You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by sn...@apache.org on 2014/09/19 05:54:07 UTC
[2/2] git commit: ARGUS-69:Support Oracle database for storing policy
and audit information
ARGUS-69:Support Oracle database for storing policy and audit information
Signed-off-by: sneethiraj <sn...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/a0a18007
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/a0a18007
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/a0a18007
Branch: refs/heads/master
Commit: a0a18007f123c156f4e973eee0dd6543c13f52e0
Parents: 9660b4e
Author: vperiasamy <vp...@hortonworks.com>
Authored: Thu Sep 18 23:34:01 2014 -0400
Committer: sneethiraj <sn...@apache.org>
Committed: Thu Sep 18 23:53:28 2014 -0400
----------------------------------------------------------------------
.../xasecure/audit/entity/XXBaseAuditEvent.java | 4 +-
hbase-agent/conf/xasecure-audit-changes.cfg | 7 +-
hbase-agent/scripts/install.properties | 24 +-
hbase-agent/scripts/install.sh | 61 +-
hdfs-agent/conf/xasecure-audit-changes.cfg | 3 +-
hdfs-agent/scripts/install.properties | 24 +-
hdfs-agent/scripts/install.sh | 60 +-
hive-agent/conf/xasecure-audit-changes.cfg | 5 +-
hive-agent/scripts/install.properties | 25 +
hive-agent/scripts/install.sh | 54 ++
knox-agent/conf/xasecure-audit-changes.cfg | 5 +-
knox-agent/scripts/install.properties | 24 +-
knox-agent/scripts/install.sh | 64 +-
.../db/oracle/create_dbversion_catalog.sql | 10 +
.../db/oracle/patches/001-groupsource.sql | 14 +
.../db/oracle/patches/002-policyname.sql | 14 +
.../db/oracle/patches/003-knoxrepo.sql | 34 +
.../patches/006-createdefaultpublicgroup.sql | 14 +
security-admin/db/oracle/xa_audit_db_oracle.sql | 88 ++
security-admin/db/oracle/xa_core_db_oracle.sql | 563 +++++++++++++
security-admin/pom.xml | 6 +-
security-admin/scripts/install.properties | 41 +-
security-admin/scripts/install.sh | 820 ++++++++++++++-----
.../java/com/xasecure/common/SearchUtil.java | 4 +-
.../main/java/com/xasecure/db/XXGroupDao.java | 2 +-
.../java/com/xasecure/db/XXPortalUserDao.java | 4 +-
.../main/java/com/xasecure/db/XXUserDao.java | 2 +-
.../java/com/xasecure/entity/XXAccessAudit.java | 14 +-
.../main/java/com/xasecure/entity/XXAsset.java | 14 +-
.../java/com/xasecure/entity/XXAuditMap.java | 14 +
.../java/com/xasecure/entity/XXAuthSession.java | 14 +
.../com/xasecure/entity/XXCredentialStore.java | 14 +-
.../main/java/com/xasecure/entity/XXDBBase.java | 22 +-
.../main/java/com/xasecure/entity/XXGroup.java | 15 +-
.../java/com/xasecure/entity/XXGroupGroup.java | 15 +-
.../java/com/xasecure/entity/XXGroupUser.java | 14 +
.../java/com/xasecure/entity/XXPermMap.java | 14 +
.../xasecure/entity/XXPolicyExportAudit.java | 14 +
.../java/com/xasecure/entity/XXPortalUser.java | 17 +-
.../com/xasecure/entity/XXPortalUserRole.java | 14 +-
.../java/com/xasecure/entity/XXResource.java | 14 +-
.../main/java/com/xasecure/entity/XXTrxLog.java | 15 +-
.../main/java/com/xasecure/entity/XXUser.java | 14 +-
.../com/xasecure/entity/view/VXXTrxLog.java | 3 +-
.../main/java/com/xasecure/rest/AssetREST.java | 2 +-
.../service/AbstractBaseResourceService.java | 3 +-
storm-agent/conf/xasecure-audit-changes.cfg | 3 +-
storm-agent/scripts/install.properties | 23 +-
storm-agent/scripts/install.sh | 63 +-
49 files changed, 2006 insertions(+), 305 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/agents-audit/src/main/java/com/xasecure/audit/entity/XXBaseAuditEvent.java
