You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by sn...@apache.org on 2015/05/31 17:03:48 UTC

[08/12] incubator-ranger git commit: RANGER-506:Update password script should update the right config file

RANGER-506:Update password script should update the right config file

Signed-off-by: sneethiraj <sn...@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/ab4683eb
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/ab4683eb
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/ab4683eb

Branch: refs/heads/ranger-0.5
Commit: ab4683eb1fa325494b36b516ef2d80a2962f4548
Parents: 94ba6be
Author: Gautam Borad <gb...@gmail.com>
Authored: Sat May 30 17:44:37 2015 +0530
Committer: sneethiraj <sn...@apache.org>
Committed: Sat May 30 23:15:04 2015 -0400

----------------------------------------------------------------------
 .../resources/conf.dist/ranger-admin-site.xml   |   2 +-
 .../process/PolicyMgrUserGroupBuilder.java      |   4 +
 .../config/UserGroupSyncConfig.java             |   9 +-
 unixauthservice/scripts/setup.py                |   4 +
 .../scripts/updatepolicymgrpassword.py          | 105 +++++++------------
 .../UnixAuthenticationService.java              |   2 +-
 6 files changed, 49 insertions(+), 77 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ab4683eb/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml b/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
index 2660e19..822a507 100644
--- a/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
+++ b/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
@@ -180,7 +180,7 @@
 
 	<property>
 		<name>ranger.service.https.attrib.keystore.pass</name>
-		<value>ranger</value>
+		<value>_</value>
 	</property>
 
 	<property>

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ab4683eb/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/PolicyMgrUserGroupBuilder.java
----------------------------------------------------------------------
diff --git a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/PolicyMgrUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/PolicyMgrUserGroupBuilder.java
index 2013f1c..c99f7a0 100644
--- a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/PolicyMgrUserGroupBuilder.java
+++ b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/PolicyMgrUserGroupBuilder.java
@@ -673,6 +673,10 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink {
 		if(ret!=null){
 			 String username = config.getPolicyMgrUserName();
 			 String password = config.getPolicyMgrPassword();
+			 if(username==null||password==null||username.trim().isEmpty()||password.trim().isEmpty()){
+				 username=config.getDefaultPolicyMgrUserName();
+				 password=config.getDefaultPolicyMgrPassword();
+			 }
 			 if(username!=null && password!=null){
 				 ret.addFilter(new HTTPBasicAuthFilter(username, password));
 			 }

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ab4683eb/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
----------------------------------------------------------------------
diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
index 5aba0e9..d9efe1a 100644
--- a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
+++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
@@ -88,7 +88,7 @@ public class UserGroupSyncConfig  {
 	
 	private static final String LGSYNC_LDAP_BIND_DN = "ranger.usersync.ldap.binddn";
 	
-	private static final String LGSYNC_LDAP_BIND_KEYSTORE = "ranger.usersync.ldap.bindkeystore";
+	private static final String LGSYNC_LDAP_BIND_KEYSTORE = "ranger.usersync.credstore.filename";
 	
 	private static final String LGSYNC_LDAP_BIND_ALIAS = "ranger.usersync.ldap.bindalias";
 	
@@ -422,18 +422,17 @@ public class UserGroupSyncConfig  {
 		if (prop == null) {
 			return null;
 		}
-		if(prop.containsKey(LGSYNC_LDAP_BIND_KEYSTORE) &&  prop.containsKey(LGSYNC_LDAP_BIND_ALIAS)){
+		if(prop.containsKey(LGSYNC_LDAP_BIND_KEYSTORE)){
 			String path=prop.getProperty(LGSYNC_LDAP_BIND_KEYSTORE);
-			String alias=prop.getProperty(LGSYNC_LDAP_BIND_ALIAS);
+			String alias=LGSYNC_LDAP_BIND_ALIAS;
 			if(path!=null && alias!=null){
 				if(!path.trim().isEmpty() && !alias.trim().isEmpty()){
 					String password=CredentialReader.getDecryptedString(path.trim(),alias.trim());
 					if(password!=null&& !password.trim().isEmpty() && !password.trim().equalsIgnoreCase("none")){
 						prop.setProperty(LGSYNC_LDAP_BIND_PASSWORD,password);
-						//System.out.println("Password IS :"+password);
 					}
 				}
-			}		
+			}
 		}
 		return prop.getProperty(LGSYNC_LDAP_BIND_PASSWORD);
 	}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ab4683eb/unixauthservice/scripts/setup.py
----------------------------------------------------------------------
diff --git a/unixauthservice/scripts/setup.py b/unixauthservice/scripts/setup.py
index e45ea63..5ba50d3 100755
--- a/unixauthservice/scripts/setup.py
+++ b/unixauthservice/scripts/setup.py
@@ -141,8 +141,12 @@ def getPropertiesKeyList(configFileName):
 def writeXMLUsingProperties(xmlTemplateFileName,prop,xmlOutputFileName):
     tree = ET.parse(xmlTemplateFileName)
     root = tree.getroot()
+    prop_arr =["ranger.usersync.ldap.ldapbindpassword", "ranger.usersync.keystore.password","ranger.usersync.truststore.password","ranger.usersync.policymgr"]
     for config in root.findall('property'):
         name = config.find('name').text
+        if name in prop_arr:
+            config.find('value').text = "_"
+            continue
         if (name in prop.keys()):
             config.find('value').text = str(prop[name])
         #else:

