You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ve...@apache.org on 2015/03/24 20:07:33 UTC
[1/2] incubator-ranger git commit: RANGER-302: Fix privilege issue
for audit user, Add dry run mode, Remove revoke statements
Repository: incubator-ranger
Updated Branches:
refs/heads/master bb0bdcede -> dc49a1a49
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/dc49a1a4/security-admin/scripts/dba_script.py
----------------------------------------------------------------------
diff --git a/security-admin/scripts/dba_script.py b/security-admin/scripts/dba_script.py
index c313bfc..8b790ba 100644
--- a/security-admin/scripts/dba_script.py
+++ b/security-admin/scripts/dba_script.py
@@ -30,7 +30,7 @@ def check_output(query):
p = subprocess.Popen(query, stdout=subprocess.PIPE)
output = p.communicate ()[0]
return output
-
+
def log(msg,type):
if type == 'info':
logging.info(" %s",msg)
@@ -60,20 +60,37 @@ def populate_global_dict():
value = value.strip()
globalDict[key] = value
+def logFile(msg):
+ if globalDict["dryMode"]==True:
+ logFileName=globalDict["dryModeOutputFile"]
+ if logFileName !="":
+ if os.path.isfile(logFileName):
+ if os.access(logFileName, os.W_OK):
+ with open(logFileName, "a") as f:
+ f.write(msg+"\n")
+ f.close()
+ else:
+ print("Unable to open file "+logFileName+" in write mode, Check file permissions.")
+ sys.exit()
+ else:
+ print(logFileName+" is Invalid input file name! Provide valid file path to write DBA scripts:")
+ sys.exit()
+ else:
+ print("Invalid input! Provide file path to write DBA scripts:")
+ sys.exit()
class BaseDB(object):
- def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password):
+ def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password,dryMode):
log("[I] ---------- Creating user ----------", "info")
def check_connection(self, db_name, db_user, db_password):
log("[I] ---------- Verifying DB connection ----------", "info")
- def create_db(self, root_user, db_root_password, db_name, db_user, db_password):
+ def create_db(self, root_user, db_root_password, db_name, db_user, db_password,dryMode):
log("[I] ---------- Verifying database ----------", "info")
- def create_auditdb_user(self, xa_db_host , audit_db_host , db_name ,audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE):
- log("[I] ----------------- Create audit user ------------", "info")
-
+ def create_auditdb_user(self, xa_db_host , audit_db_host , db_name ,audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE,dryMode):
+ log("[I] ---------- Create audit user ----------", "info")
class MysqlConf(BaseDB):
@@ -88,8 +105,9 @@ class MysqlConf(BaseDB):
jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN,self.SQL_CONNECTOR_JAR,self.host,db_name,user,password)
return jisql_cmd
- def verify_user(slef, root_user, db_root_password, host, db_user, get_cmd):
- log("[I] Verifying user " + db_user , "info")
+ def verify_user(self, root_user, db_root_password, host, db_user, get_cmd,dryMode):
+ if dryMode == False:
+ log("[I] Verifying user " + db_user+ " for Host "+ host, "info")
query = get_cmd + " -query \"select user from mysql.user where user='%s' and host='%s';\"" %(db_user,host)
output = check_output(shlex.split(query))
if output.strip(db_user + " |"):
@@ -98,51 +116,60 @@ class MysqlConf(BaseDB):
return False
def check_connection(self, db_name, db_user, db_password):
- log("[I] Checking connection..", "info")
+ #log("[I] Checking connection..", "info")
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
query = get_cmd + " -query \"SELECT version();\""
output = check_output(shlex.split(query))
if output.strip('Production |'):
- log("[I] Checking connection passed.", "info")
+ #log("[I] Checking connection passed.", "info")
return True
else:
- log("[E] Can't establish connection!! Exiting.." ,"error")
+ log("[E] Can't establish db connection.. Exiting.." ,"error")
sys.exit(1)
- def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password):
+ def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password,dryMode):
if self.check_connection('mysql', root_user, db_root_password):
hosts_arr =["%", "localhost"]
for host in hosts_arr:
get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql')
- if self.verify_user(root_user, db_root_password, host, db_user, get_cmd):
- log("[I] MySQL user " + db_user + " already exists for host " + host, "info")
+ if self.verify_user(root_user, db_root_password, host, db_user, get_cmd,dryMode):
+ if dryMode == False:
+ log("[I] MySQL user " + db_user + " already exists for host " + host, "info")
else:
- log("[I] MySQL user " + db_user + " does not exists for host " + host, "info")
if db_password == "":
- query = get_cmd + " -query \"create user '%s'@'%s';\"" %(db_user, host)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- if self.verify_user(root_user, db_root_password, host, db_user, get_cmd):
- log("[I] MySQL user " + db_user +" created for host " + host ,"info")
- else:
- log("[E] Creating MySQL user " + db_user +" failed","error")
- sys.exit(1)
+ if dryMode == False:
+ log("[I] MySQL user " + db_user + " does not exists for host " + host, "info")
+ query = get_cmd + " -query \"create user '%s'@'%s';\"" %(db_user, host)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ if self.verify_user(root_user, db_root_password, host, db_user, get_cmd):
+ log("[I] MySQL user " + db_user +" created for host " + host ,"info")
+ else:
+ log("[E] Creating MySQL user " + db_user +" failed..","error")
+ sys.exit(1)
+ else:
+ logFile("create user '%s'@'%s';" %(db_user, host))
else:
- query = get_cmd + " -query \"create user '%s'@'%s' identified by '%s';\"" %(db_user,host,db_password)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- if self.verify_user(root_user, db_root_password, host, db_user, get_cmd):
- log("[I] MySQL user " + db_user +" created for host " + host ,"info")
+ if dryMode == False:
+ log("[I] MySQL user " + db_user + " does not exists for host " + host, "info")
+ query = get_cmd + " -query \"create user '%s'@'%s' identified by '%s';\"" %(db_user,host,db_password)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ if self.verify_user(root_user, db_root_password, host, db_user, get_cmd,dryMode):
+ log("[I] MySQL user " + db_user +" created for host " + host ,"info")
+ else:
+ log("[E] Creating MySQL user " + db_user +" failed..","error")
+ sys.exit(1)
else:
- log("[E] Creating MySQL user " + db_user +" failed","error")
+ log("[E] Creating MySQL user " + db_user +" failed..","error")
sys.exit(1)
else:
- log("[E] Creating MySQL user " + db_user +" failed","error")
- sys.exit(1)
+ logFile("create user '%s'@'%s' identified by '%s';" %(db_user, host,db_password))
- def verify_db(self, root_user, db_root_password, db_name):
- log("[I] Verifying database " + db_name , "info")
+ def verify_db(self, root_user, db_root_password, db_name,dryMode):
+ if dryMode == False:
+ log("[I] Verifying database " + db_name , "info")
get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql')
query = get_cmd + " -query \"show databases like '%s';\"" %(db_name)
output = check_output(shlex.split(query))
@@ -152,80 +179,93 @@ class MysqlConf(BaseDB):
return False
- def create_db(self, root_user, db_root_password, db_name, db_user, db_password):
- if self.verify_db(root_user, db_root_password, db_name):
- log("[I] Database "+db_name + " already exists.","info")
+ def create_db(self, root_user, db_root_password, db_name, db_user, db_password,dryMode):
+ if self.verify_db(root_user, db_root_password, db_name,dryMode):
+ if dryMode == False:
+ log("[I] Database "+db_name + " already exists.","info")
else:
- log("[I] Database does not exist! Creating database " + db_name,"info")
get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql')
query = get_cmd + " -query \"create database %s;\"" %(db_name)
- ret = subprocess.check_call(shlex.split(query))
- if ret != 0:
- log("[E] Database creation failed!!","error")
- sys.exit(1)
- else:
- if self.verify_db(root_user, db_root_password, db_name):
- log("[I] Creating database " + db_name + " succeeded", "info")
- return True
- else:
- log("[E] Database creation failed!!","error")
+ if dryMode == False:
+ log("[I] Database does not exist, Creating database " + db_name,"info")
+ ret = subprocess.check_call(shlex.split(query))
+ if ret != 0:
+ log("[E] Database creation failed..","error")
sys.exit(1)
+ else:
+ if self.verify_db(root_user, db_root_password, db_name,dryMode):
+ log("[I] Creating database " + db_name + " succeeded", "info")
+ return True
+ else:
+ log("[E] Database creation failed..","error")
+ sys.exit(1)
+ else:
+ logFile("create database %s;" %(db_name))
- def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, is_revoke):
+ def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, is_revoke,dryMode):
hosts_arr =["%", "localhost"]
- if is_revoke:
- for host in hosts_arr:
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql')
- query = get_cmd + " -query \"REVOKE ALL PRIVILEGES,GRANT OPTION FROM '%s'@'%s';\"" %(db_user, host)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- query = get_cmd + " -query \"FLUSH PRIVILEGES;\""
+ '''
+ if is_revoke:
+ for host in hosts_arr:
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql')
+ query = get_cmd + " -query \"REVOKE ALL PRIVILEGES,GRANT OPTION FROM '%s'@'%s';\"" %(db_user, host)
ret = subprocess.check_call(shlex.split(query))
- if ret != 0:
+ if ret == 0:
+ query = get_cmd + " -query \"FLUSH PRIVILEGES;\""
+ ret = subprocess.check_call(shlex.split(query))
+ if ret != 0:
+ sys.exit(1)
+ else:
sys.exit(1)
- else:
- sys.exit(1)
+ '''
for host in hosts_arr:
- log("[I] ---------------Granting privileges TO user '"+db_user+"'@'"+host+"' on db '"+db_name+"'-------------" , "info")
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql')
- query = get_cmd + " -query \"grant all privileges on %s.* to '%s'@'%s' with grant option;\"" %(db_name,db_user, host)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- log("[I] ---------------FLUSH PRIVILEGES -------------" , "info")
- query = get_cmd + " -query \"FLUSH PRIVILEGES;\""
+ if dryMode == False:
+ log("[I] ---------- Granting privileges TO user '"+db_user+"'@'"+host+"' on db '"+db_name+"'----------" , "info")
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql')
+ query = get_cmd + " -query \"grant all privileges on %s.* to '%s'@'%s' with grant option;\"" %(db_name,db_user, host)
ret = subprocess.check_call(shlex.split(query))
if ret == 0:
- log("[I] Privileges granted to '" + db_user + "' on '"+db_name+"'", "info")
+ log("[I] ---------- FLUSH PRIVILEGES ----------" , "info")
+ query = get_cmd + " -query \"FLUSH PRIVILEGES;\""
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ log("[I] Privileges granted to '" + db_user + "' on '"+db_name+"'", "info")
+ else:
+ log("[E] Granting privileges to '" +db_user+"' failed on '"+db_name+"'", "error")
+ sys.exit(1)
else:
log("[E] Granting privileges to '" +db_user+"' failed on '"+db_name+"'", "error")
sys.exit(1)
else:
- log("[E] Granting privileges to '" +db_user+"' failed on '"+db_name+"'", "error")
- sys.exit(1)
-
+ logFile("grant all privileges on %s.* to '%s'@'%s' with grant option;" %(db_name,db_user, host))
- def create_auditdb_user(self, xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE):
+ def create_auditdb_user(self, xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE,dryMode):
+ is_revoke=False
if DBA_MODE == "TRUE" :
- log("[I] --------- Setup audit user ---------","info")
- self.create_rangerdb_user(audit_db_root_user, audit_db_user, audit_db_password, audit_db_root_password)
- hosts_arr =["%", "localhost"]
- for host in hosts_arr:
- get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password ,'mysql')
- query = get_cmd + " -query \"REVOKE ALL PRIVILEGES,GRANT OPTION FROM '%s'@'%s';\"" %(audit_db_user, host)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- query = get_cmd + " -query \"FLUSH PRIVILEGES;\""
- ret = subprocess.check_call(shlex.split(query))
- if ret != 0:
- sys.exit(1)
- else:
- sys.exit(1)
- self.create_db(audit_db_root_user, audit_db_root_password, audit_db_name, db_user, db_password)
- self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, False)
-
-
+ if dryMode == False:
+ log("[I] ---------- Setup audit user ----------","info")
+ self.create_rangerdb_user(audit_db_root_user, audit_db_user, audit_db_password, audit_db_root_password,dryMode)
+ '''
+ if is_revoke:
+ hosts_arr =["%", "localhost"]
+ for host in hosts_arr:
+ get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password ,'mysql')
+ query = get_cmd + " -query \"REVOKE ALL PRIVILEGES,GRANT OPTION FROM '%s'@'%s';\"" %(audit_db_user, host)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ query = get_cmd + " -query \"FLUSH PRIVILEGES;\""
+ ret = subprocess.check_call(shlex.split(query))
+ if ret != 0:
+ sys.exit(1)
+ else:
+ sys.exit(1)
+ '''
+ self.create_db(audit_db_root_user, audit_db_root_password, audit_db_name, db_user, db_password,dryMode)
+ self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, is_revoke,dryMode)
+
+
class OracleConf(BaseDB):
# Constructor
@@ -248,11 +288,12 @@ class OracleConf(BaseDB):
log("[I] Connection success", "info")
return True
else:
- log("[E] Can't establish connection!", "error")
+ log("[E] Can't establish connection,Change configuration or Contact Administrator!!", "error")
