorCode(error.getErrorCode())
.build());
valid = false;
} else {
@@ -681,34 +694,33 @@ public class RangerPolicyValidator extends RangerValidator {
} else {
String accessType = access.getType();
if (StringUtils.isBlank(accessType)) {
- failures.add(new RangerPolicyValidationErrorBuilder()
+ ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_MISSING_FIELD;
+ failures.add(new ValidationFailureDetailsBuilder()
.field("policy item access type")
.isMissing()
- .becauseOf("policy items access type's name was null/empty/blank")
- .errorCode(ErrorCode.Missing_PolicyItemAccessType)
+ .becauseOf(error.getMessage("policy item access type"))
+ .errorCode(error.getErrorCode())
.build());
valid = false;
} else if (!accessTypes.contains(accessType.toLowerCase())) {
- String message = String.format("access type[%s] not among valid types for service[%s]", accessType, accessTypes);
- LOG.debug(message);
- failures.add(new RangerPolicyValidationErrorBuilder()
+ ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_POLICY_ITEM_ACCESS_TYPE_INVALID;
+ failures.add(new ValidationFailureDetailsBuilder()
.field("policy item access type")
.isSemanticallyIncorrect()
- .becauseOf(message)
- .errorCode(ErrorCode.Invalid_PolicyItemAccessType)
+ .becauseOf(error.getMessage(accessType, accessTypes))
+ .errorCode(error.getErrorCode())
.build());
valid = false;
}
Boolean isAllowed = access.getIsAllowed();
// it can be null (which is treated as allowed) but not false
if (isAllowed != null && isAllowed == false) {
- String message = "access type is set to deny. Currently deny access types are not supported.";
- LOG.debug(message);
- failures.add(new RangerPolicyValidationErrorBuilder()
+ ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_POLICY_ITEM_ACCESS_TYPE_DENY;
+ failures.add(new ValidationFailureDetailsBuilder()
.field("policy item access type allowed")
.isSemanticallyIncorrect()
- .becauseOf(message)
- .errorCode(ErrorCode.Invalid_PolicyItemAccessType_Deny)
+ .becauseOf(error.getMessage())
+ .errorCode(error.getErrorCode())
.build());
valid = false;
}
@@ -719,129 +731,4 @@ public class RangerPolicyValidator extends RangerValidator {
}
return valid;
}
-
- static class RangerPolicyValidationErrorBuilder extends ValidationFailureDetailsBuilder {
-
- @Override
- ValidationFailureDetails build() {
- return new RangerPolicyValidationFailure(_errorCode, _fieldName, _subFieldName, _missing, _semanticError, _internalError, _reason);
- }
- }
-
- static class RangerPolicyValidationFailure extends ValidationFailureDetails {
-
- public RangerPolicyValidationFailure(int errorCode, String fieldName, String subFieldName, boolean missing, boolean semanticError, boolean internalError, String reason) {
- super(errorCode, fieldName, subFieldName, missing, semanticError, internalError, reason);
- }
-
- // TODO remove and move to baseclass when all 3 move to new message framework
- @Override
- public String toString() {
- LOG.debug("RangerPolicyValidationFailure.toString");
- String result = null;
- if (_ErrorCode2MessageTemplate.containsKey(_errorCode)) {
- Integer templateId = _ErrorCode2MessageTemplate.get(_errorCode);
- if (templateId != null && _TemplateId2Template.containsKey(templateId)) {
- String messageTemplate = _TemplateId2Template.get(templateId);
- if (StringUtils.isNotBlank(messageTemplate)) {
- // in the worst case result should be at least same as the messageTemplate which we know is not blank
- result = substituteVariables(messageTemplate);
- } else {
- LOG.warn("Internal error: Message template string for template [" + templateId + "] was empty!");
- }
- } else {
- LOG.warn("Internal error: template id for error code [" + templateId + "] was null or template id to message map did not comtain the templateid");
- }
- } else {
- LOG.warn("Internal error: error code [" + _errorCode + "] not found in errorcode to message template map");
- }
- if (result == null) {
- result = super.toString();
- }
- return "Policy validation failure: " + result;
- }
- }
-
- static class ErrorCode {
- public static final int InternalError_InvalidMethodInvocation = 1001;
- public static final int Missing_PolicyId_Delete = 1002;
- public static final int Missing_PolicyObject = 1003;
- public static final int Missing_PolicyId_Update = 1004;
- public static final int Invalid_PolicyId = 1005;
- public static final int Missing_PolicyName = 1006;
- public static final int InternalError_Data_MultiplePoliciesSameName = 1007;
- public static final int Duplicate_PolicyName_Create = 1008;
- public static final int Duplicate_PolicyName_Update = 1009;
- public static final int Missing_ServiceName = 1010;
- public static final int Invalid_ServiceName = 1011;
- public static final int Missing_PolicyItems = 1012;
- public static final int InternalError_Data_MissingServiceDef = 1013;
- public static final int Duplicate_PolicyResource = 1014;
- public static final int Invalid_PolicyResource_NoCompatibleHierarchy = 1015;
- public static final int Invalid_PolicyResource_MissingMandatory = 1016;
- public static final int InternalError_Data_NullResourceDef = 1017;
- public static final int InternalError_Data_NullResourceDefName = 1018;
- public static final int Invalid_Excludes_NotSupported = 1019;
- public static final int Invalid_Excludes_RequiresAdmin = 1020;
- public static final int Invalid_Recursive_NotSupported = 1021;
- public static final int Invalid_ResourceValue_RegEx = 1022;
- public static final int InternalError_Data_NullPolicyItem = 1023;
- public static final int Missing_PolicyItemAccesses = 1024;
- public static final int Missing_PolicyItemUserGroup = 1025;
- public static final int InternalError_Data_NullPolicyItemAccess = 1026;
- public static final int Missing_PolicyItemAccessType = 1027;
- public static final int Invalid_PolicyItemAccessType = 1028;
- public static final int Invalid_PolicyItemAccessType_Deny = 1029;
- }
- static class MessageId {
- public static final int InternalError = 1;
- public static final int MissingField = 2;
- public static final int InternalError_BadData = 3;
- public static final int DuplicateValue = 4;
- public static final int InvalidField = 5;
- }
-
- static Object[][] MessageTemplateData = new Object[][] {
- { MessageId.InternalError, "Internal error: {reason}."},
- { MessageId.InternalError_BadData, "Internal error: bad data encountered [{field}]: {reason}"},
- { MessageId.MissingField, "Missing Required field [{field}]: {reason}"},
- { MessageId.InvalidField, "Invalid value specified for field [{field}]: {reason}"},
- { MessageId.DuplicateValue, "Duplicate value for [{field}]: {reason}"},
- };
- static final Map<Integer, String> _TemplateId2Template = createMap(MessageTemplateData);
-
- static int[][] ErrorCode2MessageTemplateData = new int[][] {
- { ErrorCode.InternalError_InvalidMethodInvocation, MessageId.InternalError},
- { ErrorCode.Missing_PolicyId_Delete, MessageId.MissingField},
- { ErrorCode.Missing_PolicyObject, MessageId.InternalError},
- { ErrorCode.Missing_PolicyId_Update, MessageId.MissingField},
- { ErrorCode.Invalid_PolicyId, MessageId.InvalidField},
- { ErrorCode.Missing_PolicyName, MessageId.MissingField},
- { ErrorCode.InternalError_Data_MultiplePoliciesSameName, MessageId.InternalError_BadData},
- { ErrorCode.Duplicate_PolicyName_Create, MessageId.DuplicateValue},
- { ErrorCode.Duplicate_PolicyName_Update, MessageId.DuplicateValue},
- { ErrorCode.Missing_ServiceName, MessageId.MissingField},
- { ErrorCode.Invalid_ServiceName, MessageId.InvalidField},
- { ErrorCode.Missing_PolicyItems, MessageId.MissingField},
- { ErrorCode.InternalError_Data_MissingServiceDef, MessageId.InternalError_BadData},
- { ErrorCode.Duplicate_PolicyResource, MessageId.DuplicateValue},
- { ErrorCode.Invalid_PolicyResource_NoCompatibleHierarchy, MessageId.InvalidField},
- { ErrorCode.Invalid_PolicyResource_MissingMandatory, MessageId.MissingField},
- { ErrorCode.InternalError_Data_NullResourceDef, MessageId.InternalError_BadData},
- { ErrorCode.InternalError_Data_NullResourceDefName, MessageId.InternalError_BadData},
- { ErrorCode.Invalid_Excludes_NotSupported, MessageId.InvalidField},
- { ErrorCode.Invalid_Excludes_RequiresAdmin, MessageId.InvalidField},
- { ErrorCode.Invalid_Recursive_NotSupported, MessageId.InvalidField},
- { ErrorCode.Invalid_ResourceValue_RegEx, MessageId.InvalidField},
- { ErrorCode.InternalError_Data_NullPolicyItem, MessageId.InternalError_BadData},
- { ErrorCode.Missing_PolicyItemAccesses, MessageId.MissingField},
- { ErrorCode.Missing_PolicyItemUserGroup, MessageId.MissingField},
- { ErrorCode.InternalError_Data_NullPolicyItemAccess, MessageId.InternalError_BadData},
- { ErrorCode.Missing_PolicyItemAccessType, MessageId.MissingField},
- { ErrorCode.Invalid_PolicyItemAccessType, MessageId.InvalidField},
- { ErrorCode.Invalid_PolicyItemAccessType_Deny, MessageId.InvalidField},
-
- };
- static final Map<Integer, Integer> _ErrorCode2MessageTemplate = createMap(ErrorCode2MessageTemplateData);
-
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/79bd7e3c/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefValidator.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefValidator.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefValidator.java
index 75372c2..0507fc4 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefValidator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefValidator.java
@@ -80,7 +80,7 @@ public class RangerServiceDefValidator extends RangerValidator {
boolean valid = true;
if (action != Action.DELETE) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_UNSUPPORTED_ACTION;
- failures.add(new RangerServiceDefValidationErrorBuilder()
+ failures.add(new ValidationFailureDetailsBuilder()
.isAnInternalError()
.errorCode(error.getErrorCode())
.becauseOf(error.getMessage(action))
@@ -88,7 +88,7 @@ public class RangerServiceDefValidator extends RangerValidator {
valid = false;
} else if (id == null) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_MISSING_FIELD;
- failures.add(new RangerServiceDefValidationErrorBuilder()
+ failures.add(new ValidationFailureDetailsBuilder()
.field("id")
.isMissing()
.errorCode(error.getErrorCode())
@@ -118,7 +118,7 @@ public class RangerServiceDefValidator extends RangerValidator {
boolean valid = true;
if (serviceDef == null) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_NULL_SERVICE_DEF_OBJECT;
- failures.add(new RangerServiceDefValidationErrorBuilder()
+ failures.add(new ValidationFailureDetailsBuilder()
.field("service def")
.isMissing()
.errorCode(error.getErrorCode())
@@ -161,7 +161,7 @@ public class RangerServiceDefValidator extends RangerValidator {
if (action == Action.UPDATE) { // id is ignored for CREATE
if (id == null) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_EMPTY_SERVICE_DEF_ID;
- failures.add(new RangerServiceDefValidationErrorBuilder()
+ failures.add(new ValidationFailureDetailsBuilder()
.field("id")
.isMissing()
.errorCode(error.getErrorCode())
@@ -170,7 +170,7 @@ public class RangerServiceDefValidator extends RangerValidator {
valid = false;
} else if (getServiceDef(id) == null) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_INVALID_SERVICE_DEF_ID;
- failures.add(new RangerServiceDefValidationErrorBuilder()
+ failures.add(new ValidationFailureDetailsBuilder()
.field("id")
.isSemanticallyIncorrect()
.errorCode(error.getErrorCode())
@@ -194,7 +194,7 @@ public class RangerServiceDefValidator extends RangerValidator {
if (StringUtils.isBlank(name)) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_INVALID_SERVICE_DEF_NAME;
- failures.add(new RangerServiceDefValidationErrorBuilder()
+ failures.add(new ValidationFailureDetailsBuilder()
.field("name")
.isMissing()
.errorCode(error.getErrorCode())
@@ -205,7 +205,7 @@ public class RangerServiceDefValidator extends RangerValidator {
RangerServiceDef otherServiceDef = getServiceDef(name);
if (otherServiceDef != null && action == Action.CREATE) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_SERVICE_DEF_NAME_CONFICT;
- failures.add(new RangerServiceDefValidationErrorBuilder()
+ failures.add(new ValidationFailureDetailsBuilder()
.field("name")
.isSemanticallyIncorrect()
.errorCode(error.getErrorCode())
@@ -214,7 +214,7 @@ public class RangerServiceDefValidator extends RangerValidator {
valid = false;
} else if (otherServiceDef != null && !Objects.equals(id, otherServiceDef.getId())) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_ID_NAME_CONFLICT;
- failures.add(new RangerServiceDefValidationErrorBuilder()
+ failures.add(new ValidationFailureDetailsBuilder()
.field("id/name")
.isSemanticallyIncorrect()
.errorCode(error.getErrorCode())
@@ -238,7 +238,7 @@ public class RangerServiceDefValidator extends RangerValidator {
boolean valid = true;
if (CollectionUtils.isEmpty(accessTypeDefs)) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_MISSING_FIELD;
- failures.add(new RangerServiceDefValidationErrorBuilder()
+ failures.add(new ValidationFailureDetailsBuilder()
.field("access types")
.isMissing()
.errorCode(error.getErrorCode())
@@ -263,7 +263,7 @@ public class RangerServiceDefValidator extends RangerValidator {
Set<String> unknownAccessTypes = Sets.difference(Sets.newHashSet(impliedGrants), accessNames);
if (!unknownAccessTypes.isEmpty()) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_IMPLIED_GRANT_UNKNOWN_ACCESS_TYPE;
- failures.add(new RangerServiceDefValidationErrorBuilder()
+ failures.add(new ValidationFailureDetailsBuilder()
.field("implied grants")
.subField(unknownAccessTypes.iterator().next()) // we return just on item here. Message has all unknow items
.isSemanticallyIncorrect()
@@ -276,7 +276,7 @@ public class RangerServiceDefValidator extends RangerValidator {
String name = def.getName(); // note: this name could be null/blank/empty!
if (impliedGrants.contains(name)) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_IMPLIED_GRANT_IMPLIES_ITSELF;
- failures.add(new RangerServiceDefValidationErrorBuilder()
+ failures.add(new ValidationFailureDetailsBuilder()
.field("implied grants")
.subField(name)
.isSemanticallyIncorrect()
@@ -311,7 +311,7 @@ public class RangerServiceDefValidator extends RangerValidator {
valid = isUnique(name, names, "policy condition def name", "policy condition defs", failures) && valid;
if (StringUtils.isBlank(conditionDef.getEvaluator())) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_POLICY_CONDITION_NULL_EVALUATOR;
- failures.add(new RangerServiceDefValidationErrorBuilder()
+ failures.add(new ValidationFailureDetailsBuilder()
.field("policy condition def evaluator")
.subField(name)
.isMissing()
@@ -374,7 +374,7 @@ public class RangerServiceDefValidator extends RangerValidator {
if (!enumTypes.contains(subType)) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_CONFIG_DEF_UNKNOWN_ENUM;
- failures.add(new RangerServiceDefValidationErrorBuilder()
+ failures.add(new ValidationFailureDetailsBuilder()
.field("config def subtype")
.subField(configName)
.isSemanticallyIncorrect()
@@ -390,7 +390,7 @@ public class RangerServiceDefValidator extends RangerValidator {
Set<String> enumValues = getEnumValues(enumDef);
if (!enumValues.contains(defaultValue)) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_CONFIG_DEF_UNKNOWN_ENUM_VALUE;
- failures.add(new RangerServiceDefValidationErrorBuilder()
+ failures.add(new ValidationFailureDetailsBuilder()
.field("config def default value")
.subField(configName)
.isSemanticallyIncorrect()
@@ -418,7 +418,7 @@ public class RangerServiceDefValidator extends RangerValidator {
Set<String> validTypes = ImmutableSet.of("bool", "enum", "int", "string", "password", "path");
if (StringUtils.isBlank(type)) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_CONFIG_DEF_MISSING_TYPE;
- failures.add(new RangerServiceDefValidationErrorBuilder()
+ failures.add(new ValidationFailureDetailsBuilder()
.field("config def type")
.subField(configName)
.isMissing()
@@ -428,7 +428,7 @@ public class RangerServiceDefValidator extends RangerValidator {
valid = false;
} else if (!validTypes.contains(type)) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_CONFIG_DEF_INVALID_TYPE;
- failures.add(new RangerServiceDefValidationErrorBuilder()
+ failures.add(new ValidationFailureDetailsBuilder()
.field("config def type")
.subField(configName)
.isSemanticallyIncorrect()
@@ -453,7 +453,7 @@ public class RangerServiceDefValidator extends RangerValidator {
List<RangerResourceDef> resources = serviceDef.getResources();
if (CollectionUtils.isEmpty(resources)) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_MISSING_FIELD;
- failures.add(new RangerServiceDefValidationErrorBuilder()
+ failures.add(new ValidationFailureDetailsBuilder()
.field("resources")
.isMissing()
.errorCode(error.getErrorCode())
@@ -487,7 +487,7 @@ public class RangerServiceDefValidator extends RangerValidator {
RangerServiceDefHelper defHelper = _factory.createServiceDefHelper(serviceDef, false);
if (!defHelper.isResourceGraphValid()) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_RESOURCE_GRAPH_INVALID;
- failures.add(new RangerServiceDefValidationErrorBuilder()
+ failures.add(new ValidationFailureDetailsBuilder()
.field("resource graph")
.isSemanticallyIncorrect()
.errorCode(error.getErrorCode())
@@ -524,7 +524,7 @@ public class RangerServiceDefValidator extends RangerValidator {
for (RangerEnumDef enumDef : enumDefs) {
if (enumDef == null) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_ENUM_DEF_NULL_OBJECT;
- failures.add(new RangerServiceDefValidationErrorBuilder()
+ failures.add(new ValidationFailureDetailsBuilder()
.field("enum def")
.isMissing()
.errorCode(error.getErrorCode())
@@ -539,7 +539,7 @@ public class RangerServiceDefValidator extends RangerValidator {
// enum must contain at least one valid value and those values should be non-blank and distinct
if (CollectionUtils.isEmpty(enumDef.getElements())) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_ENUM_DEF_NO_VALUES;
- failures.add(new RangerServiceDefValidationErrorBuilder()
+ failures.add(new ValidationFailureDetailsBuilder()
.field("enum values")
.subField(enumName)
.isMissing()
@@ -553,7 +553,7 @@ public class RangerServiceDefValidator extends RangerValidator {
int defaultIndex = getEnumDefaultIndex(enumDef);
if (defaultIndex < 0 || defaultIndex >= enumDef.getElements().size()) { // max index is one less than the size of the elements list
ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_ENUM_DEF_INVALID_DEFAULT_INDEX;
- failures.add(new RangerServiceDefValidationErrorBuilder()
+ failures.add(new ValidationFailureDetailsBuilder()
.field("enum default index")
.subField(enumName)
.isSemanticallyIncorrect()
@@ -588,7 +588,7 @@ public class RangerServiceDefValidator extends RangerValidator {
for (RangerEnumElementDef elementDef : enumElementsDefs) {
if (elementDef == null) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_ENUM_DEF_NULL_ENUM_ELEMENT;
- failures.add(new RangerServiceDefValidationErrorBuilder()
+ failures.add(new ValidationFailureDetailsBuilder()
.field("enum element")
.subField(enumName)
.isMissing()
@@ -608,27 +608,4 @@ public class RangerServiceDefValidator extends RangerValidator {
}
return valid;
}
-
- static class RangerServiceDefValidationErrorBuilder extends ValidationFailureDetailsBuilder {
-
- @Override
- ValidationFailureDetails build() {
- return new RangerServiceDefValidationFailure(_errorCode, _fieldName, _subFieldName, _missing, _semanticError, _internalError, _reason);
- }
- }
-
- static class RangerServiceDefValidationFailure extends ValidationFailureDetails {
-
- public RangerServiceDefValidationFailure(int errorCode, String fieldName, String subFieldName, boolean missing, boolean semanticError, boolean internalError, String reason) {
- super(errorCode, fieldName, subFieldName, missing, semanticError, internalError, reason);
- }
-
- // TODO remove and move to baseclass when all 3 move to new message framework
- @Override
- public String toString() {
- LOG.debug("RangerServiceDefValidationFailure.toString");
- return String.format("%s: %d, %s", "Policy validation failure", _errorCode, _reason);
- }
- }
-
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/79bd7e3c/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceValidator.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceValidator.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceValidator.java
index 3cfaa3e..847bc9a 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceValidator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceValidator.java
@@ -69,7 +69,7 @@ public class RangerServiceValidator extends RangerValidator {
boolean valid = true;
if (action != Action.DELETE) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_UNSUPPORTED_ACTION;
- failures.add(new RangerServiceValidationErrorBuilder()
+ failures.add(new ValidationFailureDetailsBuilder()
.isAnInternalError()
.errorCode(error.getErrorCode())
.becauseOf(error.getMessage(action))
@@ -77,7 +77,7 @@ public class RangerServiceValidator extends RangerValidator {
valid = false;
} else if (id == null) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_MISSING_FIELD;
- failures.add(new RangerServiceValidationErrorBuilder()
+ failures.add(new ValidationFailureDetailsBuilder()
.field("id")
.isMissing()
.errorCode(error.getErrorCode())
@@ -107,7 +107,7 @@ public class RangerServiceValidator extends RangerValidator {
boolean valid = true;
if (service == null) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_NULL_SERVICE_OBJECT;
- failures.add(new RangerServiceValidationErrorBuilder()
+ failures.add(new ValidationFailureDetailsBuilder()
.field("service")
.isMissing()
.errorCode(error.getErrorCode())
@@ -119,7 +119,7 @@ public class RangerServiceValidator extends RangerValidator {
if (action == Action.UPDATE) { // id is ignored for CREATE
if (id == null) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_EMPTY_SERVICE_ID;
- failures.add(new RangerServiceValidationErrorBuilder()
+ failures.add(new ValidationFailureDetailsBuilder()
.field("id")
.isMissing()
.errorCode(error.getErrorCode())
@@ -128,7 +128,7 @@ public class RangerServiceValidator extends RangerValidator {
valid = false;
} else if (getService(id) == null) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_INVALID_SERVICE_ID;
- failures.add(new RangerServiceValidationErrorBuilder()
+ failures.add(new ValidationFailureDetailsBuilder()
.field("id")
.isSemanticallyIncorrect()
.errorCode(error.getErrorCode())
@@ -142,7 +142,7 @@ public class RangerServiceValidator extends RangerValidator {
RangerServiceDef serviceDef = null;
if (!nameSpecified) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_INVALID_SERVICE_NAME;
- failures.add(new RangerServiceValidationErrorBuilder()
+ failures.add(new ValidationFailureDetailsBuilder()
.field("name")
.isMissing()
.errorCode(error.getErrorCode())
@@ -153,7 +153,7 @@ public class RangerServiceValidator extends RangerValidator {
RangerService otherService = getService(name);
if (otherService != null && action == Action.CREATE) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_SERVICE_NAME_CONFICT;
- failures.add(new RangerServiceValidationErrorBuilder()
+ failures.add(new ValidationFailureDetailsBuilder()
.field("name")
.isSemanticallyIncorrect()
.errorCode(error.getErrorCode())
@@ -162,7 +162,7 @@ public class RangerServiceValidator extends RangerValidator {
valid = false;
} else if (otherService != null && otherService.getId() !=null && !otherService.getId().equals(id)) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_ID_NAME_CONFLICT;
- failures.add(new RangerServiceValidationErrorBuilder()
+ failures.add(new ValidationFailureDetailsBuilder()
.field("id/name")
.isSemanticallyIncorrect()
.errorCode(error.getErrorCode())
@@ -175,7 +175,7 @@ public class RangerServiceValidator extends RangerValidator {
boolean typeSpecified = StringUtils.isNotBlank(type);
if (!typeSpecified) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_MISSING_SERVICE_DEF;
- failures.add(new RangerServiceValidationErrorBuilder()
+ failures.add(new ValidationFailureDetailsBuilder()
.field("type")
.isMissing()
.errorCode(error.getErrorCode())
@@ -186,7 +186,7 @@ public class RangerServiceValidator extends RangerValidator {
serviceDef = getServiceDef(type);
if (serviceDef == null) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_INVALID_SERVICE_DEF;
- failures.add(new RangerServiceValidationErrorBuilder()
+ failures.add(new ValidationFailureDetailsBuilder()
.field("type")
.isSemanticallyIncorrect()
.errorCode(error.getErrorCode())
@@ -202,7 +202,7 @@ public class RangerServiceValidator extends RangerValidator {
Set<String> missingParameters = Sets.difference(reqiredParameters, inputParameters);
if (!missingParameters.isEmpty()) {
ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_REQUIRED_PARM_MISSING;
- failures.add(new RangerServiceValidationErrorBuilder()
+ failures.add(new ValidationFailureDetailsBuilder()
.field("configuration")
.subField(missingParameters.iterator().next()) // we return any one parameter!