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ab4683eb/unixauthservice/scripts/updatepolicymgrpassword.py
----------------------------------------------------------------------
diff --git a/unixauthservice/scripts/updatepolicymgrpassword.py b/unixauthservice/scripts/updatepolicymgrpassword.py
index b07458b..92c4805 100644
--- a/unixauthservice/scripts/updatepolicymgrpassword.py
+++ b/unixauthservice/scripts/updatepolicymgrpassword.py
@@ -23,6 +23,8 @@ import platform
 import fileinput
 import getpass
 import shutil
+from xml.etree import ElementTree as ET
+import update_property
 from os.path import basename
 from subprocess import Popen,PIPE
 from datetime import date
@@ -52,75 +54,37 @@ def log(msg,type):
 	if type == 'error':
 		logging.error(" %s",msg)
 
-def populate_global_dict():
-	global globalDict
-	read_config_file = open(os.path.join(os.getcwd(),'install.properties'))
-	for each_line in read_config_file.read().split('\n') :
-		if len(each_line) == 0 : continue
-		if re.search('=', each_line):
-			key , value = each_line.strip().split("=",1)
-			key = key.strip()
-			value = value.strip()
-			globalDict[key] = value
-
-def ModConfig(File, Variable, Setting):
-	"""
-	Modify Config file variable with new setting
-	"""
-	VarFound = False
-	AlreadySet = False
-	V=str(Variable)
-	S=str(Setting)
-	# use quotes if setting has spaces #
-	if ' ' in S:
-		S = '"%s"' % S
-
-	for line in fileinput.input(File, inplace = 1):
-		# process lines that look like config settings #
-		if not line.lstrip(' ').startswith('#') and '=' in line:
-			_infile_var = str(line.split('=')[0].rstrip(' '))
-			_infile_set = str(line.split('=')[1].lstrip(' ').rstrip())
-			# only change the first matching occurrence #
-			if VarFound == False and _infile_var.rstrip(' ') == V:
-				VarFound = True
-				# don't change it if it is already set #
-				if _infile_set.lstrip(' ') == S:
-					AlreadySet = True
-				else:
-					line = "%s = %s\n" % (V, S)
-
-		sys.stdout.write(line)
-
-	# Append the variable if it wasn't found #
-	if not VarFound:
-		print "property '%s' not found.  Adding it to %s" % (V, File)
-		with open(File, "a") as f:
-			f.write("%s = %s\n" % (V, S))
-	elif AlreadySet == True:
-		print "property '%s' unchanged" % (V)
+def import_properties_from_xml(xml_path, properties_from_xml=None):
+	print('getting values from file : ' + str(xml_path))
+	if os.path.isfile(xml_path):
+		xml = ET.parse(xml_path)
+		root = xml.getroot()
+		if properties_from_xml is None:
+			properties_from_xml = dict()
+		for child in root.findall('property'):
+			name = child.find("name").text.strip()
+			value = child.find("value").text.strip() if child.find("value").text is not None  else ""
+			properties_from_xml[name] = value
 	else:
-		print "property '%s' modified to '%s'" % (V, S)
+		print('XML file not found at path : ' + str(xml_path))
+	return properties_from_xml
 
-	return
 
 def main():
-
+	global globalDict
 	FORMAT = '%(asctime)-15s %(message)s'
 	logging.basicConfig(format=FORMAT, level=logging.DEBUG)
-	populate_global_dict()
 