sys.exit(1)
- def verify_user(self, root_user, db_user, db_root_password):
- log("[I] Verifying user " + db_user ,"info")
+ def verify_user(self, root_user, db_user, db_root_password,dryMode):
+ if dryMode == False:
+ log("[I] Verifying user " + db_user ,"info")
get_cmd = self.get_jisql_cmd(root_user, db_root_password)
query = get_cmd + " -c \; -query \"select username from all_users where upper(username)=upper('%s');\"" %(db_user)
output = check_output(shlex.split(query))
@@ -261,36 +302,41 @@ class OracleConf(BaseDB):
else:
return False
- def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password):
+ def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password,dryMode):
if self.check_connection(self, root_user, db_root_password):
- if self.verify_user(root_user, db_user, db_root_password):
- log("[I] Oracle user " + db_user + " already exists!", "info")
+ if self.verify_user(root_user, db_user, db_root_password,dryMode):
+ if dryMode == False:
+ log("[I] Oracle user " + db_user + " already exists.", "info")
else:
- log("[I] User does not exists, Creating user : " + db_user, "info")
- get_cmd = self.get_jisql_cmd(root_user, db_root_password)
- query = get_cmd + " -c \; -query 'create user %s identified by \"%s\";'" %(db_user, db_password)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- if self.verify_user(root_user, db_user, db_root_password):
- log("[I] User " + db_user + " created", "info")
- log("[I] Granting permission to " + db_user, "info")
- query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- log("[I] Granting permissions to Oracle user '" + db_user + "' for %s done" %(self.host), "info")
+ if dryMode == False:
+ log("[I] User does not exists, Creating user : " + db_user, "info")
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password)
+ query = get_cmd + " -c \; -query 'create user %s identified by \"%s\";'" %(db_user, db_password)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ if self.verify_user(root_user, db_user, db_root_password,dryMode):
+ log("[I] User " + db_user + " created", "info")
+ log("[I] Granting permission to " + db_user, "info")
+ query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ log("[I] Granting permissions to Oracle user '" + db_user + "' for %s done" %(self.host), "info")
+ else:
+ log("[E] Granting permissions to Oracle user '" + db_user + "' failed..", "error")
+ sys.exit(1)
else:
- log("[E] Granting permissions to Oracle user '" + db_user + "' failed", "error")
+ log("[E] Creating Oracle user '" + db_user + "' failed..", "error")
sys.exit(1)
else:
- log("[E] Creating Oracle user '" + db_user + "' failed", "error")
+ log("[E] Creating Oracle user '" + db_user + "' failed..", "error")
sys.exit(1)
else:
- log("[E] Creating Oracle user '" + db_user + "' failed", "error")
- sys.exit(1)
+ logFile("create user %s identified by \"%s\";" %(db_user, db_password))
- def verify_tablespace(self, root_user, db_root_password, db_name):
- log("[I] Verifying tablespace " + db_name, "info")
+ def verify_tablespace(self, root_user, db_root_password, db_name,dryMode):
+ if dryMode == False:
+ log("[I] Verifying tablespace " + db_name, "info")
get_cmd = self.get_jisql_cmd(root_user, db_root_password)
query = get_cmd + " -c \; -query \"SELECT DISTINCT UPPER(TABLESPACE_NAME) FROM USER_TablespaceS where UPPER(Tablespace_Name)=UPPER(\'%s\');\"" %(db_name)
output = check_output(shlex.split(query))
@@ -299,179 +345,214 @@ class OracleConf(BaseDB):
else:
return False
- def create_db(self, root_user, db_root_password, db_name, db_user, db_password):
- if self.verify_tablespace(root_user, db_root_password, db_name):
- log("[I] Tablespace " + db_name + " already exists.","info")
- if self.verify_user(root_user, db_user, db_root_password):
- get_cmd = self.get_jisql_cmd(db_user ,db_password)
- query = get_cmd + " -c \; -query 'select default_tablespace from user_users;'"
- output = check_output(shlex.split(query)).strip()
- db_name = db_name.upper() +' |'
- if output == db_name:
- log("[I] User name " + db_user + " and tablespace " + db_name + " already exists.","info")
- else:
- log("[E] "+db_user + " user already assigned some other tablespace , give some other DB name.","error")
- sys.exit(1)
- #status = self.assign_tablespace(root_user, db_root_password, db_user, db_password, db_name, False)
- #return status
+ def create_db(self, root_user, db_root_password, db_name, db_user, db_password,dryMode):
+ if self.verify_tablespace(root_user, db_root_password, db_name,dryMode):
+ if dryMode == False:
+ log("[I] Tablespace " + db_name + " already exists.","info")
+ if self.verify_user(root_user, db_user, db_root_password,dryMode):
+ get_cmd = self.get_jisql_cmd(db_user ,db_password)
+ query = get_cmd + " -c \; -query 'select default_tablespace from user_users;'"
+ output = check_output(shlex.split(query)).strip()
+ db_name = db_name.upper() +' |'
+ if output == db_name:
+ log("[I] User name " + db_user + " and tablespace " + db_name + " already exists.","info")
+ else:
+ log("[E] "+db_user + " user already assigned some other tablespace , give some other DB name.","error")
+ sys.exit(1)
+ #status = self.assign_tablespace(root_user, db_root_password, db_user, db_password, db_name, False)
+ #return status
else:
- log("[I] Tablespace does not exist. Creating tablespace: " + db_name,"info")
- get_cmd = self.get_jisql_cmd(root_user, db_root_password)
- query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(db_name, db_name)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- if self.verify_tablespace(root_user, db_root_password, db_name):
- log("[I] Creating tablespace "+db_name+" succeeded", "info")
- status = self.assign_tablespace(root_user, db_root_password, db_user, db_password, db_name, True)
- return status
+ if dryMode == False:
+ log("[I] Tablespace does not exist. Creating tablespace: " + db_name,"info")
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password)
+ query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(db_name, db_name)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ if self.verify_tablespace(root_user, db_root_password, db_name,dryMode):
+ log("[I] Creating tablespace "+db_name+" succeeded", "info")
+ status=True
+ status = self.assign_tablespace(root_user, db_root_password, db_user, db_password, db_name, status,dryMode)
+ return status
+ else:
+ log("[E] Creating tablespace "+db_name+" failed..", "error")
+ sys.exit(1)
else:
- log("[E] Creating tablespace "+db_name+" failed", "error")
+ log("[E] Creating tablespace "+db_name+" failed..", "error")
sys.exit(1)
else:
- log("[E] Creating tablespace "+db_name+" failed", "error")
- sys.exit(1)
+ logFile("create tablespace %s datafile '%s.dat' size 10M autoextend on;" %(db_name, db_name))
- def assign_tablespace(self, root_user, db_root_password, db_user, db_password, db_name, status):
- log("[I] Assign default tablespace " +db_name + " to " + db_user, "info")
- # Assign default tablespace db_name
- get_cmd = self.get_jisql_cmd(root_user , db_root_password)
- query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(db_user, db_password, db_name)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- log("[I] Granting permission to " + db_user, "info")
- query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
+ def assign_tablespace(self, root_user, db_root_password, db_user, db_password, db_name, status,dryMode):
+ if dryMode == False:
+ log("[I] Assign default tablespace " +db_name + " to " + db_user, "info")
+ # Assign default tablespace db_name
+ get_cmd = self.get_jisql_cmd(root_user , db_root_password)
+ query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(db_user, db_password, db_name)
ret = subprocess.check_call(shlex.split(query))
if ret == 0:
- log("[I] Granting Oracle user '" + db_user + "' done", "info")
- return status
+ log("[I] Granting permission to " + db_user, "info")
+ query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ log("[I] Granting Oracle user '" + db_user + "' done", "info")
+ return status
+ else:
+ log("[E] Granting Oracle user '" + db_user + "' failed..", "error")
+ sys.exit(1)
else:
- log("[E] Granting Oracle user '" + db_user + "' failed", "error")
+ log("[E] Assigning default tablespace to user '" + db_user + "' failed..", "error")
sys.exit(1)
else:
- log("[E] Assigning default tablespace to user '" + db_user + "' failed", "error")
- sys.exit(1)
+ logFile("alter user %s identified by \"%s\" DEFAULT Tablespace %s;" %(db_user, db_password, db_name))
+ logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user))
- def create_auditdb(self, audit_db_root_user, db_name ,audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_db_root_password):
- if self.verify_tablespace(audit_db_root_user, audit_db_root_password, audit_db_name):
- log("[I] Tablespace " + audit_db_name + " already exists.","info")
+ def create_auditdb(self, audit_db_root_user, db_name ,audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_db_root_password,dryMode):
+ status1 = False
+ status2 = False
+ if self.verify_tablespace(audit_db_root_user, audit_db_root_password, audit_db_name,dryMode):
+ if dryMode == False:
+ log("[I] Tablespace " + audit_db_name + " already exists.","info")
status1 = True
else:
- log("[I] Tablespace does not exist. Creating tablespace: " + audit_db_name,"info")
- get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password)
- query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(audit_db_name, audit_db_name)
- ret = subprocess.check_call(shlex.split(query))
- if ret != 0:
- log("[E] Tablespace creation failed!!","error")
- sys.exit(1)
+ if dryMode == False:
+ log("[I] Tablespace does not exist. Creating tablespace: " + audit_db_name,"info")
+ get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password)
+ query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(audit_db_name, audit_db_name)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret != 0:
+ log("[E] Tablespace creation failed..","error")
+ sys.exit(1)
+ else:
+ log("[I] Creating tablespace "+ audit_db_name + " succeeded", "info")
+ status1 = True
else:
- log("[I] Creating tablespace "+ audit_db_name + " succeeded", "info")
- status1 = True
+ logFile("create tablespace %s datafile '%s.dat' size 10M autoextend on;" %(audit_db_name, audit_db_name))
- if self.verify_tablespace(audit_db_root_user, audit_db_root_password, db_name):
- log("[I] Tablespace " + db_name + " already exists.","info")
+ if self.verify_tablespace(audit_db_root_user, audit_db_root_password, db_name,dryMode):
+ if dryMode == False:
+ log("[I] Tablespace " + db_name + " already exists.","info")
status2 = True
else:
- log("[I] Tablespace does not exist. Creating tablespace: " + db_name,"info")
- get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password)
- query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(db_name, db_name)
- ret = subprocess.check_call(shlex.split(query))
- if ret != 0:
- log("[E] Tablespace creation failed!!","error")
- sys.exit(1)
+ if dryMode == False:
+ log("[I] Tablespace does not exist. Creating tablespace: " + db_name,"info")
+ get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password)
+ query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(db_name, db_name)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret != 0:
+ log("[E] Tablespace creation failed..","error")
+ sys.exit(1)
+ else:
+ log("[I] Creating tablespace "+ db_name + " succeeded", "info")
+ status2 = True
else:
- log("[I] Creating tablespace "+ db_name + " succeeded", "info")
- status2 = True
+ logFile("create tablespace %s datafile '%s.dat' size 10M autoextend on;" %(db_name, db_name))
if (status1 == True and status2 == True):
- log("[I] Assign default tablespace " + db_name + " to : " + audit_db_user, "info")
- # Assign default tablespace db_name
- get_cmd = self.get_jisql_cmd(audit_db_root_user , audit_db_root_password)
- query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(audit_db_user, audit_db_password, db_name)
- ret1 = subprocess.check_call(shlex.split(query))
-
- log("[I] Assign default tablespace " + audit_db_name + " to : " + audit_db_user, "info")
- # Assign default tablespace audit_db_name
- get_cmd = self.get_jisql_cmd(audit_db_root_user , audit_db_root_password)
- query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(audit_db_user, audit_db_password, audit_db_name)
- ret2 = subprocess.check_call(shlex.split(query))
-
- if (ret1 == 0 and ret2 == 0):
- log("[I] Granting permission to " + db_user, "info")
- query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- return True
+ if dryMode == False:
+ log("[I] Assign default tablespace " + db_name + " to : " + audit_db_user, "info")
+ # Assign default tablespace db_name
+ get_cmd = self.get_jisql_cmd(audit_db_root_user , audit_db_root_password)
+ query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(audit_db_user, audit_db_password, db_name)
+ ret1 = subprocess.check_call(shlex.split(query))
+
+ log("[I] Assign default tablespace " + audit_db_name + " to : " + audit_db_user, "info")
+ # Assign default tablespace audit_db_name
+ get_cmd = self.get_jisql_cmd(audit_db_root_user , audit_db_root_password)
+ query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(audit_db_user, audit_db_password, audit_db_name)
+ ret2 = subprocess.check_call(shlex.split(query))
+
