You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ve...@apache.org on 2015/04/15 21:24:06 UTC
incubator-ranger git commit: RANGER-398: Store config params in
standard format (Gautam Borad via Velmurugan Periasamy)
Repository: incubator-ranger
Updated Branches:
refs/heads/master 0ee29405d -> 84a03b159
RANGER-398: Store config params in standard format (Gautam Borad via Velmurugan Periasamy)
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/84a03b15
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/84a03b15
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/84a03b15
Branch: refs/heads/master
Commit: 84a03b1590c4b3857fb6808d1577b4353116a28b
Parents: 0ee2940
Author: Velmurugan Periasamy <ve...@apache.org>
Authored: Wed Apr 15 15:23:56 2015 -0400
Committer: Velmurugan Periasamy <ve...@apache.org>
Committed: Wed Apr 15 15:23:56 2015 -0400
----------------------------------------------------------------------
security-admin/scripts/dba_script.py | 2 +-
.../org/apache/ranger/biz/ServiceDBStore.java | 31 ++++++++++++++++++++
.../java/org/apache/ranger/biz/ServiceMgr.java | 19 +++++++++++-
.../ranger/service/RangerServiceService.java | 29 +++++++++++++++++-
4 files changed, 78 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/84a03b15/security-admin/scripts/dba_script.py
----------------------------------------------------------------------
diff --git a/security-admin/scripts/dba_script.py b/security-admin/scripts/dba_script.py
index b44b6d2..c4cba5b 100644
--- a/security-admin/scripts/dba_script.py
+++ b/security-admin/scripts/dba_script.py
@@ -164,7 +164,7 @@ class MysqlConf(BaseDB):
query = get_cmd + " -query \"create user '%s'@'%s';\" -c ;" %(db_user, host)
ret = subprocess.call(query)
if ret == 0:
- if self.verify_user(root_user, db_root_password, host, db_user, get_cmd):
+ if self.verify_user(root_user, db_root_password, host, db_user, get_cmd, dryMode):
log("[I] MySQL user " + db_user +" created for host " + host ,"info")
else:
log("[E] Creating MySQL user " + db_user +" failed..","error")
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/84a03b15/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index 59295d3..12aa31c 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -36,6 +36,7 @@ import org.apache.ranger.common.AppConstants;
import org.apache.ranger.common.ContextUtil;
import org.apache.ranger.common.DateUtil;
import org.apache.ranger.common.MessageEnums;
+import org.apache.ranger.common.PasswordUtils;
import org.apache.ranger.common.RESTErrorUtil;
import org.apache.ranger.common.RangerCommonEnums;
import org.apache.ranger.common.StringUtil;
@@ -172,6 +173,9 @@ public class ServiceDBStore extends AbstractServiceStore {
private static volatile boolean legacyServiceDefsInitDone = false;
private Boolean populateExistingBaseFields = false;
+ public static final String HIDDEN_PASSWORD_STR = "*****";
+ public static final String CONFIG_KEY_PASSWORD = "password";
+
@Override
public void init() throws Exception {
if (LOG.isDebugEnabled()) {
@@ -997,6 +1001,15 @@ public class ServiceDBStore extends AbstractServiceStore {
}
}
+ if (StringUtils.equalsIgnoreCase(configKey, CONFIG_KEY_PASSWORD)) {
+ String encryptedPwd = PasswordUtils.encryptPassword(configValue);
+ String decryptedPwd = PasswordUtils.decryptPassword(encryptedPwd);
+
+ if (StringUtils.equals(decryptedPwd, configValue)) {
+ configValue = encryptedPwd;
+ }
+ }
+
XXServiceConfigMap xConfMap = new XXServiceConfigMap();
xConfMap = (XXServiceConfigMap) rangerAuditFields.populateAuditFields(xConfMap, xCreatedService);
xConfMap.setServiceId(xCreatedService.getId());
@@ -1082,8 +1095,13 @@ public class ServiceDBStore extends AbstractServiceStore {
XXService xUpdService = daoMgr.getXXService().getById(service.getId());
+ String oldPassword = null;
+
List<XXServiceConfigMap> dbConfigMaps = daoMgr.getXXServiceConfigMap().findByServiceId(service.getId());
for(XXServiceConfigMap dbConfigMap : dbConfigMaps) {
+ if(StringUtils.equalsIgnoreCase(dbConfigMap.getConfigkey(), CONFIG_KEY_PASSWORD)) {
+ oldPassword = dbConfigMap.getConfigvalue();
+ }
daoMgr.getXXServiceConfigMap().remove(dbConfigMap);
}
@@ -1106,6 +1124,19 @@ public class ServiceDBStore extends AbstractServiceStore {
}
}
+ if (StringUtils.equalsIgnoreCase(configKey, CONFIG_KEY_PASSWORD)) {
+ if (StringUtils.equalsIgnoreCase(configValue, HIDDEN_PASSWORD_STR)) {
+ configValue = oldPassword;
+ } else {
+ String encryptedPwd = PasswordUtils.encryptPassword(configValue);
+ String decryptedPwd = PasswordUtils.decryptPassword(encryptedPwd);