.isMissing()
@@ -219,27 +219,4 @@ public class RangerServiceValidator extends RangerValidator {
}
return valid;
}
-
- static class RangerServiceValidationErrorBuilder extends ValidationFailureDetailsBuilder {
-
- @Override
- ValidationFailureDetails build() {
- return new RangerPolicyValidationFailure(_errorCode, _fieldName, _subFieldName, _missing, _semanticError, _internalError, _reason);
- }
- }
-
- static class RangerPolicyValidationFailure extends ValidationFailureDetails {
-
- public RangerPolicyValidationFailure(int errorCode, String fieldName, String subFieldName, boolean missing, boolean semanticError, boolean internalError, String reason) {
- super(errorCode, fieldName, subFieldName, missing, semanticError, internalError, reason);
- }
-
- // TODO remove and move to baseclass when all 3 move to new message framework
- @Override
- public String toString() {
- LOG.debug("RangerServiceValidationFailure.toString");
- return String.format("%s: %d, %s", "Policy validation failure", _errorCode, _reason);
- }
- }
-
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/79bd7e3c/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/ValidationFailureDetails.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/ValidationFailureDetails.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/ValidationFailureDetails.java
index 64e7e50..a0e8573 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/ValidationFailureDetails.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/ValidationFailureDetails.java
@@ -48,11 +48,6 @@ public class ValidationFailureDetails {
_reason = reason;
}
- // TODO - legacy signature remove after all 3 are ported over to new message framework
- public ValidationFailureDetails(String fieldName, String subFieldName, boolean missing, boolean semanticError, boolean internalError, String reason) {
- this(-1, fieldName, subFieldName, missing, semanticError, internalError, reason);
- }
-
public String getFieldName() {
return _fieldName;
}
@@ -76,23 +71,11 @@ public class ValidationFailureDetails {
return _subFieldName;
}
- // matches "{blah}", "{{blah}", "{ }" and yields variables names like "blah", "{blah", " ", etc. for substitution
- static final Pattern _Pattern = Pattern.compile("\\{([^\\}]+)\\}");
-
- public String substituteVariables(String template) {
- return template.replace("{field}", _fieldName == null ? "" : _fieldName)
- .replace("{sub-field}", _subFieldName == null ? "" : _subFieldName)
- .replace("{reason}", _reason == null ? "" : _reason);
- }
-
- // TODO legacy implementation. Remove when all
@Override
public String toString() {
LOG.debug("ValidationFailureDetails.toString()");
- return String.format("Field[%s]%s is %s: reason[%s]",
- _fieldName,
- _subFieldName == null ? "" : ", subField[" + _subFieldName + "]",
- getType(), _reason);
+ return String.format("%s: error code[%d], reason[%s], field[%s], subfield[%s], type[%s]", "Policy validation failure",
+ _errorCode, _reason, _fieldName, _subFieldName, getType());
}
@Override
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/79bd7e3c/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/ValidationFailureDetailsBuilder.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/ValidationFailureDetailsBuilder.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/ValidationFailureDetailsBuilder.java
index ab67f1f..b39e572 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/ValidationFailureDetailsBuilder.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/ValidationFailureDetailsBuilder.java
@@ -49,7 +49,7 @@ public class ValidationFailureDetailsBuilder {
}
ValidationFailureDetails build() {
- return new ValidationFailureDetails(_fieldName, _subFieldName, _missing, _semanticError, _internalError, _reason);
+ return new ValidationFailureDetails(_errorCode, _fieldName, _subFieldName, _missing, _semanticError, _internalError, _reason);
}
ValidationFailureDetailsBuilder subField(String missingParameter) {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/79bd7e3c/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestValidationFailureDetails.java
----------------------------------------------------------------------
diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestValidationFailureDetails.java b/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestValidationFailureDetails.java
deleted file mode 100644
index 815d41c..0000000
--- a/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestValidationFailureDetails.java
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.model.validation;
-
-import junit.framework.TestCase;
-import org.junit.Test;
-
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-
-import static org.junit.Assert.assertEquals;
-
-public class TestValidationFailureDetails {
-
- @Test
- public void test1() {
- String[] templates = new String[] {
- "The {field}, was missing and sub-field {sub-field} was mssing, too. Validation failed due to {reason}", // pattern at end.
- "{field}, was missing and sub-field {sub-field} was mssing, too. Validation failed due to {reason}.", // pattern at start but not end.
- "The {field}, was missing and sub-field {sub-field} was mssing, too. Validation failed due to {missing}.", // unknown substitute
- "Template does not have field, but had {sub-field} along with a {reason} and a sprious field named {missing}.", // unknown substitute
- };
-
- ValidationFailureDetails failureDetails = new ValidationFailureDetails("id", "subType", false, false, false, "foo-bar");
-
- String[] results = new String[] {
- "The id, was missing and sub-field subType was mssing, too. Validation failed due to foo-bar", // pattern at end.
- "id, was missing and sub-field subType was mssing, too. Validation failed due to foo-bar.", // pattern at start but not end.
- "The id, was missing and sub-field subType was mssing, too. Validation failed due to {missing}.", // unknown substitute
- "Template does not have field, but had subType along with a foo-bar and a sprious field named {missing}.", // unknown substitute
- };
-
- for (int i = 0; i < templates.length; i++) {
- String result = failureDetails.substituteVariables(templates[i]);
- assertEquals(results[i], result);
- }
- }
-}
\ No newline at end of file
[07/14] incubator-ranger git commit: RANGER-587 : fixed issue:
ranger-admin-site.xml not getting updated when ranger.authentication.method
is changed
Posted by ma...@apache.org.
RANGER-587 : fixed issue: ranger-admin-site.xml not getting updated when ranger.authentication.method is changed
Signed-off-by: Velmurugan Periasamy <ve...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/d3d59138
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/d3d59138
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/d3d59138
Branch: refs/heads/tag-policy
Commit: d3d591385ceb23dd179e1869886d10aae8ad9990
Parents: 79bd7e3
Author: Gautam Borad <gb...@gmail.com>
Authored: Thu Jul 30 10:57:04 2015 +0530
Committer: Velmurugan Periasamy <ve...@apache.org>
Committed: Thu Aug 6 01:57:56 2015 -0400
----------------------------------------------------------------------
security-admin/scripts/setup.sh | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d3d59138/security-admin/scripts/setup.sh
----------------------------------------------------------------------
diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh
index b79cba4..a41b540 100755
--- a/security-admin/scripts/setup.sh
+++ b/security-admin/scripts/setup.sh
@@ -1214,6 +1214,11 @@ do_unixauth_setup() {
ldap_file=$app_home/WEB-INF/classes/conf/ranger-admin-site.xml
if test -f $ldap_file; then
log "[I] $ldap_file file found"
+
+ propertyName=ranger.authentication.method
+ newPropertyValue="${authentication_method}"
+ updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
+
propertyName=ranger.unixauth.remote.login.enabled
newPropertyValue="${remoteLoginEnabled}"
updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
@@ -1414,6 +1419,17 @@ do_authentication_setup(){
if [ $authentication_method = "UNIX" ] ; then
do_unixauth_setup
fi
+
+ if [ $authentication_method = "NONE" ] ; then
+ newPropertyValue='NONE'
+ ldap_file=$app_home/WEB-INF/classes/conf/ranger-admin-site.xml
+ if test -f $ldap_file; then
+ propertyName=ranger.authentication.method
+ newPropertyValue="${authentication_method}"
+ updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
+ fi
+ fi
+
log "[I] Finished setup based on user authentication method=$authentication_method";
}
[08/14] incubator-ranger git commit: RANGER-588 : Take care of Ranger
KMS installation even if java is not in PATH
Posted by ma...@apache.org.
RANGER-588 : Take care of Ranger KMS installation even if java is not in PATH
Signed-off-by: Velmurugan Periasamy <ve...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/d1cf555b
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/d1cf555b
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/d1cf555b
Branch: refs/heads/tag-policy
Commit: d1cf555bfb4e53c0f71637080406eaeefbfb1622
Parents: d3d5913
Author: Gautam Borad <gb...@gmail.com>
Authored: Fri Aug 7 12:19:11 2015 +0530
Committer: Velmurugan Periasamy <ve...@apache.org>
Committed: Fri Aug 7 11:27:01 2015 -0400
----------------------------------------------------------------------
kms/scripts/db_setup.py | 23 +----------------------
kms/scripts/dba_script.py | 26 ++------------------------
2 files changed, 3 insertions(+), 46 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d1cf555b/kms/scripts/db_setup.py
----------------------------------------------------------------------
diff --git a/kms/scripts/db_setup.py b/kms/scripts/db_setup.py
old mode 100644
new mode 100755
index 8116049..641376a
--- a/kms/scripts/db_setup.py
+++ b/kms/scripts/db_setup.py
@@ -72,31 +72,10 @@ def populate_global_dict():
key , value = each_line.strip().split("=",1)
key = key.strip()
if 'PASSWORD' in key:
- jceks_file_path = os.path.join(RANGER_KMS_HOME, 'jceks','ranger_db.jceks')
- statuscode,value = call_keystore(library_path,key,'',jceks_file_path,'get')
- if statuscode == 1:
- value = ''
+ value = ''
value = value.strip()
globalDict[key] = value
-def call_keystore(libpath,aliasKey,aliasValue , filepath,getorcreate):
- finalLibPath = libpath.replace('\\','/').replace('//','/')
- finalFilePath = 'jceks://file/'+filepath.replace('\\','/').replace('//','/')
- if getorcreate == 'create':
- commandtorun = ['java', '-cp', finalLibPath, 'org.apache.ranger.credentialapi.buildks' ,'create', aliasKey, '-value', aliasValue, '-provider',finalFilePath]
- p = Popen(commandtorun,stdin=PIPE, stdout=PIPE, stderr=PIPE)
- output, error = p.communicate()
- statuscode = p.returncode
- return statuscode
- elif getorcreate == 'get':
- commandtorun = ['java', '-cp', finalLibPath, 'org.apache.ranger.credentialapi.buildks' ,'get', aliasKey, '-provider',finalFilePath]
- p = Popen(commandtorun,stdin=PIPE, stdout=PIPE, stderr=PIPE)
- output, error = p.communicate()
- statuscode = p.returncode
- return statuscode, output
- else:
- print 'proper command not received for input need get or create'
-
class BaseDB(object):
def check_connection(self, db_name, db_user, db_password):
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d1cf555b/kms/scripts/dba_script.py
----------------------------------------------------------------------
diff --git a/kms/scripts/dba_script.py b/kms/scripts/dba_script.py
old mode 100644
new mode 100755
index c549fad..eb38101
--- a/kms/scripts/dba_script.py
+++ b/kms/scripts/dba_script.py
@@ -37,25 +37,6 @@ if os_name == "LINUX":
elif os_name == "WINDOWS":
RANGER_KMS_HOME = os.getenv("RANGER_KMS_HOME")
-def call_keystore(libpath,aliasKey,aliasValue , filepath,getorcreate):
- finalLibPath = libpath.replace('\\','/').replace('//','/')
- finalFilePath = 'jceks://file/'+filepath.replace('\\','/').replace('//','/')
- if getorcreate == 'create':
- commandtorun = ['java', '-cp', finalLibPath, 'org.apache.ranger.credentialapi.buildks' ,'create', aliasKey, '-value', aliasValue, '-provider',finalFilePath]
- p = Popen(commandtorun,stdin=PIPE, stdout=PIPE, stderr=PIPE)
- output, error = p.communicate()
- statuscode = p.returncode
- return statuscode
- elif getorcreate == 'get':
- commandtorun = ['java', '-cp', finalLibPath, 'org.apache.ranger.credentialapi.buildks' ,'get', aliasKey, '-provider',finalFilePath]
- p = Popen(commandtorun,stdin=PIPE, stdout=PIPE, stderr=PIPE)
- output, error = p.communicate()
- statuscode = p.returncode
- return statuscode, output
- else:
- print 'proper command not received for input need get or create'
-
-
def check_output(query):
if os_name == "LINUX":
p = subprocess.Popen(shlex.split(query), stdout=subprocess.PIPE)
@@ -83,17 +64,14 @@ def populate_global_dict():
elif os_name == "WINDOWS":
read_config_file = open(os.path.join(RANGER_KMS_HOME,'bin','install_config.properties'))
library_path = os.path.join(RANGER_KMS_HOME,"cred","lib","*")
- read_config_file = open(os.path.join(RANGER_KMS_HOME,'install.properties'))
+ read_config_file = open(os.path.join(RANGER_KMS_HOME,'install.properties'))
for each_line in read_config_file.read().split('\n') :
if len(each_line) == 0 : continue
if re.search('=', each_line):
key , value = each_line.strip().split("=",1)
key = key.strip()
if 'PASSWORD' in key:
- jceks_file_path = os.path.join(RANGER_KMS_HOME, 'jceks','ranger_db.jceks')
- statuscode,value = call_keystore(library_path,key,'',jceks_file_path,'get')
- if statuscode == 1:
- value = ''
+ value = ''
value = value.strip()
globalDict[key] = value
[09/14] incubator-ranger git commit: RANGER-598: Update Ranger config
migration script to work with Ranger 0.5
Posted by ma...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/416e13a7/migration-util/doc/README.TXT
----------------------------------------------------------------------
diff --git a/migration-util/doc/README.TXT b/migration-util/doc/README.TXT
deleted file mode 100644
index f466e9d..0000000
--- a/migration-util/doc/README.TXT
+++ /dev/null
@@ -1,74 +0,0 @@
-Utility to Migrate Ranger Config into Ambari (from a previous manual install)
------------------------------------------------------------------------------
-
-Pre-requisites:
-----------------
- * Ambari Server (2.0.0) installed on one of the host of the cluster.
- * Ranger service is manually installed outside Ambari.
- * If user had Ambari 1.7.0 installed, Ambari needs to be upgraded to 2.0.0, before this script is run.
- * Ranger service is expected to be up and running.
- * Whichever component plugin needs to imported, that component should be up and running in Ambari server.
- * Whichever component plugin needs to be imported, that plugin needs to be installed as well as enabled independently by the user.
- * The installation folder paths for each component is as follows :
- * For Ranger Admin service: /usr/hdp/<hdp_vers>/ranger-admin
- * For Ranger Usersync service: /usr/hdp/<hdp_vers>/ranger-usersync
- * For Ranger Hbase plugin: /usr/hdp/<hdp_vers>/ranger-hbase-plugin
- * For Ranger Hdfs plugin: /usr/hdp/<hdp_vers>/ranger-hdfs-plugin
- * For Ranger Hive plugin: /usr/hdp/<hdp_vers>/ranger-hive-plugin
- * For Ranger Knox plugin: /usr/hdp/<hdp_vers>/ranger-knox-plugin
- * For Ranger Storm plugin: /usr/hdp/<hdp_vers>/ranger-storm-plugin
-
-Pre Install:
-------------
- * Please take a backup of existing ranger DB and configurations, in case required.
- * Please take a backup of existing ambari DB and configurations, in case required.
- * You must have an existing MySQL Server or Oracle Server database instance running to be used by Ranger.
- * Ensure that the access for the DB Admin user (root in case of MySQL or SYS in case of Oracle) is enabled in DB server from any host.
- * Execute the following command on the Ambari Server host.
- * Replace database-type with mysql or oracle and /jdbc/driver/path based on the location of the MySQL or Oracle JDBC driver:
-
- ambari-server setup --jdbc-db={database-type} --jdbc-driver={/jdbc/driver/path}
-
-Steps to Add Ranger in a Ambari HDP cluster:
---------------------------------------------
- * In order to know about usage of the script, Execute the command:
- python import_ranger_to_ambari.py
- * Migration script locates the existing config in post-install properties files used by the service.
- * This script will collect required configs from the independently installed Ranger service configurations
- and after verification from the user, post it to the specified Ambari Server.
- * Set appropriate values in the <component>_install.properties template file, only if required.
- For Ranger Admin service, ranger_admin_install.properties
- * For script to use proper values, mandatory properties to be filled by user are as follows :
- 1) During Ranger_Admin installation migration db_root_username and db_root_password are mandatory,
- which can be set in the ranger_admin_install.properties
-
-To import Ranger (Admin and User-Sync) service and plugins we need to run the python script using command line as shown below,
-with valid input parameters, from the host where specific Ranger component has been installed / enabled :
-
-python import_ranger_to_ambari.py {install option} {ambari server url} {ambari server admin username:password} {cluster name} {FQDN of host having Ranger Admin or Ranger Usersync or plugins installed}
-
-for example the actual command will be as :
-
-python import_ranger_to_ambari.py 1 http://100.100.100.100:8080 admin:admin ambari_cluster rangerambari-feb09-rhel6-mp-sec-6.cs1cloud.internal
-
-First parameter (install option) is to mention the service type to be ported to Ambari that is,
- 1 for adding Ranger service and Ranger Admin component to Ambari.
- 2 for adding Ranger User sync component to Ambari.
- 3 to import Ranger Hdfs Plugin configs to Ambari.
- 4 to import Ranger Hive Plugin configs to Ambari.
- 5 to import Ranger Hbase Plugin configs to Ambari.
- 6 to import Ranger Knox Plugin configs to Ambari.
- 7 to import Ranger Storm Plugin configs to Ambari.
-
- * After running the script with first parameter as 1, Ranger service should be visible as Ambari service and Ranger-Admin should be visible.
- * After running with 2 Ranger-Usersync should also be visible as its component, like-wise for the respective plugins.
- * After executing the script with options 3 to 7 - please visit Ambari UI and restart the individual component, after the UI reflects the changes.
-
-Debugging:
-----------
- * Make sure to back up the ranger config and DB prior to running the scripts.
- * It is possible that the service-components may be added to Ambari but the installation may fail. In that case, look for the logs from Ambari-UI.
- * If any of the pre-requisite is not met this might happen, in that case, try installation from Ambari-UI itself.
- * If the services are configured and not started it may show up as Install Pending, reinstall both Admin and User-sync from Ambari UI, and then start the services.
- * In case if the services are installed and in stopped state, restart them from Ambari-UI.
-
[11/14] incubator-ranger git commit: RANGER-598: Update Ranger config
migration script to work with Ranger 0.5
Posted by ma...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/416e13a7/migration-util/ambari2.1-hdp2.3-ranger0.50/bin/import_ranger_to_ambari.py
----------------------------------------------------------------------
diff --git a/migration-util/ambari2.1-hdp2.3-ranger0.50/bin/import_ranger_to_ambari.py b/migration-util/ambari2.1-hdp2.3-ranger0.50/bin/import_ranger_to_ambari.py
new file mode 100755
index 0000000..bc06a65
--- /dev/null
+++ b/migration-util/ambari2.1-hdp2.3-ranger0.50/bin/import_ranger_to_ambari.py
@@ -0,0 +1,2253 @@
+import os
+import sys
+import urllib2
+import base64
+import httplib
+import json
+import time
+from xml.etree import ElementTree as ET
+import datetime
+from subprocess import Popen, PIPE
+import re
+
+
+def port_ranger_admin_installation_to_ambari():
+ print('preparing advanged configurations for ranger')
+ flag_ranger_admin_present, ranger_admin_properties_from_file = get_ranger_admin_install_properties()
+ if flag_ranger_admin_present:
+ print('ranger admin service is installed, making configurations as required by ambari.')