+ if (ret1 == 0 and ret2 == 0):
+ log("[I] Granting permission to " + db_user, "info")
+ query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ return True
+ else:
+ log("[E] Granting Oracle user '" + db_user + "' failed..", "error")
+ sys.exit(1)
else:
- log("[E] Granting Oracle user '" + db_user + "' failed", "error")
- sys.exit(1)
+ return False
else:
- return False
-
+ logFile("alter user %s identified by \"%s\" DEFAULT Tablespace %s;" %(audit_db_user, audit_db_password, db_name))
+ logFile("alter user %s identified by \"%s\" DEFAULT Tablespace %s;" %(audit_db_user, audit_db_password, audit_db_name))
+ logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user))
- def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, invoke):
- get_cmd = self.get_jisql_cmd(root_user ,db_root_password)
- query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- log("[I] Granted permission to " + db_user, "info")
- return True
+ def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, invoke,dryMode):
+ if dryMode == False:
+ get_cmd = self.get_jisql_cmd(root_user ,db_root_password)
+ query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ log("[I] Granted permission to " + db_user, "info")
+ return True
+ else:
+ log("[E] Granting Oracle user '" + db_user + "' failed..", "error")
+ sys.exit(1)
else:
- log("[E] Granting Oracle user '" + db_user + "' failed", "error")
- sys.exit(1)
-
+ logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user))
- def create_auditdb_user(self, xa_db_host , audit_db_host , db_name ,audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE):
+ def create_auditdb_user(self, xa_db_host , audit_db_host , db_name ,audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE,dryMode):
if DBA_MODE == "TRUE":
- log("[I] --------- Setup audit user ---------","info")
+ if dryMode == False:
+ log("[I] ---------- Setup audit user ----------","info")
#self.create_rangerdb_user(audit_db_root_user, db_user, db_password, audit_db_root_password)
- if self.verify_user(audit_db_root_user, db_user, audit_db_root_password):
- log("[I] Oracle admin user " + db_user + " already exists!", "info")
+ if self.verify_user(audit_db_root_user, db_user, audit_db_root_password,dryMode):
+ if dryMode == False:
+ log("[I] Oracle admin user " + db_user + " already exists.", "info")
else:
- log("[I] User does not exists, Creating user " + db_user, "info")
- get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password)
- query = get_cmd + " -c \; -query 'create user %s identified by \"%s\";'" %(db_user, db_password)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- if self.verify_user(audit_db_root_user, db_user, audit_db_root_password):
- log("[I] User " + db_user + " created", "info")
- log("[I] Granting permission to " + db_user, "info")
- query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- log("[I] Granting permissions to Oracle user '" + db_user + "' for %s Done" %(self.host), "info")
+ if dryMode == False:
+ log("[I] User does not exists, Creating user " + db_user, "info")
+ get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password)
+ query = get_cmd + " -c \; -query 'create user %s identified by \"%s\";'" %(db_user, db_password)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ if self.verify_user(audit_db_root_user, db_user, audit_db_root_password,dryMode):
+ log("[I] User " + db_user + " created", "info")
+ log("[I] Granting permission to " + db_user, "info")
+ query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ log("[I] Granting permissions to Oracle user '" + db_user + "' for %s Done" %(self.host), "info")
+ else:
+ log("[E] Granting permissions to Oracle user '" + db_user + "' failed..", "error")
+ sys.exit(1)
else:
- log("[E] Granting permissions to Oracle user '" + db_user + "' failed", "error")
+ log("[E] Creating Oracle user '" + db_user + "' failed..", "error")
sys.exit(1)
else:
- log("[E] Creating Oracle user '" + db_user + "' failed", "error")
+ log("[E] Creating Oracle user '" + db_user + "' failed..", "error")
sys.exit(1)
else:
- log("[E] Creating Oracle user '" + db_user + "' failed", "error")
- sys.exit(1)
+ logFile("create user %s identified by \"%s\";" %(db_user, db_password))
+ logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user))
- if self.verify_user(audit_db_root_user, audit_db_user, audit_db_root_password):
- log("[I] Oracle audit user " + audit_db_user + " already exist!", "info")
+ if self.verify_user(audit_db_root_user, audit_db_user, audit_db_root_password,dryMode):
+ if dryMode == False:
+ log("[I] Oracle audit user " + audit_db_user + " already exist.", "info")
else:
- log("[I] Audit user does not exists, Creating audit user " + audit_db_user, "info")
- get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password)
- query = get_cmd + " -c \; -query 'create user %s identified by \"%s\";'" %(audit_db_user, audit_db_password)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- if self.verify_user(audit_db_root_user, audit_db_user, audit_db_root_password):
- query = get_cmd + " -c \; -query \"GRANT CREATE SESSION TO %s;\"" %(audit_db_user)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- log("[I] Granting permission to " + audit_db_user + " done", "info")
+ if dryMode == False:
+ log("[I] Audit user does not exists, Creating audit user " + audit_db_user, "info")
+ get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password)
+ query = get_cmd + " -c \; -query 'create user %s identified by \"%s\";'" %(audit_db_user, audit_db_password)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ if self.verify_user(audit_db_root_user, audit_db_user, audit_db_root_password,dryMode):
+ query = get_cmd + " -c \; -query \"GRANT CREATE SESSION TO %s;\"" %(audit_db_user)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ log("[I] Granting permission to " + audit_db_user + " done", "info")
+ else:
+ log("[E] Granting permission to " + audit_db_user + " failed..", "error")
+ sys.exit(1)
else:
- log("[E] Granting permission to " + audit_db_user + " failed", "error")
- sys.exit(1)
- else:
- log("[I] Creating audit user " + audit_db_user + " failed!", "info")
-
- self.create_auditdb(audit_db_root_user, db_name ,audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_db_root_password)
+ log("[I] Creating audit user " + audit_db_user + " failed..", "info")
+ else:
+ logFile("create user %s identified by \"%s\";" %(audit_db_user, audit_db_password))
+ logFile("GRANT CREATE SESSION TO %s;" % (audit_db_user))
+ self.create_auditdb(audit_db_root_user, db_name ,audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_db_root_password,dryMode)
if DBA_MODE == "TRUE":
- self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, True)
+ self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, False,dryMode)
class PostgresConf(BaseDB):
@@ -487,8 +568,9 @@ class PostgresConf(BaseDB):
jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, self.host, db_name, user, password)
return jisql_cmd
- def verify_user(self, root_user, db_root_password, db_user):
- log("[I] Verifying user " + db_user , "info")
+ def verify_user(self, root_user, db_root_password, db_user,dryMode):
+ if dryMode == False:
+ log("[I] Verifying user " + db_user , "info")
get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres')
query = get_cmd + " -query \"SELECT rolname FROM pg_roles WHERE rolname='%s';\"" %(db_user)
output = check_output(shlex.split(query))
@@ -498,39 +580,43 @@ class PostgresConf(BaseDB):
return False
def check_connection(self, db_name, db_user, db_password):
- log("[I] Checking connection", "info")
+ #log("[I] Checking connection", "info")
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
query = get_cmd + " -query \"SELECT 1;\""
output = check_output(shlex.split(query))
if output.strip('1 |'):
- log("[I] connection success", "info")
+ #log("[I] connection success", "info")
return True
else:
- log("[E] Can't establish connection", "error")
+ log("[E] Can't establish connection, Please check connection settings or contact Administrator", "error")
sys.exit(1)
- def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password):
+ def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password,dryMode):
if self.check_connection('postgres', root_user, db_root_password):
- if self.verify_user(root_user, db_root_password, db_user):
- log("[I] Postgres user " + db_user + " already exists!", "info")
+ if self.verify_user(root_user, db_root_password, db_user,dryMode):
+ if dryMode == False:
+ log("[I] Postgres user " + db_user + " already exists.", "info")
else:
- log("[I] User does not exists, Creating user : " + db_user, "info")
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres')
- query = get_cmd + " -query \"CREATE USER %s WITH LOGIN PASSWORD '%s';\"" %(db_user, db_password)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- if self.verify_user(root_user, db_root_password, db_user):
- log("[I] Postgres user " + db_user + " created", "info")
+ if dryMode == False:
+ log("[I] User does not exists, Creating user : " + db_user, "info")
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres')
+ query = get_cmd + " -query \"CREATE USER %s WITH LOGIN PASSWORD '%s';\"" %(db_user, db_password)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ if self.verify_user(root_user, db_root_password, db_user,dryMode):
+ log("[I] Postgres user " + db_user + " created", "info")
+ else:
+ log("[E] Postgres user " +db_user+" creation failed..", "error")
+ sys.exit(1)
else:
- log("[E] Postgres user " +db_user+" creation failed", "error")
+ log("[E] Postgres user " +db_user+" creation failed..", "error")
sys.exit(1)
else:
- log("[E] Postgres user " +db_user+" creation failed", "error")
- sys.exit(1)
-
+ logFile("CREATE USER %s WITH LOGIN PASSWORD '%s';" %(db_user, db_password))
- def verify_db(self, root_user, db_root_password, db_name):
- log("[I] Verifying database " + db_name , "info")
+ def verify_db(self, root_user, db_root_password, db_name,dryMode):
+ if dryMode == False:
+ log("[I] Verifying database " + db_name , "info")
get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres')
query = get_cmd + " -query \"SELECT datname FROM pg_database where datname='%s';\"" %(db_name)
output = check_output(shlex.split(query))
@@ -540,64 +626,73 @@ class PostgresConf(BaseDB):
return False
- def create_db(self, root_user, db_root_password, db_name, db_user, db_password):
- if self.verify_db(root_user, db_root_password, db_name):
- log("[I] Database "+db_name + " already exists.", "info")
+ def create_db(self, root_user, db_root_password, db_name, db_user, db_password,dryMode):
+ if self.verify_db(root_user, db_root_password, db_name,dryMode):
+ if dryMode == False:
+ log("[I] Database "+db_name + " already exists.", "info")
else:
- log("[I] Database does not exist! Creating database : " + db_name,"info")
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres')
- query = get_cmd + " -query \"create database %s with OWNER %s;\"" %(db_name, db_user)
+ if dryMode == False:
+ log("[I] Database does not exist, Creating database : " + db_name,"info")
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres')
+ query = get_cmd + " -query \"CREATE DATABASE %s WITH OWNER %s;\"" %(db_name, db_user)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret != 0:
+ log("[E] Database creation failed..","error")
+ sys.exit(1)
+ else:
+ if self.verify_db(root_user, db_root_password, db_name,dryMode):
+ log("[I] Creating database " + db_name + " succeeded", "info")
+ return True
+ else:
+ log("[E] Database creation failed..","error")
+ sys.exit(1)
+ else:
+ logFile("CREATE DATABASE %s WITH OWNER %s;" %(db_name, db_user))
+
+ def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password , is_revoke,dryMode):
+ if dryMode == False:
+ log("[I] Granting privileges TO user '"+db_user+"' on db '"+db_name+"'" , "info")
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name)
+ query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON DATABASE %s to %s;\"" %(db_name, db_user)
ret = subprocess.check_call(shlex.split(query))
if ret != 0:
- log("[E] Database creation failed!!","error")
+ log("[E] Granting privileges on tables in schema public failed..", "error")
sys.exit(1)
- else:
- if self.verify_db(root_user, db_root_password, db_name):
- log("[I] Creating database " + db_name + " succeeded", "info")
- return True
- else:
- log("[E] Database creation failed!!","error")
- sys.exit(1)
-
-
- def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password , True):
- log("[I] Granting privileges TO user '"+db_user+"' on db '"+db_name+"'" , "info")
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name)
- query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON DATABASE %s to %s;\"" %(db_name, db_user)
- ret = subprocess.check_call(shlex.split(query))
- if ret != 0:
- log("[E] Granting privileges on tables in schema public failed", "error")
- sys.exit(1)
- query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SCHEMA public TO %s;\"" %(db_user)
- ret = subprocess.check_call(shlex.split(query))
- if ret != 0:
- log("[E] Granting privileges on schema public failed", "error")
- sys.exit(1)
-
- query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO %s;\"" %(db_user)
- ret = subprocess.check_call(shlex.split(query))
- if ret != 0:
- log("[E] Granting privileges on database "+db_name+ " failed", "error")
- sys.exit(1)
+ query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SCHEMA public TO %s;\"" %(db_user)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret != 0:
+ log("[E] Granting privileges on schema public failed..", "error")
+ sys.exit(1)
- query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO %s;\"" %(db_user)
- ret = subprocess.check_call(shlex.split(query))
- if ret != 0:
- log("[E] Granting privileges on database "+db_name+ " failed", "error")
- sys.exit(1)
- log("[I] Granting privileges TO user '"+db_user+"' on db '"+db_name+"' Done" , "info")
+ query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO %s;\"" %(db_user)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret != 0:
+ log("[E] Granting privileges on database "+db_name+ " failed..", "error")
+ sys.exit(1)
+ query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO %s;\"" %(db_user)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret != 0:
+ log("[E] Granting privileges on database "+db_name+ " failed..", "error")
+ sys.exit(1)
+ log("[I] Granting privileges TO user '"+db_user+"' on db '"+db_name+"' Done" , "info")
+ else:
+ logFile("GRANT ALL PRIVILEGES ON DATABASE %s to %s;" %(db_name, db_user))
+ logFile("GRANT ALL PRIVILEGES ON SCHEMA public TO %s;" %( db_user))
+ logFile("GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO %s;" %(db_user))
+ logFile("GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO %s;" %(db_user))
- def create_auditdb_user(self, xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE):
+ def create_auditdb_user(self, xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE,dryMode):
if DBA_MODE == "TRUE":
- log("[I] --------- Setup audit user ---------","info")
- self.create_rangerdb_user(audit_db_root_user, db_user, db_password, audit_db_root_password)
- self.create_rangerdb_user(audit_db_root_user, audit_db_user, audit_db_password, audit_db_root_password)
- self.create_db(audit_db_root_user, audit_db_root_password, audit_db_name, db_user, db_password)
+ if dryMode == False:
+ log("[I] ---------- Setup audit user ----------","info")
+ self.create_rangerdb_user(audit_db_root_user, db_user, db_password, audit_db_root_password,dryMode)
+ self.create_rangerdb_user(audit_db_root_user, audit_db_user, audit_db_password, audit_db_root_password,dryMode)
+ self.create_db(audit_db_root_user, audit_db_root_password, audit_db_name, db_user, db_password,dryMode)
if DBA_MODE == "TRUE":
- self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, True)
+ self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, False,dryMode)
class SqlServerConf(BaseDB):
@@ -613,8 +708,9 @@ class SqlServerConf(BaseDB):
jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s:1433\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, user, password, self.host,db_name)
return jisql_cmd
- def verify_user(self, root_user, db_root_password, db_user):
- log("[I] Verifying user " + db_user , "info")
+ def verify_user(self, root_user, db_root_password, db_user,dryMode):
+ if dryMode == False:
+ log("[I] Verifying user " + db_user , "info")
get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb')
query = get_cmd + " -c \; -query \"select loginname from master.dbo.syslogins where loginname = '%s';\"" %(db_user)
output = check_output(shlex.split(query))
@@ -635,28 +731,32 @@ class SqlServerConf(BaseDB):
log("[E] Can't establish connection", "error")
sys.exit(1)
- def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password):
+ def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password,dryMode):
if self.check_connection('msdb', root_user, db_root_password):
- if self.verify_user(root_user, db_root_password, db_user):
- log("[I] SQL Server user " + db_user + " already exists!", "info")
+ if self.verify_user(root_user, db_root_password, db_user,dryMode):
+ if dryMode == False:
+ log("[I] SQL Server user " + db_user + " already exists.", "info")
else:
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb')
- log("[I] User does not exists, Creating Login user " + db_user, "info")
- query = get_cmd + " -c \; -query \"CREATE LOGIN %s WITH PASSWORD = '%s';\"" %(db_user,db_password)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- if self.verify_user(root_user, db_root_password, db_user):
- log("[I] SQL Server user " + db_user + " created", "info")
+ if dryMode == False:
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb')
+ log("[I] User does not exists, Creating Login user " + db_user, "info")
+ query = get_cmd + " -c \; -query \"CREATE LOGIN %s WITH PASSWORD = '%s';\"" %(db_user,db_password)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ if self.verify_user(root_user, db_root_password, db_user,dryMode):
+ log("[I] SQL Server user " + db_user + " created", "info")
+ else:
+ log("[E] SQL Server user " +db_user+" creation failed..", "error")
+ sys.exit(1)
else:
- log("[E] SQL Server user " +db_user+" creation failed", "error")
+ log("[E] SQL Server user " +db_user+" creation failed..", "error")
sys.exit(1)
else:
- log("[E] SQL Server user " +db_user+" creation failed", "error")
- sys.exit(1)
+ logFile("CREATE LOGIN %s WITH PASSWORD = '%s';" %(db_user,db_password))
-
- def verify_db(self, root_user, db_root_password, db_name):
- log("[I] Verifying database " + db_name, "info")
+ def verify_db(self, root_user, db_root_password, db_name,dryMode):
+ if dryMode == False:
+ log("[I] Verifying database " + db_name, "info")
get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb')
query = get_cmd + " -c \; -query \"SELECT name from sys.databases where name='%s';\"" %(db_name)
output = check_output(shlex.split(query))
@@ -665,141 +765,246 @@ class SqlServerConf(BaseDB):
else:
return False
- def create_db(self, root_user, db_root_password, db_name, db_user, db_password):
- if self.verify_db(root_user, db_root_password, db_name):
- log("[I] Database " + db_name + " already exists.","info")
+ def create_db(self, root_user, db_root_password, db_name, db_user, db_password,dryMode):
+ if self.verify_db(root_user, db_root_password, db_name,dryMode):
+ if dryMode == False:
+ log("[I] Database " + db_name + " already exists.","info")
else:
- log("[I] Database does not exist! Creating database : " + db_name,"info")
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb')
- query = get_cmd + " -c \; -query \"create database %s;\"" %(db_name)
- ret = subprocess.check_call(shlex.split(query))
- if ret != 0:
- log("[E] Database creation failed!!","error")
- sys.exit(1)
- else:
- if self.verify_db(root_user, db_root_password, db_name):
- self.create_user(root_user, db_name ,db_user, db_password, db_root_password)
- log("[I] Creating database " + db_name + " succeeded", "info")
- return True
-# self.import_db_file(db_name, root_user, db_user, db_password, db_root_password, file_name)
- else:
- log("[E] Database creation failed!!","error")
+ if dryMode == False:
+ log("[I] Database does not exist. Creating database : " + db_name,"info")
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb')
+ query = get_cmd + " -c \; -query \"create database %s;\"" %(db_name)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret != 0:
+ log("[E] Database creation failed..","error")
sys.exit(1)
+ else:
+ if self.verify_db(root_user, db_root_password, db_name,dryMode):
+ self.create_user(root_user, db_name ,db_user, db_password, db_root_password,dryMode)
+ log("[I] Creating database " + db_name + " succeeded", "info")
+ return True
+ # self.import_db_file(db_name, root_user, db_user, db_password, db_root_password, file_name)
+ else:
+ log("[E] Database creation failed..","error")
+ sys.exit(1)
+ else:
+ logFile("create database %s;" %(db_name))
-
- def create_user(self, root_user, db_name ,db_user, db_password, db_root_password):
+ def create_user(self, root_user, db_name ,db_user, db_password, db_root_password,dryMode):
get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb')
query = get_cmd + " -c \; -query \"USE %s SELECT name FROM sys.database_principals WHERE name = N'%s';\"" %(db_name, db_user)
output = check_output(shlex.split(query))
if output.strip(db_user + " |"):
- log("[I] User "+db_user+" exist ","info")
+ if dryMode == False:
+ log("[I] User "+db_user+" exist ","info")
else:
- query = get_cmd + " -c \; -query \"USE %s CREATE USER %s for LOGIN %s;\"" %(db_name ,db_user, db_user)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- query = get_cmd + " -c \; -query \"USE %s SELECT name FROM sys.database_principals WHERE name = N'%s';\"" %(db_name ,db_user)
- output = check_output(shlex.split(query))
- if output.strip(db_user + " |"):
- log("[I] User "+db_user+" exist ","info")
+ if dryMode == False:
+ query = get_cmd + " -c \; -query \"USE %s CREATE USER %s for LOGIN %s;\"" %(db_name ,db_user, db_user)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret == 0:
+ query = get_cmd + " -c \; -query \"USE %s SELECT name FROM sys.database_principals WHERE name = N'%s';\"" %(db_name ,db_user)
+ output = check_output(shlex.split(query))
+ if output.strip(db_user + " |"):
+ log("[I] User "+db_user+" exist ","info")
+ else:
+ log("[E] Database creation failed..","error")
+ sys.exit(1)
else:
- log("[E] Database creation failed!!","error")
+ log("[E] Database creation failed..","error")
sys.exit(1)
else:
- log("[E] Database creation failed!!","error")
- sys.exit(1)
-
-
- def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, True):
- log("[I] Granting permission to admin user '" + db_user + "' on db '" + db_name + "'" , "info")
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb')
- query = get_cmd + " -c \; -query \"ALTER LOGIN [%s] WITH DEFAULT_DATABASE=[%s];\"" %(db_user, db_name)
- ret = subprocess.check_call(shlex.split(query))
- if ret != 0:
- sys.exit(1)
- query = get_cmd + " -c \; -query \" USE %s EXEC sp_addrolemember N'db_owner', N'%s';\"" %(db_name, db_user)
-# query = get_cmd + " -c \; -query \" USE %s GRANT ALL PRIVILEGES to %s;\"" %(db_name , db_user)
- ret = subprocess.check_call(shlex.split(query))
- if ret != 0:
- sys.exit(1)
+ logFile("USE %s CREATE USER %s for LOGIN %s;" %(db_name ,db_user, db_user))
+ def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, is_revoke,dryMode):
+ if dryMode == False:
+ log("[I] Granting permission to admin user '" + db_user + "' on db '" + db_name + "'" , "info")
+ get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb')
+ query = get_cmd + " -c \; -query \"ALTER LOGIN [%s] WITH DEFAULT_DATABASE=[%s];\"" %(db_user, db_name)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret != 0:
+ sys.exit(1)
+ query = get_cmd + " -c \; -query \" USE %s EXEC sp_addrolemember N'db_owner', N'%s';\"" %(db_name, db_user)
+ # query = get_cmd + " -c \; -query \" USE %s GRANT ALL PRIVILEGES to %s;\"" %(db_name , db_user)
+ ret = subprocess.check_call(shlex.split(query))
+ if ret != 0:
+ sys.exit(1)
+ else:
+ logFile("ALTER LOGIN [%s] WITH DEFAULT_DATABASE=[%s];" %(db_user, db_name))
+ logFile("USE %s EXEC sp_addrolemember N'db_owner', N'%s';" %(db_name, db_user))
- def create_auditdb_user(self, xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE):
+ def create_auditdb_user(self, xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE,dryMode):
+ is_revoke=False
if DBA_MODE == "TRUE":
- log("[I] --------- Setup audit user --------- ","info")
- self.create_rangerdb_user(audit_db_root_user, db_user, db_password, audit_db_root_password)
+ if dryMode == False:
+ log("[I] ---------- Setup audit user ---------- ","info")
+ self.create_rangerdb_user(audit_db_root_user, db_user, db_password, audit_db_root_password,dryMode)
#log("[I] --------- Setup audit user --------- ","info")
- self.create_rangerdb_user(audit_db_root_user, audit_db_user, audit_db_password, audit_db_root_password)
- self.create_db(audit_db_root_user, audit_db_root_password ,audit_db_name, audit_db_user, audit_db_password)
- self.create_user(xa_db_root_user, audit_db_name ,db_user, db_password, xa_db_root_password)
- self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, True)
+ self.create_rangerdb_user(audit_db_root_user, audit_db_user, audit_db_password, audit_db_root_password,dryMode)
+ self.create_db(audit_db_root_user, audit_db_root_password ,audit_db_name, audit_db_user, audit_db_password,dryMode)
+ self.create_user(xa_db_root_user, audit_db_name ,db_user, db_password, xa_db_root_password,dryMode)
+ self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, is_revoke,dryMode)
def main(argv):
-
- quiteMode = False
- if len(argv) > 1 and str(argv[1]) == "-q":
- #print str(argv)
- quiteMode = True
- populate_global_dict()
-
- print "Running DBA setup script. QuiteMode:" + str(quiteMode)
-
+
FORMAT = '%(asctime)-15s %(message)s'
logging.basicConfig(format=FORMAT, level=logging.DEBUG)
-
DBA_MODE = 'TRUE'
- if (quiteMode):
- JAVA_BIN=globalDict['JAVA_BIN']
+ quiteMode = False
+ dryMode=False
+ is_revoke=False
+
+ if len(argv) > 1:
+ for i in range(len(argv)):
+ if str(argv[i]) == "-q":
+ quiteMode = True
+ populate_global_dict()
+ if str(argv[i]) == "-d":
+ index=i+1
+ try:
+ dba_sql_file=str(argv[index])
+ if dba_sql_file == "":
+ log("[E] Invalid input! Provide file path to write DBA scripts:","error")
+ sys.exit(1)
+ except IndexError:
+ log("[E] Invalid input! Provide file path to write DBA scripts:","error")
+ sys.exit(1)
+
