You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by sn...@apache.org on 2015/05/31 17:03:48 UTC
[08/12] incubator-ranger git commit: RANGER-506:Update password
script should update the right config file
RANGER-506:Update password script should update the right config file
Signed-off-by: sneethiraj <sn...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/ab4683eb
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/ab4683eb
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/ab4683eb
Branch: refs/heads/ranger-0.5
Commit: ab4683eb1fa325494b36b516ef2d80a2962f4548
Parents: 94ba6be
Author: Gautam Borad <gb...@gmail.com>
Authored: Sat May 30 17:44:37 2015 +0530
Committer: sneethiraj <sn...@apache.org>
Committed: Sat May 30 23:15:04 2015 -0400
----------------------------------------------------------------------
.../resources/conf.dist/ranger-admin-site.xml | 2 +-
.../process/PolicyMgrUserGroupBuilder.java | 4 +
.../config/UserGroupSyncConfig.java | 9 +-
unixauthservice/scripts/setup.py | 4 +
.../scripts/updatepolicymgrpassword.py | 105 +++++++------------
.../UnixAuthenticationService.java | 2 +-
6 files changed, 49 insertions(+), 77 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ab4683eb/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml b/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
index 2660e19..822a507 100644
--- a/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
+++ b/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
@@ -180,7 +180,7 @@
<property>
<name>ranger.service.https.attrib.keystore.pass</name>
- <value>ranger</value>
+ <value>_</value>
</property>
<property>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ab4683eb/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/PolicyMgrUserGroupBuilder.java
----------------------------------------------------------------------
diff --git a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/PolicyMgrUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/PolicyMgrUserGroupBuilder.java
index 2013f1c..c99f7a0 100644
--- a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/PolicyMgrUserGroupBuilder.java
+++ b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/PolicyMgrUserGroupBuilder.java
@@ -673,6 +673,10 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
if(ret!=null){
String username = config.getPolicyMgrUserName();
String password = config.getPolicyMgrPassword();
+ if(username==null||password==null||username.trim().isEmpty()||password.trim().isEmpty()){
+ username=config.getDefaultPolicyMgrUserName();
+ password=config.getDefaultPolicyMgrPassword();
+ }
if(username!=null && password!=null){
ret.addFilter(new HTTPBasicAuthFilter(username, password));
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ab4683eb/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
----------------------------------------------------------------------
diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
index 5aba0e9..d9efe1a 100644
--- a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
+++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
@@ -88,7 +88,7 @@ public class UserGroupSyncConfig {
private static final String LGSYNC_LDAP_BIND_DN = "ranger.usersync.ldap.binddn";
- private static final String LGSYNC_LDAP_BIND_KEYSTORE = "ranger.usersync.ldap.bindkeystore";
+ private static final String LGSYNC_LDAP_BIND_KEYSTORE = "ranger.usersync.credstore.filename";
private static final String LGSYNC_LDAP_BIND_ALIAS = "ranger.usersync.ldap.bindalias";
@@ -422,18 +422,17 @@ public class UserGroupSyncConfig {
if (prop == null) {
return null;
}
- if(prop.containsKey(LGSYNC_LDAP_BIND_KEYSTORE) && prop.containsKey(LGSYNC_LDAP_BIND_ALIAS)){
+ if(prop.containsKey(LGSYNC_LDAP_BIND_KEYSTORE)){
String path=prop.getProperty(LGSYNC_LDAP_BIND_KEYSTORE);
- String alias=prop.getProperty(LGSYNC_LDAP_BIND_ALIAS);
+ String alias=LGSYNC_LDAP_BIND_ALIAS;
if(path!=null && alias!=null){