----------------------------------------------------------------------
diff --git a/agents-audit/src/main/java/com/xasecure/audit/entity/XXBaseAuditEvent.java b/agents-audit/src/main/java/com/xasecure/audit/entity/XXBaseAuditEvent.java
index a0691bb..aca6963 100644
--- a/agents-audit/src/main/java/com/xasecure/audit/entity/XXBaseAuditEvent.java
+++ b/agents-audit/src/main/java/com/xasecure/audit/entity/XXBaseAuditEvent.java
@@ -30,6 +30,7 @@ import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Inheritance;
+import javax.persistence.SequenceGenerator;
import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;
@@ -86,7 +87,8 @@ public class XXBaseAuditEvent implements Serializable {
}
@Id
- @GeneratedValue(strategy = GenerationType.IDENTITY)
+ @SequenceGenerator(name="XA_ACCESS_AUDIT_SEQ",sequenceName="XA_ACCESS_AUDIT_SEQ",allocationSize=1)
+ @GeneratedValue(strategy=GenerationType.AUTO,generator="XA_ACCESS_AUDIT_SEQ")
@Column(name = "id", unique = true, nullable = false)
public long getAuditId() {
return this.auditId;
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/hbase-agent/conf/xasecure-audit-changes.cfg
----------------------------------------------------------------------
diff --git a/hbase-agent/conf/xasecure-audit-changes.cfg b/hbase-agent/conf/xasecure-audit-changes.cfg
index e3d05f0..dd4b70b 100644
--- a/hbase-agent/conf/xasecure-audit-changes.cfg
+++ b/hbase-agent/conf/xasecure-audit-changes.cfg
@@ -1,5 +1,6 @@
-xasecure.audit.jpa.javax.persistence.jdbc.url jdbc:mysql://%XAAUDIT.DB.HOSTNAME%/%XAAUDIT.DB.DATABASE_NAME% mod create-if-not-exists
+xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT.DB.JDBC_URL% mod create-if-not-exists
xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists
-xasecure.audit.repository.name %REPOSITORY_NAME% mod create-if-not-exists
+xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists
+xasecure.audit.repository.name %REPOSITORY_NAME% mod create-if-not-exists
xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists
+xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT.DB.JDBC_DRIVER% mod create-if-not-exists
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/hbase-agent/scripts/install.properties
----------------------------------------------------------------------
diff --git a/hbase-agent/scripts/install.properties b/hbase-agent/scripts/install.properties
index 2aaf56a..fa963ec 100644
--- a/hbase-agent/scripts/install.properties
+++ b/hbase-agent/scripts/install.properties
@@ -8,10 +8,17 @@
POLICY_MGR_URL=
+# Example:
+# XAAUDIT.DB.FLAVOUR=MYSQL
+# XAAUDIT.DB.FLAVOUR=ORACLE
+XAAUDIT.DB.FLAVOUR=MYSQL
+
#
-# Location of mysql client library (please check the location of the jar file)
+# Location of db client library (please check the location of the jar file)
#
-MYSQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
+#SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
+#SQL_CONNECTOR_JAR=/usr/share/java/ojdbc6.jar
+SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
#
# This is the repository name created within policy manager
@@ -85,3 +92,16 @@ SSL_TRUSTSTORE_PASSWORD=changeit
# UPDATE_XAPOLICIES_ON_GRANT_REVOKE=false
#
UPDATE_XAPOLICIES_ON_GRANT_REVOKE=true
+
+#
+# do not change value of below given properties as value will be assigned by system based on above settings.