-	SYNC_LDAP_BIND_KEYSTOREPATH=globalDict['CRED_KEYSTORE_FILENAME']
-	SYNC_POLICY_MGR_ALIAS="policymgr.user.password"
-	SYNC_POLICY_MGR_PASSWORD = ''
-	SYNC_POLICY_MGR_USERNAME = ''
-	JAVA_BIN = ''
-	unix_user = "ranger"
-	unix_group = "ranger"
+	CFG_FILE=os.path.join(os.getcwd(),'conf','ranger-ugsync-site.xml')
+	if os.path.isfile(CFG_FILE):
+		pass
+	else:
+		log("[E] Required file not found: ["+CFG_FILE+"]","error")
+		sys.exit(1)
 
 	if os.environ['JAVA_HOME'] == "":
 		log("[E] ---------- JAVA_HOME environment property not defined, aborting installation. ----------", "error")
 		sys.exit(1)
-
 	JAVA_BIN=os.path.join(os.environ['JAVA_HOME'],'bin','java')
 	if os_name == "WINDOWS" :
 		JAVA_BIN = JAVA_BIN+'.exe'
@@ -130,9 +94,17 @@ def main():
 		while os.path.isfile(JAVA_BIN) == False:
 			log("Enter java executable path: :","info")
 			JAVA_BIN=raw_input()
-
 	log("[I] Using Java:" + str(JAVA_BIN),"info")
 
+	globalDict=import_properties_from_xml(CFG_FILE,globalDict)
+	SYNC_LDAP_BIND_KEYSTOREPATH=globalDict['ranger.usersync.credstore.filename']
+	log("[I] SYNC_LDAP_BIND_KEYSTOREPATH:" + str(SYNC_LDAP_BIND_KEYSTOREPATH),"info")
+	SYNC_POLICY_MGR_ALIAS="ranger.usersync.policymgr.password"
+	SYNC_POLICY_MGR_PASSWORD = ''
+	SYNC_POLICY_MGR_USERNAME = ''
+	unix_user = "ranger"
+	unix_group = "ranger"
+
 	while SYNC_POLICY_MGR_USERNAME == "":
 		print "Enter policymgr user name:"
 		SYNC_POLICY_MGR_USERNAME=raw_input()
@@ -148,18 +120,12 @@ def main():
 			cmd="chown %s:%s %s" %(unix_user,unix_group,SYNC_LDAP_BIND_KEYSTOREPATH)
 			ret=subprocess.call(shlex.split(cmd))
 			if ret == 0:
-				CFG_FILE=os.path.join(os.getcwd(),'conf','unixauthservice.properties')
-				NEW_CFG_FILE=os.path.join(os.getcwd(),'conf','unixauthservice.properties.tmp')
 				if os.path.isfile(CFG_FILE):
-					shutil.copyfile(CFG_FILE, NEW_CFG_FILE)
-					ModConfig(NEW_CFG_FILE, "userSync.policyMgrUserName", SYNC_POLICY_MGR_USERNAME)
-					ModConfig(NEW_CFG_FILE, "userSync.policyMgrKeystore", SYNC_LDAP_BIND_KEYSTOREPATH)
-					ModConfig(NEW_CFG_FILE, "userSync.policyMgrAlias", SYNC_POLICY_MGR_ALIAS)
-					now = datetime.now()
-					shutil.copyfile(CFG_FILE, CFG_FILE+"."+now.strftime('%Y%m%d%H%M%S'))
-					shutil.copyfile(NEW_CFG_FILE,CFG_FILE)
+					update_property.write_properties_to_xml(CFG_FILE,"ranger.usersync.policymgr.username",SYNC_POLICY_MGR_USERNAME)
+					update_property.write_properties_to_xml(CFG_FILE,"ranger.usersync.policymgr.keystore",SYNC_LDAP_BIND_KEYSTOREPATH)
+					update_property.write_properties_to_xml(CFG_FILE,"ranger.usersync.policymgr.alias",SYNC_POLICY_MGR_ALIAS)
 				else:
-					log("[E] Required file not found: ["+CFG_FILE+"]","error")				
+					log("[E] Required file not found: ["+CFG_FILE+"]","error")
 			else:
 				log("[E] unable to execute command ["+cmd+"]","error")
 		else:
@@ -167,5 +133,4 @@ def main():
 	else:
 		log("[E] Input Error","error")
 
-
 main()

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ab4683eb/unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java
----------------------------------------------------------------------
diff --git a/unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java b/unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java
index ff2838f..16e7324 100644
--- a/unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java
+++ b/unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java
@@ -184,7 +184,7 @@ public class UnixAuthenticationService {
 										.item(0).getTextContent().trim();
 							}
 	
-							LOG.info("Adding Property:[" + propertyName + "] Value:["+ propertyValue + "]");
+							//LOG.info("Adding Property:[" + propertyName + "] Value:["+ propertyValue + "]");
 							if (prop.get(propertyName) != null ) {
 								prop.remove(propertyName) ;
 	 						}