+ if not dba_sql_file == "":
+ if not os.path.exists(dba_sql_file):
+ log("[I] Creating File:"+dba_sql_file,"info")
+ open(dba_sql_file, 'w').close()
+ else:
+ log("[I] File "+dba_sql_file+ " is available.","info")
+
+ if os.path.isfile(dba_sql_file):
+ dryMode=True
+ globalDict["dryMode"]=True
+ globalDict["dryModeOutputFile"]=dba_sql_file
+ else:
+ log("[E] Invalid file Name! Unable to find file:"+dba_sql_file,"error")
+ sys.exit(1)
+
+ log("[I] Running DBA setup script. QuiteMode:" + str(quiteMode),"info")
+ if (quiteMode):
+ JAVA_BIN=globalDict['JAVA_BIN']
else:
- if os.environ['JAVA_HOME'] == "":
- log("[E] --------- JAVA_HOME environment property not defined, aborting installation! ---------", "error")
- sys.exit(1)
- JAVA_BIN=os.environ['JAVA_HOME']+'/bin/java'
- while os.path.isfile(JAVA_BIN) == False:
- log("Enter java executable path: :","info")
- JAVA_BIN=raw_input()
- #print "Using Java:" + str(JAVA_BIN)
-
- if (quiteMode):
- XA_DB_FLAVOR=globalDict['DB_FLAVOR']
- AUDIT_DB_FLAVOR=globalDict['DB_FLAVOR']
- else:
- XA_DB_FLAVOR=''
- while XA_DB_FLAVOR == "":
- log("Enter db flavour{MYSQL|ORACLE|POSTGRES|SQLSERVER} :","info")
- XA_DB_FLAVOR=raw_input()
- AUDIT_DB_FLAVOR = XA_DB_FLAVOR
- XA_DB_FLAVOR = XA_DB_FLAVOR.upper()
- AUDIT_DB_FLAVOR = AUDIT_DB_FLAVOR.upper()
- #print "XA_DB_FLAVOR:" + str(XA_DB_FLAVOR)
- #print "AUDIT_DB_FLAVOR:" + str(AUDIT_DB_FLAVOR)
-
- if (quiteMode):
- CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR']
- else:
- #CONNECTOR_JAR=''
- if XA_DB_FLAVOR == "MYSQL" or XA_DB_FLAVOR == "ORACLE" or XA_DB_FLAVOR == "POSTGRES" or XA_DB_FLAVOR == "SQLSERVER":
- log("Enter JDBC connector file for :"+XA_DB_FLAVOR,"info")
- CONNECTOR_JAR=raw_input()
- while os.path.isfile(CONNECTOR_JAR) == False:
- log("JDBC connector file "+CONNECTOR_JAR+" does not exist, Please enter connector path :","error")
- CONNECTOR_JAR=raw_input()
- else:
- log("[E] --------- NO SUCH SUPPORTED DB FLAVOUR!! ---------", "error")
- sys.exit(1)
-
- if (quiteMode):
- xa_db_host = globalDict['db_host']
- audit_db_host = globalDict['db_host']
+ if os.environ['JAVA_HOME'] == "":
+ log("[E] ---------- JAVA_HOME environment property not defined, aborting installation. ----------", "error")
+ sys.exit(1)
+ JAVA_BIN=os.environ['JAVA_HOME']+'/bin/java'
+ while os.path.isfile(JAVA_BIN) == False:
+ log("Enter java executable path: :","info")
+ JAVA_BIN=raw_input()
+ log("[I] Using Java:" + str(JAVA_BIN),"info")
+
+ if (quiteMode):
+ XA_DB_FLAVOR=globalDict['DB_FLAVOR']
+ AUDIT_DB_FLAVOR=globalDict['DB_FLAVOR']
+ else:
+ XA_DB_FLAVOR=''
+ while XA_DB_FLAVOR == "":
+ log("Enter db flavour{MYSQL|ORACLE|POSTGRES|SQLSERVER} :","info")
+ XA_DB_FLAVOR=raw_input()
+ AUDIT_DB_FLAVOR = XA_DB_FLAVOR
+ XA_DB_FLAVOR = XA_DB_FLAVOR.upper()
+ AUDIT_DB_FLAVOR = AUDIT_DB_FLAVOR.upper()
+
+ log("[I] DB FLAVOR:" + str(XA_DB_FLAVOR),"info")
+
+ if (quiteMode):
+ CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR']
else:
- xa_db_host=''
- while xa_db_host == "":
- log("Enter DB Host :","info")
- xa_db_host=raw_input()
- audit_db_host=xa_db_host
- #print "xa_db_host:" + str(xa_db_host)
- #print "audit_db_host:" + str(audit_db_host)
+ if XA_DB_FLAVOR == "MYSQL" or XA_DB_FLAVOR == "ORACLE" or XA_DB_FLAVOR == "POSTGRES" or XA_DB_FLAVOR == "SQLSERVER":
+ log("Enter JDBC connector file for :"+XA_DB_FLAVOR,"info")
+ CONNECTOR_JAR=raw_input()
+ while os.path.isfile(CONNECTOR_JAR) == False:
+ log("JDBC connector file "+CONNECTOR_JAR+" does not exist, Please enter connector path :","error")
+ CONNECTOR_JAR=raw_input()
+ else:
+ log("[E] ---------- NO SUCH SUPPORTED DB FLAVOUR.. ----------", "error")
+ sys.exit(1)
+
+ if (quiteMode):
+ xa_db_host = globalDict['db_host']
+ audit_db_host = globalDict['db_host']
+ else:
+ xa_db_host=''
+ while xa_db_host == "":
+ log("Enter DB Host :","info")
+ xa_db_host=raw_input()
+ audit_db_host=xa_db_host
+ log("[I] DB Host:" + str(xa_db_host),"info")
+
+ if (quiteMode):
+ xa_db_root_user = globalDict['db_root_user']
+ xa_db_root_password = globalDict['db_root_password']
+ else:
+ xa_db_root_user=''
+ while xa_db_root_user == "":
+ log("Enter db root user:","info")
+ xa_db_root_user=raw_input()
+ log("Enter db root password:","info")
+ xa_db_root_password = getpass.getpass("Enter db root password:")
+
+ if (quiteMode):
+ db_name = globalDict['db_name']
+ else:
+ db_name = ''
+ while db_name == "":
+ log("Enter DB Name :","info")
+ db_name=raw_input()
+
+ if (quiteMode):
+ db_user = globalDict['db_user']
+ else:
+ db_user=''
+ while db_user == "":
+ log("Enter db user name:","info")
+ db_user=raw_input()
+
+ if (quiteMode):
+ db_password = globalDict['db_password']
+ else:
+ db_password=''
+ while db_password == "":
+ log("Enter db user password:","info")
+ db_password = getpass.getpass("Enter db user password:")
+
+ if (quiteMode):
+ audit_db_name = globalDict['audit_db_name']
+ else:
+ audit_db_name=''
+ while audit_db_name == "":
+ log("Enter audit db name:","info")
+ audit_db_name = raw_input()
+
+ if (quiteMode):
+ audit_db_user = globalDict['audit_db_user']
+ else:
+ audit_db_user=''
+ while audit_db_user == "":
+ log("Enter audit user name:","info")
+ audit_db_user = raw_input()
+
+ if (quiteMode):
+ audit_db_password = globalDict['audit_db_password']
+ else:
+ audit_db_password=''
+ while audit_db_password == "":
+ log("Enter audit db user password:","info")
+ audit_db_password = getpass.getpass("Enter audit db user password:")
+
+ audit_db_root_user = xa_db_root_user
+ audit_db_root_password = xa_db_root_password
+ #audit_db_root_user = globalDict['db_root_user']
+ #audit_db_root_password = globalDict['db_root_password']
+ #print "Enter audit_db_root_password :"
+ #log("Enter audit db root user:","info")
+ #audit_db_root_user = raw_input()
+ #log("Enter db root password:","info")
+ #xa_db_root_password = raw_input()
mysql_dbversion_catalog = 'db/mysql/create_dbversion_catalog.sql'
#mysql_core_file = globalDict['mysql_core_file']
@@ -829,81 +1034,10 @@ def main(argv):
sqlserver_audit_file = 'db/sqlserver/xa_audit_db_sqlserver.sql'
sqlserver_patches = 'db/sqlserver/patches'
-
- if (quiteMode):
- xa_db_root_user = globalDict['db_root_user']
- xa_db_root_password = globalDict['db_root_password']
- else:
- xa_db_root_user=''
- while xa_db_root_user == "":
- log("Enter db root user:","info")
- xa_db_root_user=raw_input()
-
- log("Enter db root password:","info")
- xa_db_root_password = getpass.getpass("Enter db root password:")
-
- if (quiteMode):
- db_name = globalDict['db_name']
- else:
- db_name = ''
- while db_name == "":
- log("Enter DB Name :","info")
- db_name=raw_input()
-
- if (quiteMode):
- db_user = globalDict['db_user']
- else:
- db_user=''
- while db_user == "":
- log("Enter db user name:","info")
- db_user=raw_input()
-
- if (quiteMode):
- db_password = globalDict['db_password']
- else:
- db_password=''
- while db_password == "":
- log("Enter db user password:","info")
- db_password = getpass.getpass("Enter db user password:")
-
x_db_version = 'x_db_version_h'
xa_access_audit = 'xa_access_audit'
x_user = 'x_portal_user'
- if (quiteMode):
- audit_db_name = globalDict['audit_db_name']
- else:
- audit_db_name=''
- while audit_db_name == "":
- log("Enter audit db name:","info")
- audit_db_name = raw_input()
-
- if (quiteMode):
- audit_db_user = globalDict['audit_db_user']
- else:
- audit_db_user=''
- while audit_db_user == "":
- log("Enter audit user name:","info")
- audit_db_user = raw_input()
-
- if (quiteMode):
- audit_db_password = globalDict['audit_db_password']
- else:
- audit_db_password=''
- while audit_db_password == "":
- log("Enter audit db user password:","info")
- audit_db_password = getpass.getpass("Enter audit db user password:")
-
- audit_db_root_user = xa_db_root_user
- audit_db_root_password = xa_db_root_password
- #audit_db_root_user = globalDict['db_root_user']
- #audit_db_root_password = globalDict['db_root_password']
- #print "Enter audit_db_root_password :"
-# log("Enter audit db root user:","info")
-# audit_db_root_user = raw_input()
-# log("Enter db root password:","info")
-# xa_db_root_password = raw_input()
-
if XA_DB_FLAVOR == "MYSQL":
#MYSQL_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR']
#MYSQL_CONNECTOR_JAR='/usr/share/java/mysql-connector-java.jar'
@@ -912,9 +1046,9 @@ def main(argv):
xa_db_version_file = os.path.join(os.getcwd(),mysql_dbversion_catalog)
xa_db_core_file = os.path.join(os.getcwd(),mysql_core_file)
xa_patch_file = os.path.join(os.getcwd(),mysql_patches)
-
+
elif XA_DB_FLAVOR == "ORACLE":
-# ORACLE_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR']
+ #ORACLE_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR']
#ORACLE_CONNECTOR_JAR='/usr/share/java/ojdbc6.jar'
ORACLE_CONNECTOR_JAR=CONNECTOR_JAR
xa_db_root_user = xa_db_root_user+" AS SYSDBA"
@@ -924,7 +1058,7 @@ def main(argv):
xa_patch_file = os.path.join(os.getcwd(),oracle_patches)
elif XA_DB_FLAVOR == "POSTGRES":
-# POSTGRES_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
+ #POSTGRES_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
#POSTGRES_CONNECTOR_JAR='/usr/share/java/postgresql.jar'
POSTGRES_CONNECTOR_JAR=CONNECTOR_JAR
xa_sqlObj = PostgresConf(xa_db_host, POSTGRES_CONNECTOR_JAR, JAVA_BIN)
@@ -933,7 +1067,7 @@ def main(argv):
xa_patch_file = os.path.join(os.getcwd(),postgres_patches)
elif XA_DB_FLAVOR == "SQLSERVER":
-# SQLSERVER_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
+ #SQLSERVER_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
#SQLSERVER_CONNECTOR_JAR='/usr/share/java/sqljdbc4-2.0.jar'
SQLSERVER_CONNECTOR_JAR=CONNECTOR_JAR
xa_sqlObj = SqlServerConf(xa_db_host, SQLSERVER_CONNECTOR_JAR, JAVA_BIN)
@@ -941,11 +1075,11 @@ def main(argv):
xa_db_core_file = os.path.join(os.getcwd(),sqlserver_core_file)
xa_patch_file = os.path.join(os.getcwd(),sqlserver_patches)
else:
- log("[E] --------- NO SUCH SUPPORTED DB FLAVOUR!! ---------", "error")
+ log("[E] ---------- NO SUCH SUPPORTED DB FLAVOUR.. ----------", "error")
sys.exit(1)
if AUDIT_DB_FLAVOR == "MYSQL":
-# MYSQL_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR']
+ #MYSQL_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR']
#MYSQL_CONNECTOR_JAR='/usr/share/java/mysql-connector-java.jar'
MYSQL_CONNECTOR_JAR=CONNECTOR_JAR
audit_sqlObj = MysqlConf(audit_db_host,MYSQL_CONNECTOR_JAR,JAVA_BIN)
@@ -973,20 +1107,29 @@ def main(argv):
audit_sqlObj = SqlServerConf(audit_db_host, SQLSERVER_CONNECTOR_JAR, JAVA_BIN)
audit_db_file = os.path.join(os.getcwd(),sqlserver_audit_file)
else:
- log("[E] --------- NO SUCH SUPPORTED DB FLAVOUR!! ---------", "error")
+ log("[E] ---------- NO SUCH SUPPORTED DB FLAVOUR.. ----------", "error")
sys.exit(1)
# Methods Begin
if DBA_MODE == "TRUE" :
- log("[I] --------- Creating Ranger Admin db user --------- ","info")
- xa_sqlObj.create_rangerdb_user(xa_db_root_user, db_user, db_password, xa_db_root_password)
- log("[I] --------- Creating Ranger Admin database ---------","info")
- xa_sqlObj.create_db(xa_db_root_user, xa_db_root_password, db_name, db_user, db_password)
- log("[I] --------- Granting permission to Ranger Admin db user ---------","info")
- xa_sqlObj.grant_xa_db_user(xa_db_root_user, db_name, db_user, db_password, xa_db_root_password, True)
-
- # Ranger Admin DB Host AND Ranger Audit DB Host are Different OR Same
- log("[I] --------- Verifying/Creating audit user --------- ","info")
- audit_sqlObj.create_auditdb_user(xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE)
- log("[I] --------- Ranger Policy Manager DB and User Creation Process Completed.. --------- ","info")
+ if (dryMode==True):
+ log("[I] Dry run mode:"+str(dryMode),"info")
+ log("[I] Logging DBA Script in file:"+str(globalDict["dryModeOutputFile"]),"info")
+ logFile("===============================================\n")
+ xa_sqlObj.create_rangerdb_user(xa_db_root_user, db_user, db_password, xa_db_root_password,dryMode)
+ xa_sqlObj.create_db(xa_db_root_user, xa_db_root_password, db_name, db_user, db_password,dryMode)
+ xa_sqlObj.grant_xa_db_user(xa_db_root_user, db_name, db_user, db_password, xa_db_root_password, is_revoke,dryMode)
+ audit_sqlObj.create_auditdb_user(xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE,dryMode)
+ logFile("===============================================\n")
+ if (dryMode==False):
+ log("[I] ---------- Creating Ranger Admin db user ---------- ","info")
+ xa_sqlObj.create_rangerdb_user(xa_db_root_user, db_user, db_password, xa_db_root_password,dryMode)
+ log("[I] ---------- Creating Ranger Admin database ----------","info")
+ xa_sqlObj.create_db(xa_db_root_user, xa_db_root_password, db_name, db_user, db_password,dryMode)
+ log("[I] ---------- Granting permission to Ranger Admin db user ----------","info")
+ xa_sqlObj.grant_xa_db_user(xa_db_root_user, db_name, db_user, db_password, xa_db_root_password, is_revoke,dryMode)
+ # Ranger Admin DB Host AND Ranger Audit DB Host are Different OR Same
+ log("[I] ---------- Verifying/Creating audit user --------- ","info")
+ audit_sqlObj.create_auditdb_user(xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE,dryMode)
+ log("[I] ---------- Ranger Policy Manager DB and User Creation Process Completed.. ---------- ","info")
main(sys.argv)
[2/2] incubator-ranger git commit: RANGER-302: Fix privilege issue
for audit user, Add dry run mode, Remove revoke statements
Posted by ve...@apache.org.