+ if create_ranger_service_in_ambari():
+ print('ranger service is added sucessfully in ambari')
+ if create_ranger_service_components_in_ambari('RANGER_ADMIN'):
+ print('ranger service component is added successfully in ambari')
+ if register_ranger_admin_host_in_ambari():
+ print('ranger admin host is registered successfully in ambari')
+ if add_advanced_ranger_configurations(1, ranger_admin_properties_from_file):
+ print('ranger-admin advanced configurations added successfully in ambari, kindly run ranger-usersync to complete ranger service install')
+ else:
+ print('ranger advanced configurations added failed in ambari')
+ else:
+ print('ranger admin host registration failed in ambari')
+ else:
+ print('ranger service component add failed in ambari')
+ else:
+ print('ranger service add failed in ambari')
+ else:
+ print('ranger admin and usersync services are not installed, not importing configurations to ambari.')
+
+
+def port_ranger_usersync_installation_to_ambari():
+ print ('preparing configurations for ranger user-sync')
+ flag_ranger_usersync_present, ranger_usersync_properties_from_file = get_ranger_usersync_install_properties()
+ if flag_ranger_usersync_present:
+ print('ranger usersync service is installed, making configurations as required by ambari.')
+ if create_ranger_service_components_in_ambari('RANGER_USERSYNC'):
+ print('ranger service component is added successfully in ambari')
+ if register_ranger_usersync_host_in_ambari():
+ print('ranger usersync host is registered successfully in ambari')
+ if add_advanced_ranger_configurations(2, ranger_usersync_properties_from_file):
+ print('ranger advanced configurations added successfully in ambari')
+ if call_ranger_installed():
+ print('ranger service installed successfully in ambari.')
+ else:
+ print('ranger service install failed in ambari')
+ else:
+ print('ranger advanced configurations added failed in ambari')
+ else:
+ print('ranger usersync host registration failed in ambari')
+ else:
+ print('ranger service add failed in ambari')
+ else:
+ print('ranger admin and usersync services are not installed, not importing configurations to ambari.')
+
+
+def port_ranger_kms_installation_to_ambari():
+ print('preparing advanged configurations for ranger-kms')
+ flag_ranger_kms_present, ranger_kms_properties_from_file = get_ranger_kms_install_properties()
+ if flag_ranger_kms_present:
+ print('ranger kms service is installed, making configurations as required by ambari.')
+ if create_ranger_kms_service_in_ambari():
+ print('ranger kms service is added sucessfully in ambari')
+ if create_kms_service_components_in_ambari('RANGER_KMS_SERVER'):
+ print('ranger kms service component is added successfully in ambari')
+ if register_ranger_kms_host_in_ambari():
+ print('ranger kms host is registered successfully in ambari')
+ if add_advanced_ranger_kms_configurations(ranger_kms_properties_from_file):
+ print('ranger kms advanced configurations added successfully in ambari')
+ if call_ranger_kms_installed():
+ print('ranger kms service installed successfully in ambari.')
+ else:
+ print('ranger kms service install failed in ambari')
+ else:
+ print('ranger kms advanced configurations added failed in ambari')
+ else:
+ print('ranger kms host registration failed in ambari')
+ else:
+ print('ranger kms service component add failed in ambari')
+ else:
+ print('ranger kms service add failed in ambari')
+ else:
+ print('ranger kms service is not installed, not importing configurations to ambari.')
+
+
+def create_ranger_service_in_ambari():
+ print('creating ranger admin service in ambari')
+ ranger_create_url = ambari_service_url + '/' + ranger_service_name
+ request_result = call_ambari_api(ranger_create_url, 'POST', ambari_username_password, '')
+ if request_result is not None:
+ response_code = request_result.getcode()
+ response = json.loads(json.JSONEncoder().encode(request_result.read()))
+ if (response_code == 201 and response is not None):
+ print('ranger service created successfully in ambari.')
+ return True
+ elif (response_code == 409 and response is not None):
+ print('ranger service is already created in ambari.')
+ return True
+ else:
+ print('ranger service creation failed in ambari.')
+ return False
+
+
+def create_ranger_kms_service_in_ambari():
+ print('creating ranger kms service in ambari')
+ ranger_create_url = ambari_service_url + '/RANGER_KMS'
+ request_result = call_ambari_api(ranger_create_url, 'POST', ambari_username_password, '')
+ if request_result is not None:
+ response_code = request_result.getcode()
+ response = json.loads(json.JSONEncoder().encode(request_result.read()))
+ if (response_code == 201 and response is not None):
+ print('ranger service created successfully in ambari.')
+ return True
+ elif (response_code == 409 and response is not None):
+ print('ranger service is already created in ambari.')
+ return True
+ else:
+ print('ranger service creation failed in ambari.')
+ return False
+
+def create_ranger_service_components_in_ambari(ranger_service_component_name):
+ print('adding ranger service components in ambari')
+ ranger_service_components = '{"components":[{"ServiceComponentInfo":{"component_name":"' + ranger_service_component_name + '"}}]}'
+ print('creating ranger service in ambari')
+ ranger_service_component_create_url = ambari_service_url + '?ServiceInfo/service_name=' + ranger_service_name
+ request_result = call_ambari_api(ranger_service_component_create_url, 'POST', ambari_username_password, ranger_service_components)
+ if request_result is not None:
+ response_code = request_result.getcode()
+ response = json.loads(json.JSONEncoder().encode(request_result.read()))
+ if (response_code == 201 and response is not None):
+ print('ranger service component : ' + ranger_service_component_name + ', created successfully in ambari.')
+ return True
+ elif (response_code == 409 and response is not None):
+ print('ranger service component : ' + ranger_service_component_name + ', is already present in ambari.')
+ return True
+ else:
+ print('ranger service component creation for : ' + ranger_service_component_name + ', failed in ambari.')
+ return False
+
+def create_kms_service_components_in_ambari(ranger_service_component_name):
+ print('adding ranger service components in ambari')
+ ranger_service_components = '{"components":[{"ServiceComponentInfo":{"component_name":"' + ranger_service_component_name + '"}}]}'
+ print('creating ranger kms service in ambari -> ' + str(ranger_service_components))
+ ranger_service_component_create_url = ambari_service_url + '?ServiceInfo/service_name=RANGER_KMS'
+ print('ranger_service_component_create_url -> ' + str(ranger_service_component_create_url))
+ request_result = call_ambari_api(ranger_service_component_create_url, 'POST', ambari_username_password, ranger_service_components)
+ if request_result is not None:
+ response_code = request_result.getcode()
+ response = json.loads(json.JSONEncoder().encode(request_result.read()))
+ if (response_code == 201 and response is not None):
+ print('ranger service component : ' + ranger_service_component_name + ', created successfully in ambari.')
+ return True
+ elif (response_code == 409 and response is not None):
+ print('ranger service component : ' + ranger_service_component_name + ', is already present in ambari.')
+ return True
+ else:
+ print('ranger service component creation for : ' + ranger_service_component_name + ', failed in ambari.')
+ return False
+
+def register_ranger_admin_host_in_ambari():
+ print('adding ranger servcie components in ambari')
+ print('creating ranger admin service in ambari')
+ ranger_service_component_create_url = ambari_cluster_url + '/hosts/' + ranger_admin_fqdn + '/host_components/' + admin_component_name
+ request_result = call_ambari_api(ranger_service_component_create_url, 'POST', ambari_username_password, '')
+ if request_result is not None:
+ response_code = request_result.getcode()
+ response = json.loads(json.JSONEncoder().encode(request_result.read()))
+ if response_code == 201 and response is not None:
+ print('ranger admin host registered successfully in ambari.')
+ return True
+ elif (response_code == 409 and response is not None):
+ print('ranger admin host is already registered ambari.')
+ return True
+ else:
+ print('ranger admin host registration failed in ambari.')
+ return False
+
+
+def register_ranger_usersync_host_in_ambari():
+ print('adding ranger servcie components in ambari')
+ print('creating ranger admin service in ambari')
+ ranger_host_register_url = ambari_cluster_url + '/hosts/' + ranger_admin_fqdn + '/host_components/' + usersync_component_name
+ request_result = call_ambari_api(ranger_host_register_url, 'POST', ambari_username_password, '')
+ if request_result is not None:
+ response_code = request_result.getcode()
+ response = json.loads(json.JSONEncoder().encode(request_result.read()))
+ if (response_code == 201 and response is not None):
+ print('ranger usersync host registered successfully in ambari.')
+ return True
+ elif (response_code == 409 and response is not None):
+ print('ranger usersync host is already registered ambari.')
+ return True
+ else:
+ print('ranger usersync host registration failed in ambari.')
+ return False
+
+def register_ranger_kms_host_in_ambari():
+ print('adding ranger kms host in ambari')
+ print('creating ranger kms service in ambari')
+ ranger_service_component_create_url = ambari_cluster_url + '/hosts/' + ranger_admin_fqdn + '/host_components/' + "RANGER_KMS_SERVER"
+ request_result = call_ambari_api(ranger_service_component_create_url, 'POST', ambari_username_password, '')
+ if request_result is not None:
+ response_code = request_result.getcode()
+ response = json.loads(json.JSONEncoder().encode(request_result.read()))
+ if response_code == 201 and response is not None:
+ print('ranger kms host registered successfully in ambari.')
+ return True
+ elif (response_code == 409 and response is not None):
+ print('ranger kms host is already registered ambari.')
+ return True
+ else:
+ print('ranger kms host registration failed in ambari.')
+ return False
+
+
+def add_advanced_ranger_configurations(add_admin_or_usersync, ranger_service_properties_from_file):
+ print('creating advanced configurations to be added to ambari.')
+ ranger_config_data = ''
+ advanced_admin_properties = dict()
+ advanced_ranger_site_properties = dict()
+ advanced_ranger_env_properties = dict()
+ advanced_user_sync_properties = dict()
+ advanced_ranger_admin_site_properties = dict()
+ date_time_stamp = getDateTimeNow()
+
+ if (add_admin_or_usersync == 1):
+ if not ((str(ranger_service_properties_from_file['db_root_password']).strip() == '') or
+ (str(ranger_service_properties_from_file['db_root_user']).strip() == '' )) :
+ advanced_admin_properties['DB_FLAVOR'] = ranger_service_properties_from_file['DB_FLAVOR']
+ advanced_admin_properties['SQL_CONNECTOR_JAR'] = ranger_service_properties_from_file['SQL_CONNECTOR_JAR']
+ advanced_admin_properties['db_root_user'] = ranger_service_properties_from_file['db_root_user']
+ advanced_admin_properties['db_root_password'] = ranger_service_properties_from_file['db_root_password']
+ advanced_admin_properties['db_host'] = ranger_service_properties_from_file['db_host']
+ advanced_admin_properties['db_name'] = ranger_service_properties_from_file['db_name']
+ advanced_admin_properties['db_user'] = ranger_service_properties_from_file['ranger.jpa.jdbc.user']
+ advanced_admin_properties['db_password'] = ranger_service_properties_from_file['ranger.jpa.jdbc.password']
+ advanced_admin_properties['audit_db_name'] = ranger_service_properties_from_file['audit_db_name']
+ advanced_admin_properties['audit_db_user'] = ranger_service_properties_from_file['ranger.jpa.audit.jdbc.user']
+ advanced_admin_properties['audit_db_password'] = ranger_service_properties_from_file['ranger.jpa.audit.jdbc.password']
+ advanced_admin_properties['policymgr_external_url'] = ranger_service_properties_from_file['ranger.externalurl']
+
+ advanced_ranger_env_properties['ranger_user'] = 'ranger'
+ advanced_ranger_env_properties['ranger_group'] = 'ranger'
+ advanced_ranger_env_properties['ranger_admin_log_dir'] = '/var/log/ranger/admin'
+ advanced_ranger_env_properties['ranger_usersync_log_dir'] = '/var/log/ranger/usersync'
+ advanced_ranger_env_properties['ranger_admin_username'] = 'amb_ranger_admin'
+ advanced_ranger_env_properties['ranger_admin_password'] = 'ambari123'
+ advanced_ranger_env_properties['admin_username'] = 'admin'
+ advanced_ranger_env_properties['admin_password'] = 'admin'
+ advanced_ranger_env_properties['ranger_pid_dir'] = '/var/run/ranger'
+ advanced_ranger_env_properties['create_db_dbuser'] = 'true'
+ advanced_ranger_env_properties['xml_configurations_supported'] = 'true'
+
+ advanced_ranger_admin_site_properties['ranger.service.host'] = ranger_service_properties_from_file['ranger.service.host']
+ advanced_ranger_admin_site_properties['ranger.service.http.enabled'] = ranger_service_properties_from_file.get('ranger.service.http.enabled','true')
+ advanced_ranger_admin_site_properties['ranger.service.http.port'] = ranger_service_properties_from_file.get('ranger.service.http.port','6080')
+ advanced_ranger_admin_site_properties['ranger.service.https.port'] = ranger_service_properties_from_file.get('ranger.service.https.port','6182')
+ advanced_ranger_admin_site_properties['ranger.service.https.attrib.ssl.enabled'] = ranger_service_properties_from_file.get('ranger.service.https.attrib.ssl.enabled','false')
+ advanced_ranger_admin_site_properties['ranger.service.https.attrib.clientAuth'] = ranger_service_properties_from_file.get('ranger.service.https.attrib.clientAuth','want')
+ advanced_ranger_admin_site_properties['ranger.service.https.attrib.keystore.keyalias'] = ranger_service_properties_from_file.get('ranger.service.https.attrib.keystore.keyalias','rangeradmin')
+ advanced_ranger_admin_site_properties['ranger.service.https.attrib.keystore.pass'] = ranger_service_properties_from_file.get('ranger.service.https.attrib.keystore.pass','xasecure')
+ advanced_ranger_admin_site_properties['ranger.https.attrib.keystore.file'] = ranger_service_properties_from_file.get('ranger.https.attrib.keystore.file','/etc/ranger/admin/conf/ranger-admin-keystore.jks')
+ advanced_ranger_admin_site_properties['ranger.externalurl'] = ranger_service_properties_from_file.get('ranger.externalurl','http://localhost:6080')
+ advanced_ranger_admin_site_properties['ranger.jpa.jdbc.driver'] = ranger_service_properties_from_file.get('ranger.jpa.jdbc.driver','com.mysql.jdbc.Driver')
+ advanced_ranger_admin_site_properties['ranger.jpa.jdbc.url'] = ranger_service_properties_from_file.get('ranger.jpa.jdbc.url','jdbc:mysql://localhost')
+ advanced_ranger_admin_site_properties['ranger.jpa.jdbc.user'] = ranger_service_properties_from_file['ranger.jpa.jdbc.user']
+ advanced_ranger_admin_site_properties['ranger.jpa.jdbc.password'] = ranger_service_properties_from_file['ranger.jpa.jdbc.password']
+ advanced_ranger_admin_site_properties['ranger.jpa.jdbc.credential.alias'] = ranger_service_properties_from_file.get('ranger.jpa.jdbc.credential.alias','rangeradmin')
+ advanced_ranger_admin_site_properties['ranger.credential.provider.path'] = ranger_service_properties_from_file.get('ranger.credential.provider.path','/etc/ranger/admin/rangeradmin.jceks')
+ advanced_ranger_admin_site_properties['ranger.audit.source.type'] = ranger_service_properties_from_file.get('ranger.audit.source.type','db')
+ advanced_ranger_admin_site_properties['ranger.audit.solr.urls'] = ranger_service_properties_from_file.get('ranger.audit.solr.urls','http://solr_host:6083/solr/ranger_audits')
+ advanced_ranger_admin_site_properties['ranger.authentication.method'] = ranger_service_properties_from_file.get('ranger.authentication.method','UNIX')
+ advanced_ranger_admin_site_properties['ranger.ldap.url'] = ranger_service_properties_from_file.get('ranger.ldap.url','ldap://71.127.43.33:389')
+ advanced_ranger_admin_site_properties['ranger.ldap.user.dnpattern'] = ranger_service_properties_from_file.get('ranger.ldap.user.dnpattern','uid={0},ou=users,dc=xasecure,dc=net')
+ advanced_ranger_admin_site_properties['ranger.ldap.group.searchbase'] = ranger_service_properties_from_file.get('ranger.ldap.group.searchbase','ou=groups,dc=xasecure,dc=net')
+ advanced_ranger_admin_site_properties['ranger.ldap.group.searchfilter'] = ranger_service_properties_from_file.get('ranger.ldap.group.searchfilter','(member=uid={0},ou=users,dc=xasecure,dc=net)')
+ advanced_ranger_admin_site_properties['ranger.ldap.group.roleattribute'] = ranger_service_properties_from_file.get('ranger.ldap.group.roleattribute','cn')
+ advanced_ranger_admin_site_properties['ranger.ldap.ad.domain'] = ranger_service_properties_from_file.get('ranger.ldap.ad.domain','localhost')
+ advanced_ranger_admin_site_properties['ranger.ldap.ad.url'] = ranger_service_properties_from_file.get('ranger.ldap.ad.url','ldap://ad.xasecure.net:389')
+ advanced_ranger_admin_site_properties['ranger.jpa.audit.jdbc.driver'] = ranger_service_properties_from_file.get('ranger.jpa.audit.jdbc.driver','{{ranger_jdbc_driver}}')
+ advanced_ranger_admin_site_properties['ranger.jpa.audit.jdbc.url'] = ranger_service_properties_from_file.get('ranger.jpa.audit.jdbc.url','{{audit_jdbc_url}}')
+ advanced_ranger_admin_site_properties['ranger.jpa.audit.jdbc.user'] = ranger_service_properties_from_file.get('ranger.jpa.audit.jdbc.user','{{ranger_audit_db_user}}')
+ advanced_ranger_admin_site_properties['ranger.jpa.audit.jdbc.password'] = ranger_service_properties_from_file.get('ranger.jpa.audit.jdbc.password','_')
+ advanced_ranger_admin_site_properties['ranger.jpa.audit.jdbc.credential.alias'] = ranger_service_properties_from_file.get('ranger.jpa.audit.jdbc.credential.alias','rangeraudit')
+ advanced_ranger_admin_site_properties['ranger.unixauth.remote.login.enabled'] = ranger_service_properties_from_file.get('ranger.unixauth.remote.login.enabled','true')
+ advanced_ranger_admin_site_properties['ranger.unixauth.service.hostname'] = ranger_service_properties_from_file.get('ranger.unixauth.service.hostname','localhost')
+ advanced_ranger_admin_site_properties['ranger.unixauth.service.port'] = ranger_service_properties_from_file.get('ranger.unixauth.service.port','5151')
+ advanced_ranger_admin_site_properties['ranger.jpa.jdbc.dialect'] = ranger_service_properties_from_file.get('ranger.jpa.jdbc.dialect','{{jdbc_dialect}}')
+ advanced_ranger_admin_site_properties['ranger.jpa.audit.jdbc.dialect'] = ranger_service_properties_from_file.get('ranger.jpa.audit.jdbc.dialect','{{jdbc_dialect}')
+ advanced_ranger_admin_site_properties['ranger.audit.solr.zookeepers'] = ranger_service_properties_from_file.get('ranger.audit.solr.zookeepers','NONE')
+ advanced_ranger_admin_site_properties['ranger.audit.solr.username'] = ranger_service_properties_from_file.get('ranger.audit.solr.username','ranger_solr')
+ advanced_ranger_admin_site_properties['ranger.audit.solr.password'] = ranger_service_properties_from_file.get('ranger.audit.solr.password','NONE')
+
+ ranger_config_data = '[{"Clusters":{"desired_config":[{"type":"admin-properties", "service_config_version_note": "Initial configuration for Ranger Admin service" ,"tag":"' + str(
+ date_time_stamp) + '","properties":' + json.dumps(
+ advanced_admin_properties) + ', "properties_attributes": {"final": "true"}},{"type":"ranger-site", "service_config_version_note": "Initial configuration for Ranger Admin service" ,"tag":"' + str(
+ date_time_stamp) + '","properties":' + json.dumps(
+ advanced_ranger_site_properties) + ', "properties_attributes": {"final": "false"}},{"type":"ranger-env", "service_config_version_note": "Initial configuration for Ranger Admin service" ,"tag":"' + str(
+ date_time_stamp) + '","properties":' + json.dumps(advanced_ranger_env_properties) + ', "properties_attributes": {"final": "false"}},{"type":"ranger-admin-site", "service_config_version_note": "Initial configuration for Ranger Admin service" ,"tag":"' + str(
+ date_time_stamp) + '","properties":' + json.dumps(
+ advanced_ranger_admin_site_properties) + ', "properties_attributes": {"final": "false"}}]}}]'
+
+
+ print ('####################### admin_properties configuration :')
+ for each_key in advanced_admin_properties:
+ print str(each_key) + ' = ' + str(advanced_admin_properties[each_key])
+
+ print ('####################### ranger_site_properties configuration :')
+ for each_key in advanced_ranger_site_properties:
+ print str(each_key) + ' = ' + str(advanced_ranger_site_properties[each_key])
+
+ print ('####################### ranger_env_properties configuration :')
+ for each_key in advanced_ranger_env_properties:
+ print str(each_key) + ' = ' + str(advanced_ranger_env_properties[each_key])
+
+ print ('####################### ranger_admin_site_properties configuration :')
+ for each_key in advanced_ranger_env_properties:
+ print str(each_key) + ' = ' + str(advanced_ranger_env_properties[each_key])
+
+
+ else:
+ print('either db_root_user or db_root_password value is missing from ranger_admin_install.properties file, please set appropriate value and run the script again.')