+# Example:
+# MySQL:
+# XAAUDIT.DB.JDBC_URL=jdbc:mysql://localhost:3306/xasecure
+# XAAUDIT.DB.JDBC_DRIVER=com.mysql.jdbc.Driver
+# Oracle:
+# XAAUDIT.DB.JDBC_URL=jdbc:oracle:thin:@//127.0.0.1:1521/XE
+# XAAUDIT.DB.JDBC_DRIVER=oracle.jdbc.OracleDriver
+
+XAAUDIT.DB.JDBC_URL=jdbc:mysql://localhost:3306/xasecure
+XAAUDIT.DB.JDBC_DRIVER=com.mysql.jdbc.Driver
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/hbase-agent/scripts/install.sh
----------------------------------------------------------------------
diff --git a/hbase-agent/scripts/install.sh b/hbase-agent/scripts/install.sh
index cc34922..d0d7f1d 100644
--- a/hbase-agent/scripts/install.sh
+++ b/hbase-agent/scripts/install.sh
@@ -19,6 +19,17 @@ then
fi
}
+#Update Properties to File
+#$1 -> propertyName $2 -> newPropertyValue $3 -> fileName
+updatePropertyToFile(){
+ sed -i 's@^'$1'=[^ ]*$@'$1'='$2'@g' $3
+ #validate=`sed -i 's/^'$1'=[^ ]*$/'$1'='$2'/g' $3` #for validation
+ validate=$(sed '/^\#/d' $3 | grep "^$1" | tail -n 1 | cut -d "=" -f2-) # for validation
+ #echo 'V1:'$validate
+ if test -z "$validate" ; then echo "[E] '$1' not found in $3 file while Updating....!!"; exit 1; fi
+ echo "[I] File $3 Updated successfully : {'$1'}"
+}
+
hbase_dir=/usr/lib/hbase
hbase_lib_dir=${hbase_dir}/lib
hbase_conf_dir=/etc/hbase/conf
@@ -51,16 +62,16 @@ install_dir=`dirname $0`
#echo "Current Install Directory: [${install_dir}]"
-#verify mysql-connector path is valid
-MYSQL_CONNECTOR_JAR=`grep '^MYSQL_CONNECTOR_JAR' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
-echo "[I] Checking MYSQL CONNECTOR FILE : $MYSQL_CONNECTOR_JAR"
-if test -f "$MYSQL_CONNECTOR_JAR"; then
- echo "[I] MYSQL CONNECTOR FILE : $MYSQL_CONNECTOR_JAR file found"
+#verify sql-connector path is valid
+SQL_CONNECTOR_JAR=`grep '^SQL_CONNECTOR_JAR' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+echo "[I] Checking SQL CONNECTOR FILE : $SQL_CONNECTOR_JAR"
+if test -f "$SQL_CONNECTOR_JAR"; then
+ echo "[I] SQL CONNECTOR FILE : $SQL_CONNECTOR_JAR file found"
else
- echo "[E] MYSQL CONNECTOR FILE : $MYSQL_CONNECTOR_JAR does not exists" ; exit 1;
+ echo "[E] SQL CONNECTOR FILE : $SQL_CONNECTOR_JAR does not exists" ; exit 1;
fi
-#copying mysql connector jar file to lib directory
-cp $MYSQL_CONNECTOR_JAR ${install_dir}/lib
+#copying sql connector jar file to lib directory
+cp $SQL_CONNECTOR_JAR ${install_dir}/lib
#
@@ -226,6 +237,40 @@ create_jceks ${ssltruststoreAlias} ${ssltruststoreCred} ${CredFile}
chown ${CONFIG_FILE_OWNER} ${CredFile}
PROP_ARGS="-p ${install_dir}/install.properties"
+to_file="${install_dir}/install.properties"
+DB_FLAVOR=`grep '^XAAUDIT.DB.FLAVOUR' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+DB_FLAVOR=`echo $DB_FLAVOR | tr '[:lower:]' '[:upper:]'`
+if [ "${DB_FLAVOR}" == "" ]
+then
+ $DB_FLAVOR="MYSQL"
+fi
+echo "[I] Updating install.properites setting for : $DB_FLAVOR"
+
+if [ "${DB_FLAVOR}" == "MYSQL" ]
+then
+ audit_db_hostname=`grep '^XAAUDIT.DB.HOSTNAME' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+ audit_db_name=`grep '^XAAUDIT.DB.DATABASE_NAME' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+ propertyName=XAAUDIT.DB.JDBC_URL