RANGER-302: Fix privilege issue for audit user, Add dry run mode, Remove revoke statements
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/dc49a1a4
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/dc49a1a4
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/dc49a1a4
Branch: refs/heads/master
Commit: dc49a1a495794fa7140b335f9a4a5298d3fa3b3d
Parents: bb0bdce
Author: Velmurugan Periasamy <ve...@apache.org>
Authored: Tue Mar 24 15:06:35 2015 -0400
Committer: Velmurugan Periasamy <ve...@apache.org>
Committed: Tue Mar 24 15:06:35 2015 -0400
----------------------------------------------------------------------
security-admin/scripts/db_setup.py | 726 +----------------
security-admin/scripts/dba_script.py | 1209 ++++++++++++++++-------------
2 files changed, 702 insertions(+), 1233 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/dc49a1a4/security-admin/scripts/db_setup.py
----------------------------------------------------------------------
diff --git a/security-admin/scripts/db_setup.py b/security-admin/scripts/db_setup.py
index aa9d73e..09a7b57 100644
--- a/security-admin/scripts/db_setup.py
+++ b/security-admin/scripts/db_setup.py
@@ -50,7 +50,6 @@ def populate_global_dict():
if re.search('=', each_line):
key , value = each_line.strip().split("=",1)
key = key.strip()
-
if 'PASSWORD' in key:
jceks_file_path = os.path.join(os.getenv('RANGER_HOME'), 'jceks','ranger_db.jceks')
statuscode,value = call_keystore(library_path,key,'',jceks_file_path,'get')
@@ -62,15 +61,9 @@ def populate_global_dict():
class BaseDB(object):
- def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password):
- log("[I] ---------- Creating user ----------", "info")
-
def check_connection(self, db_name, db_user, db_password):
log("[I] ---------- Verifying DB connection ----------", "info")
- def create_db(self, root_user, db_root_password, db_name, db_user, db_password):
- log("[I] ---------- Verifying database ----------", "info")
-
def check_table(self, db_name, db_user, db_password, TABLE_NAME):
log("[I] ---------- Verifying table ----------", "info")
@@ -96,11 +89,10 @@ class BaseDB(object):
else:
log("[I] No patches to apply!","info")
- def create_auditdb_user(self, xa_db_host , audit_db_host , db_name ,audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, file_name, TABLE_NAME):
+ def auditdb_operation(self, xa_db_host , audit_db_host , db_name ,audit_db_name, db_user, audit_db_user, db_password, audit_db_password, file_name, TABLE_NAME):
log("[I] ----------------- Create audit user ------------", "info")
-
class MysqlConf(BaseDB):
# Constructor
def __init__(self, host,SQL_CONNECTOR_JAR,JAVA_BIN):
@@ -109,19 +101,9 @@ class MysqlConf(BaseDB):
self.JAVA_BIN = JAVA_BIN
def get_jisql_cmd(self, user, password ,db_name):
- #TODO: User array for forming command
jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN,self.SQL_CONNECTOR_JAR,self.host,db_name,user,password)
return jisql_cmd
- def verify_user(slef, root_user, db_root_password, host, db_user, get_cmd):
- log("[I] Verifying user " + db_user , "info")
- query = get_cmd + " -query \"select user from mysql.user where user='%s' and host='%s';\"" %(db_user,host)
- output = check_output(shlex.split(query))
- if output.strip(db_user + " |"):
- return True
- else:
- return False
-
def check_connection(self, db_name, db_user, db_password):
log("[I] Checking connection..", "info")
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
@@ -132,152 +114,22 @@ class MysqlConf(BaseDB):
return True
else:
log("[E] Can't establish connection!! Exiting.." ,"error")
+ log("[I] Please run DB setup first or contact Administrator.." ,"info")
sys.exit(1)
- def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password):
- if self.check_connection('mysql', root_user, db_root_password):
- hosts_arr =["%", "localhost"]
- for host in hosts_arr:
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql')
- if self.verify_user(root_user, db_root_password, host, db_user, get_cmd):
- log("[I] MySQL user " + db_user + " already exists for host " + host, "info")
- else:
- log("[I] MySQL user " + db_user + " does not exists for host " + host, "info")
- if db_password == "":
- query = get_cmd + " -query \"create user '%s'@'%s';\"" %(db_user, host)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- if self.verify_user(root_user, db_root_password, host, db_user, get_cmd):
- log("[I] MySQL user " + db_user +" created for host " + host ,"info")
- else:
- log("[E] Creating MySQL user " + db_user +" failed","error")
- sys.exit(1)
- else:
- query = get_cmd + " -query \"create user '%s'@'%s' identified by '%s';\"" %(db_user, host, db_password)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- if self.verify_user(root_user, db_root_password, host, db_user, get_cmd):
- log("[I] MySQL user " + db_user +" created for host " + host ,"info")
- else:
- log("[E] Creating MySQL user " + db_user +" failed","error")
- sys.exit(1)
- else:
- log("[E] Creating MySQL user " + db_user +" failed","error")
- sys.exit(1)
-
-
- def verify_db(self, root_user, db_root_password, db_name):
- log("[I] Verifying database " + db_name , "info")
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql')
- query = get_cmd + " -query \"show databases like '%s';\"" %(db_name)
- output = check_output(shlex.split(query))
- if output.strip(db_name + " |"):
- return True
- else:
- return False
-
-
- def create_db(self, root_user, db_root_password, db_name, db_user, db_password):
- if self.verify_db(root_user, db_root_password, db_name):
- log("[I] Database "+db_name + " already exists.","info")
- else:
- log("[I] Database does not exist! Creating database " + db_name,"info")
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql')
- query = get_cmd + " -query \"create database %s;\"" %(db_name)
- ret = subprocess.check_call(shlex.split(query))
- if ret != 0:
- log("[E] Database creation failed!!","error")
- sys.exit(1)
- else:
- if self.verify_db(root_user, db_root_password, db_name):
- log("[I] Creating database " + db_name + " succeeded", "info")
- return True
- else:
- log("[E] Database creation failed!!","error")
- sys.exit(1)
-
-
- def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, is_revoke):
- hosts_arr =["%", "localhost"]
- for host in hosts_arr:
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql')
- if self.verify_user(root_user, db_root_password, host, db_user, get_cmd):
- log("[I] MySQL user " + db_user + " exists for host " + host, "info")
- else:
- log("[I] MySQL user " + db_user + " does not exists for host " + host, "error")
- sys.exit(E)
- if self.verify_db(root_user, db_root_password, db_name):
- log("[I] Database "+db_name + " exists!","info")
- else:
- log("[I] Database "+db_name + " does not exists!","error")
- sys.exit(E)
-
- if is_revoke:
- for host in hosts_arr:
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql')
- query = get_cmd + " -query \"REVOKE ALL PRIVILEGES,GRANT OPTION FROM '%s'@'%s';\"" %(db_user, host)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- query = get_cmd + " -query \"FLUSH PRIVILEGES;\""
- ret = subprocess.check_call(shlex.split(query))
- if ret != 0:
- sys.exit(1)
- else:
- sys.exit(1)
-
- for host in hosts_arr:
- log("[I] ---------------Granting privileges TO user '"+db_user+"'@'"+host+"' on db '"+db_name+"'-------------" , "info")
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql')
- query = get_cmd + " -query \"grant all privileges on %s.* to '%s'@'%s' with grant option;\"" %(db_name,db_user, host)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- log("[I] ---------------FLUSH PRIVILEGES -------------" , "info")
- query = get_cmd + " -query \"FLUSH PRIVILEGES;\""
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- log("[I] Privileges granted to '" + db_user + "' on '"+db_name+"'", "info")
- else:
- log("[E] Granting privileges to '" +db_user+"' failed on '"+db_name+"'", "error")
- sys.exit(1)
- else:
- log("[E] Granting privileges to '" +db_user+"' failed on '"+db_name+"'", "error")
- sys.exit(1)
-
-
- def grant_audit_db_user(self, audit_root_user, audit_db_name, audit_db_user, audit_db_password, audit_db_root_password,TABLE_NAME, is_revoke):
+ def grant_audit_db_user(self, db_user, audit_db_name, audit_db_user, audit_db_password, db_password,TABLE_NAME):
hosts_arr =["%", "localhost"]
- if is_revoke == True:
- for host in hosts_arr:
- get_cmd = self.get_jisql_cmd(audit_root_user, audit_db_root_password, 'mysql')
- query = get_cmd + " -query \"REVOKE ALL PRIVILEGES,GRANT OPTION FROM '%s'@'%s';\"" %(audit_db_user, host)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- query = get_cmd + " -query \"FLUSH PRIVILEGES;\""
- ret = subprocess.check_call(shlex.split(query))
- if ret != 0:
- sys.exit(1)
- else:
- sys.exit(1)
-
for host in hosts_arr:
log("[I] ---------------Granting privileges TO '"+ audit_db_user + "' on '" + audit_db_name+"'-------------" , "info")
- get_cmd = self.get_jisql_cmd(audit_root_user, audit_db_root_password, 'mysql')
+ get_cmd = self.get_jisql_cmd(db_user, db_password, audit_db_name)
query = get_cmd + " -query \"GRANT INSERT ON %s.%s TO '%s'@'%s';\"" %(audit_db_name,TABLE_NAME,audit_db_user,host)
ret = subprocess.check_call(shlex.split(query))
if ret == 0:
- get_cmd = self.get_jisql_cmd(audit_root_user, audit_db_root_password, 'mysql')
- query = get_cmd + " -query \"FLUSH PRIVILEGES;\""
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- log("[I] Granting privileges to '" + audit_db_user+"' done on '"+ audit_db_name+"'", "info")
- else:
- log("[E] Granting privileges to '" +audit_db_user+"' failed on '" + audit_db_name+"'", "error")
- sys.exit(1)
+ log("[I] Granting privileges to '" + audit_db_user+"' done on '"+ audit_db_name+"'", "info")
else:
- log("[E] Granting privileges to '" + audit_db_user+"' failed on '" + audit_db_name+"'", "error")
+ log("[E] Granting privileges to '" +audit_db_user+"' failed on '" + audit_db_name+"'", "error")
sys.exit(1)
-
def import_db_file(self, db_name, db_user, db_password, file_name):
name = basename(file_name)
if os.path.isfile(file_name):
@@ -294,7 +146,6 @@ class MysqlConf(BaseDB):
log("[E] DB schema file " + name+ " not found","error")
sys.exit(1)
-
def import_db_patches(self, db_name, db_user, db_password, file_name):
name = basename(file_name)
if os.path.isfile(file_name):
@@ -325,7 +176,6 @@ class MysqlConf(BaseDB):
log("[I] Import " +name + " file not found","error")
sys.exit(1)
-
def check_table(self, db_name, db_user, db_password, TABLE_NAME):
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
query = get_cmd + " -query \"show tables like '%s';\"" %(TABLE_NAME)
@@ -337,39 +187,14 @@ class MysqlConf(BaseDB):
log("[I] Table " + TABLE_NAME +" does not exist in database " + db_name + "","info")
return False
- def create_auditdb_user(self, xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, file_name, TABLE_NAME, DBA_MODE):
- if DBA_MODE == "TRUE" :
- log("[I] --------- Setup audit user ---------","info")
- self.create_rangerdb_user(audit_db_root_user, audit_db_user, audit_db_password, audit_db_root_password)
- hosts_arr =["%", "localhost"]
- for host in hosts_arr:
- get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password ,'mysql')
- query = get_cmd + " -query \"REVOKE ALL PRIVILEGES,GRANT OPTION FROM '%s'@'%s';\"" %(audit_db_user, host)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- query = get_cmd + " -query \"FLUSH PRIVILEGES;\""
- ret = subprocess.check_call(shlex.split(query))
- if ret != 0:
- sys.exit(1)
- else:
- sys.exit(1)
- self.create_db(audit_db_root_user, audit_db_root_password, audit_db_name, db_user, db_password)
- self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, False)
-
- log("[I] --------- Check admin user connection ---------","info")
+ def auditdb_operation(self, xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, file_name, TABLE_NAME):
+ log("[I] --------- Check ranger user connection ---------","info")
self.check_connection(audit_db_name, db_user, db_password)
- #log("[I] --------- Check audit user connection ---------","info")
- #self.check_connection(audit_db_name, audit_db_user, audit_db_password)
log("[I] --------- Check audit table exists --------- ","info")
output = self.check_table(audit_db_name, db_user, db_password, TABLE_NAME)
if output == False:
self.import_db_file(audit_db_name ,db_user, db_password, file_name)
- if DBA_MODE == "TRUE":
- if audit_db_user == db_user:
- is_revoke = False
- else:
- is_revoke = True
- self.grant_audit_db_user(audit_db_root_user, audit_db_name, audit_db_user, audit_db_password, audit_db_root_password,TABLE_NAME, is_revoke)
+ self.grant_audit_db_user(db_user, audit_db_name, audit_db_user, audit_db_password, db_password,TABLE_NAME)
class OracleConf(BaseDB):
@@ -380,7 +205,6 @@ class OracleConf(BaseDB):
self.JAVA_BIN = JAVA_BIN
def get_jisql_cmd(self, user, password):
- #TODO: User array for forming command
jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@%s -u '%s' -p '%s' -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, self.host, user, password)
return jisql_cmd
@@ -396,209 +220,8 @@ class OracleConf(BaseDB):
log("[E] Can't establish connection!", "error")
sys.exit(1)
- def verify_user(self, root_user, db_user, db_root_password):
- log("[I] Verifying user " + db_user ,"info")
- get_cmd = self.get_jisql_cmd(root_user, db_root_password)
- query = get_cmd + " -c \; -query \"select username from all_users where upper(username)=upper('%s');\"" %(db_user)
- output = check_output(shlex.split(query))
- if output.strip(db_user + " |"):
- return True
- else:
- return False
-
- def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password):
- if self.check_connection(self, root_user, db_root_password):
- if self.verify_user(root_user, db_user, db_root_password):
- log("[I] Oracle user " + db_user + " already exists!", "info")
- else:
- log("[I] User does not exists, Creating user : " + db_user, "info")
- get_cmd = self.get_jisql_cmd(root_user, db_root_password)
- query = get_cmd + " -c \; -query 'create user %s identified by \"%s\";'" %(db_user, db_password)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- if self.verify_user(root_user, db_user, db_root_password):
- log("[I] User " + db_user + " created", "info")
- log("[I] Granting permission to " + db_user, "info")
- query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- log("[I] Granting permissions to Oracle user '" + db_user + "' for %s done" %(self.host), "info")
- else:
- log("[E] Granting permissions to Oracle user '" + db_user + "' failed", "error")
- sys.exit(1)
- else:
- log("[E] Creating Oracle user '" + db_user + "' failed", "error")
- sys.exit(1)
- else:
- log("[E] Creating Oracle user '" + db_user + "' failed", "error")
- sys.exit(1)
-
- def verify_tablespace(self, root_user, db_root_password, db_name):
- log("[I] Verifying tablespace " + db_name, "info")