+ sys.exit(1)
+
+ elif (add_admin_or_usersync == 2):
+ advanced_user_sync_properties['ranger.usersync.port'] = ranger_service_properties_from_file['ranger.usersync.port']
+ advanced_user_sync_properties['ranger.usersync.ssl'] = ranger_service_properties_from_file['ranger.usersync.ssl']
+ advanced_user_sync_properties['ranger.usersync.keystore.file'] = ranger_service_properties_from_file['ranger.usersync.keystore.file']
+ advanced_user_sync_properties['ranger.usersync.keystore.password'] = ranger_service_properties_from_file.get('ranger.usersync.keystore.password','UnIx529p')
+ advanced_user_sync_properties['ranger.usersync.truststore.file'] = ranger_service_properties_from_file.get('ranger.usersync.truststore.file','/usr/hdp/current/ranger-usersync/conf/mytruststore.jks')
+ advanced_user_sync_properties['ranger.usersync.truststore.password'] = ranger_service_properties_from_file.get('ranger.usersync.truststore.password','changeit')
+ advanced_user_sync_properties['ranger.usersync.passwordvalidator.path'] = ranger_service_properties_from_file['ranger.usersync.passwordvalidator.path']
+ advanced_user_sync_properties['ranger.usersync.sink.impl.class'] = ranger_service_properties_from_file['ranger.usersync.sink.impl.class']
+ advanced_user_sync_properties['ranger.usersync.policymanager.baseURL'] = ranger_service_properties_from_file['ranger.usersync.policymanager.baseURL']
+ advanced_user_sync_properties['ranger.usersync.policymanager.maxrecordsperapicall'] = ranger_service_properties_from_file['ranger.usersync.policymanager.maxrecordsperapicall']
+ advanced_user_sync_properties['ranger.usersync.policymanager.mockrun'] = ranger_service_properties_from_file['ranger.usersync.policymanager.mockrun']
+ advanced_user_sync_properties['ranger.usersync.unix.minUserId'] = ranger_service_properties_from_file['ranger.usersync.unix.minUserId']
+ advanced_user_sync_properties['ranger.usersync.sleeptimeinmillisbetweensynccycle'] = ranger_service_properties_from_file['ranger.usersync.sleeptimeinmillisbetweensynccycle']
+ advanced_user_sync_properties['ranger.usersync.source.impl.class'] = ranger_service_properties_from_file['ranger.usersync.source.impl.class']
+ advanced_user_sync_properties['ranger.usersync.filesource.file'] = ranger_service_properties_from_file.get('ranger.usersync.filesource.file','/tmp/usergroup.txt')
+ advanced_user_sync_properties['ranger.usersync.filesource.text.delimiter'] = ranger_service_properties_from_file.get('ranger.usersync.filesource.text.delimiter',',')
+ advanced_user_sync_properties['ranger.usersync.ldap.url'] = ranger_service_properties_from_file.get('ranger.usersync.ldap.url','ldap://localhost:389')
+ advanced_user_sync_properties['ranger.usersync.ldap.binddn'] = ranger_service_properties_from_file.get('ranger.usersync.ldap.binddn','cn=admin,dc=xasecure,dc=net')
+ advanced_user_sync_properties['ranger.usersync.ldap.ldapbindpassword'] = ranger_service_properties_from_file['ranger.usersync.ldap.ldapbindpassword']
+ advanced_user_sync_properties['ranger.usersync.ldap.bindalias'] = ranger_service_properties_from_file.get('ranger.usersync.ldap.bindalias','testldapalias')
+ advanced_user_sync_properties['ranger.usersync.ldap.bindkeystore'] = ranger_service_properties_from_file.get('ranger.usersync.ldap.bindkeystore','')
+ advanced_user_sync_properties['ranger.usersync.ldap.searchBase'] = ranger_service_properties_from_file.get('ranger.usersync.ldap.searchBase','dc=hadoop,dc=apache,dc=org')
+ advanced_user_sync_properties['ranger.usersync.ldap.user.searchbase'] = ranger_service_properties_from_file.get('ranger.usersync.ldap.user.searchbase','ou=users,dc=xasecure,dc=net')
+ advanced_user_sync_properties['ranger.usersync.ldap.user.searchscope'] = ranger_service_properties_from_file.get('ranger.usersync.ldap.user.searchscope','sub')
+ advanced_user_sync_properties['ranger.usersync.ldap.user.objectclass'] = ranger_service_properties_from_file.get('ranger.usersync.ldap.user.objectclass','person')
+ advanced_user_sync_properties['ranger.usersync.ldap.user.searchfilter'] = ranger_service_properties_from_file.get('ranger.usersync.ldap.user.searchfilter','empty')
+ advanced_user_sync_properties['ranger.usersync.ldap.user.nameattribute'] = ranger_service_properties_from_file.get('ranger.usersync.ldap.user.nameattribute','cn')
+ advanced_user_sync_properties['ranger.usersync.ldap.user.groupnameattribute'] = ranger_service_properties_from_file.get('ranger.usersync.ldap.user.groupnameattribute','memberof, ismemberof')
+ advanced_user_sync_properties['ranger.usersync.ldap.username.caseconversion'] = ranger_service_properties_from_file.get('ranger.usersync.ldap.username.caseconversion','lower')
+ advanced_user_sync_properties['ranger.usersync.ldap.groupname.caseconversion'] = ranger_service_properties_from_file.get('ranger.usersync.ldap.groupname.caseconversion','lower')
+ advanced_user_sync_properties['ranger.usersync.logdir'] = ranger_service_properties_from_file.get('ranger.usersync.logdir','/var/log/ranger/usersync')
+ advanced_user_sync_properties['ranger.usersync.group.searchenabled'] = ranger_service_properties_from_file.get('ranger.usersync.group.searchenabled','false')
+ advanced_user_sync_properties['ranger.usersync.group.usermapsyncenabled'] = ranger_service_properties_from_file.get('ranger.usersync.group.usermapsyncenabled','false')
+ advanced_user_sync_properties['ranger.usersync.group.searchbase'] = ranger_service_properties_from_file.get('ranger.usersync.group.searchbase',' ')
+ advanced_user_sync_properties['ranger.usersync.group.searchscope'] = ranger_service_properties_from_file.get('ranger.usersync.group.searchscope',' ')
+ advanced_user_sync_properties['ranger.usersync.group.objectclass'] = ranger_service_properties_from_file.get('ranger.usersync.group.objectclass',' ')
+ advanced_user_sync_properties['ranger.usersync.group.searchfilter'] = ranger_service_properties_from_file.get('ranger.usersync.group.searchfilter',' ')
+ advanced_user_sync_properties['ranger.usersync.group.nameattribute'] = ranger_service_properties_from_file.get('ranger.usersync.group.nameattribute',' ')
+ advanced_user_sync_properties['ranger.usersync.group.memberattributename'] = ranger_service_properties_from_file.get('ranger.usersync.group.memberattributename',' ')
+ advanced_user_sync_properties['ranger.usersync.pagedresultsenabled'] = ranger_service_properties_from_file.get('ranger.usersync.pagedresultsenabled','true')
+ advanced_user_sync_properties['ranger.usersync.pagedresultssize'] = ranger_service_properties_from_file.get('ranger.usersync.pagedresultssize','500')
+ advanced_user_sync_properties['ranger.usersync.credstore.filename'] = ranger_service_properties_from_file.get('ranger.usersync.credstore.filename','/usr/hdp/current/ranger-usersync/conf/ugsync.jceks')
+
+ ranger_config_data = '[{"Clusters":{"desired_config":[{"type":"ranger-ugsync-site", "service_config_version_note": "Initial configuration for Ranger Usersync service" ,"tag":"' + str(
+ date_time_stamp) + '","properties":' + json.dumps(advanced_user_sync_properties) + ', "properties_attributes": {"final": "false"}}]}}]'
+
+
+ print ('####################### user_sync_properties configuration :')
+ for each_key in advanced_user_sync_properties:
+ print str(each_key) + ' = ' + str(advanced_user_sync_properties[each_key])
+
+ else:
+ print ('invalid option for to add configuration to ranger.')
+ sys.exit(1)
+
+
+ confirm_configurations = raw_input('please confirm the above configuration values y/n (n) : ')
+ if(confirm_configurations == ''):
+ confirm_configurations = 'n'
+ print ('input registered as ' + str(confirm_configurations))
+
+ if(confirm_configurations.lower() == 'y'):
+ ranger_config_request_url = ambari_cluster_url
+ request_result = call_ambari_api(ranger_config_request_url, 'PUT', ambari_username_password, str(ranger_config_data))
+ if request_result is not None:
+ response_code = request_result.getcode()
+ response = json.loads(json.JSONEncoder().encode(request_result.read()))
+ if response_code == 200 and response is not None:
+ print('ranger advanced configuration added successfully in ambari.')
+ return True
+ else:
+ print('ranger advanced configuration add failed in ambari.')
+ return False
+ else:
+ print('ranger advanced configuration add failed in ambari.')
+ return False
+ else:
+ print ('exiting installation without configuration !')
+ sys.exit(0)
+
+
+def add_advanced_ranger_kms_configurations(ranger_kms_properties_from_file):
+ print('creating advanced configurations to be added to ')
+ advanced_kms_env_properties = dict()
+ advanced_kms_properties = dict()
+ advanced_dbks_site_properties = dict()
+ advanced_kms_site_properties = dict()
+ advanced_ranger_kms_site_properties = dict()
+ advanced_ranger_kms_audit_properties = dict()
+ advanced_ranger_kms_policymgr_ssl_properties = dict()
+ advanced_ranger_kms_security_properties = dict()
+ advanced_kms_log4j_properties = dict()
+ date_time_stamp = getDateTimeNow()
+
+ advanced_kms_env_properties['kms_user'] = 'kms'
+ advanced_kms_env_properties['kms_group'] = 'kms'
+ advanced_kms_env_properties['kms_log_dir'] = '/var/log/ranger/kms'
+ advanced_kms_env_properties['kms_port'] = '9292'
+
+ advanced_kms_properties['REPOSITORY_CONFIG_USERNAME'] = 'keyadmin'
+ advanced_kms_properties['REPOSITORY_CONFIG_PASSWORD'] = 'keyadmin'
+ advanced_kms_properties['DB_FLAVOR'] = ranger_kms_properties_from_file.get('DB_FLAVOR','MYSQL')
+ advanced_kms_properties['SQL_CONNECTOR_JAR'] = ranger_kms_properties_from_file.get('SQL_CONNECTOR_JAR','/usr/share/java/mysql-connector-java.jar')
+ advanced_kms_properties['db_root_user'] = ranger_kms_properties_from_file.get('db_root_user','root')
+ advanced_kms_properties['db_root_password'] = ranger_kms_properties_from_file.get('db_root_password','')
+ advanced_kms_properties['db_host'] = ranger_kms_properties_from_file.get('db_host','localhost')
+ advanced_kms_properties['db_name'] = ranger_kms_properties_from_file.get('db_name','rangerkms')
+ advanced_kms_properties['db_user'] = ranger_kms_properties_from_file.get('ranger.ks.jpa.jdbc.user','rangerkms')
+ advanced_kms_properties['db_password'] = ranger_kms_properties_from_file.get('ranger.ks.jpa.jdbc.password','')
+ advanced_kms_properties['KMS_MASTER_KEY_PASSWD'] = ranger_kms_properties_from_file.get('KMS_MASTER_KEY_PASSWD','')
+
+
+ advanced_dbks_site_properties['hadoop.kms.blacklist.DECRYPT_EEK'] = ranger_kms_properties_from_file.get('hadoop.kms.blacklist.DECRYPT_EEK','hdfs')
+ advanced_dbks_site_properties['ranger.db.encrypt.key.password'] = ranger_kms_properties_from_file.get('ranger.db.encrypt.key.password','_')
+ advanced_dbks_site_properties['ranger.ks.jpa.jdbc.url'] = ranger_kms_properties_from_file.get('ranger.ks.jpa.jdbc.url','{{db_jdbc_url}}')
+ advanced_dbks_site_properties['ranger.ks.jpa.jdbc.user'] = ranger_kms_properties_from_file.get('ranger.ks.jpa.jdbc.user','{{db_user}}')
+ advanced_dbks_site_properties['ranger.ks.jpa.jdbc.password'] = ranger_kms_properties_from_file.get('ranger.ks.jpa.jdbc.password','_')
+ advanced_dbks_site_properties['ranger.ks.jpa.jdbc.credential.provider.path'] = ranger_kms_properties_from_file.get('ranger.ks.jpa.jdbc.credential.provider.path','/etc/ranger/kms/rangerkms.jceks')
+ advanced_dbks_site_properties['ranger.ks.jpa.jdbc.credential.alias'] = ranger_kms_properties_from_file.get('ranger.ks.jpa.jdbc.credential.alias','ranger.ks.jdbc.password')
+ advanced_dbks_site_properties['ranger.ks.masterkey.credential.alias'] = ranger_kms_properties_from_file.get('ranger.ks.masterkey.credential.alias','ranger.ks.masterkey.password')
+ advanced_dbks_site_properties['ranger.ks.jpa.jdbc.dialect'] = ranger_kms_properties_from_file.get('ranger.ks.jpa.jdbc.dialect','{{jdbc_dialect}}')
+ advanced_dbks_site_properties['ranger.ks.jpa.jdbc.driver'] = ranger_kms_properties_from_file.get('ranger.ks.jpa.jdbc.driver','{{db_jdbc_driver}}')
+ advanced_dbks_site_properties['ranger.ks.jdbc.sqlconnectorjar'] = ranger_kms_properties_from_file.get('ranger.ks.jdbc.sqlconnectorjar','{{driver_curl_target}}')
+
+
+ advanced_kms_site_properties['hadoop.kms.key.provider.uri'] = ranger_kms_properties_from_file.get('hadoop.kms.key.provider.uri','dbks://http@localhost:9292/kms')
+ advanced_kms_site_properties['hadoop.security.keystore.JavaKeyStoreProvider.password'] = ranger_kms_properties_from_file.get('hadoop.security.keystore.JavaKeyStoreProvider.password','none')
+ advanced_kms_site_properties['hadoop.kms.cache.enable'] = ranger_kms_properties_from_file.get('hadoop.kms.cache.enable','true')
+ advanced_kms_site_properties['hadoop.kms.cache.timeout.ms'] = ranger_kms_properties_from_file.get('hadoop.kms.cache.timeout.ms','600000')
+ advanced_kms_site_properties['hadoop.kms.current.key.cache.timeout.ms'] = ranger_kms_properties_from_file.get('hadoop.kms.current.key.cache.timeout.ms','30000')
+ advanced_kms_site_properties['hadoop.kms.audit.aggregation.window.ms'] = ranger_kms_properties_from_file.get('hadoop.kms.audit.aggregation.window.ms','10000')
+ advanced_kms_site_properties['hadoop.kms.authentication.type'] = ranger_kms_properties_from_file.get('hadoop.kms.authentication.type','simple')
+ advanced_kms_site_properties['hadoop.kms.authentication.kerberos.keytab'] = ranger_kms_properties_from_file.get('hadoop.kms.authentication.kerberos.keytab','${user.home}/kms.keytab')
+ advanced_kms_site_properties['hadoop.kms.authentication.kerberos.principal'] = ranger_kms_properties_from_file.get('hadoop.kms.authentication.kerberos.principal','HTTP/localhost')
+ advanced_kms_site_properties['hadoop.kms.authentication.kerberos.name.rules'] = ranger_kms_properties_from_file.get('hadoop.kms.authentication.kerberos.name.rules','DEFAULT')
+ advanced_kms_site_properties['hadoop.kms.authentication.signer.secret.provider'] = ranger_kms_properties_from_file.get('hadoop.kms.authentication.signer.secret.provider','random')
+ advanced_kms_site_properties['hadoop.kms.authentication.signer.secret.provider.zookeeper.path'] = ranger_kms_properties_from_file.get('hadoop.kms.authentication.signer.secret.provider.zookeeper.path','/hadoop-kms/hadoop-auth-signature-secret')
+ advanced_kms_site_properties['hadoop.kms.authentication.signer.secret.provider.zookeeper.auth.type'] = ranger_kms_properties_from_file.get('hadoop.kms.authentication.signer.secret.provider.zookeeper.auth.type','kerberos')
+ advanced_kms_site_properties['hadoop.kms.authentication.signer.secret.provider.zookeeper.kerberos.keytab'] = ranger_kms_properties_from_file.get('/etc/hadoop/conf/kms.keytab','/etc/hadoop/conf/kms.keytab')
+ advanced_kms_site_properties['hadoop.kms.authentication.signer.secret.provider.zookeeper.kerberos.principal'] = ranger_kms_properties_from_file.get('hadoop.kms.authentication.signer.secret.provider.zookeeper.kerberos.principal','kms/#HOSTNAME#')
+ advanced_kms_site_properties['hadoop.kms.security.authorization.manager'] = ranger_kms_properties_from_file.get('hadoop.kms.security.authorization.manager','org.apache.ranger.authorization.kms.authorizer.RangerKmsAuthorizer')
+
+
+ advanced_ranger_kms_site_properties['ranger.service.host'] = ranger_kms_properties_from_file.get('ranger.service.host','{{kms_host}}')
+ advanced_ranger_kms_site_properties['ranger.service.http.port'] = ranger_kms_properties_from_file.get('ranger.service.http.port','{{kms_port}}')
+ advanced_ranger_kms_site_properties['ranger.service.https.port'] = ranger_kms_properties_from_file.get('ranger.service.https.port','9393')
+ advanced_ranger_kms_site_properties['ranger.service.shutdown.port'] = ranger_kms_properties_from_file.get('ranger.service.shutdown.port','7085')
+ advanced_ranger_kms_site_properties['ranger.contextName'] = ranger_kms_properties_from_file.get('ranger.contextName','/kms')
+ advanced_ranger_kms_site_properties['xa.webapp.dir'] = ranger_kms_properties_from_file.get('xa.webapp.dir','./webapp')
+ advanced_ranger_kms_site_properties['ranger.service.https.attrib.ssl.enabled'] = ranger_kms_properties_from_file.get('ranger.service.https.attrib.ssl.enabled','false')
+
+
+ advanced_ranger_kms_audit_properties['xasecure.audit.is.enabled'] = ranger_kms_properties_from_file.get('xasecure.audit.is.enabled','true')
+ advanced_ranger_kms_audit_properties['xasecure.audit.destination.db'] = ranger_kms_properties_from_file.get('xasecure.audit.db.is.enabled','false')
+ advanced_ranger_kms_audit_properties['xasecure.audit.destination.db.jdbc.url'] = ranger_kms_properties_from_file.get('xasecure.audit.jpa.javax.persistence.jdbc.url','{{audit_jdbc_url}}')
+ advanced_ranger_kms_audit_properties['xasecure.audit.destination.db.user'] = ranger_kms_properties_from_file.get('xasecure.audit.jpa.javax.persistence.jdbc.user','{{xa_audit_db_user}}')
+ advanced_ranger_kms_audit_properties['xasecure.audit.destination.db.password'] = ranger_kms_properties_from_file.get('xasecure.audit.jpa.javax.persistence.jdbc.password','crypted')
+ advanced_ranger_kms_audit_properties['xasecure.audit.destination.db.jdbc.driver'] = ranger_kms_properties_from_file.get('xasecure.audit.jpa.javax.persistence.jdbc.driver','{{jdbc_driver}}')
+ advanced_ranger_kms_audit_properties['xasecure.audit.credential.provider.file'] = ranger_kms_properties_from_file.get('xasecure.audit.credential.provider.file','jceks://file{{credential_file}}')
+ advanced_ranger_kms_audit_properties['xasecure.audit.destination.db.batch.filespool.dir'] = ranger_kms_properties_from_file.get('xasecure.audit.destination.db.batch.filespool.dir','/var/log/ranger/kms/audit/db/spool')
+ advanced_ranger_kms_audit_properties['xasecure.audit.destination.hdfs'] = ranger_kms_properties_from_file.get('xasecure.audit.destination.hdfs','true')
+ advanced_ranger_kms_audit_properties['xasecure.audit.destination.hdfs.dir'] = ranger_kms_properties_from_file.get('xasecure.audit.destination.hdfs.dir','hdfs://NAMENODE_HOSTNAME:8020/ranger/audit')
+ advanced_ranger_kms_audit_properties['xasecure.audit.destination.hdfs.batch.filespool.dir'] = ranger_kms_properties_from_file.get('xasecure.audit.destination.hdfs.batch.filespool.dir','/var/log/ranger/kms/audit/hdfs/spool')
+ advanced_ranger_kms_audit_properties['xasecure.audit.destination.solr'] = ranger_kms_properties_from_file.get('xasecure.audit.destination.solr','true')
+ advanced_ranger_kms_audit_properties['xasecure.audit.destination.solr.urls'] = ranger_kms_properties_from_file.get('xasecure.audit.destination.solr.urls','{{ranger_audit_solr_urls}}')
+ advanced_ranger_kms_audit_properties['xasecure.audit.destination.solr.zookeepers'] = ranger_kms_properties_from_file.get('xasecure.audit.destination.solr.zookeepers','none')
+ advanced_ranger_kms_audit_properties['xasecure.audit.destination.solr.batch.filespool.dir'] = ranger_kms_properties_from_file.get('xasecure.audit.destination.solr.batch.filespool.dir','/var/log/ranger/kms/audit/solr/spool')
+ advanced_ranger_kms_audit_properties['xasecure.audit.provider.summary.enabled'] = ranger_kms_properties_from_file.get('xasecure.audit.provider.summary.enabled','false')
+
+
+ advanced_ranger_kms_policymgr_ssl_properties['xasecure.policymgr.clientssl.keystore'] = ranger_kms_properties_from_file.get('xasecure.policymgr.clientssl.keystore','/usr/hdp/current/ranger-kms/conf/ranger-plugin-keystore.jks')