+ newPropertyValue="jdbc:mysql://${audit_db_hostname}/${audit_db_name}"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+
+ propertyName=XAAUDIT.DB.JDBC_DRIVER
+ newPropertyValue="com.mysql.jdbc.Driver"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+fi
+
+if [ "${DB_FLAVOR}" == "ORACLE" ]
+then
+ audit_db_hostname=`grep '^XAAUDIT.DB.HOSTNAME' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+ propertyName=XAAUDIT.DB.JDBC_URL
+ newPropertyValue="jdbc:oracle:thin:\@//${audit_db_hostname}"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+
+ propertyName=XAAUDIT.DB.JDBC_DRIVER
+ newPropertyValue="oracle.jdbc.OracleDriver"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+fi
+
for f in ${install_dir}/installer/conf/*-changes.cfg
do
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/hdfs-agent/conf/xasecure-audit-changes.cfg
----------------------------------------------------------------------
diff --git a/hdfs-agent/conf/xasecure-audit-changes.cfg b/hdfs-agent/conf/xasecure-audit-changes.cfg
index dc873d5..dd4b70b 100644
--- a/hdfs-agent/conf/xasecure-audit-changes.cfg
+++ b/hdfs-agent/conf/xasecure-audit-changes.cfg
@@ -1,5 +1,6 @@
-xasecure.audit.jpa.javax.persistence.jdbc.url jdbc:mysql://%XAAUDIT.DB.HOSTNAME%/%XAAUDIT.DB.DATABASE_NAME% mod create-if-not-exists
+xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT.DB.JDBC_URL% mod create-if-not-exists
xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists
xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists
xasecure.audit.repository.name %REPOSITORY_NAME% mod create-if-not-exists
xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists
+xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT.DB.JDBC_DRIVER% mod create-if-not-exists
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/hdfs-agent/scripts/install.properties
----------------------------------------------------------------------
diff --git a/hdfs-agent/scripts/install.properties b/hdfs-agent/scripts/install.properties
index b622abe..07f181a 100644
--- a/hdfs-agent/scripts/install.properties
+++ b/hdfs-agent/scripts/install.properties
@@ -8,10 +8,17 @@
POLICY_MGR_URL=
+# Example:
+# XAAUDIT.DB.FLAVOUR=MYSQL
+# XAAUDIT.DB.FLAVOUR=ORACLE
+XAAUDIT.DB.FLAVOUR=MYSQL
+
#
-# Location of mysql client library (please check the location of the jar file)
+# Location of db client library (please check the location of the jar file)
#
-MYSQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
+#SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
+#SQL_CONNECTOR_JAR=/usr/share/java/ojdbc6.jar
+SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
#
# This is the repository name created within policy manager
@@ -78,3 +85,16 @@ SSL_KEYSTORE_FILE_PATH=agentKey.jks
SSL_KEYSTORE_PASSWORD=myKeyFilePassword
SSL_TRUSTSTORE_FILE_PATH=cacert
SSL_TRUSTSTORE_PASSWORD=changeit
+
+#
+# do not change value of below given properties as value will be assigned by system based on above settings.