if(!path.trim().isEmpty() && !alias.trim().isEmpty()){
String password=CredentialReader.getDecryptedString(path.trim(),alias.trim());
if(password!=null&& !password.trim().isEmpty() && !password.trim().equalsIgnoreCase("none")){
prop.setProperty(LGSYNC_LDAP_BIND_PASSWORD,password);
- //System.out.println("Password IS :"+password);
}
}
- }
+ }
}
return prop.getProperty(LGSYNC_LDAP_BIND_PASSWORD);
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ab4683eb/unixauthservice/scripts/setup.py
----------------------------------------------------------------------
diff --git a/unixauthservice/scripts/setup.py b/unixauthservice/scripts/setup.py
index e45ea63..5ba50d3 100755
--- a/unixauthservice/scripts/setup.py
+++ b/unixauthservice/scripts/setup.py
@@ -141,8 +141,12 @@ def getPropertiesKeyList(configFileName):
def writeXMLUsingProperties(xmlTemplateFileName,prop,xmlOutputFileName):
tree = ET.parse(xmlTemplateFileName)
root = tree.getroot()
+ prop_arr =["ranger.usersync.ldap.ldapbindpassword", "ranger.usersync.keystore.password","ranger.usersync.truststore.password","ranger.usersync.policymgr"]
for config in root.findall('property'):
name = config.find('name').text
+ if name in prop_arr:
+ config.find('value').text = "_"
+ continue
if (name in prop.keys()):
config.find('value').text = str(prop[name])
#else:
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ab4683eb/unixauthservice/scripts/updatepolicymgrpassword.py
----------------------------------------------------------------------
diff --git a/unixauthservice/scripts/updatepolicymgrpassword.py b/unixauthservice/scripts/updatepolicymgrpassword.py
index b07458b..92c4805 100644
--- a/unixauthservice/scripts/updatepolicymgrpassword.py
+++ b/unixauthservice/scripts/updatepolicymgrpassword.py
@@ -23,6 +23,8 @@ import platform
import fileinput
import getpass
import shutil
+from xml.etree import ElementTree as ET
+import update_property
from os.path import basename
from subprocess import Popen,PIPE
from datetime import date
@@ -52,75 +54,37 @@ def log(msg,type):
if type == 'error':
logging.error(" %s",msg)
-def populate_global_dict():
- global globalDict
- read_config_file = open(os.path.join(os.getcwd(),'install.properties'))
- for each_line in read_config_file.read().split('\n') :
- if len(each_line) == 0 : continue
- if re.search('=', each_line):
- key , value = each_line.strip().split("=",1)
- key = key.strip()
- value = value.strip()
- globalDict[key] = value
-
-def ModConfig(File, Variable, Setting):
- """
- Modify Config file variable with new setting
- """
- VarFound = False
- AlreadySet = False
- V=str(Variable)
- S=str(Setting)
- # use quotes if setting has spaces #
- if ' ' in S:
- S = '"%s"' % S
-
- for line in fileinput.input(File, inplace = 1):
- # process lines that look like config settings #
- if not line.lstrip(' ').startswith('#') and '=' in line:
- _infile_var = str(line.split('=')[0].rstrip(' '))
- _infile_set = str(line.split('=')[1].lstrip(' ').rstrip())
- # only change the first matching occurrence #
- if VarFound == False and _infile_var.rstrip(' ') == V:
- VarFound = True
- # don't change it if it is already set #
- if _infile_set.lstrip(' ') == S:
- AlreadySet = True
- else:
- line = "%s = %s\n" % (V, S)
-
- sys.stdout.write(line)
-
- # Append the variable if it wasn't found #
- if not VarFound:
- print "property '%s' not found. Adding it to %s" % (V, File)
- with open(File, "a") as f:
- f.write("%s = %s\n" % (V, S))
- elif AlreadySet == True:
- print "property '%s' unchanged" % (V)
+def import_properties_from_xml(xml_path, properties_from_xml=None):
+ print('getting values from file : ' + str(xml_path))
+ if os.path.isfile(xml_path):
+ xml = ET.parse(xml_path)
+ root = xml.getroot()
+ if properties_from_xml is None:
+ properties_from_xml = dict()
+ for child in root.findall('property'):
+ name = child.find("name").text.strip()
+ value = child.find("value").text.strip() if child.find("value").text is not None else ""