+ advanced_ranger_kms_policymgr_ssl_properties['xasecure.policymgr.clientssl.keystore.password'] = ranger_kms_properties_from_file.get('xasecure.policymgr.clientssl.keystore.password','myKeyFilePassword')
+ advanced_ranger_kms_policymgr_ssl_properties['xasecure.policymgr.clientssl.truststore'] = ranger_kms_properties_from_file.get('xasecure.policymgr.clientssl.truststore','/usr/hdp/current/ranger-kms/conf/ranger-plugin-truststore.jks')
+ advanced_ranger_kms_policymgr_ssl_properties['xasecure.policymgr.clientssl.truststore.password'] = ranger_kms_properties_from_file.get('xasecure.policymgr.clientssl.truststore.password','changeit')
+ advanced_ranger_kms_policymgr_ssl_properties['xasecure.policymgr.clientssl.keystore.credential.file'] = ranger_kms_properties_from_file.get('xasecure.policymgr.clientssl.keystore.credential.file','jceks://file{{credential_file}}')
+ advanced_ranger_kms_policymgr_ssl_properties['xasecure.policymgr.clientssl.truststore.credential.file'] = ranger_kms_properties_from_file.get('xasecure.policymgr.clientssl.truststore.credential.file','jceks://file{{credential_file}}')
+
+
+ advanced_ranger_kms_security_properties['ranger.plugin.kms.service.name'] = ranger_kms_properties_from_file.get('ranger.plugin.kms.service.name','{{repo_name}}')
+ advanced_ranger_kms_security_properties['ranger.plugin.kms.policy.source.impl'] = ranger_kms_properties_from_file.get('ranger.plugin.kms.policy.source.impl','org.apache.ranger.admin.client.RangerAdminRESTClient')
+ advanced_ranger_kms_security_properties['ranger.plugin.kms.policy.rest.url'] = ranger_kms_properties_from_file.get('ranger.plugin.kms.policy.rest.url','{{policymgr_mgr_url}}')
+ advanced_ranger_kms_security_properties['ranger.plugin.kms.policy.rest.ssl.config.file'] = ranger_kms_properties_from_file.get('ranger.plugin.kms.policy.rest.ssl.config.file','/etc/ranger/kms/conf/ranger-policymgr-ssl.xml')
+ advanced_ranger_kms_security_properties['ranger.plugin.kms.policy.pollIntervalMs'] = ranger_kms_properties_from_file.get('ranger.plugin.kms.policy.pollIntervalMs','30000')
+ advanced_ranger_kms_security_properties['ranger.plugin.kms.policy.cache.dir'] = ranger_kms_properties_from_file.get('ranger.plugin.kms.policy.cache.dir','/etc/ranger/{{repo_name}}/policycache')
+
+ advanced_kms_log4j_properties['content'] = ranger_kms_properties_from_file.get('kms.log4j.properties','')
+
+
+ kms_config_data = '[{"Clusters":{"desired_config":[{"type":"kms-properties", "service_config_version_note": "Initial configuration for Ranger KMS service" ,"tag":"' + str(
+ date_time_stamp) + '","properties":' + json.dumps(
+ advanced_kms_properties) + ', "properties_attributes": {"final": "true"}},{"type":"kms-site", "service_config_version_note": "Initial configuration for Ranger KMS service" ,"tag":"' + str(
+ date_time_stamp) + '","properties":' + json.dumps(
+ advanced_kms_site_properties) + ', "properties_attributes": {"final": "false"}},{"type":"kms-env", "service_config_version_note": "Initial configuration for Ranger KMS service" ,"tag":"' + str(
+ date_time_stamp) + '","properties":' + json.dumps(advanced_kms_env_properties) + ', "properties_attributes": {"final": "false"}},{"type":"dbks-site", "service_config_version_note": "Initial configuration for Ranger KMS service" ,"tag":"' + str(
+ date_time_stamp) + '","properties":' + json.dumps(advanced_dbks_site_properties) + ', "properties_attributes": {"final": "false"}},{"type":"ranger-kms-site", "service_config_version_note": "Initial configuration for Ranger KMS service" ,"tag":"' + str(
+ date_time_stamp) + '","properties":' + json.dumps(advanced_ranger_kms_site_properties) + ', "properties_attributes": {"final": "false"}},{"type":"ranger-kms-audit", "service_config_version_note": "Initial configuration for Ranger KMS service" ,"tag":"' + str(
+ date_time_stamp) + '","properties":' + json.dumps(advanced_ranger_kms_audit_properties) + ', "properties_attributes": {"final": "false"}},{"type":"ranger-kms-policymgr-ssl", "service_config_version_note": "Initial configuration for Ranger KMS service" ,"tag":"' + str(
+ date_time_stamp) + '","properties":' + json.dumps(advanced_ranger_kms_policymgr_ssl_properties) + ', "properties_attributes": {"final": "false"}},{"type":"kms-log4j", "service_config_version_note": "Initial configuration for Ranger KMS service" ,"tag":"' + str(
+ date_time_stamp) + '","properties":' + json.dumps(advanced_kms_log4j_properties) + ', "properties_attributes": {"final": "false"}},{"type":"ranger-kms-security", "service_config_version_note": "Initial configuration for Ranger KMS service" ,"tag":"' + str(
+ date_time_stamp) + '","properties":' + json.dumps(advanced_ranger_kms_security_properties) + ', "properties_attributes": {"final": "false"}}]}}]'
+
+
+ print ('####################### kms_properties configuration :')
+ for each_key in advanced_kms_properties:
+ print str(each_key) + ' = ' + str(advanced_kms_properties[each_key])
+
+ print ('####################### kms_site_properties configuration :')
+ for each_key in advanced_kms_site_properties:
+ print str(each_key) + ' = ' + str(advanced_kms_site_properties[each_key])
+
+ print ('####################### kms_env_properties configuration :')
+ for each_key in advanced_kms_env_properties:
+ print str(each_key) + ' = ' + str(advanced_kms_env_properties[each_key])
+
+ print ('####################### ranger_kms_site_properties configuration :')
+ for each_key in advanced_ranger_kms_site_properties:
+ print str(each_key) + ' = ' + str(advanced_ranger_kms_site_properties[each_key])
+
+ print ('####################### kms_dbks_site_properties configuration :')
+ for each_key in advanced_dbks_site_properties:
+ print str(each_key) + ' = ' + str(advanced_dbks_site_properties[each_key])
+
+ print ('####################### ranger_kms_audit_properties configuration :')
+ for each_key in advanced_ranger_kms_audit_properties:
+ print str(each_key) + ' = ' + str(advanced_ranger_kms_audit_properties[each_key])
+
+ print ('####################### ranger_kms_policymgr_ssl_properties configuration :')
+ for each_key in advanced_ranger_kms_policymgr_ssl_properties:
+ print str(each_key) + ' = ' + str(advanced_ranger_kms_policymgr_ssl_properties[each_key])
+
+
+ print ('####################### ranger_kms_security_properties configuration :')
+ for each_key in advanced_ranger_kms_security_properties:
+ print str(each_key) + ' = ' + str(advanced_ranger_kms_security_properties[each_key])
+
+ print ('####################### ranger_kms_log4j_properties configuration :')
+ for each_key in advanced_kms_log4j_properties:
+ print str(each_key) + ' = ' + str(advanced_kms_log4j_properties[each_key])
+
+
+ confirm_configurations = raw_input('please confirm the above configuration values y/n (n) : ')
+ if(confirm_configurations == ''):
+ confirm_configurations = 'n'
+ print ('input registered as ' + str(confirm_configurations))
+
+ if(confirm_configurations.lower() == 'y'):
+ ranger_config_request_url = ambari_cluster_url
+ request_result = call_ambari_api(ranger_config_request_url, 'PUT', ambari_username_password, str(kms_config_data))
+ if request_result is not None:
+ response_code = request_result.getcode()
+ response = json.loads(json.JSONEncoder().encode(request_result.read()))
+ if response_code == 200 and response is not None:
+ print('ranger kms advanced configuration added successfully in ambari.')
+ return True
+ else:
+ print('ranger kms advanced configuration add failed in ambari.')
+ return False
+ else:
+ print('ranger kms advanced configuration add failed in ambari.')
+ return False
+ else:
+ print ('exiting installation without configuration !')
+ sys.exit(0)
+
+
+
+def call_ranger_installed():
+ print('changing state of ranger services from init to installed.')
+ ranger_state_change_request = '{"RequestInfo":{"context":"Install Ranger Service","operation_level":{"level":"CLUSTER","cluster_name":"' + str(
+ cluster_name) + '"}},"Body":{"ServiceInfo":{"state":"INSTALLED"}}}'
+ ranger_state_change_url = ambari_service_url + '?ServiceInfo/state=INIT'
+ request_result = call_ambari_api(ranger_state_change_url, 'PUT', ambari_username_password, ranger_state_change_request)
+ if request_result is not None:
+ response_code = request_result.getcode()
+ response = json.loads(json.JSONEncoder().encode(request_result.read()))
+ if (response_code == 200 and response is not None):
+ print('ranger state changed to install successfully in ambari.')
+ return True
+ if (response_code == 409 and response is not None):
+ print('ranger is already installed in ambari.')
+ return True
+ if response_code == 202 and response is not None:
+ print('ranger state changed to install posted in ambari, checking for updated status waiting for 30 seconds')
+ parsed_response = json.loads(response)
+ response_href_url = parsed_response['href']
+ response_request_id = parsed_response['Requests']['id']
+ response_status = parsed_response['Requests']['status']
+ if response_status != 'Installed':
+ print('Received response but status is not installed, verifying installation to be successful.')
+ flag_ranger_installed = True
+ time.sleep(30)
+ while flag_ranger_installed:
+ print('checking request status')
+ ambari_request_url = ambari_cluster_url + '/requests/' + str(response_request_id)
+ request_status_result = call_ambari_api(ambari_request_url, 'GET', ambari_username_password, '')
+ if request_status_result is not None:
+ response_code = request_status_result.getcode()
+ response_status = json.loads(json.JSONEncoder().encode(request_status_result.read()))
+ if (response_code == 200 and 'FAILED' in response_status):
+ print('ranger install failed in ambari.')
+ flag_ranger_installed = True
+ if (response_code == 200 ):
+ print('ranger install is pending in ambari.')
+ flag_ranger_installed = True
+ if (response_code == 200 and ('PENDING' in response_status or 'INTERNAL_REQUEST' in response_status)):
+ print('ranger install is pending in ambari.')
+ flag_ranger_installed = True
+ if (response_code == 200 and 'COMPLETED' in response_status):
+ print('ranger installed successfully in ambari.')
+ flag_ranger_installed = False
+ else:
+ flag_ranger_installed = True
+ return not flag_ranger_installed
+ else:
+ print('ranger state changed to install failed in ambari.')
+ return False
+
+def call_ranger_kms_installed():
+ print('changing state of ranger services from init to installed.')
+ ranger_state_change_request = '{"RequestInfo":{"context":"Install Ranger KMS Service","operation_level":{"level":"CLUSTER","cluster_name":"' + str(
+ cluster_name) + '"}},"Body":{"ServiceInfo":{"state":"INSTALLED"}}}'
+ ranger_state_change_url = ambari_service_url + '?ServiceInfo/state=INIT'
+ request_result = call_ambari_api(ranger_state_change_url, 'PUT', ambari_username_password, ranger_state_change_request)
+ if request_result is not None:
+ response_code = request_result.getcode()
+ response = json.loads(json.JSONEncoder().encode(request_result.read()))
+ if (response_code == 200 and response is not None):
+ print('ranger state changed to install successfully in ambari.')
+ return True
+ if (response_code == 409 and response is not None):
+ print('ranger is already installed in ambari.')
+ return True
+ if response_code == 202 and response is not None:
+ print('ranger state changed to install posted in ambari, checking for updated status waiting for 30 seconds')
+ parsed_response = json.loads(response)
+ response_href_url = parsed_response['href']
+ response_request_id = parsed_response['Requests']['id']
+ response_status = parsed_response['Requests']['status']
+ if response_status != 'Installed':
+ print('Received response but status is not installed, verifying installation to be successful.')
+ flag_ranger_installed = True
+ time.sleep(30)
+ while flag_ranger_installed:
+ print('checking request status')
+ ambari_request_url = ambari_cluster_url + '/requests/' + str(response_request_id)
+ request_status_result = call_ambari_api(ambari_request_url, 'GET', ambari_username_password, '')
+ if request_status_result is not None:
+ response_code = request_status_result.getcode()
+ response_status = json.loads(json.JSONEncoder().encode(request_status_result.read()))
+ if (response_code == 200 and 'FAILED' in response_status):
+ print('ranger install failed in ambari.')
+ flag_ranger_installed = True
+ if (response_code == 200 ):
+ print('ranger kms install is pending in ambari.')
+ flag_ranger_installed = True
+ if (response_code == 200 and ('PENDING' in response_status or 'INTERNAL_REQUEST' in response_status)):
+ print('ranger kms install is pending in ambari.')
+ flag_ranger_installed = True
+ if (response_code == 200 and 'COMPLETED' in response_status):
+ print('ranger kms installed successfully in ambari.')
+ flag_ranger_installed = False
+ else:
+ flag_ranger_installed = True
+ return not flag_ranger_installed
+ else:
+ print('ranger kms state changed to install failed in ambari.')
+ return False
+
+
+def get_ranger_usersync_install_properties():
+ print('preparing advanced configurations for ranger User-sync')
+ flag_hadoop_present = check_hadoop_dir_present(hdp_current_dir)
+ flag_ranger_usersync_present = False
+ ranger_usersync_current_dir = os.path.join(hdp_current_dir, 'ranger-usersync')
+ ranger_usersync_properties_from_file = dict()
+ print('checking for ranger-usersync service to be present')
+ flag_ranger_usersync_present, ranger_usersync__installed_version = check_ranger_usersync_install(ranger_usersync_current_dir)
+ if flag_ranger_usersync_present:
+ print('ranger usersync is installed, getting existing properties for ambari import')
+ print('got ranger usersync values from install.properties file, need to configure ambari for ranger service.')
+ ranger_usersync_properties_from_file = get_additional_properties_for_usersync(ranger_usersync_properties_from_file)
+ return flag_ranger_usersync_present, ranger_usersync_properties_from_file
+
+
+def get_ranger_admin_install_properties():
+ ranger_admin_current_dir = os.path.join(hdp_current_dir, 'ranger-admin')
+ flag_hadoop_present = check_hadoop_dir_present(hdp_current_dir)
+ flag_ranger_admin_present = False
+ ranger_admin_properties_from_file = dict()
+
+ if flag_hadoop_present:
+ print('hadoop directory is present, checking ranger admin installation.')
+ flag_ranger_admin_present, ranger_admin_installed_version = check_ranger_admin_install(ranger_admin_current_dir)
+
+ if flag_ranger_admin_present:
+ print('ranger admin is present.getting existing configurations to port to ambari.')
+ if os.path.isfile("ranger_admin_install.properties"):
+ print('ranger_install_properties_path exists, getting existing properties for ambari port')
+ ranger_admin_properties_from_file = import_properties_from_file("ranger_admin_install.properties")
+ if not (ranger_admin_properties_from_file['db_root_user'] == '' or ranger_admin_properties_from_file['db_root_password'] == ''):
+ print 'db_root_username and db_root_password are not blank.'
+ print 'value for db_root_user = ' + str(ranger_admin_properties_from_file['db_root_user'])
+ print 'value for db_root_password = ' + str(ranger_admin_properties_from_file['db_root_password'])
+ else:
+ print 'db_root_username or db_root_password are blank, please provide proper values in ranger_admin_install.properties. exiting installation without any changes.'
+ sys.exit(1)
+
+ print('got ranger admin values from ranger_admin_install.properties file, need to configure ambari for ranger service.')
+ print('getting additional properties required by ranger services')
+ ranger_admin_properties_from_file = get_additional_properties_for_admin(ranger_admin_properties_from_file)
+
+ return flag_ranger_admin_present, ranger_admin_properties_from_file
+
+def get_ranger_kms_install_properties():
+ ranger_kms_current_dir = os.path.join(hdp_current_dir, 'ranger-kms')
+ flag_hadoop_present = check_hadoop_dir_present(hdp_current_dir)
+ flag_ranger_kms_present = False
+ ranger_kms_properties_from_file = dict()
+
+ if flag_hadoop_present:
+ print('hadoop directory is present, checking ranger kms installation.')
+ flag_ranger_kms_present, ranger_kms_installed_version = check_ranger_kms_install(ranger_kms_current_dir)
+
+ if flag_ranger_kms_present:
+ print('ranger kms is present.getting existing configurations to port to ambari.')
+ if os.path.isfile("ranger_admin_install.properties"):
+ print('ranger_install_properties_path exists, getting existing properties for ambari port')
+ ranger_kms_properties_from_file = import_properties_from_file("ranger_admin_install.properties")
+ if not (ranger_kms_properties_from_file['db_root_user'] == '' or ranger_kms_properties_from_file['db_root_password'] == ''):
+ print 'db_root_username and db_root_password are not blank.'
+ print 'value for db_root_user = ' + str(ranger_kms_properties_from_file['db_root_user'])
+ print 'value for db_root_password = ' + str(ranger_kms_properties_from_file['db_root_password'])
+ else:
+ print 'db_root_username or db_root_password are blank, please provide proper values in ranger_admin_install.properties. exiting installation without any changes.'
+ sys.exit(1)
+
+ print('got ranger admin values from ranger_admin_install.properties file, need to configure ambari for ranger service.')
+ print('getting additional properties required by ranger services')
+ ranger_kms_properties_from_file = get_additional_properties_for_kms(ranger_kms_properties_from_file)
+
+ return flag_ranger_kms_present, ranger_kms_properties_from_file
+
+
+def check_hadoop_dir_present(hdp_current_dir_path):
+ flag_hadoop_dir_present = False
+ if os.path.isdir(hdp_current_dir_path):
+ print('hadoop is installed.')
+ flag_hadoop_dir_present = True
+ return flag_hadoop_dir_present
+
+
+def check_ranger_admin_install(ranger_admin_current_dir):
+ flag_ranger_dir_present = False
+ ranger_current_installed_version = ''
+ print('checking ranger service path folder')
+ if os.path.isdir(ranger_admin_current_dir):
+ print('ranger admin is installed.')
+ if os.path.islink(ranger_admin_current_dir):
+ flag_ranger_dir_present = True
+ print('ranger admin link found getting current version from link.')
+ ranger_home_path = os.path.realpath(ranger_admin_current_dir)
+ ranger_current_installed_version = ranger_home_path.split('/')[4]
+ return flag_ranger_dir_present, ranger_current_installed_version
+
+
+def check_ranger_usersync_install(ranger_usersync_current_dir):
+ flag_ranger_dir_present = False
+ ranger_current_installed_version = ''
+ print('checking ranger service path folder')
+ if os.path.isdir(ranger_usersync_current_dir):
+ print('ranger user-sync is installed.')
+ if os.path.islink(ranger_usersync_current_dir):
+ flag_ranger_dir_present = True
+ print('ranger admin link found getting current version from link.')
+ ranger_home_path = os.path.realpath(ranger_usersync_current_dir)
+ ranger_current_installed_version = ranger_home_path.split('/')[4]
+ return flag_ranger_dir_present, ranger_current_installed_version
+
+
+def check_ranger_kms_install(ranger_kms_current_dir):
+ flag_ranger_dir_present = False
+ ranger_current_installed_version = ''
+ print('checking ranger kms service path folder')
+ if os.path.isdir(ranger_kms_current_dir):
+ print('ranger kms is installed.')
+ if os.path.islink(ranger_kms_current_dir):
+ flag_ranger_dir_present = True
+ print('ranger kms link found getting current version from link.')
