You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ve...@apache.org on 2015/04/10 17:08:36 UTC
incubator-ranger git commit: RANGER-388 : Add postgres version 8
support
Repository: incubator-ranger
Updated Branches:
refs/heads/master 7684e5f49 -> ef0f20d24
RANGER-388 : Add postgres version 8 support
Signed-off-by: Velmurugan Periasamy <ve...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/ef0f20d2
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/ef0f20d2
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/ef0f20d2
Branch: refs/heads/master
Commit: ef0f20d242545c0eb6bb772479bbbde59c7df9dd
Parents: 7684e5f
Author: Gautam Borad <gb...@gmail.com>
Authored: Fri Apr 10 14:43:44 2015 +0530
Committer: Velmurugan Periasamy <ve...@apache.org>
Committed: Fri Apr 10 11:08:18 2015 -0400
----------------------------------------------------------------------
security-admin/scripts/db_setup.py | 61 ++++++++++++++++------------
security-admin/scripts/dba_script.py | 66 ++++++++++++++++++++++---------
src/main/assembly/admin-web.xml | 1 +
3 files changed, 85 insertions(+), 43 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ef0f20d2/security-admin/scripts/db_setup.py
----------------------------------------------------------------------
diff --git a/security-admin/scripts/db_setup.py b/security-admin/scripts/db_setup.py
index 7e0d022..0b63bbb 100644
--- a/security-admin/scripts/db_setup.py
+++ b/security-admin/scripts/db_setup.py
@@ -268,11 +268,11 @@ class MysqlConf(BaseDB):
my_dict = {}
version = ""
className = ""
- app_home = os.path.join(os.getcwd(),"ews","webapp")
+ app_home = os.path.join(RANGER_ADMIN_HOME,"ews","webapp")
javaFiles = os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch")
if not os.path.exists(javaFiles):
- log("[I] No patches to apply!","info")
+ log("[I] No java patches to apply!","info")
else:
files = os.listdir(javaFiles)
if files:
@@ -301,9 +301,9 @@ class MysqlConf(BaseDB):
query = get_cmd + " -query \"select version from x_db_version_h where version = 'J%s' and active = 'Y';\" -c ;" %(version)
output = check_output(query)
if output.strip(version + " |"):
- log("[I] Patch "+ className +" is already applied" ,"info")
+ log("[I] Java patch "+ className +" is already applied" ,"info")
else:
- log ("[I] patch "+ className +" is being applied..","info")
+ log ("[I] java patch "+ className +" is being applied..","info")
path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
get_cmd = "%s -cp %s org.apache.ranger.patch.%s"%(self.JAVA_BIN,path,className)
if os_name == "LINUX":
@@ -319,11 +319,13 @@ class MysqlConf(BaseDB):
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('J%s', now(), user(), now(), user()) ;\" -c ;" %(version)
ret = subprocess.call(query)
if ret == 0:
- log("[I] Patch version updated", "info")
+ log ("[I] java patch "+ className +" is applied..","info")
else:
- log("[E] Updating patch version failed", "error")
+ log("[E] java patch "+ className +" failed", "error")
sys.exit(1)
-
+ else:
+ log("[E] applying java patch "+ className +" failed", "error")
+ sys.exit(1)
class OracleConf(BaseDB):
# Constructor
def __init__(self, host, SQL_CONNECTOR_JAR, JAVA_BIN):
@@ -490,11 +492,11 @@ class OracleConf(BaseDB):
my_dict = {}
version = ""
className = ""
- app_home = os.path.join(os.getcwd(),"ews","webapp")
+ app_home = os.path.join(RANGER_ADMIN_HOME,"ews","webapp")
javaFiles = os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch")
if not os.path.exists(javaFiles):
- log("[I] No patches to apply!","info")
+ log("[I] No java patches to apply!","info")
else:
files = os.listdir(javaFiles)
if files:
@@ -523,9 +525,9 @@ class OracleConf(BaseDB):
query = get_cmd + " -query \"select version from x_db_version_h where version = 'J%s' and active = 'Y';\" -c ;" %(version)
output = check_output(query)
if output.strip(version + " |"):
- log("[I] Patch "+ className +" is already applied" ,"info")
+ log("[I] java patch "+ className +" is already applied" ,"info")
else:
- log ("[I] patch "+ className +" is being applied..","info")
+ log ("[I] java patch "+ className +" is being applied..","info")
path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
get_cmd = "%s -cp %s org.apache.ranger.patch.%s"%(self.JAVA_BIN,path,className)
if os_name == "LINUX":
@@ -541,10 +543,13 @@ class OracleConf(BaseDB):
query = get_cmd + " -query \"insert into x_db_version_h (id,version, inst_at, inst_by, updated_at, updated_by) values ( X_DB_VERSION_H_SEQ.nextval,'J%s', sysdate, '%s', sysdate, '%s');\" -c ;" %(version, db_user, db_user)