- get_cmd = self.get_jisql_cmd(root_user, db_root_password)
- query = get_cmd + " -c \; -query \"SELECT DISTINCT UPPER(TABLESPACE_NAME) FROM USER_TablespaceS where UPPER(Tablespace_Name)=UPPER(\'%s\');\"" %(db_name)
- output = check_output(shlex.split(query))
- if output.strip(db_name+' |'):
- return True
- else:
- return False
-
- def create_db(self, root_user, db_root_password, db_name, db_user, db_password):
- if self.verify_tablespace(root_user, db_root_password, db_name):
- log("[I] Tablespace " + db_name + " already exists.","info")
- if self.verify_user(root_user, db_user, db_root_password):
- get_cmd = self.get_jisql_cmd(db_user ,db_password)
- query = get_cmd + " -c \; -query 'select default_tablespace from user_users;'"
- output = check_output(shlex.split(query)).strip()
- db_name = db_name.upper() +' |'
- if output == db_name:
- log("[I] User name " + db_user + " and tablespace " + db_name + " already exists.","info")
- else:
- log("[E] "+db_user + " user already assigned some other tablespace , give some other DB name.","error")
- sys.exit(1)
- #status = self.assign_tablespace(root_user, db_root_password, db_user, db_password, db_name, False)
- #return status
- else:
- log("[I] Tablespace does not exist. Creating tablespace: " + db_name,"info")
- get_cmd = self.get_jisql_cmd(root_user, db_root_password)
- query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(db_name, db_name)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- if self.verify_tablespace(root_user, db_root_password, db_name):
- log("[I] Creating tablespace "+db_name+" succeeded", "info")
- status = self.assign_tablespace(root_user, db_root_password, db_user, db_password, db_name, True)
- return status
- else:
- log("[E] Creating tablespace "+db_name+" failed", "error")
- sys.exit(1)
- else:
- log("[E] Creating tablespace "+db_name+" failed", "error")
- sys.exit(1)
-
- def assign_tablespace(self, root_user, db_root_password, db_user, db_password, db_name, status):
- log("[I] Assign default tablespace " +db_name + " to " + db_user, "info")
- # Assign default tablespace db_name
- get_cmd = self.get_jisql_cmd(root_user , db_root_password)
- query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(db_user, db_password, db_name)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- log("[I] Granting permission to " + db_user, "info")
- query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- log("[I] Granting Oracle user '" + db_user + "' done", "info")
- return status
- else:
- log("[E] Granting Oracle user '" + db_user + "' failed", "error")
- sys.exit(1)
- else:
- log("[E] Assigning default tablespace to user '" + db_user + "' failed", "error")
- sys.exit(1)
-
-
- def import_audit_file_to_db(self, audit_db_root_user, db_name ,audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_db_root_password, file_name, TABLE_NAME):
- #Verifying Users
- if self.verify_user(audit_db_root_user, db_user, audit_db_root_password):
- log("[I] User " +db_user + " already exists.", "info")
- else:
- log("[E] User does not exist " + db_user, "error")
- sys.exit(1)
-
- if self.verify_user(audit_db_root_user, audit_db_user, audit_db_root_password):
- log("[I] User " +audit_db_user + " already exists.", "info")
- else:
- log("[E] User does not exist " + audit_db_user, "error")
- sys.exit(1)
-
- if self.verify_tablespace(audit_db_root_user, audit_db_root_password, audit_db_name):
- log("[I] Tablespace " + audit_db_name + " already exists.","info")
- status1 = True
- else:
- log("[I] Tablespace does not exist. Creating tablespace: " + audit_db_name,"info")
- get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password)
- query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(audit_db_name, audit_db_name)
- ret = subprocess.check_call(shlex.split(query))
- if ret != 0:
- log("[E] Tablespace creation failed!!","error")
- sys.exit(1)
- else:
- log("[I] Creating tablespace "+ audit_db_name + " succeeded", "info")
- status1 = True
-
- if self.verify_tablespace(audit_db_root_user, audit_db_root_password, db_name):
- log("[I] Tablespace " + db_name + " already exists.","info")
- status2 = True
- else:
- log("[I] Tablespace does not exist. Creating tablespace: " + db_name,"info")
- get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password)
- query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(db_name, db_name)
- ret = subprocess.check_call(shlex.split(query))
- if ret != 0:
- log("[E] Tablespace creation failed!!","error")
- sys.exit(1)
- else:
- log("[I] Creating tablespace "+ db_name + " succeeded", "info")
- status2 = True
-
- if (status1 == True and status2 == True):
- log("[I] Assign default tablespace " + db_name + " to : " + audit_db_user, "info")
- # Assign default tablespace db_name
- get_cmd = self.get_jisql_cmd(audit_db_root_user , audit_db_root_password)
- query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(audit_db_user, audit_db_password, db_name)
- ret1 = subprocess.check_call(shlex.split(query))
-
- log("[I] Assign default tablespace " + audit_db_name + " to : " + audit_db_user, "info")
- # Assign default tablespace audit_db_name
- get_cmd = self.get_jisql_cmd(audit_db_root_user , audit_db_root_password)
- query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(audit_db_user, audit_db_password, audit_db_name)
- ret2 = subprocess.check_call(shlex.split(query))
-
- if (ret1 == 0 and ret2 == 0):
- log("[I] Granting permission to " + db_user, "info")
- query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- return True
- else:
- log("[E] Granting Oracle user '" + db_user + "' failed", "error")
- sys.exit(1)
- else:
- return False
-
-
- def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, invoke):
- if self.verify_user(root_user, db_user, db_root_password):
- pass
- else:
- log("[E] User does not exist " + db_user, "error")
- sys.exit(1)
- if self.verify_tablespace(root_user, db_root_password, db_name):
- pass
- else:
- log("[E] Tablespace " + db_name + " does not exists.","error")
- sys.exit(1)
-
- get_cmd = self.get_jisql_cmd(root_user ,db_root_password)
- query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- log("[I] Granted permission to " + db_user, "info")
- return True
- else:
- log("[E] Granting Oracle user '" + db_user + "' failed", "error")
- sys.exit(1)
-
-
- def grant_audit_db_user(self, audit_db_root_user, audit_db_name ,db_user,audit_db_user,db_password,audit_db_password, audit_db_root_password):
- get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password)
- query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- log("[I] Granted permission to " + db_user, "info")
- return True
- else:
- log("[E] Granting Oracle user '" + db_user + "' failed", "error")
- sys.exit(1)
+ def grant_audit_db_user(self, audit_db_name ,db_user,audit_db_user,db_password,audit_db_password):
+ get_cmd = self.get_jisql_cmd(db_user, db_password)
query = get_cmd + " -c \; -query 'GRANT CREATE SESSION TO %s;'" % (audit_db_user)
ret = subprocess.check_call(shlex.split(query))
if ret != 0:
@@ -612,7 +235,6 @@ class OracleConf(BaseDB):
if ret != 0:
sys.exit(1)
-
def import_db_file(self, db_name, db_user, db_password, file_name):
name = basename(file_name)
if os.path.isfile(file_name):
@@ -659,8 +281,6 @@ class OracleConf(BaseDB):
log("[I] Patch file not found","error")
sys.exit(1)
-
-
def check_table(self, db_name, db_user, db_password, TABLE_NAME):
get_cmd = self.get_jisql_cmd(db_user ,db_password)
query = get_cmd + " -c \; -query 'select default_tablespace from user_users;'"
@@ -683,55 +303,7 @@ class OracleConf(BaseDB):
log("[E] "+db_user + " user already assigned to some other tablespace , provide different DB name.","error")
sys.exit(1)
-
- def create_auditdb_user(self, xa_db_host , audit_db_host , db_name ,audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, file_name, TABLE_NAME, DBA_MODE):
- if DBA_MODE == "TRUE":
- log("[I] --------- Setup audit user ---------","info")
- #self.create_rangerdb_user(audit_db_root_user, db_user, db_password, audit_db_root_password)
- if self.verify_user(audit_db_root_user, db_user, audit_db_root_password):
- log("[I] Oracle admin user " + db_user + " already exists!", "info")
- else:
- log("[I] User does not exists, Creating user " + db_user, "info")
- get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password)
- query = get_cmd + " -c \; -query 'create user %s identified by \"%s\";'" %(db_user, db_password)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- if self.verify_user(audit_db_root_user, db_user, audit_db_root_password):
- log("[I] User " + db_user + " created", "info")
- log("[I] Granting permission to " + db_user, "info")
- query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- log("[I] Granting permissions to Oracle user '" + db_user + "' for %s Done" %(self.host), "info")
- else:
- log("[E] Granting permissions to Oracle user '" + db_user + "' failed", "error")
- sys.exit(1)
- else:
- log("[E] Creating Oracle user '" + db_user + "' failed", "error")
- sys.exit(1)
- else:
- log("[E] Creating Oracle user '" + db_user + "' failed", "error")
- sys.exit(1)
-
- if self.verify_user(audit_db_root_user, audit_db_user, audit_db_root_password):
- log("[I] Oracle audit user " + audit_db_user + " already exist!", "info")
- else:
- log("[I] Audit user does not exists, Creating audit user " + audit_db_user, "info")
- get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password)
- query = get_cmd + " -c \; -query 'create user %s identified by \"%s\";'" %(audit_db_user, audit_db_password)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- if self.verify_user(audit_db_root_user, audit_db_user, audit_db_root_password):
- query = get_cmd + " -c \; -query \"GRANT CREATE SESSION TO %s;\"" %(audit_db_user)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- log("[I] Granting permission to " + audit_db_user + " done", "info")
- else:
- log("[E] Granting permission to " + audit_db_user + " failed", "error")
- sys.exit(1)
- else:
- log("[I] Creating audit user " + audit_db_user + " failed!", "info")
- self.import_audit_file_to_db(audit_db_root_user, db_name ,audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_db_root_password, file_name, TABLE_NAME)
+ def auditdb_operation(self, xa_db_host , audit_db_host , db_name ,audit_db_name, db_user, audit_db_user, db_password, audit_db_password, file_name, TABLE_NAME):
log("[I] --------- Check admin user connection ---------","info")
self.check_connection(db_name, db_user, db_password)
log("[I] --------- Check audit user connection ---------","info")
@@ -741,11 +313,8 @@ class OracleConf(BaseDB):
pass
else:
self.import_db_file(audit_db_name, db_user, db_password ,file_name)
-
- if DBA_MODE == "TRUE":
- self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, True)
- self.grant_audit_db_user(audit_db_root_user, audit_db_name ,db_user, audit_db_user, db_password,audit_db_password, audit_db_root_password)
-
+ log("[I] ---------------Granting privileges TO '"+ audit_db_user + "' on audit table-------------" , "info")
+ self.grant_audit_db_user( audit_db_name ,db_user, audit_db_user, db_password,audit_db_password)
class PostgresConf(BaseDB):
# Constructor
@@ -754,22 +323,11 @@ class PostgresConf(BaseDB):
self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR
self.JAVA_BIN = JAVA_BIN
-
def get_jisql_cmd(self, user, password, db_name):
#TODO: User array for forming command
jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, self.host, db_name, user, password)
return jisql_cmd
- def verify_user(self, root_user, db_root_password, db_user):
- log("[I] Verifying user " + db_user , "info")
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres')
- query = get_cmd + " -query \"SELECT rolname FROM pg_roles WHERE rolname='%s';\"" %(db_user)
- output = check_output(shlex.split(query))
- if output.strip(db_user + " |"):
- return True
- else:
- return False
-
def check_connection(self, db_name, db_user, db_password):
log("[I] Checking connection", "info")
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
@@ -782,57 +340,6 @@ class PostgresConf(BaseDB):
log("[E] Can't establish connection", "error")
sys.exit(1)
- def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password):
- if self.check_connection('postgres', root_user, db_root_password):
- if self.verify_user(root_user, db_root_password, db_user):
- log("[I] Postgres user " + db_user + " already exists!", "info")
- else:
- log("[I] User does not exists, Creating user : " + db_user, "info")
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres')
- query = get_cmd + " -query \"CREATE USER %s WITH LOGIN PASSWORD '%s';\"" %(db_user, db_password)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- if self.verify_user(root_user, db_root_password, db_user):
- log("[I] Postgres user " + db_user + " created", "info")
- else:
- log("[E] Postgres user " +db_user+" creation failed", "error")
- sys.exit(1)
- else:
- log("[E] Postgres user " +db_user+" creation failed", "error")
- sys.exit(1)
-
-
- def verify_db(self, root_user, db_root_password, db_name):
- log("[I] Verifying database " + db_name , "info")
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres')
- query = get_cmd + " -query \"SELECT datname FROM pg_database where datname='%s';\"" %(db_name)
- output = check_output(shlex.split(query))
- if output.strip(db_name + " |"):
- return True
- else:
- return False
-
-
- def create_db(self, root_user, db_root_password, db_name, db_user, db_password):
- if self.verify_db(root_user, db_root_password, db_name):
- log("[I] Database "+db_name + " already exists.", "info")
- else:
- log("[I] Database does not exist! Creating database : " + db_name,"info")
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres')
- query = get_cmd + " -query \"create database %s with OWNER %s;\"" %(db_name, db_user)
- ret = subprocess.check_call(shlex.split(query))
- if ret != 0:
- log("[E] Database creation failed!!","error")
- sys.exit(1)
- else:
- if self.verify_db(root_user, db_root_password, db_name):
- log("[I] Creating database " + db_name + " succeeded", "info")
- return True
- else:
- log("[E] Database creation failed!!","error")
- sys.exit(1)
-
-
def import_db_file(self, db_name, db_user, db_password, file_name):
name = basename(file_name)
if os.path.isfile(file_name):
@@ -849,39 +356,9 @@ class PostgresConf(BaseDB):
log("[E] DB schema file " + name+ " not found","error")
sys.exit(1)
-
- def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password , True):
- log("[I] Granting privileges TO user '"+db_user+"' on db '"+db_name+"'" , "info")
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name)
- query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON DATABASE %s to %s;\"" %(db_name, db_user)
- ret = subprocess.check_call(shlex.split(query))
- if ret != 0:
- log("[E] Granting privileges on tables in schema public failed", "error")
- sys.exit(1)
-