+
+ if (StringUtils.equals(decryptedPwd, configValue)) {
+ configValue = encryptedPwd;
+ }
+ }
+ }
+
XXServiceConfigMap xConfMap = new XXServiceConfigMap();
xConfMap = (XXServiceConfigMap) rangerAuditFields.populateAuditFields(xConfMap, xUpdService);
xConfMap.setServiceId(service.getId());
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/84a03b15/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
index b5ca24e..8498fbf 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
@@ -36,8 +36,10 @@ import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.service.RangerBaseService;
import org.apache.ranger.plugin.service.ResourceLookupContext;
import org.apache.ranger.plugin.store.ServiceStore;
+import org.apache.ranger.service.RangerServiceService;
import org.apache.ranger.view.VXMessage;
import org.apache.ranger.view.VXResponse;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
@@ -46,10 +48,21 @@ public class ServiceMgr {
private static final Log LOG = LogFactory.getLog(ServiceMgr.class);
+ @Autowired
+ RangerServiceService rangerSvcService;
+
+ @Autowired
+ ServiceDBStore svcDBStore;
public List<String> lookupResource(String serviceName, ResourceLookupContext context, ServiceStore svcStore) throws Exception {
List<String> ret = null;
- RangerBaseService svc = getRangerServiceByName(serviceName, svcStore);
+
+ RangerService service = svcDBStore.getServiceByName(serviceName);
+
+ Map<String, String> newConfigs = rangerSvcService.getConfigsWithDecryptedPassword(service);
+ service.setConfigs(newConfigs);
+
+ RangerBaseService svc = getRangerServiceByService(service, svcStore);
if(LOG.isDebugEnabled()) {
LOG.debug("==> ServiceMgr.lookupResource for Service: (" + svc + "Context: " + context + ")");
@@ -79,6 +92,10 @@ public class ServiceMgr {
public VXResponse validateConfig(RangerService service, ServiceStore svcStore) throws Exception {
VXResponse ret = new VXResponse();
+
+ Map<String, String> newConfigs = rangerSvcService.getConfigsWithDecryptedPassword(service);
+ service.setConfigs(newConfigs);
+
RangerBaseService svc = getRangerServiceByService(service, svcStore);
if(LOG.isDebugEnabled()) {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/84a03b15/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java
index c673611..ce4d544 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java
@@ -17,6 +17,7 @@
package org.apache.ranger.service;
+import java.io.IOException;
import java.lang.reflect.Field;
import java.util.ArrayList;
import java.util.HashMap;
@@ -24,8 +25,11 @@ import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
+import org.apache.commons.lang.StringUtils;
+import org.apache.ranger.biz.ServiceDBStore;
import org.apache.ranger.common.AppConstants;
import org.apache.ranger.common.JSONUtil;
+import org.apache.ranger.common.PasswordUtils;
import org.apache.ranger.common.PropertiesUtil;
import org.apache.ranger.common.view.VTrxLogAttr;
import org.apache.ranger.entity.XXService;
@@ -95,7 +99,12 @@ public class RangerServiceService extends RangerServiceServiceBase<XXService, Ra
List<XXServiceConfigMap> svcConfigMapList = daoMgr.getXXServiceConfigMap()
.findByServiceId(xService.getId());
for(XXServiceConfigMap svcConfMap : svcConfigMapList) {
- configs.put(svcConfMap.getConfigkey(), svcConfMap.getConfigvalue());
+ String configValue = svcConfMap.getConfigvalue();
+
+ if(StringUtils.equalsIgnoreCase(svcConfMap.getConfigkey(), ServiceDBStore.CONFIG_KEY_PASSWORD)) {
+ configValue = ServiceDBStore.HIDDEN_PASSWORD_STR;
+ }
+ configs.put(svcConfMap.getConfigkey(), configValue);
}
vService.setConfigs(configs);
@@ -264,4 +273,22 @@ public class RangerServiceService extends RangerServiceServiceBase<XXService, Ra
return xTrxLog;
}
+ public Map<String, String> getConfigsWithDecryptedPassword(RangerService service) throws IOException {
+ Map<String, String> configs = service.getConfigs();
+
+ String pwd = configs.get(ServiceDBStore.CONFIG_KEY_PASSWORD);
+ if(!stringUtil.isEmpty(pwd) && pwd.equalsIgnoreCase(ServiceDBStore.HIDDEN_PASSWORD_STR)) {
+ XXServiceConfigMap pwdConfig = daoMgr.getXXServiceConfigMap().findByServiceAndConfigKey(service.getId(),
+ ServiceDBStore.CONFIG_KEY_PASSWORD);
+ if(pwdConfig != null) {
+ String encryptedPwd = pwdConfig.getConfigvalue();
+ String decryptedPwd = PasswordUtils.decryptPassword(encryptedPwd);
+ if(StringUtils.equalsIgnoreCase(PasswordUtils.encryptPassword(decryptedPwd), encryptedPwd)) {
+ configs.put(ServiceDBStore.CONFIG_KEY_PASSWORD, decryptedPwd);
+ }
+ }
+ }
+ return configs;
+ }
+
}