ret = subprocess.call(query)
if ret == 0:
- log("[I] Patch version updated", "info")
+ log("[I] java patch "+ className +" applied", "info")
else:
- log("[E] Updating patch version failed", "error")
+ log("[E] java patch "+ className +" failed", "error")
sys.exit(1)
+ else:
+ log("[E] java patch "+ className +" failed", "error")
+ sys.exit(1)
class PostgresConf(BaseDB):
# Constructor
@@ -694,11 +699,11 @@ class PostgresConf(BaseDB):
my_dict = {}
version = ""
className = ""
- app_home = os.path.join(os.getcwd(),"ews","webapp")
+ app_home = os.path.join(RANGER_ADMIN_HOME,"ews","webapp")
javaFiles = os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch")
if not os.path.exists(javaFiles):
- log("[I] No patches to apply!","info")
+ log("[I] No java patches to apply!","info")
else:
files = os.listdir(javaFiles)
if files:
@@ -727,9 +732,9 @@ class PostgresConf(BaseDB):
query = get_cmd + " -query \"select version from x_db_version_h where version = 'J%s' and active = 'Y';\" -c ;" %(version)
output = check_output(query)
if output.strip(version + " |"):
- log("[I] Patch "+ className +" is already applied" ,"info")
+ log("[I] java patch "+ className +" is already applied" ,"info")
else:
- log ("[I] patch "+ className +" is being applied..","info")
+ log ("[I] java patch "+ className +" is being applied..","info")
path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s")%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
get_cmd = "%s -cp %s org.apache.ranger.patch.%s"%(self.JAVA_BIN,path,className)
if os_name == "LINUX":
@@ -745,10 +750,13 @@ class PostgresConf(BaseDB):
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('J%s', now(), '%s@%s', now(), '%s@%s') ;\" -c ;" %(version,db_user,xa_db_host,db_user,xa_db_host)
ret = subprocess.call(query)
if ret == 0:
- log("[I] Patch version updated", "info")
+ log("[I] java patch "+ className +" applied", "info")
else:
- log("[E] Updating patch version failed", "error")
+ log("[E] java patch "+ className +" failed", "error")
sys.exit(1)
+ else:
+ log("[E] java patch "+ className +" failed", "error")
+ sys.exit(1)
class SqlServerConf(BaseDB):
@@ -887,11 +895,11 @@ class SqlServerConf(BaseDB):
my_dict = {}
version = ""
className = ""
- app_home = os.path.join(os.getcwd(),"ews","webapp")
+ app_home = os.path.join(RANGER_ADMIN_HOME,"ews","webapp")
javaFiles = os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch")
if not os.path.exists(javaFiles):
- log("[I] No patches to apply!","info")
+ log("[I] No java patches to apply!","info")
else:
files = os.listdir(javaFiles)
if files:
@@ -920,9 +928,9 @@ class SqlServerConf(BaseDB):
query = get_cmd + " -query \"select version from x_db_version_h where version = 'J%s' and active = 'Y';\" -c ;" %(version)
output = check_output(query)
if output.strip(version + " |"):
- log("[I] Patch "+ className +" is already applied" ,"info")
+ log("[I] java patch "+ className +" is already applied" ,"info")
else:
- log ("[I] patch "+ className +" is being applied..","info")
+ log ("[I] java patch "+ className +" is being applied..","info")
path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
get_cmd = "%s -cp %s org.apache.ranger.patch.%s"%(self.JAVA_BIN,path,className)
if os_name == "LINUX":
@@ -938,10 +946,13 @@ class SqlServerConf(BaseDB):
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('J%s', now(), '%s@%s', now(), '%s@%s') ;\" -c ;" %(version,db_user,xa_db_host,db_user,xa_db_host)
ret = subprocess.call(query)
if ret == 0:
- log("[I] Patch version updated", "info")
+ log("[I] java patch "+ className +" applied", "info")
else:
- log("[E] Updating patch version failed", "error")
+ log("[E] java patch "+ className +" failed", "error")
sys.exit(1)
+ else:
+ log("[E] java patch "+ className +" failed", "error")
+ sys.exit(1)
def main(argv):
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ef0f20d2/security-admin/scripts/dba_script.py
----------------------------------------------------------------------
diff --git a/security-admin/scripts/dba_script.py b/security-admin/scripts/dba_script.py
index ad220f2..b44b6d2 100644
--- a/security-admin/scripts/dba_script.py
+++ b/security-admin/scripts/dba_script.py
@@ -800,7 +800,7 @@ class PostgresConf(BaseDB):
query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON DATABASE %s to %s;\" -c ;" %(db_name, db_user)
ret = subprocess.call(query)
if ret != 0:
- log("[E] Granting privileges on tables in schema public failed..", "error")
+ log("[E] Granting all privileges on database "+db_name+" to user "+db_user+" failed..", "error")