+ properties_from_xml[name] = value
else:
- print "property '%s' modified to '%s'" % (V, S)
+ print('XML file not found at path : ' + str(xml_path))
+ return properties_from_xml
- return
def main():
-
+ global globalDict
FORMAT = '%(asctime)-15s %(message)s'
logging.basicConfig(format=FORMAT, level=logging.DEBUG)
- populate_global_dict()
- SYNC_LDAP_BIND_KEYSTOREPATH=globalDict['CRED_KEYSTORE_FILENAME']
- SYNC_POLICY_MGR_ALIAS="policymgr.user.password"
- SYNC_POLICY_MGR_PASSWORD = ''
- SYNC_POLICY_MGR_USERNAME = ''
- JAVA_BIN = ''
- unix_user = "ranger"
- unix_group = "ranger"
+ CFG_FILE=os.path.join(os.getcwd(),'conf','ranger-ugsync-site.xml')
+ if os.path.isfile(CFG_FILE):
+ pass
+ else:
+ log("[E] Required file not found: ["+CFG_FILE+"]","error")
+ sys.exit(1)
if os.environ['JAVA_HOME'] == "":
log("[E] ---------- JAVA_HOME environment property not defined, aborting installation. ----------", "error")
sys.exit(1)
-
JAVA_BIN=os.path.join(os.environ['JAVA_HOME'],'bin','java')
if os_name == "WINDOWS" :
JAVA_BIN = JAVA_BIN+'.exe'
@@ -130,9 +94,17 @@ def main():
while os.path.isfile(JAVA_BIN) == False:
log("Enter java executable path: :","info")
JAVA_BIN=raw_input()
-
log("[I] Using Java:" + str(JAVA_BIN),"info")
+ globalDict=import_properties_from_xml(CFG_FILE,globalDict)
+ SYNC_LDAP_BIND_KEYSTOREPATH=globalDict['ranger.usersync.credstore.filename']
+ log("[I] SYNC_LDAP_BIND_KEYSTOREPATH:" + str(SYNC_LDAP_BIND_KEYSTOREPATH),"info")
+ SYNC_POLICY_MGR_ALIAS="ranger.usersync.policymgr.password"
+ SYNC_POLICY_MGR_PASSWORD = ''
+ SYNC_POLICY_MGR_USERNAME = ''
+ unix_user = "ranger"
+ unix_group = "ranger"
+
while SYNC_POLICY_MGR_USERNAME == "":
print "Enter policymgr user name:"
SYNC_POLICY_MGR_USERNAME=raw_input()
@@ -148,18 +120,12 @@ def main():
cmd="chown %s:%s %s" %(unix_user,unix_group,SYNC_LDAP_BIND_KEYSTOREPATH)
ret=subprocess.call(shlex.split(cmd))
if ret == 0:
- CFG_FILE=os.path.join(os.getcwd(),'conf','unixauthservice.properties')
- NEW_CFG_FILE=os.path.join(os.getcwd(),'conf','unixauthservice.properties.tmp')
if os.path.isfile(CFG_FILE):
- shutil.copyfile(CFG_FILE, NEW_CFG_FILE)
- ModConfig(NEW_CFG_FILE, "userSync.policyMgrUserName", SYNC_POLICY_MGR_USERNAME)
- ModConfig(NEW_CFG_FILE, "userSync.policyMgrKeystore", SYNC_LDAP_BIND_KEYSTOREPATH)
- ModConfig(NEW_CFG_FILE, "userSync.policyMgrAlias", SYNC_POLICY_MGR_ALIAS)
- now = datetime.now()
- shutil.copyfile(CFG_FILE, CFG_FILE+"."+now.strftime('%Y%m%d%H%M%S'))
- shutil.copyfile(NEW_CFG_FILE,CFG_FILE)
+ update_property.write_properties_to_xml(CFG_FILE,"ranger.usersync.policymgr.username",SYNC_POLICY_MGR_USERNAME)
+ update_property.write_properties_to_xml(CFG_FILE,"ranger.usersync.policymgr.keystore",SYNC_LDAP_BIND_KEYSTOREPATH)
+ update_property.write_properties_to_xml(CFG_FILE,"ranger.usersync.policymgr.alias",SYNC_POLICY_MGR_ALIAS)
else:
- log("[E] Required file not found: ["+CFG_FILE+"]","error")
+ log("[E] Required file not found: ["+CFG_FILE+"]","error")
else:
log("[E] unable to execute command ["+cmd+"]","error")
else:
@@ -167,5 +133,4 @@ def main():
else:
log("[E] Input Error","error")
-
main()
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ab4683eb/unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java
----------------------------------------------------------------------
diff --git a/unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java b/unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java
index ff2838f..16e7324 100644
--- a/unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java
+++ b/unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java
@@ -184,7 +184,7 @@ public class UnixAuthenticationService {
.item(0).getTextContent().trim();
}
- LOG.info("Adding Property:[" + propertyName + "] Value:["+ propertyValue + "]");
+ //LOG.info("Adding Property:[" + propertyName + "] Value:["+ propertyValue + "]");
if (prop.get(propertyName) != null ) {
prop.remove(propertyName) ;
}