+ ranger_home_path = os.path.realpath(ranger_kms_current_dir)
+ ranger_current_installed_version = ranger_home_path.split('/')[4]
+ return flag_ranger_dir_present, ranger_current_installed_version
+
+
+def get_additional_properties_for_admin(ranger_admin_properties_from_file):
+ ranger_conf_path = '/etc/ranger/admin/conf'
+ ranger_admin_default_site_xml_properties = os.path.join(ranger_conf_path,'ranger-admin-default-site.xml')
+ ranger_admin_site_xml_properties = os.path.join(ranger_conf_path,'ranger-admin-site.xml')
+ try:
+
+ ranger_admin_properties_from_file = import_properties_from_xml(ranger_admin_default_site_xml_properties, ranger_admin_properties_from_file)
+ ranger_admin_properties_from_file = import_properties_from_xml(ranger_admin_site_xml_properties, ranger_admin_properties_from_file)
+ except Exception, e:
+ print "Error loading ranger-admin properties from xml files : ", str(e)
+
+ print('getting db flavor, library and command invoker')
+ ranger_jpa_jdbc_dialect = ranger_admin_properties_from_file['ranger.jpa.jdbc.dialect']
+ print('ranger_jpa_jdbc_dialect = ' + ranger_jpa_jdbc_dialect)
+ ranger_jpa_jdbc_url = ranger_admin_properties_from_file['ranger.jpa.jdbc.url']
+ print('ranger_jpa_jdbc_url = ' + ranger_jpa_jdbc_url)
+ if ('mysql'.lower() in ranger_jpa_jdbc_dialect.lower() and 'mysql'.lower() in ranger_jpa_jdbc_url.lower()):
+ print('db dialect and jdbc url are set as MYSQL setting db_flavour and sql command invoker as mysql')
+ ranger_admin_properties_from_file['DB_FLAVOR'] = 'MYSQL'
+ ranger_admin_properties_from_file['SQL_CONNECTOR_JAR'] = '/usr/share/java/mysql-connector-java.jar'
+ elif ('oracle'.lower() in ranger_jpa_jdbc_dialect and 'oracle'.lower() in ranger_jpa_jdbc_url.lower()):
+ print('db dialect and jdbc url are set as Oracle setting db_flavour and sql command invoker as oracle')
+ ranger_admin_properties_from_file['DB_FLAVOR'] = 'ORACLE'
+ ranger_admin_properties_from_file['SQL_CONNECTOR_JAR'] = '/usr/share/java/ojdbc6.jar'
+ elif ('postgres'.lower() in ranger_jpa_jdbc_dialect and 'postgres'.lower() in ranger_jpa_jdbc_url.lower()):
+ print('db dialect and jdbc url are set as postgres setting db_flavour and sql command invoker as postgres')
+ ranger_admin_properties_from_file['DB_FLAVOR'] = 'POSTGRES'
+ ranger_admin_properties_from_file['SQL_CONNECTOR_JAR'] = '/usr/share/java/postgresql.jar'
+ else:
+ print('found unsupported DB_FLAVOUR, please configure as MYSQL, ORACLE or Postgres which are supported for now.exitting for now')
+ sys.exit(1)
+
+ ranger_jpa_jdbc_url = ranger_admin_properties_from_file['ranger.jpa.jdbc.url']
+ print('found jdbc url configured as : ' + str(ranger_jpa_jdbc_url) + ' , getting db host from configured jdbc url')
+ ranger_database_host_name = ranger_jpa_jdbc_url.split(':')
+ ranger_database_host = ranger_database_host_name[3].split('/')[2]
+ ranger_database_name = ranger_database_host_name[3].split('/')[3]
+ print('found db host as : ' + str(ranger_database_host))
+ print('found db name as : ' + str(ranger_database_name))
+ ranger_admin_properties_from_file['db_host'] = ranger_database_host
+ ranger_admin_properties_from_file['db_name'] = ranger_database_name
+
+ ranger_audit_jdbc_url = ranger_admin_properties_from_file['ranger.jpa.audit.jdbc.url']
+ print('found audit jdbc url configured as : ' + str(ranger_audit_jdbc_url) + ' , getting db host from configured jdbc url')
+ ranger_audit_database_host_name = ranger_audit_jdbc_url.split(':')
+
+ ranger_audit_database_host = ranger_audit_database_host_name[3].split('/')[2]
+ ranger_audit_database_name = ranger_audit_database_host_name[3].split('/')[3]
+ print('found ranger_audit_database_name as : ' + str(ranger_audit_database_name))
+ ranger_admin_properties_from_file['audit_db_host'] = ranger_audit_database_host
+ ranger_admin_properties_from_file['audit_db_name'] = ranger_audit_database_name
+
+ ranger_db_password = ''
+ ranger_audit_db_password = ''
+
+ libpath = os.path.join(hdp_version_dir, 'ranger-admin', 'cred', 'lib', '*')
+ aliasKey = 'ranger.db.password'
+ aliasValue = ''
+ filepath = ranger_admin_properties_from_file['ranger.credential.provider.path']
+ if (filepath is None or len(filepath) == 0):
+ filepath = os.path.join(hdp_version_dir, 'ranger-admin', 'ews', 'webapp', 'WEB-INF', 'classes', 'conf', '.jceks', 'rangeradmin.jceks')
+
+ getorcreateorlist = 'get'
+
+ statuscode, value = call_keystore(libpath, aliasKey, aliasValue, filepath, getorcreateorlist)
+ if statuscode == 0:
+ ranger_db_password = value.strip()
+
+ aliasKey = 'ranger.auditdb.password'
+ statuscode, value = call_keystore(libpath, aliasKey, aliasValue, filepath, getorcreateorlist)
+ if statuscode == 0:
+ ranger_audit_db_password = value.strip()
+
+ if str(ranger_admin_properties_from_file['ranger.jpa.jdbc.password']) == '_' or str(ranger_admin_properties_from_file['ranger.jpa.jdbc.password']).lower() == 'crypted':
+ ranger_admin_properties_from_file['ranger.jpa.jdbc.password'] = ranger_db_password
+ if str(ranger_admin_properties_from_file['ranger.jpa.audit.jdbc.password']) == '_' or str(ranger_admin_properties_from_file['ranger.jpa.audit.jdbc.password']).lower() == 'crypted':
+ ranger_admin_properties_from_file['ranger.jpa.audit.jdbc.password'] = ranger_audit_db_password
+
+ return ranger_admin_properties_from_file
+
+
+def get_additional_properties_for_kms(ranger_kms_properties_from_file):
+ ranger_conf_path = '/etc/ranger/kms/conf'
+ kms_dbks_site_properties = os.path.join(ranger_conf_path,'dbks-site.xml')
+ ranger_kms_properties_from_file = import_properties_from_xml(kms_dbks_site_properties, ranger_kms_properties_from_file)
+ kms_site_properties = os.path.join(ranger_conf_path,'kms-site.xml')
+ ranger_kms_properties_from_file = import_properties_from_xml(kms_site_properties, ranger_kms_properties_from_file)
+ ranger_kms_site_properties = os.path.join(ranger_conf_path,'ranger-kms-site.xml')
+ ranger_kms_properties_from_file = import_properties_from_xml(ranger_kms_site_properties, ranger_kms_properties_from_file)
+ ranger_kms_audit_properties = os.path.join(ranger_conf_path,'ranger-kms-audit.xml')
+ ranger_kms_properties_from_file = import_properties_from_xml(ranger_kms_audit_properties, ranger_kms_properties_from_file)
+ ranger_kms_security_properties = os.path.join(ranger_conf_path,'ranger-kms-security.xml')
+ ranger_kms_properties_from_file = import_properties_from_xml(ranger_kms_security_properties, ranger_kms_properties_from_file)
+ ranger_policy_mgr_ssl_properties = os.path.join(ranger_conf_path,'ranger-policymgr-ssl.xml')
+ ranger_kms_properties_from_file = import_properties_from_xml(ranger_policy_mgr_ssl_properties, ranger_kms_properties_from_file)
+ kms_log4j_properties = os.path.join(ranger_conf_path,'kms-log4j.properties')
+ ranger_kms_properties_from_file['kms.log4j.properties'] = read_properties_file(kms_log4j_properties)
+
+ kms_jpa_jdbc_dialect = ranger_kms_properties_from_file['ranger.ks.jpa.jdbc.dialect']
+ print('kms_jpa_jdbc_dialect = ' + str(kms_jpa_jdbc_dialect))
+ kms_jpa_jdbc_url = ranger_kms_properties_from_file['ranger.ks.jpa.jdbc.url']
+ if ('mysql'.lower() in kms_jpa_jdbc_dialect.lower() and 'mysql'.lower() in kms_jpa_jdbc_url.lower()):
+ print('db dialect and jdbc url are set as MYSQL setting db_flavour and sql command invoker as mysql')
+ ranger_kms_properties_from_file['DB_FLAVOR'] = 'MYSQL'
+ ranger_kms_properties_from_file['SQL_CONNECTOR_JAR'] = '/usr/share/java/mysql-connector-java.jar'
+ elif ('oracle'.lower() in kms_jpa_jdbc_dialect and 'oracle'.lower() in kms_jpa_jdbc_url.lower()):
+ print('db dialect and jdbc url are set as Oracle setting db_flavour and sql command invoker as oracle')
+ ranger_kms_properties_from_file['DB_FLAVOR'] = 'ORACLE'
+ ranger_kms_properties_from_file['SQL_CONNECTOR_JAR'] = '/usr/share/java/ojdbc6.jar'
+ elif ('postgres'.lower() in kms_jpa_jdbc_dialect and 'postgres'.lower() in kms_jpa_jdbc_url.lower()):
+ print('db dialect and jdbc url are set as postgres setting db_flavour and sql command invoker as postgres')
+ ranger_kms_properties_from_file['DB_FLAVOR'] = 'POSTGRES'
+ ranger_kms_properties_from_file['SQL_CONNECTOR_JAR'] = '/usr/share/java/postgresql.jar'
+ else:
+ print('found unsupported DB_FLAVOUR, please configure as MYSQL, ORACLE or Postgres which are supported for now.exitting for now')
+ sys.exit(1)
+
+ kms_jpa_db_hostname = kms_jpa_jdbc_url.split(':')
+
+ kms_jpa_jdbc_hostname = kms_jpa_db_hostname[3].split('/')[2]
+ kms_jpa_jdbc_db_name = kms_jpa_db_hostname[3].split('/')[3]
+ print('found db hostname = ' + kms_jpa_jdbc_hostname )
+ print('found db name = ' + kms_jpa_jdbc_db_name )
+
+ ranger_kms_properties_from_file['db_host'] = kms_jpa_jdbc_hostname
+ ranger_kms_properties_from_file['db_name'] = kms_jpa_jdbc_db_name
+
+ kms_database_password = ''
+ kms_keystore_masterkey_password = ''
+
+ libpath = os.path.join(hdp_version_dir, 'ranger-kms', 'cred', 'lib', '*')
+ aliasKey = ranger_kms_properties_from_file['ranger.ks.jpa.jdbc.credential.alias']
+ if(aliasKey is None or len(aliasKey) == 0):
+ aliasKey = 'ranger.ks.jdbc.password'
+ aliasValue = ''
+ filepath = ranger_kms_properties_from_file['ranger.ks.jpa.jdbc.credential.provider.path']
+ if (filepath is None or len(filepath) == 0) :
+ filepath = os.path.join(hdp_version_dir, 'ranger-kms', 'ews', 'webapp', 'WEB-INF', 'classes', 'conf', '.jceks', 'rangerkms.jceks')
+
+ getorcreateorlist = 'get'
+
+ statuscode, value = call_keystore(libpath, aliasKey, aliasValue, filepath, getorcreateorlist)
+ if statuscode == 0:
+ kms_database_password = value.strip()
+ print('kms_database_password = ' + kms_database_password)
+ aliasKey = ranger_kms_properties_from_file['ranger.ks.masterkey.credential.alias']
+ if(aliasKey is None or len(aliasKey) == 0):
+ aliasKey = 'ranger.ks.masterkey.password'
+ statuscode, value = call_keystore(libpath, aliasKey, aliasValue, filepath, getorcreateorlist)
+
+ if statuscode == 0:
+ kms_keystore_masterkey_password = value.strip()
+
+ print('kms_keystore_masterkey_password = ' + kms_keystore_masterkey_password)
+
+ if str(ranger_kms_properties_from_file['ranger.ks.jpa.jdbc.password']) == '_' or str(ranger_kms_properties_from_file['ranger.ks.jpa.jdbc.password']).lower() == 'crypted':
+ ranger_kms_properties_from_file['ranger.ks.jpa.jdbc.password'] = kms_database_password
+ ranger_kms_properties_from_file['KMS_MASTER_KEY_PASSWD'] = kms_keystore_masterkey_password
+ ranger_kms_properties_from_file['ranger.db.encrypt.key.password'] = kms_keystore_masterkey_password
+
+ return ranger_kms_properties_from_file
+
+
+def get_additional_properties_for_usersync(ranger_usersync_properties_from_file):
+ ranger_conf_path = '/etc/ranger/usersync/conf'
+ ranger_ugsync_default_site_xml_properties = os.path.join(ranger_conf_path, 'ranger-ugsync-default.xml')
+ ranger_ugsync_site_xml_properties = os.path.join(ranger_conf_path, 'ranger-ugsync-site.xml')
+ ranger_usersync_properties_from_file = import_properties_from_xml(ranger_ugsync_default_site_xml_properties, ranger_usersync_properties_from_file)
+ ranger_usersync_properties_from_file = import_properties_from_xml(ranger_ugsync_site_xml_properties, ranger_usersync_properties_from_file)
+ if (('unix'.lower()) in str(ranger_usersync_properties_from_file['ranger.usersync.source.impl.class']).lower()):
+ print('sync_source is unix')
+ ranger_usersync_properties_from_file['SYNC_SOURCE'] = 'unix'
+ if (('ldap'.lower()) in str(ranger_usersync_properties_from_file['ranger.usersync.source.impl.class']).lower()):
+ print('sync source is ldap')
+ ranger_usersync_properties_from_file['SYNC_SOURCE'] = 'ldap'
+ return ranger_usersync_properties_from_file
+
+
+def port_ranger_hdfs_plugin_to_ambari():
+ print('Trying to add ranger hdfs plugin.')
+ flag_hdfs_plugin_installed, hdfs_plugin_install_properties, hdfs_site_xml_properties = get_hdfs_plugin_configuration()
+ if flag_hdfs_plugin_installed and hdfs_plugin_install_properties is not None and hdfs_site_xml_properties is not None:
+ hdfs_site_xml_properties['dfs.permissions.enabled'] = 'true'
+ print('hdfs plugin is installed and enabled, adding to configurations')
+ advanced_ranger_hdfs_plugin_properties = dict()
+ advanced_ranger_hdfs_audit_properties = dict()
+ advanced_ranger_hdfs_policymgr_ssl_properties = dict()
+ advanced_ranger_hdfs_security_properties = dict()
+
+ advanced_ranger_hdfs_plugin_properties['policy_user'] = 'ambari-qa'
+ advanced_ranger_hdfs_plugin_properties['hadoop.rpc.protection'] = ''
+ advanced_ranger_hdfs_plugin_properties['common.name.for.certificate'] = ''
+ advanced_ranger_hdfs_plugin_properties['ranger-hdfs-plugin-enabled'] = 'Yes'
+ advanced_ranger_hdfs_plugin_properties['REPOSITORY_CONFIG_USERNAME'] = 'hadoop'
+ advanced_ranger_hdfs_plugin_properties['REPOSITORY_CONFIG_PASSWORD'] = 'hadoop'
+
+ advanced_ranger_hdfs_audit_properties['xasecure.audit.is.enabled'] = hdfs_plugin_install_properties.get('xasecure.audit.is.enabled','true')
+ advanced_ranger_hdfs_audit_properties['xasecure.audit.destination.db'] = hdfs_plugin_install_properties.get('xasecure.audit.db.is.enabled','false')
+ advanced_ranger_hdfs_audit_properties['xasecure.audit.destination.db.jdbc.url'] = hdfs_plugin_install_properties.get('xasecure.audit.jpa.javax.persistence.jdbc.url','{{audit_jdbc_url}}')
+ advanced_ranger_hdfs_audit_properties['xasecure.audit.destination.db.user'] = hdfs_plugin_install_properties.get('xasecure.audit.jpa.javax.persistence.jdbc.user','{{xa_audit_db_user}}')
+ advanced_ranger_hdfs_audit_properties['xasecure.audit.destination.db.password'] = hdfs_plugin_install_properties.get('xasecure.audit.jpa.javax.persistence.jdbc.password','crypted')
+ advanced_ranger_hdfs_audit_properties['xasecure.audit.destination.db.jdbc.driver'] = hdfs_plugin_install_properties.get('xasecure.audit.jpa.javax.persistence.jdbc.driver','{{jdbc_driver}}')
+ advanced_ranger_hdfs_audit_properties['xasecure.audit.credential.provider.file'] = hdfs_plugin_install_properties.get('xasecure.audit.credential.provider.file','jceks://file{{credential_file}}')
+ advanced_ranger_hdfs_audit_properties['xasecure.audit.destination.db.batch.filespool.dir'] = hdfs_plugin_install_properties.get('xasecure.audit.destination.db.batch.filespool.dir','/var/log/hadoop/hdfs/audit/db/spool')
+ advanced_ranger_hdfs_audit_properties['xasecure.audit.destination.hdfs'] = hdfs_plugin_install_properties.get('xasecure.audit.destination.hdfs','true')
+ advanced_ranger_hdfs_audit_properties['xasecure.audit.destination.hdfs.dir'] = hdfs_plugin_install_properties.get('xasecure.audit.destination.hdfs.dir','hdfs://NAMENODE_HOSTNAME:8020/ranger/audit')
+ advanced_ranger_hdfs_audit_properties['xasecure.audit.destination.hdfs.batch.filespool.dir'] = hdfs_plugin_install_properties.get('xasecure.audit.destination.hdfs.batch.filespool.dir','/var/log/hadoop/hdfs/audit/hdfs/spool')
+ advanced_ranger_hdfs_audit_properties['xasecure.audit.destination.solr'] = hdfs_plugin_install_properties.get('xasecure.audit.destination.solr','false')
+ advanced_ranger_hdfs_audit_properties['xasecure.audit.destination.solr.urls'] = hdfs_plugin_install_properties.get('xasecure.audit.destination.solr.urls','{{ranger_audit_solr_urls}}')
+ advanced_ranger_hdfs_audit_properties['xasecure.audit.destination.solr.zookeepers'] = hdfs_plugin_install_properties.get('xasecure.audit.is.enabled','none')
+ advanced_ranger_hdfs_audit_properties['xasecure.audit.destination.solr.batch.filespool.dir'] = hdfs_plugin_install_properties.get('xasecure.audit.destination.solr.batch.filespool.dir','/var/log/hadoop/hdfs/audit/solr/spool')
+ advanced_ranger_hdfs_audit_properties['xasecure.audit.provider.summary.enabled'] = hdfs_plugin_install_properties.get('xasecure.audit.provider.summary.enabled','false')
+
+
+ advanced_ranger_hdfs_policymgr_ssl_properties['xasecure.policymgr.clientssl.keystore'] = hdfs_plugin_install_properties.get('xasecure.policymgr.clientssl.keystore','/usr/hdp/current/hadoop-client/conf/ranger-plugin-keystore.jks')
+ advanced_ranger_hdfs_policymgr_ssl_properties['xasecure.policymgr.clientssl.keystore.password'] = hdfs_plugin_install_properties.get('xasecure.policymgr.clientssl.keystore.password','myKeyFilePassword')
+ advanced_ranger_hdfs_policymgr_ssl_properties['xasecure.policymgr.clientssl.truststore'] = hdfs_plugin_install_properties.get('xasecure.policymgr.clientssl.truststore','/usr/hdp/current/hadoop-client/conf/ranger-plugin-truststore.jks')
+ advanced_ranger_hdfs_policymgr_ssl_properties['xasecure.policymgr.clientssl.truststore.password'] = hdfs_plugin_install_properties.get('xasecure.policymgr.clientssl.truststore.password','changeit')
+ advanced_ranger_hdfs_policymgr_ssl_properties['xasecure.policymgr.clientssl.keystore.credential.file'] = hdfs_plugin_install_properties.get('xasecure.policymgr.clientssl.keystore.credential.file','jceks://file{{credential_file}}')
+ advanced_ranger_hdfs_policymgr_ssl_properties['xasecure.policymgr.clientssl.truststore.credential.file'] = hdfs_plugin_install_properties.get('xasecure.policymgr.clientssl.truststore.credential.file','jceks://file{{credential_file}}')
+
+
+
+ advanced_ranger_hdfs_security_properties['ranger.plugin.hdfs.service.name'] = hdfs_plugin_install_properties.get('ranger.plugin.hdfs.service.name','{{repo_name}}')
+ advanced_ranger_hdfs_security_properties['ranger.plugin.hdfs.policy.source.impl'] = hdfs_plugin_install_properties.get('ranger.plugin.hdfs.policy.source.impl','org.apache.ranger.admin.client.RangerAdminRESTClient')
+ advanced_ranger_hdfs_security_properties['ranger.plugin.hdfs.policy.rest.url'] = hdfs_plugin_install_properties.get('ranger.plugin.hdfs.policy.rest.url','{{policymgr_mgr_url}}')
+ advanced_ranger_hdfs_security_properties['ranger.plugin.hdfs.policy.rest.ssl.config.file'] = hdfs_plugin_install_properties.get('ranger.plugin.hdfs.policy.rest.ssl.config.file','/etc/hadoop/conf/ranger-policymgr-ssl.xml')
+ advanced_ranger_hdfs_security_properties['ranger.plugin.hdfs.policy.pollIntervalMs'] = hdfs_plugin_install_properties.get('ranger.plugin.hdfs.policy.pollIntervalMs','30000')
+ advanced_ranger_hdfs_security_properties['ranger.plugin.hdfs.policy.cache.dir'] = hdfs_plugin_install_properties.get('ranger.plugin.hdfs.policy.cache.dir','/etc/ranger/{{repo_name}}/policycache')
+ advanced_ranger_hdfs_security_properties['xasecure.add-hadoop-authorization'] = hdfs_plugin_install_properties.get('xasecure.add-hadoop-authorization','true')
+
+
+ date_time_stamp = getDateTimeNow()
+
+ plugin_configuration_data = '[{"Clusters":{"desired_config":[{"type":"hdfs-site", "service_config_version_note": "Initial configuration for Ranger HDFS plugin" ,"tag":"' + str(date_time_stamp) + '","properties":' + str(
+ json.dumps(hdfs_site_xml_properties)) + ', "properties_attributes": {"final": "false"}},{"type": "ranger-hdfs-plugin-properties", "service_config_version_note": "Initial configuration for Ranger HDFS plugin" , "tag": "' + str(
+ date_time_stamp) + '", "properties":' + json.dumps(advanced_ranger_hdfs_plugin_properties) + ',"properties_attributes": {"final": "false"}},{"type": "ranger-hdfs-audit", "service_config_version_note": "Initial configuration for Ranger HDFS plugin" , "tag": "' + str(
+ date_time_stamp) + '", "properties":' + json.dumps(advanced_ranger_hdfs_audit_properties) + ',"properties_attributes": {"final": "false"}},{"type": "ranger-hdfs-policymgr-ssl", "service_config_version_note": "Initial configuration for Ranger HDFS plugin" , "tag": "' + str(
+ date_time_stamp) + '", "properties":' + json.dumps(advanced_ranger_hdfs_policymgr_ssl_properties) + ',"properties_attributes": {"final": "false"}},{"type": "ranger-hdfs-security", "service_config_version_note": "Initial configuration for Ranger HDFS plugin" , "tag": "' + str(
+ date_time_stamp) + '", "properties":' + json.dumps(advanced_ranger_hdfs_security_properties) + ',"properties_attributes": {"final": "false"}}]}}]'
+
+ print ('####################### hdfs_site_xml configuration :')
+ for each_key in hdfs_site_xml_properties:
+ print str(each_key) + ' = ' + str(hdfs_site_xml_properties[each_key])
+
+ print ('####################### ranger_hdfs_plugin_properties configuration :')
+ for each_key in advanced_ranger_hdfs_plugin_properties:
+ print str(each_key) + ' = ' + str(advanced_ranger_hdfs_plugin_properties[each_key])
+
+ print ('####################### ranger_hdfs_audit_properties configuration :')
+ for each_key in advanced_ranger_hdfs_audit_properties:
+ print str(each_key) + ' = ' + str(advanced_ranger_hdfs_audit_properties[each_key])
+
+ print ('####################### ranger_hdfs_policymgr_ssl_properties configuration :')
+ for each_key in advanced_ranger_hdfs_policymgr_ssl_properties:
+ print str(each_key) + ' = ' + str(advanced_ranger_hdfs_policymgr_ssl_properties[each_key])
+
+ print ('####################### ranger_hdfs_security_properties configuration :')
+ for each_key in advanced_ranger_hdfs_security_properties:
+ print str(each_key) + ' = ' + str(advanced_ranger_hdfs_security_properties[each_key])
+
+ confirm_configurations = raw_input('please confirm the above configuration values y/n (n) : ')
+ if(confirm_configurations == ''):
+ confirm_configurations = 'n'
+ print ('Input registered as ' + str(confirm_configurations))
+
+
+ if(confirm_configurations.lower() == 'y'):
+ ranger_config_request_url = ambari_cluster_url
+ request_result = call_ambari_api(ranger_config_request_url, 'PUT', ambari_username_password, str(plugin_configuration_data))
+ if request_result is not None:
+ response_code = request_result.getcode()
+ response = json.loads(json.JSONEncoder().encode(request_result.read()))
+ if response_code == 200 and response is not None:
+ print('ranger hdfs plugin configuration added successfully in ambari.')