sys.exit(1)
if os_name == "LINUX":
@@ -810,28 +810,58 @@ class PostgresConf(BaseDB):
query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SCHEMA public TO %s;\" -c ;" %(db_user)
ret = subprocess.call(query)
if ret != 0:
- log("[E] Granting privileges on schema public failed..", "error")
+ log("[E] Granting all privileges on schema public to user "+db_user+" failed..", "error")
sys.exit(1)
if os_name == "LINUX":
- query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO %s;\"" %(db_user)
- ret = subprocess.call(shlex.split(query))
+ query = get_cmd + " -query \"SELECT table_name FROM information_schema.tables WHERE table_schema = 'public';\""
+ output = check_output(query)
elif os_name == "WINDOWS":
- query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO %s;\" -c ;" %(db_user)
- ret = subprocess.call(query)
- if ret != 0:
- log("[E] Granting privileges on database "+db_name+ " failed..", "error")
- sys.exit(1)
+ query = get_cmd + " -query \"SELECT table_name FROM information_schema.tables WHERE table_schema = 'public';\" -c ;"
+ output = check_output(query)
+ for each_line in output.split('\n'):
+ if len(each_line) == 0 : continue
+ if re.search(' |', each_line):
+ tablename , value = each_line.strip().split(" |",1)
+ tablename = tablename.strip()
+ if os_name == "LINUX":
+ query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON TABLE %s TO %s;\"" %(tablename,db_user)
+ ret = subprocess.call(shlex.split(query1))
+ if ret != 0:
+ log("[E] Granting all privileges on tablename "+tablename+" to user "+db_user+" failed..", "error")
+ sys.exit(1)
+ elif os_name == "WINDOWS":
+ query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON TABLE %s TO %s;\" -c ;" %(tablename,db_user)
+ ret = subprocess.call(query1)
+ if ret != 0:
+ log("[E] Granting all privileges on tablename "+tablename+" to user "+db_user+" failed..", "error")
+ sys.exit(1)
+
if os_name == "LINUX":
- query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO %s;\"" %(db_user)
- ret = subprocess.call(shlex.split(query))
+ query = get_cmd + " -query \"SELECT sequence_name FROM information_schema.sequences where sequence_schema='public';\""
+ output = check_output(query)
elif os_name == "WINDOWS":
- query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO %s;\" -c ;" %(db_user)
- ret = subprocess.call(query)
- if ret != 0:
- log("[E] Granting privileges on database "+db_name+ " failed..", "error")
- sys.exit(1)
+ query = get_cmd + " -query \"SELECT sequence_name FROM information_schema.sequences where sequence_schema='public';\" -c ;"
+ output = check_output(query)
+ for each_line in output.split('\n'):
+ if len(each_line) == 0 : continue
+ if re.search(' |', each_line):
+ sequence_name , value = each_line.strip().split(" |",1)
+ sequence_name = sequence_name.strip()
+ if os_name == "LINUX":
+ query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SEQUENCE %s TO %s;\"" %(sequence_name,db_user)
+ ret = subprocess.call(shlex.split(query1))
+ if ret != 0:
+ log("[E] Granting all privileges on sequence "+sequence_name+" to user "+db_user+" failed..", "error")
+ sys.exit(1)
+ elif os_name == "WINDOWS":
+ query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SEQUENCE %s TO %s;\" -c ;" %(sequence_name,db_user)
+ ret = subprocess.call(query1)
+ if ret != 0:
+ log("[E] Granting all privileges on sequence "+sequence_name+" to user "+db_user+" failed..", "error")
+ sys.exit(1)
+
log("[I] Granting privileges TO user '"+db_user+"' on db '"+db_name+"' Done" , "info")
else:
logFile("GRANT ALL PRIVILEGES ON DATABASE %s to %s;" %(db_name, db_user))
@@ -1109,9 +1139,9 @@ def main(argv):
log("Enter db flavour{MYSQL|ORACLE|POSTGRES|SQLSERVER} :","info")
XA_DB_FLAVOR=raw_input()
AUDIT_DB_FLAVOR = XA_DB_FLAVOR
- XA_DB_FLAVOR = XA_DB_FLAVOR.upper()
- AUDIT_DB_FLAVOR = AUDIT_DB_FLAVOR.upper()
+ XA_DB_FLAVOR = XA_DB_FLAVOR.upper()
+ AUDIT_DB_FLAVOR = AUDIT_DB_FLAVOR.upper()
log("[I] DB FLAVOR:" + str(XA_DB_FLAVOR),"info")
if (quiteMode):
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ef0f20d2/src/main/assembly/admin-web.xml
----------------------------------------------------------------------
diff --git a/src/main/assembly/admin-web.xml b/src/main/assembly/admin-web.xml
index fb5060c..c103fab 100644
--- a/src/main/assembly/admin-web.xml
+++ b/src/main/assembly/admin-web.xml
@@ -299,6 +299,7 @@
<include>set_globals.sh</include>
<include>db_setup.py</include>
<include>dba_script.py</include>
+ <include>restrict_permissions.py</include>
</includes>
<fileMode>544</fileMode>
</fileSet>