- query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SCHEMA public TO %s;\"" %(db_user)
- ret = subprocess.check_call(shlex.split(query))
- if ret != 0:
- log("[E] Granting privileges on schema public failed", "error")
- sys.exit(1)
-
- query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO %s;\"" %(db_user)
- ret = subprocess.check_call(shlex.split(query))
- if ret != 0:
- log("[E] Granting privileges on database "+db_name+ " failed", "error")
- sys.exit(1)
-
- query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO %s;\"" %(db_user)
- ret = subprocess.check_call(shlex.split(query))
- if ret != 0:
- log("[E] Granting privileges on database "+db_name+ " failed", "error")
- sys.exit(1)
- log("[I] Granting privileges TO user '"+db_user+"' on db '"+db_name+"' Done" , "info")
-
-
- def grant_audit_db_user(self, audit_db_root_user, audit_db_name , db_user, audit_db_user, db_password, audit_db_password, audit_db_root_password):
+ def grant_audit_db_user(self, audit_db_name , db_user, audit_db_user, db_password, audit_db_password):
log("[I] Granting permission to " + audit_db_user, "info")
- get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password, audit_db_name)
+ get_cmd = self.get_jisql_cmd(db_user, db_password, audit_db_name)
log("[I] Granting select and usage privileges to Postgres audit user '" + audit_db_user + "' on XA_ACCESS_AUDIT_SEQ", "info")
query = get_cmd + " -query 'GRANT SELECT,USAGE ON XA_ACCESS_AUDIT_SEQ TO %s;'" % (audit_db_user)
ret = subprocess.check_call(shlex.split(query))
@@ -896,7 +373,6 @@ class PostgresConf(BaseDB):
log("[E] Granting insert privileges to Postgres user '" + audit_db_user + "' failed", "error")
sys.exit(1)
-
def import_db_patches(self, db_name, db_user, db_password, file_name):
name = basename(file_name)
if os.path.isfile(file_name):
@@ -926,7 +402,6 @@ class PostgresConf(BaseDB):
log("[E] Import " +name + " file not found","error")
sys.exit(1)
-
def check_table(self, db_name, db_user, db_password, TABLE_NAME):
log("[I] Verifying table " + TABLE_NAME +" in database " + db_name, "info")
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
@@ -939,14 +414,8 @@ class PostgresConf(BaseDB):
log("[I] Table " + TABLE_NAME +" does not exist in database " + db_name, "info")
return False
-
- def create_auditdb_user(self, xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, file_name, TABLE_NAME, DBA_MODE):
- if DBA_MODE == "TRUE":
- log("[I] --------- Setup audit user ---------","info")
- self.create_rangerdb_user(audit_db_root_user, db_user, db_password, audit_db_root_password)
- self.create_rangerdb_user(audit_db_root_user, audit_db_user, audit_db_password, audit_db_root_password)
- self.create_db(audit_db_root_user, audit_db_root_password, audit_db_name, db_user, db_password)
-
+ def auditdb_operation(self, xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, file_name, TABLE_NAME):
+
log("[I] --------- Check admin user connection ---------","info")
self.check_connection(audit_db_name, db_user, db_password)
log("[I] --------- Check audit user connection ---------","info")
@@ -955,9 +424,8 @@ class PostgresConf(BaseDB):
output = self.check_table(audit_db_name, audit_db_user, audit_db_password, TABLE_NAME)
if output == False:
self.import_db_file(audit_db_name, db_user, db_password, file_name)
- if DBA_MODE == "TRUE":
- self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, True)
- self.grant_audit_db_user(audit_db_root_user, audit_db_name ,db_user, audit_db_user, db_password,audit_db_password, audit_db_root_password)
+ self.grant_audit_db_user(audit_db_name ,db_user, audit_db_user, db_password,audit_db_password)
+
class SqlServerConf(BaseDB):
# Constructor
@@ -966,22 +434,11 @@ class SqlServerConf(BaseDB):
self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR
self.JAVA_BIN = JAVA_BIN
-
def get_jisql_cmd(self, user, password, db_name):
#TODO: User array for forming command
jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s:1433\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, user, password, self.host,db_name)
return jisql_cmd
- def verify_user(self, root_user, db_root_password, db_user):
- log("[I] Verifying user " + db_user , "info")
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb')
- query = get_cmd + " -c \; -query \"select loginname from master.dbo.syslogins where loginname = '%s';\"" %(db_user)
- output = check_output(shlex.split(query))
- if output.strip(db_user + " |"):
- return True
- else:
- return False
-
def check_connection(self, db_name, db_user, db_password):
log("[I] Checking connection", "info")
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
@@ -994,79 +451,6 @@ class SqlServerConf(BaseDB):
log("[E] Can't establish connection", "error")
sys.exit(1)
- def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password):
- if self.check_connection('msdb', root_user, db_root_password):
- if self.verify_user(root_user, db_root_password, db_user):
- log("[I] SQL Server user " + db_user + " already exists!", "info")
- else:
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb')
- log("[I] User does not exists, Creating Login user " + db_user, "info")
- query = get_cmd + " -c \; -query \"CREATE LOGIN %s WITH PASSWORD = '%s';\"" %(db_user,db_password)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- if self.verify_user(root_user, db_root_password, db_user):
- log("[I] SQL Server user " + db_user + " created", "info")
- else:
- log("[E] SQL Server user " +db_user+" creation failed", "error")
- sys.exit(1)
- else:
- log("[E] SQL Server user " +db_user+" creation failed", "error")
- sys.exit(1)
-
-
- def verify_db(self, root_user, db_root_password, db_name):
- log("[I] Verifying database " + db_name, "info")
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb')
- query = get_cmd + " -c \; -query \"SELECT name from sys.databases where name='%s';\"" %(db_name)
- output = check_output(shlex.split(query))
- if output.strip(db_name + " |"):
- return True
- else:
- return False
-
- def create_db(self, root_user, db_root_password, db_name, db_user, db_password):
- if self.verify_db(root_user, db_root_password, db_name):
- log("[I] Database " + db_name + " already exists.","info")
- else:
- log("[I] Database does not exist! Creating database : " + db_name,"info")
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb')
- query = get_cmd + " -c \; -query \"create database %s;\"" %(db_name)
- ret = subprocess.check_call(shlex.split(query))
- if ret != 0:
- log("[E] Database creation failed!!","error")
- sys.exit(1)
- else:
- if self.verify_db(root_user, db_root_password, db_name):
- self.create_user(root_user, db_name ,db_user, db_password, db_root_password)
- log("[I] Creating database " + db_name + " succeeded", "info")
- return True
-# self.import_db_file(db_name, root_user, db_user, db_password, db_root_password, file_name)
- else:
- log("[E] Database creation failed!!","error")
- sys.exit(1)
-
-
- def create_user(self, root_user, db_name ,db_user, db_password, db_root_password):
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb')
- query = get_cmd + " -c \; -query \"USE %s SELECT name FROM sys.database_principals WHERE name = N'%s';\"" %(db_name, db_user)
- output = check_output(shlex.split(query))
- if output.strip(db_user + " |"):
- log("[I] User "+db_user+" exist ","info")
- else:
- query = get_cmd + " -c \; -query \"USE %s CREATE USER %s for LOGIN %s;\"" %(db_name ,db_user, db_user)
- ret = subprocess.check_call(shlex.split(query))
- if ret == 0:
- query = get_cmd + " -c \; -query \"USE %s SELECT name FROM sys.database_principals WHERE name = N'%s';\"" %(db_name ,db_user)
- output = check_output(shlex.split(query))
- if output.strip(db_user + " |"):
- log("[I] User "+db_user+" exist ","info")
- else:
- log("[E] Database creation failed!!","error")
- sys.exit(1)
- else:
- log("[E] Database creation failed!!","error")
- sys.exit(1)
-
def import_db_file(self, db_name, db_user, db_password, file_name):
name = basename(file_name)
if os.path.isfile(file_name):
@@ -1094,25 +478,10 @@ class SqlServerConf(BaseDB):
log("[I] Table '" + TABLE_NAME + "' does not exist in database '" + db_name + "'","info")
return False
-
- def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, True):
- log("[I] Granting permission to admin user '" + db_user + "' on db '" + db_name + "'" , "info")
- get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb')
- query = get_cmd + " -c \; -query \"ALTER LOGIN [%s] WITH DEFAULT_DATABASE=[%s];\"" %(db_user, db_name)
- ret = subprocess.check_call(shlex.split(query))
- if ret != 0:
- sys.exit(1)
- query = get_cmd + " -c \; -query \" USE %s EXEC sp_addrolemember N'db_owner', N'%s';\"" %(db_name, db_user)
-# query = get_cmd + " -c \; -query \" USE %s GRANT ALL PRIVILEGES to %s;\"" %(db_name , db_user)
- ret = subprocess.check_call(shlex.split(query))
- if ret != 0:
- sys.exit(1)
-
-
- def grant_audit_db_user(self, audit_db_root_user, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_db_root_password,TABLE_NAME):
+ def grant_audit_db_user(self, audit_db_name, db_user, audit_db_user, db_password, audit_db_password,TABLE_NAME):
log("[I] Granting permission to audit user '" + audit_db_user + "' on db '" + audit_db_name + "'","info")
- get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password, 'msdb')
- query = get_cmd + " -c \; -query \"USE %s GRANT SELECT,INSERT to %s;\"" %(audit_db_name ,audit_db_user)
+ get_cmd = self.get_jisql_cmd(db_user, db_password,audit_db_name)
+ query = get_cmd + " -c \; -query \"USE %s GRANT INSERT to %s;\"" %(audit_db_name ,audit_db_user)
ret = subprocess.check_call(shlex.split(query))
if ret != 0 :
sys.exit(1)
@@ -1148,17 +517,7 @@ class SqlServerConf(BaseDB):
log("[E] Import " +name + " file not found","error")
sys.exit(1)
-
- def create_auditdb_user(self, xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, file_name, TABLE_NAME, DBA_MODE):
- if DBA_MODE == "TRUE":
- log("[I] --------- Setup audit user --------- ","info")
- self.create_rangerdb_user(audit_db_root_user, db_user, db_password, audit_db_root_password)
- #log("[I] --------- Setup audit user --------- ","info")
- self.create_rangerdb_user(audit_db_root_user, audit_db_user, audit_db_password, audit_db_root_password)
- self.create_db(audit_db_root_user, audit_db_root_password ,audit_db_name, audit_db_user, audit_db_password)
- self.create_user(xa_db_root_user, audit_db_name ,db_user, db_password, xa_db_root_password)
- self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, True)
-
+ def auditdb_operation(self, xa_db_host, audit_db_host, db_name, audit_db_name,db_user, audit_db_user, db_password, audit_db_password, file_name, TABLE_NAME):
log("[I] --------- Check admin user connection --------- ","info")
self.check_connection(audit_db_name, db_user, db_password)
log("[I] --------- Check audit user connection --------- ","info")
@@ -1167,9 +526,7 @@ class SqlServerConf(BaseDB):
output = self.check_table(audit_db_name, db_user, db_password, TABLE_NAME)
if output == False:
self.import_db_file(audit_db_name ,db_user, db_password, file_name)
- if DBA_MODE == "TRUE":
- self.grant_audit_db_user(audit_db_root_user, audit_db_name ,db_user, audit_db_user, db_password,audit_db_password, audit_db_root_password,TABLE_NAME)
-
+ self.grant_audit_db_user( audit_db_name ,db_user, audit_db_user, db_password,audit_db_password,TABLE_NAME)
def main():
populate_global_dict()
@@ -1177,19 +534,6 @@ def main():
FORMAT = '%(asctime)-15s %(message)s'
logging.basicConfig(format=FORMAT, level=logging.DEBUG)
- if 'DBA_MODE' in globalDict :
- DBA_MODE = globalDict['DBA_MODE']
- DBA_MODE = DBA_MODE.upper()
- if DBA_MODE == "FALSE" or DBA_MODE == "TRUE":
- pass
- else:
- log("[E] --------- DBA_MODE should be TRUE or FALSE --------- ","error")
- sys.exit(1)
- else:
- DBA_MODE = "FALSE"
-
- log("[I] --------- DBA_MODE is :" + DBA_MODE +" --------- ","info")
-
JAVA_BIN=globalDict['JAVA_BIN']
XA_DB_FLAVOR=globalDict['DB_FLAVOR']
AUDIT_DB_FLAVOR=globalDict['DB_FLAVOR']
@@ -1222,8 +566,6 @@ def main():
db_name = globalDict['db_name']
db_user = globalDict['db_user']
db_password = globalDict['db_password']
- xa_db_root_user = globalDict['db_root_user']
- xa_db_root_password = globalDict['db_root_password']
x_db_version = 'x_db_version_h'
xa_access_audit = 'xa_access_audit'
@@ -1232,8 +574,6 @@ def main():
audit_db_name = globalDict['audit_db_name']
audit_db_user = globalDict['audit_db_user']
audit_db_password = globalDict['audit_db_password']
- audit_db_root_user = globalDict['db_root_user']
- audit_db_root_password = globalDict['db_root_password']
if XA_DB_FLAVOR == "MYSQL":
MYSQL_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR']
@@ -1244,7 +584,6 @@ def main():
elif XA_DB_FLAVOR == "ORACLE":
ORACLE_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR']
- xa_db_root_user = xa_db_root_user+" AS SYSDBA"
xa_sqlObj = OracleConf(xa_db_host, ORACLE_CONNECTOR_JAR, JAVA_BIN)
xa_db_version_file = os.path.join(os.getcwd(),oracle_dbversion_catalog)
xa_db_core_file = os.path.join(os.getcwd(),oracle_core_file)
@@ -1274,7 +613,6 @@ def main():
elif AUDIT_DB_FLAVOR == "ORACLE":
ORACLE_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR']
- audit_db_root_user = audit_db_root_user+" AS SYSDBA"
audit_sqlObj = OracleConf(audit_db_host, ORACLE_CONNECTOR_JAR, JAVA_BIN)
audit_db_file = os.path.join(os.getcwd(),oracle_audit_file)
@@ -1291,15 +629,6 @@ def main():
log("[E] --------- NO SUCH SUPPORTED DB FLAVOUR!! ---------", "error")
sys.exit(1)
- # Methods Begin
- if DBA_MODE == "TRUE" :
- log("[I] --------- Creating Ranger Admin db user --------- ","info")
- xa_sqlObj.create_rangerdb_user(xa_db_root_user, db_user, db_password, xa_db_root_password)
- log("[I] --------- Creating Ranger Admin database ---------","info")
- xa_sqlObj.create_db(xa_db_root_user, xa_db_root_password, db_name, db_user, db_password)
- log("[I] --------- Granting permission to Ranger Admin db user ---------","info")
- xa_sqlObj.grant_xa_db_user(xa_db_root_user, db_name, db_user, db_password, xa_db_root_password, True)
-
log("[I] --------- Verifying Ranger DB connection ---------","info")
xa_sqlObj.check_connection(db_name, db_user, db_password)
log("[I] --------- Verifying Ranger DB tables ---------","info")
@@ -1315,9 +644,6 @@ def main():
xa_sqlObj.upgrade_db(db_name, db_user, db_password, xa_db_version_file)
log("[I] --------- Applying patches ---------","info")
xa_sqlObj.apply_patches(db_name, db_user, db_password, xa_patch_file)
-
- # Ranger Admin DB Host AND Ranger Audit DB Host are Different OR Same
- #log("[I] --------- Verifying/Creating audit user --------- ","info")
- audit_sqlObj.create_auditdb_user(xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, audit_db_file, xa_access_audit, DBA_MODE)
+ audit_sqlObj.auditdb_operation(xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_db_file, xa_access_audit)
main()
\ No newline at end of file