+ return True
+ else:
+ print('ranger hdfs plugin configuration add failed in ambari.')
+ return False
+ else:
+ print('ranger hdfs plugin configuration add failed in ambari.')
+ return False
+ else:
+ print ('exiting installation without configuration !')
+ sys.exit(0)
+ else:
+ print('ranger hdfs plugin configuration add failed in ambari.')
+ return False
+
+def port_ranger_yarn_plugin_to_ambari():
+ print('Trying to add ranger yarn plugin.')
+ flag_yarn_plugin_installed,yarn_plugin_installed_properties,yarn_site_xml_properties = get_yarn_plugin_configuration()
+ if( flag_yarn_plugin_installed and yarn_plugin_installed_properties is not None and yarn_site_xml_properties is not None):
+ print('yarn plugin is installed and enabled, adding to configurations')
+ advanced_ranger_yarn_plugin_properties = dict()
+ advanced_ranger_yarn_audit_properties = dict()
+ advanced_ranger_yarn_policymgr_ssl_properties = dict()
+ advanced_ranger_yarn_security_properties = dict()
+
+ advanced_ranger_yarn_plugin_properties['policy_user'] = 'ambari-qa'
+ advanced_ranger_yarn_plugin_properties['hadoop.rpc.protection'] = ''
+ advanced_ranger_yarn_plugin_properties['common.name.for.certificate'] = ''
+ advanced_ranger_yarn_plugin_properties['ranger-yarn-plugin-enabled'] = 'Yes'
+ advanced_ranger_yarn_plugin_properties['REPOSITORY_CONFIG_USERNAME'] = 'yarn'
+ advanced_ranger_yarn_plugin_properties['REPOSITORY_CONFIG_PASSWORD'] = 'yarn'
+
+
+ advanced_ranger_yarn_audit_properties['xasecure.audit.is.enabled'] = yarn_plugin_installed_properties.get('xasecure.audit.is.enabled','true')
+ advanced_ranger_yarn_audit_properties['xasecure.audit.destination.db'] = yarn_plugin_installed_properties.get('xasecure.audit.db.is.enabled','false')
+ advanced_ranger_yarn_audit_properties['xasecure.audit.destination.db.jdbc.url'] = yarn_plugin_installed_properties.get('xasecure.audit.jpa.javax.persistence.jdbc.url','{{audit_jdbc_url}}')
+ advanced_ranger_yarn_audit_properties['xasecure.audit.destination.db.user'] = yarn_plugin_installed_properties.get('xasecure.audit.jpa.javax.persistence.jdbc.user','{{xa_audit_db_user}}')
+ advanced_ranger_yarn_audit_properties['xasecure.audit.destination.db.password'] = yarn_plugin_installed_properties.get('xasecure.audit.jpa.javax.persistence.jdbc.password','crypted')
+ advanced_ranger_yarn_audit_properties['xasecure.audit.destination.db.jdbc.driver'] = yarn_plugin_installed_properties.get('xasecure.audit.jpa.javax.persistence.jdbc.driver','{{jdbc_driver}}')
+ advanced_ranger_yarn_audit_properties['xasecure.audit.credential.provider.file'] = yarn_plugin_installed_properties.get('xasecure.audit.credential.provider.file','jceks://file{{credential_file}}')
+ advanced_ranger_yarn_audit_properties['xasecure.audit.destination.db.batch.filespool.dir'] = yarn_plugin_installed_properties.get('xasecure.audit.destination.db.batch.filespool.dir','/var/log/hadoop/yarn/audit/db/spool')
+ advanced_ranger_yarn_audit_properties['xasecure.audit.destination.hdfs'] = yarn_plugin_installed_properties.get('xasecure.audit.destination.hdfs','true')
+ advanced_ranger_yarn_audit_properties['xasecure.audit.destination.hdfs.dir'] = yarn_plugin_installed_properties.get('xasecure.audit.destination.hdfs.dir','hdfs://NAMENODE_HOSTNAME:8020/ranger/audit')
+ advanced_ranger_yarn_audit_properties['xasecure.audit.destination.hdfs.batch.filespool.dir'] = yarn_plugin_installed_properties.get('xasecure.audit.destination.hdfs.batch.filespool.dir','/var/log/hadoop/yarn/audit/hdfs/spool')
+ advanced_ranger_yarn_audit_properties['xasecure.audit.destination.solr'] = yarn_plugin_installed_properties.get('xasecure.audit.destination.solr','false')
+ advanced_ranger_yarn_audit_properties['xasecure.audit.destination.solr.urls'] = yarn_plugin_installed_properties.get('xasecure.audit.destination.solr.urls','{{ranger_audit_solr_urls}}')
+ advanced_ranger_yarn_audit_properties['xasecure.audit.destination.solr.zookeepers'] = yarn_plugin_installed_properties.get('xasecure.audit.destination.solr.zookeepers','none')
+ advanced_ranger_yarn_audit_properties['xasecure.audit.destination.solr.batch.filespool.dir'] = yarn_plugin_installed_properties.get('xasecure.audit.destination.solr.batch.filespool.dir','/var/log/hadoop/yarn/audit/solr/spool')
+ advanced_ranger_yarn_audit_properties['xasecure.audit.provider.summary.enabled'] = yarn_plugin_installed_properties.get('xasecure.audit.provider.summary.enabled','false')
+
+ advanced_ranger_yarn_policymgr_ssl_properties['xasecure.policymgr.clientssl.keystore'] = yarn_plugin_installed_properties.get('xasecure.policymgr.clientssl.keystore','/usr/hdp/current/hadoop-client/conf/ranger-yarn-plugin-keystore.jks')
+ advanced_ranger_yarn_policymgr_ssl_properties['xasecure.policymgr.clientssl.keystore.password'] = yarn_plugin_installed_properties.get('xasecure.policymgr.clientssl.keystore.password','myKeyFilePassword')
+ advanced_ranger_yarn_policymgr_ssl_properties['xasecure.policymgr.clientssl.truststore'] = yarn_plugin_installed_properties.get('xasecure.policymgr.clientssl.truststore','/usr/hdp/current/hadoop-client/conf/ranger-yarn-plugin-truststore.jks')
+ advanced_ranger_yarn_policymgr_ssl_properties['xasecure.policymgr.clientssl.truststore.password'] = yarn_plugin_installed_properties.get('xasecure.policymgr.clientssl.truststore.password','changeit')
+ advanced_ranger_yarn_policymgr_ssl_properties['xasecure.policymgr.clientssl.keystore.credential.file'] = yarn_plugin_installed_properties.get('xasecure.policymgr.clientssl.keystore.credential.file','jceks://file{{credential_file}
<TRUNCATED>
[02/14] incubator-ranger git commit: RANGER-584 User friendly error
messages for service validation error failures
Posted by ma...@apache.org.
RANGER-584 User friendly error messages for service validation error failures
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/d1e2f3b7
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/d1e2f3b7
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/d1e2f3b7
Branch: refs/heads/tag-policy
Commit: d1e2f3b7e14a803ad4d9f117cf8f483e51c25d55
Parents: e22fbb1
Author: Alok Lal <al...@hortonworks.com>
Authored: Thu Jul 30 15:33:42 2015 -0700
Committer: Alok Lal <al...@hortonworks.com>
Committed: Fri Jul 31 13:39:40 2015 -0700
----------------------------------------------------------------------
.../plugin/errors/ValidationErrorCode.java | 76 +++++++++
.../validation/RangerServiceValidator.java | 159 ++++++++++++-------
.../plugin/errors/TestValidationErrorCode.java | 72 +++++++++
.../TestValidationFailureDetails.java | 3 -
4 files changed, 248 insertions(+), 62 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d1e2f3b7/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java b/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
new file mode 100644
index 0000000..77d16f5
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
@@ -0,0 +1,76 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.errors;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import java.text.MessageFormat;
+import java.util.Arrays;
+
+public enum ValidationErrorCode {
+
+ SERVICE_VALIDATION_ERR_UNSUPPORTED_ACTION(1001, "Internal error: unsupported action[{0}]; isValid(Long) is only supported for DELETE"),
+ SERVICE_VALIDATION_ERR_MISSING_FIELD(1002, "Internal error: missing field[{0}]"),
+ SERVICE_VALIDATION_ERR_NULL_SERVICE_OBJECT(1003, "Internal error: service object passed in was null"),
+ SERVICE_VALIDATION_ERR_EMPTY_SERVICE_ID(1004, "Internal error: service id was null/empty/blank"),
+ SERVICE_VALIDATION_ERR_INVALID_SERVICE_ID(1005, "No service found for id [{0}]"),
+ SERVICE_VALIDATION_ERR_INVALID_SERVICE_NAME(1006, "Service name[{0}] was null/empty/blank"),
+ SERVICE_VALIDATION_ERR_SERVICE_NAME_CONFICT(1007, "service with the name[{0}] already exists"),
+ SERVICE_VALIDATION_ERR_ID_NAME_CONFLICT(1008, "id/name conflict: another service already exists with name[{0}], its id is [{1}]"),
+ SERVICE_VALIDATION_ERR_MISSING_SERVICE_DEF(1009, "service def [{0}] was null/empty/blank"),
+ SERVICE_VALIDATION_ERR_INVALID_SERVICE_DEF(1010, "service def named[{0}] not found"),
+ SERVICE_VALIDATION_ERR_REQUIRED_PARM_MISSING(1011, "required configuration parameter is missing; missing parameters: {0}"),
+ ;
+
+
+ private static final Log LOG = LogFactory.getLog(ValidationErrorCode.class);
+
+ final int _errorCode;
+ final String _template;
+
+ ValidationErrorCode(int errorCode, String template) {
+ _errorCode = errorCode;
+ _template = template;
+ }
+
+ public String getMessage(Object... items) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("<== ValidationErrorCode.getMessage(%s)", Arrays.toString(items)));
+ }
+
+ MessageFormat mf = new MessageFormat(_template);
+ String result = mf.format(items);
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(String.format("<== ValidationErrorCode.getMessage(%s): %s", Arrays.toString(items), result));
+ }
+ return result;
+ }
+
+ public int getErrorCode() {
+ return _errorCode;
+ }
+
+ @Override
+ public String toString() {
+ return String.format("Code: %d, template: %s", _errorCode, _template);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d1e2f3b7/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceValidator.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceValidator.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceValidator.java
index 615e385..3cfaa3e 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceValidator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceValidator.java
@@ -26,6 +26,7 @@ import java.util.Set;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.plugin.errors.ValidationErrorCode;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.store.ServiceStore;
@@ -67,16 +68,21 @@ public class RangerServiceValidator extends RangerValidator {
boolean valid = true;
if (action != Action.DELETE) {
- failures.add(new ValidationFailureDetailsBuilder()
- .isAnInternalError()
- .becauseOf("unsupported action[" + action + "]; isValid(Long) is only supported for DELETE")
- .build());
+ ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_UNSUPPORTED_ACTION;
+ failures.add(new RangerServiceValidationErrorBuilder()
+ .isAnInternalError()
+ .errorCode(error.getErrorCode())
+ .becauseOf(error.getMessage(action))
+ .build());
valid = false;
} else if (id == null) {
- failures.add(new ValidationFailureDetailsBuilder()
- .field("id")
- .isMissing()
- .build());
+ ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_MISSING_FIELD;
+ failures.add(new RangerServiceValidationErrorBuilder()
+ .field("id")
+ .isMissing()
+ .errorCode(error.getErrorCode())
+ .becauseOf(error.getMessage(id))
+ .build());
valid = false;
} else if (getService(id) == null) {
if (LOG.isDebugEnabled()) {
@@ -100,32 +106,34 @@ public class RangerServiceValidator extends RangerValidator {
boolean valid = true;
if (service == null) {
- String message = "service object passed in was null";
- LOG.debug(message);
- failures.add(new ValidationFailureDetailsBuilder()
- .field("service")
- .isMissing()
- .becauseOf(message)
- .build());
+ ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_NULL_SERVICE_OBJECT;
+ failures.add(new RangerServiceValidationErrorBuilder()
+ .field("service")
+ .isMissing()
+ .errorCode(error.getErrorCode())
+ .becauseOf(error.getMessage())
+ .build());
valid = false;
} else {
Long id = service.getId();
if (action == Action.UPDATE) { // id is ignored for CREATE
if (id == null) {
- String message = "service id was null/empty/blank";
- LOG.debug(message);
- failures.add(new ValidationFailureDetailsBuilder()
- .field("id")
- .isMissing()
- .becauseOf(message)
- .build());
+ ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_EMPTY_SERVICE_ID;
+ failures.add(new RangerServiceValidationErrorBuilder()
+ .field("id")
+ .isMissing()
+ .errorCode(error.getErrorCode())
+ .becauseOf(error.getMessage())
+ .build());
valid = false;
} else if (getService(id) == null) {
- failures.add(new ValidationFailureDetailsBuilder()
- .field("id")
- .isSemanticallyIncorrect()
- .becauseOf("no service exists with id[" + id +"]")
- .build());
+ ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_INVALID_SERVICE_ID;
+ failures.add(new RangerServiceValidationErrorBuilder()
+ .field("id")
+ .isSemanticallyIncorrect()
+ .errorCode(error.getErrorCode())
+ .becauseOf(error.getMessage(id))
+ .build());
valid = false;
}
}
@@ -133,48 +141,56 @@ public class RangerServiceValidator extends RangerValidator {
boolean nameSpecified = StringUtils.isNotBlank(name);
RangerServiceDef serviceDef = null;
if (!nameSpecified) {
- String message = "service name[" + name + "] was null/empty/blank";
- LOG.debug(message);
- failures.add(new ValidationFailureDetailsBuilder()
- .field("name")
- .isMissing()
- .becauseOf(message)
- .build());
+ ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_INVALID_SERVICE_NAME;
+ failures.add(new RangerServiceValidationErrorBuilder()
+ .field("name")
+ .isMissing()
+ .errorCode(error.getErrorCode())
+ .becauseOf(error.getMessage(name))
+ .build());
valid = false;
} else {
RangerService otherService = getService(name);
if (otherService != null && action == Action.CREATE) {
- failures.add(new ValidationFailureDetailsBuilder()
- .field("name")
- .isSemanticallyIncorrect()
- .becauseOf("service with the name[" + name + "] already exists")
- .build());
+ ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_SERVICE_NAME_CONFICT;
+ failures.add(new RangerServiceValidationErrorBuilder()
+ .field("name")
+ .isSemanticallyIncorrect()
+ .errorCode(error.getErrorCode())
+ .becauseOf(error.getMessage(name))
+ .build());
valid = false;
} else if (otherService != null && otherService.getId() !=null && !otherService.getId().equals(id)) {
- failures.add(new ValidationFailureDetailsBuilder()
- .field("id/name")
- .isSemanticallyIncorrect()
- .becauseOf("id/name conflict: another service already exists with name[" + name + "], its id is [" + otherService.getId() + "]")
- .build());
+ ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_ID_NAME_CONFLICT;
+ failures.add(new RangerServiceValidationErrorBuilder()
+ .field("id/name")
+ .isSemanticallyIncorrect()
+ .errorCode(error.getErrorCode())
+ .becauseOf(error.getMessage(name, otherService.getId()))
+ .build());
valid = false;
}
}
String type = service.getType();
boolean typeSpecified = StringUtils.isNotBlank(type);
if (!typeSpecified) {
- failures.add(new ValidationFailureDetailsBuilder()
- .field("type")
- .isMissing()
- .becauseOf("service def [" + type + "] was null/empty/blank")
- .build());
+ ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_MISSING_SERVICE_DEF;
+ failures.add(new RangerServiceValidationErrorBuilder()
+ .field("type")
+ .isMissing()
+ .errorCode(error.getErrorCode())
+ .becauseOf(error.getMessage(type))
+ .build());
valid = false;
} else {
serviceDef = getServiceDef(type);
if (serviceDef == null) {
- failures.add(new ValidationFailureDetailsBuilder()
- .field("type")
- .isSemanticallyIncorrect()
- .becauseOf("service def named[" + type + "] not found")
+ ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_INVALID_SERVICE_DEF;
+ failures.add(new RangerServiceValidationErrorBuilder()
+ .field("type")
+ .isSemanticallyIncorrect()
+ .errorCode(error.getErrorCode())
+ .becauseOf(error.getMessage(type))
.build());
valid = false;
}
@@ -185,12 +201,14 @@ public class RangerServiceValidator extends RangerValidator {
Set<String> inputParameters = getServiceConfigParameters(service);
Set<String> missingParameters = Sets.difference(reqiredParameters, inputParameters);
if (!missingParameters.isEmpty()) {
- failures.add(new ValidationFailureDetailsBuilder()
- .field("configuration")
- .subField(missingParameters.iterator().next()) // we return any one parameter!
- .isMissing()
- .becauseOf("required configuration parameter is missing; missing parameters: " + missingParameters)
- .build());
+ ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_REQUIRED_PARM_MISSING;
+ failures.add(new RangerServiceValidationErrorBuilder()
+ .field("configuration")
+ .subField(missingParameters.iterator().next()) // we return any one parameter!
+ .isMissing()
+ .errorCode(error.getErrorCode())
+ .becauseOf(error.getMessage(missingParameters))
+ .build());
valid = false;
}
}
@@ -201,4 +219,27 @@ public class RangerServiceValidator extends RangerValidator {
}
return valid;
}
+
+ static class RangerServiceValidationErrorBuilder extends ValidationFailureDetailsBuilder {
+
+ @Override
+ ValidationFailureDetails build() {
+ return new RangerPolicyValidationFailure(_errorCode, _fieldName, _subFieldName, _missing, _semanticError, _internalError, _reason);
+ }
+ }
+
+ static class RangerPolicyValidationFailure extends ValidationFailureDetails {
+
+ public RangerPolicyValidationFailure(int errorCode, String fieldName, String subFieldName, boolean missing, boolean semanticError, boolean internalError, String reason) {
+ super(errorCode, fieldName, subFieldName, missing, semanticError, internalError, reason);
+ }
+
+ // TODO remove and move to baseclass when all 3 move to new message framework
+ @Override
+ public String toString() {
+ LOG.debug("RangerServiceValidationFailure.toString");
+ return String.format("%s: %d, %s", "Policy validation failure", _errorCode, _reason);
+ }
+ }
+
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d1e2f3b7/agents-common/src/test/java/org/apache/ranger/plugin/errors/TestValidationErrorCode.java
----------------------------------------------------------------------
diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/errors/TestValidationErrorCode.java b/agents-common/src/test/java/org/apache/ranger/plugin/errors/TestValidationErrorCode.java
new file mode 100644
index 0000000..d6b2d16
--- /dev/null
+++ b/agents-common/src/test/java/org/apache/ranger/plugin/errors/TestValidationErrorCode.java
@@ -0,0 +1,72 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.errors;
+
+import com.google.common.collect.ImmutableSet;
+import junit.framework.TestCase;
+
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * Created by alal on 7/30/15.
+ */
+public class TestValidationErrorCode extends TestCase {
+
+
+ public void testUserMessage() throws Exception {
+ ValidationErrorCode errorCode = ValidationErrorCode.SERVICE_VALIDATION_ERR_UNSUPPORTED_ACTION;
+ String aParameter = "FOO";
+ String expected = errorCode._template.replace("{0}", aParameter);
+ assertEquals(expected, errorCode.getMessage(aParameter));
+ }
+
+ /**
+ * tests if template has any trivial template variable problems, e.g. if template has {3} in it then it
+ * better also have {0}, {1} and {2} in it else MessageFormat output might be unexpected.
+ *
+ * This check is far from perfect. It may give false alarms if the message itself contains strings of the form {1}
+ * which have been escaped using single quotes. If that happens we would have to make this test smarter.
+ */
+ public void testTemplates() {
+
+ // we check up to 5 substitution variables. If there are more than 5 then you probably have a different set of problems
+ Set<ValidationErrorCode> may = ImmutableSet.copyOf(ValidationErrorCode.values());
+
+ // set of enums that must not hvae any subsequent placeholders in it
+ Set<ValidationErrorCode> mustNot = new HashSet<ValidationErrorCode>();
+
+ for (int i = 0; i < 5; i++) {
+ String token = String.format("{%d", i);
+ // check which ones should not have anymore substition varabile placehoders in them, {0}, {1}, etc.
+ for (ValidationErrorCode anEnum : may) {
+ if (!anEnum._template.contains(token)) {
+ // if template does not have {1} then it surely must not have {2}, {3}, etc.
+ mustNot.add(anEnum);
+ }
+ }
+ // check for incorrectly numbers substition variable placeholders
+ for (ValidationErrorCode anEnum : mustNot) {
+ assertFalse(anEnum.toString() + ": contains " + token + ". Check for wongly numberd substition variable placeholders.",
+ anEnum._template.contains(token));
+ }
+ }
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d1e2f3b7/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestValidationFailureDetails.java
----------------------------------------------------------------------
diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestValidationFailureDetails.java b/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestValidationFailureDetails.java
index cf929c6..815d41c 100644
--- a/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestValidationFailureDetails.java
+++ b/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestValidationFailureDetails.java
@@ -27,9 +27,6 @@ import java.util.regex.Pattern;
import static org.junit.Assert.assertEquals;
-/**
- * Created by alal on 6/17/15.
- */
public class TestValidationFailureDetails {
@Test
[03/14] incubator-ranger git commit: RANGER-593 User friendly error
messages for service def validation error failures
Posted by ma...@apache.org.