+# Example:
+# MySQL:
+# XAAUDIT.DB.JDBC_URL=jdbc:mysql://localhost:3306/xasecure
+# XAAUDIT.DB.JDBC_DRIVER=com.mysql.jdbc.Driver
+# Oracle:
+# XAAUDIT.DB.JDBC_URL=jdbc:oracle:thin:@//127.0.0.1:1521/XE
+# XAAUDIT.DB.JDBC_DRIVER=oracle.jdbc.OracleDriver
+
+XAAUDIT.DB.JDBC_URL=jdbc:mysql://localhost:3306/xasecure
+XAAUDIT.DB.JDBC_DRIVER=com.mysql.jdbc.Driver
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/hdfs-agent/scripts/install.sh
----------------------------------------------------------------------
diff --git a/hdfs-agent/scripts/install.sh b/hdfs-agent/scripts/install.sh
index e8649c5..6d60a4f 100644
--- a/hdfs-agent/scripts/install.sh
+++ b/hdfs-agent/scripts/install.sh
@@ -18,6 +18,17 @@ then
fi
}
+#Update Properties to File
+#$1 -> propertyName $2 -> newPropertyValue $3 -> fileName
+updatePropertyToFile(){
+ sed -i 's@^'$1'=[^ ]*$@'$1'='$2'@g' $3
+ #validate=`sed -i 's/^'$1'=[^ ]*$/'$1'='$2'/g' $3` #for validation
+ validate=$(sed '/^\#/d' $3 | grep "^$1" | tail -n 1 | cut -d "=" -f2-) # for validation
+ #echo 'V1:'$validate
+ if test -z "$validate" ; then echo "[E] '$1' not found in $3 file while Updating....!!"; exit 1; fi
+ echo "[I] File $3 Updated successfully : {'$1'}"
+}
+
hdp_dir=/usr/lib/hadoop
hdp_lib_dir=/usr/lib/hadoop/lib
hdp_conf_dir=/etc/hadoop/conf
@@ -50,16 +61,16 @@ install_dir=`dirname $0`
[ "${install_dir}" = "." ] && install_dir=`pwd`
-#verify mysql-connector path is valid
-MYSQL_CONNECTOR_JAR=`grep '^MYSQL_CONNECTOR_JAR' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
-echo "[I] Checking MYSQL CONNECTOR FILE : $MYSQL_CONNECTOR_JAR"
-if test -f "$MYSQL_CONNECTOR_JAR"; then
- echo "[I] MYSQL CONNECTOR FILE : $MYSQL_CONNECTOR_JAR file found"
+#verify sql-connector path is valid
+SQL_CONNECTOR_JAR=`grep '^SQL_CONNECTOR_JAR' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+echo "[I] Checking SQL CONNECTOR FILE : $SQL_CONNECTOR_JAR"
+if test -f "$SQL_CONNECTOR_JAR"; then
+ echo "[I] SQL CONNECTOR FILE : $SQL_CONNECTOR_JAR file found"
else
- echo "[E] MYSQL CONNECTOR FILE : $MYSQL_CONNECTOR_JAR does not exists" ; exit 1;
+ echo "[E] SQL CONNECTOR FILE : $SQL_CONNECTOR_JAR does not exists" ; exit 1;
fi
-#copying mysql connector jar file to lib directory
-cp $MYSQL_CONNECTOR_JAR ${install_dir}/lib
+#copying sql connector jar file to lib directory
+cp $SQL_CONNECTOR_JAR ${install_dir}/lib
#echo "Current Install Directory: [${install_dir}]"
@@ -236,6 +247,39 @@ chown ${CONFIG_FILE_OWNER} ${CredFile}
# Modify the XML files needed to support the
#
PROP_ARGS="-p ${install_dir}/install.properties"
+to_file="${install_dir}/install.properties"
+DB_FLAVOR=`grep '^XAAUDIT.DB.FLAVOUR' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+DB_FLAVOR=`echo $DB_FLAVOR | tr '[:lower:]' '[:upper:]'`
+if [ "${DB_FLAVOR}" == "" ]
+then
+ $DB_FLAVOR="MYSQL"
+fi
+echo "[I] Updating install.properites setting for : $DB_FLAVOR"
+
+if [ "${DB_FLAVOR}" == "MYSQL" ]
+then
+ audit_db_hostname=`grep '^XAAUDIT.DB.HOSTNAME' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+ audit_db_name=`grep '^XAAUDIT.DB.DATABASE_NAME' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+ propertyName=XAAUDIT.DB.JDBC_URL
+ newPropertyValue="jdbc:mysql://${audit_db_hostname}/${audit_db_name}"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+
+ propertyName=XAAUDIT.DB.JDBC_DRIVER
+ newPropertyValue="com.mysql.jdbc.Driver"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+fi