RANGER-593 User friendly error messages for service def validation error failures
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/2d931dbe
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/2d931dbe
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/2d931dbe
Branch: refs/heads/tag-policy
Commit: 2d931dbe4520f43edc1bdcb867f8fd6f2b35392b
Parents: d1e2f3b
Author: Alok Lal <al...@apache.org>
Authored: Mon Aug 3 12:50:39 2015 -0700
Committer: Alok Lal <al...@apache.org>
Committed: Mon Aug 3 12:50:39 2015 -0700
----------------------------------------------------------------------
.../plugin/errors/ValidationErrorCode.java | 24 ++-
.../validation/RangerServiceDefValidator.java | 180 ++++++++++++-------
.../plugin/errors/TestValidationErrorCode.java | 14 ++
3 files changed, 155 insertions(+), 63 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2d931dbe/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java b/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
index 77d16f5..c40efc9 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
@@ -26,7 +26,7 @@ import java.text.MessageFormat;
import java.util.Arrays;
public enum ValidationErrorCode {
-
+ // SERVICE VALIDATION
SERVICE_VALIDATION_ERR_UNSUPPORTED_ACTION(1001, "Internal error: unsupported action[{0}]; isValid(Long) is only supported for DELETE"),
SERVICE_VALIDATION_ERR_MISSING_FIELD(1002, "Internal error: missing field[{0}]"),
SERVICE_VALIDATION_ERR_NULL_SERVICE_OBJECT(1003, "Internal error: service object passed in was null"),
@@ -38,6 +38,28 @@ public enum ValidationErrorCode {
SERVICE_VALIDATION_ERR_MISSING_SERVICE_DEF(1009, "service def [{0}] was null/empty/blank"),
SERVICE_VALIDATION_ERR_INVALID_SERVICE_DEF(1010, "service def named[{0}] not found"),
SERVICE_VALIDATION_ERR_REQUIRED_PARM_MISSING(1011, "required configuration parameter is missing; missing parameters: {0}"),
+
+ // SERVICE-DEF VALIDATION
+ SERVICE_DEF_VALIDATION_ERR_UNSUPPORTED_ACTION(2001, "Internal error: unsupported action[{0}]; isValid(Long) is only supported for DELETE"),
+ SERVICE_DEF_VALIDATION_ERR_MISSING_FIELD(2002, "Internal error: missing field[{0}]"),
+ SERVICE_DEF_VALIDATION_ERR_NULL_SERVICE_DEF_OBJECT(2003, "Internal error: service def object passed in was null"),
+ SERVICE_DEF_VALIDATION_ERR_EMPTY_SERVICE_DEF_ID(2004, "Internal error: service def id was null/empty/blank"),
+ SERVICE_DEF_VALIDATION_ERR_INVALID_SERVICE_DEF_ID(2005, "No service def found for id [{0}]"),
+ SERVICE_DEF_VALIDATION_ERR_INVALID_SERVICE_DEF_NAME(2006, "Service def name[{0}] was null/empty/blank"),
+ SERVICE_DEF_VALIDATION_ERR_SERVICE_DEF_NAME_CONFICT(2007, "service def with the name[{0}] already exists"),
+ SERVICE_DEF_VALIDATION_ERR_ID_NAME_CONFLICT(2008, "id/name conflict: another service def already exists with name[{0}], its id is [{1}]"),
+ SERVICE_DEF_VALIDATION_ERR_IMPLIED_GRANT_UNKNOWN_ACCESS_TYPE(2009, "implied grant[{0}] contains an unknown access types[{1}]"),
+ SERVICE_DEF_VALIDATION_ERR_IMPLIED_GRANT_IMPLIES_ITSELF(2010, "implied grants list [{0}] for access type[{1}] contains itself"),
+ SERVICE_DEF_VALIDATION_ERR_POLICY_CONDITION_NULL_EVALUATOR(2011, "evaluator on policy condition definition[{0}] was null/empty!"),
+ SERVICE_DEF_VALIDATION_ERR_CONFIG_DEF_UNKNOWN_ENUM(2012, "subtype[{0}] of service def config[{1}] was not among defined enums[{2}]"),
+ SERVICE_DEF_VALIDATION_ERR_CONFIG_DEF_UNKNOWN_ENUM_VALUE(2013, "default value[{0}] of service def config[{1}] was not among the valid values[{2}] of enums[{3}]"),
+ SERVICE_DEF_VALIDATION_ERR_CONFIG_DEF_MISSING_TYPE(2014, "type of service def config[{0}] was null/empty"),
+ SERVICE_DEF_VALIDATION_ERR_CONFIG_DEF_INVALID_TYPE(2015, "type[{0}] of service def config[{1}] is not among valid types: {2}"),
+ SERVICE_DEF_VALIDATION_ERR_RESOURCE_GRAPH_INVALID(2016, "Resource graph implied by various resources, e.g. parent value is invalid. Valid graph must forest (union of disjoint trees)."),
+ SERVICE_DEF_VALIDATION_ERR_ENUM_DEF_NULL_OBJECT(2017, "Internal error: An enum def in enums collection is null"),
+ SERVICE_DEF_VALIDATION_ERR_ENUM_DEF_NO_VALUES(2018, "enum [{0}] does not have any elements"),
+ SERVICE_DEF_VALIDATION_ERR_ENUM_DEF_INVALID_DEFAULT_INDEX(2019, "default index[{0}] for enum [{1}] is invalid"),
+ SERVICE_DEF_VALIDATION_ERR_ENUM_DEF_NULL_ENUM_ELEMENT(2020, "An enum element in enum element collection of enum [{0}] is null"),
;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2d931dbe/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefValidator.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefValidator.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefValidator.java
index 32d0f1a..75372c2 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefValidator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefValidator.java
@@ -31,6 +31,7 @@ import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.plugin.errors.ValidationErrorCode;
import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef;
import org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumDef;
@@ -78,15 +79,20 @@ public class RangerServiceDefValidator extends RangerValidator {
boolean valid = true;
if (action != Action.DELETE) {
- failures.add(new ValidationFailureDetailsBuilder()
- .isAnInternalError()
- .becauseOf("unsupported action[" + action + "]; isValid(Long) is only supported for DELETE")
- .build());
+ ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_UNSUPPORTED_ACTION;
+ failures.add(new RangerServiceDefValidationErrorBuilder()
+ .isAnInternalError()
+ .errorCode(error.getErrorCode())
+ .becauseOf(error.getMessage(action))
+ .build());
valid = false;
} else if (id == null) {
- failures.add(new ValidationFailureDetailsBuilder()
+ ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_MISSING_FIELD;
+ failures.add(new RangerServiceDefValidationErrorBuilder()
.field("id")
.isMissing()
+ .errorCode(error.getErrorCode())
+ .becauseOf(error.getMessage("id"))
.build());
valid = false;
} else if (getServiceDef(id) == null) {
@@ -111,12 +117,12 @@ public class RangerServiceDefValidator extends RangerValidator {
}
boolean valid = true;
if (serviceDef == null) {
- String message = "service def object passed in was null";
- LOG.debug(message);
- failures.add(new ValidationFailureDetailsBuilder()
+ ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_NULL_SERVICE_DEF_OBJECT;
+ failures.add(new RangerServiceDefValidationErrorBuilder()
.field("service def")
.isMissing()
- .becauseOf(message)
+ .errorCode(error.getErrorCode())
+ .becauseOf(error.getMessage(action))
.build());
valid = false;
} else {
@@ -154,19 +160,21 @@ public class RangerServiceDefValidator extends RangerValidator {
if (action == Action.UPDATE) { // id is ignored for CREATE
if (id == null) {
- String message = "service def id was null/empty/blank";
- LOG.debug(message);
- failures.add(new ValidationFailureDetailsBuilder()
+ ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_EMPTY_SERVICE_DEF_ID;
+ failures.add(new RangerServiceDefValidationErrorBuilder()
.field("id")
.isMissing()
- .becauseOf(message)
+ .errorCode(error.getErrorCode())
+ .becauseOf(error.getMessage())
.build());
valid = false;
} else if (getServiceDef(id) == null) {
- failures.add(new ValidationFailureDetailsBuilder()
+ ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_INVALID_SERVICE_DEF_ID;
+ failures.add(new RangerServiceDefValidationErrorBuilder()
.field("id")
.isSemanticallyIncorrect()
- .becauseOf("no service def exists with id[" + id +"]")
+ .errorCode(error.getErrorCode())
+ .becauseOf(error.getMessage(id))
.build());
valid = false;
}
@@ -185,28 +193,32 @@ public class RangerServiceDefValidator extends RangerValidator {
boolean valid = true;
if (StringUtils.isBlank(name)) {
- String message = "service def name[" + name + "] was null/empty/blank";
- LOG.debug(message);
- failures.add(new ValidationFailureDetailsBuilder()
+ ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_INVALID_SERVICE_DEF_NAME;
+ failures.add(new RangerServiceDefValidationErrorBuilder()
.field("name")
.isMissing()
- .becauseOf(message)
+ .errorCode(error.getErrorCode())
+ .becauseOf(error.getMessage(name))
.build());
valid = false;
} else {
RangerServiceDef otherServiceDef = getServiceDef(name);
if (otherServiceDef != null && action == Action.CREATE) {
- failures.add(new ValidationFailureDetailsBuilder()
+ ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_SERVICE_DEF_NAME_CONFICT;
+ failures.add(new RangerServiceDefValidationErrorBuilder()
.field("name")
.isSemanticallyIncorrect()
- .becauseOf("service def with the name[" + name + "] already exists")
+ .errorCode(error.getErrorCode())
+ .becauseOf(error.getMessage(name))
.build());
valid = false;
} else if (otherServiceDef != null && !Objects.equals(id, otherServiceDef.getId())) {
- failures.add(new ValidationFailureDetailsBuilder()
+ ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_ID_NAME_CONFLICT;
+ failures.add(new RangerServiceDefValidationErrorBuilder()
.field("id/name")
.isSemanticallyIncorrect()
- .becauseOf("id/name conflict: another service def already exists with name[" + name + "], its id is [" + otherServiceDef.getId() + "]")
+ .errorCode(error.getErrorCode())
+ .becauseOf(error.getMessage(name, otherServiceDef.getId()))
.build());
valid = false;
}
@@ -225,10 +237,12 @@ public class RangerServiceDefValidator extends RangerValidator {
boolean valid = true;
if (CollectionUtils.isEmpty(accessTypeDefs)) {
- failures.add(new ValidationFailureDetailsBuilder()
+ ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_MISSING_FIELD;
+ failures.add(new RangerServiceDefValidationErrorBuilder()
.field("access types")
.isMissing()
- .becauseOf("access types collection was null/empty")
+ .errorCode(error.getErrorCode())
+ .becauseOf(error.getMessage("access types"))
.build());
valid = false;
} else {
@@ -248,22 +262,26 @@ public class RangerServiceDefValidator extends RangerValidator {
Collection<String> impliedGrants = getImpliedGrants(def);
Set<String> unknownAccessTypes = Sets.difference(Sets.newHashSet(impliedGrants), accessNames);
if (!unknownAccessTypes.isEmpty()) {
- failures.add(new ValidationFailureDetailsBuilder()
+ ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_IMPLIED_GRANT_UNKNOWN_ACCESS_TYPE;
+ failures.add(new RangerServiceDefValidationErrorBuilder()
.field("implied grants")
.subField(unknownAccessTypes.iterator().next()) // we return just on item here. Message has all unknow items
.isSemanticallyIncorrect()
- .becauseOf("implied grant[" + impliedGrants + "] contains an unknown access types[" + unknownAccessTypes + "]")
+ .errorCode(error.getErrorCode())
+ .becauseOf(error.getMessage(impliedGrants, unknownAccessTypes))
.build());
valid = false;
}
// implied grant should not imply itself!
String name = def.getName(); // note: this name could be null/blank/empty!
if (impliedGrants.contains(name)) {
- failures.add(new ValidationFailureDetailsBuilder()
+ ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_IMPLIED_GRANT_IMPLIES_ITSELF;
+ failures.add(new RangerServiceDefValidationErrorBuilder()
.field("implied grants")
.subField(name)
.isSemanticallyIncorrect()
- .becauseOf("implied grants list [" + impliedGrants + "] for access type[" + name + "] contains itself")
+ .errorCode(error.getErrorCode())
+ .becauseOf(error.getMessage(impliedGrants, name))
.build());
valid = false;
}
@@ -292,13 +310,13 @@ public class RangerServiceDefValidator extends RangerValidator {
String name = conditionDef.getName();
valid = isUnique(name, names, "policy condition def name", "policy condition defs", failures) && valid;
if (StringUtils.isBlank(conditionDef.getEvaluator())) {
- String reason = String.format("evaluator on policy condition definition[%s] was null/empty!", name);
- LOG.debug(reason);
- failures.add(new ValidationFailureDetailsBuilder()
+ ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_POLICY_CONDITION_NULL_EVALUATOR;
+ failures.add(new RangerServiceDefValidationErrorBuilder()
.field("policy condition def evaluator")
.subField(name)
.isMissing()
- .becauseOf(reason)
+ .errorCode(error.getErrorCode())
+ .becauseOf(error.getMessage(name))
.build());
valid = false;
}
@@ -355,12 +373,13 @@ public class RangerServiceDefValidator extends RangerValidator {
String configName = configDef.getName();
if (!enumTypes.contains(subType)) {
- String reason = String.format("subtype[%s] of service def config[%s] was not among defined enums[%s]", subType, configName, enumTypes);
- failures.add(new ValidationFailureDetailsBuilder()
+ ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_CONFIG_DEF_UNKNOWN_ENUM;
+ failures.add(new RangerServiceDefValidationErrorBuilder()
.field("config def subtype")
.subField(configName)
.isSemanticallyIncorrect()
- .becauseOf(reason)
+ .errorCode(error.getErrorCode())
+ .becauseOf(error.getMessage(subType, configName, enumTypes))
.build());
valid = false;
} else {
@@ -370,13 +389,14 @@ public class RangerServiceDefValidator extends RangerValidator {
RangerEnumDef enumDef = enumDefsMap.get(subType);
Set<String> enumValues = getEnumValues(enumDef);
if (!enumValues.contains(defaultValue)) {
- String reason = String.format("default value[%s] of service def config[%s] was not among the valid values[%s] of enums[%s]", defaultValue, configName, enumValues, subType);
- failures.add(new ValidationFailureDetailsBuilder()
- .field("config def default value")
- .subField(configName)
- .isSemanticallyIncorrect()
- .becauseOf(reason)
- .build());
+ ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_CONFIG_DEF_UNKNOWN_ENUM_VALUE;
+ failures.add(new RangerServiceDefValidationErrorBuilder()
+ .field("config def default value")
+ .subField(configName)
+ .isSemanticallyIncorrect()
+ .errorCode(error.getErrorCode())
+ .becauseOf(error.getMessage(defaultValue, configName, enumValues, subType))
+ .build());
valid = false;
}
}
@@ -397,21 +417,23 @@ public class RangerServiceDefValidator extends RangerValidator {
Set<String> validTypes = ImmutableSet.of("bool", "enum", "int", "string", "password", "path");
if (StringUtils.isBlank(type)) {
- String reason = String.format("type of service def config[%s] was null/empty", configName);
- failures.add(new ValidationFailureDetailsBuilder()
+ ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_CONFIG_DEF_MISSING_TYPE;
+ failures.add(new RangerServiceDefValidationErrorBuilder()
.field("config def type")
.subField(configName)
.isMissing()
- .becauseOf(reason)
+ .errorCode(error.getErrorCode())
+ .becauseOf(error.getMessage(configName))
.build());
valid = false;
} else if (!validTypes.contains(type)) {
- String reason = String.format("type[%s] of service def config[%s] is not among valid types: %s", type, configName, validTypes);
- failures.add(new ValidationFailureDetailsBuilder()
+ ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_CONFIG_DEF_INVALID_TYPE;
+ failures.add(new RangerServiceDefValidationErrorBuilder()
.field("config def type")
.subField(configName)
.isSemanticallyIncorrect()
- .becauseOf(reason)
+ .errorCode(error.getErrorCode())
+ .becauseOf(error.getMessage(type, configName, validTypes))
.build());
valid = false;
}
@@ -430,11 +452,12 @@ public class RangerServiceDefValidator extends RangerValidator {
List<RangerResourceDef> resources = serviceDef.getResources();
if (CollectionUtils.isEmpty(resources)) {
- String reason = "service def resources collection was null/empty";
- failures.add(new ValidationFailureDetailsBuilder()
+ ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_MISSING_FIELD;
+ failures.add(new RangerServiceDefValidationErrorBuilder()
.field("resources")
.isMissing()
- .becauseOf(reason)
+ .errorCode(error.getErrorCode())
+ .becauseOf(error.getMessage("resources"))
.build());
valid = false;
} else {
@@ -463,10 +486,12 @@ public class RangerServiceDefValidator extends RangerValidator {
// We don't want this helper to get into the cache or to use what is in the cache!!
RangerServiceDefHelper defHelper = _factory.createServiceDefHelper(serviceDef, false);
if (!defHelper.isResourceGraphValid()) {
- failures.add(new ValidationFailureDetailsBuilder()
+ ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_RESOURCE_GRAPH_INVALID;
+ failures.add(new RangerServiceDefValidationErrorBuilder()
.field("resource graph")
.isSemanticallyIncorrect()
- .becauseOf("Resource graph implied by various resources, e.g. parent value is invalid. Valid graph must forest (union of disjoint trees).")
+ .errorCode(error.getErrorCode())
+ .becauseOf(error.getMessage())
.build());
valid = false;
}
@@ -498,10 +523,12 @@ public class RangerServiceDefValidator extends RangerValidator {
Set<Long> ids = new HashSet<Long>();
for (RangerEnumDef enumDef : enumDefs) {
if (enumDef == null) {
- failures.add(new ValidationFailureDetailsBuilder()
+ ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_ENUM_DEF_NULL_OBJECT;
+ failures.add(new RangerServiceDefValidationErrorBuilder()
.field("enum def")
.isMissing()
- .becauseOf("An enum def in enums collection is null")
+ .errorCode(error.getErrorCode())
+ .becauseOf(error.getMessage())
.build());
valid = false;
} else {
@@ -511,11 +538,13 @@ public class RangerServiceDefValidator extends RangerValidator {
valid = isUnique(enumDef.getItemId(), ids, "enum def itemId", "enum defs", failures) && valid;
// enum must contain at least one valid value and those values should be non-blank and distinct
if (CollectionUtils.isEmpty(enumDef.getElements())) {
- failures.add(new ValidationFailureDetailsBuilder()
+ ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_ENUM_DEF_NO_VALUES;
+ failures.add(new RangerServiceDefValidationErrorBuilder()
.field("enum values")
.subField(enumName)
.isMissing()
- .becauseOf("enum [" + enumName + "] does not have any elements")
+ .errorCode(error.getErrorCode())
+ .becauseOf(error.getMessage(enumName))
.build());
valid = false;
} else {
@@ -523,11 +552,13 @@ public class RangerServiceDefValidator extends RangerValidator {
// default index should be valid
int defaultIndex = getEnumDefaultIndex(enumDef);
if (defaultIndex < 0 || defaultIndex >= enumDef.getElements().size()) { // max index is one less than the size of the elements list
- failures.add(new ValidationFailureDetailsBuilder()
+ ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_ENUM_DEF_INVALID_DEFAULT_INDEX;
+ failures.add(new RangerServiceDefValidationErrorBuilder()
.field("enum default index")
.subField(enumName)
.isSemanticallyIncorrect()
- .becauseOf("default index[" + defaultIndex + "] for enum [" + enumName + "] is invalid")
+ .errorCode(error.getErrorCode())
+ .becauseOf(error.getMessage(defaultIndex, enumName))
.build());
valid = false;
}
@@ -556,11 +587,13 @@ public class RangerServiceDefValidator extends RangerValidator {
Set<Long> ids = new HashSet<Long>();
for (RangerEnumElementDef elementDef : enumElementsDefs) {
if (elementDef == null) {
- failures.add(new ValidationFailureDetailsBuilder()
+ ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_ENUM_DEF_NULL_ENUM_ELEMENT;
+ failures.add(new RangerServiceDefValidationErrorBuilder()
.field("enum element")
.subField(enumName)
.isMissing()
- .becauseOf("An enum element in enum element collection of enum [" + enumName + "] is null")
+ .errorCode(error.getErrorCode())
+ .becauseOf(error.getMessage(enumName))
.build());
valid = false;
} else {
@@ -575,4 +608,27 @@ public class RangerServiceDefValidator extends RangerValidator {
}
return valid;
}
+
+ static class RangerServiceDefValidationErrorBuilder extends ValidationFailureDetailsBuilder {
+
+ @Override
+ ValidationFailureDetails build() {
+ return new RangerServiceDefValidationFailure(_errorCode, _fieldName, _subFieldName, _missing, _semanticError, _internalError, _reason);
+ }
+ }
+
+ static class RangerServiceDefValidationFailure extends ValidationFailureDetails {
+
+ public RangerServiceDefValidationFailure(int errorCode, String fieldName, String subFieldName, boolean missing, boolean semanticError, boolean internalError, String reason) {
+ super(errorCode, fieldName, subFieldName, missing, semanticError, internalError, reason);
+ }
+
+ // TODO remove and move to baseclass when all 3 move to new message framework
+ @Override
+ public String toString() {
+ LOG.debug("RangerServiceDefValidationFailure.toString");
+ return String.format("%s: %d, %s", "Policy validation failure", _errorCode, _reason);
+ }
+ }
+
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2d931dbe/agents-common/src/test/java/org/apache/ranger/plugin/errors/TestValidationErrorCode.java
----------------------------------------------------------------------
diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/errors/TestValidationErrorCode.java b/agents-common/src/test/java/org/apache/ranger/plugin/errors/TestValidationErrorCode.java
index d6b2d16..46b1966 100644
--- a/agents-common/src/test/java/org/apache/ranger/plugin/errors/TestValidationErrorCode.java
+++ b/agents-common/src/test/java/org/apache/ranger/plugin/errors/TestValidationErrorCode.java
@@ -21,6 +21,7 @@ package org.apache.ranger.plugin.errors;
import com.google.common.collect.ImmutableSet;
import junit.framework.TestCase;
+import org.apache.ranger.plugin.model.validation.ValidationFailureDetails;
import java.util.HashSet;
import java.util.Set;
@@ -69,4 +70,17 @@ public class TestValidationErrorCode extends TestCase {
}
}
}
+
+ /**
+ * Test if the values assigned to the validation error code are unique or not.
+ */
+ public void testValidationErrorCodesUnique() {
+ Set<Integer> errorCodes = new HashSet<>();
+ for (ValidationErrorCode anEnum : ValidationErrorCode.values()) {
+ int errorCode = anEnum.getErrorCode();
+ // errorCode that we see must not have been seen so far.
+ assertFalse("ValidationErrorCode: error code [" + errorCode + "] used multiple times!", errorCodes.contains(errorCode));
+ errorCodes.add(errorCode);
+ }
+ }
}
\ No newline at end of file