+
+if [ "${DB_FLAVOR}" == "ORACLE" ]
+then
+ audit_db_hostname=`grep '^XAAUDIT.DB.HOSTNAME' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+ propertyName=XAAUDIT.DB.JDBC_URL
+ newPropertyValue="jdbc:oracle:thin:\@//${audit_db_hostname}"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+
+ propertyName=XAAUDIT.DB.JDBC_DRIVER
+ newPropertyValue="oracle.jdbc.OracleDriver"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+fi
for f in ${install_dir}/installer/conf/*-changes.cfg
do
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/hive-agent/conf/xasecure-audit-changes.cfg
----------------------------------------------------------------------
diff --git a/hive-agent/conf/xasecure-audit-changes.cfg b/hive-agent/conf/xasecure-audit-changes.cfg
index a8d053e..42ed849 100644
--- a/hive-agent/conf/xasecure-audit-changes.cfg
+++ b/hive-agent/conf/xasecure-audit-changes.cfg
@@ -1,5 +1,6 @@
-xasecure.audit.jpa.javax.persistence.jdbc.url jdbc:mysql://%XAAUDIT.DB.HOSTNAME%/%XAAUDIT.DB.DATABASE_NAME% mod create-if-not-exists
+xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT.DB.JDBC_URL% mod create-if-not-exists
xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists
+xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists
xasecure.audit.repository.name %REPOSITORY_NAME% mod create-if-not-exists
xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists
+xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT.DB.JDBC_DRIVER% mod create-if-not-exists
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/hive-agent/scripts/install.properties
----------------------------------------------------------------------
diff --git a/hive-agent/scripts/install.properties b/hive-agent/scripts/install.properties
index a9f8a50..1ef9c22 100644
--- a/hive-agent/scripts/install.properties
+++ b/hive-agent/scripts/install.properties
@@ -8,6 +8,18 @@
POLICY_MGR_URL=
+# Example:
+# XAAUDIT.DB.FLAVOUR=MYSQL
+# XAAUDIT.DB.FLAVOUR=ORACLE
+XAAUDIT.DB.FLAVOUR=MYSQL
+
+#
+# Location of db client library (please check the location of the jar file)
+#
+#SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
+#SQL_CONNECTOR_JAR=/usr/share/java/ojdbc6.jar
+SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
+
#
# This is the repository name created within policy manager
#
@@ -80,3 +92,16 @@ SSL_TRUSTSTORE_PASSWORD=changeit
# UPDATE_XAPOLICIES_ON_GRANT_REVOKE=false
#
UPDATE_XAPOLICIES_ON_GRANT_REVOKE=true
+
+#
+# do not change value of below given properties as value will be assigned by system based on above settings.
+# Example:
+# MySQL:
+# XAAUDIT.DB.JDBC_URL=jdbc:mysql://localhost:3306/xasecure
+# XAAUDIT.DB.JDBC_DRIVER=com.mysql.jdbc.Driver
+# Oracle:
+# XAAUDIT.DB.JDBC_URL=jdbc:oracle:thin:@//127.0.0.1:1521/XE
+# XAAUDIT.DB.JDBC_DRIVER=oracle.jdbc.OracleDriver
+
+XAAUDIT.DB.JDBC_URL=jdbc:mysql://localhost:3306/xasecure
+XAAUDIT.DB.JDBC_DRIVER=com.mysql.jdbc.Driver
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/hive-agent/scripts/install.sh
----------------------------------------------------------------------
diff --git a/hive-agent/scripts/install.sh b/hive-agent/scripts/install.sh
index da16618..755e2c2 100644
--- a/hive-agent/scripts/install.sh
+++ b/hive-agent/scripts/install.sh
@@ -18,6 +18,17 @@ then
fi
}
+#Update Properties to File
+#$1 -> propertyName $2 -> newPropertyValue $3 -> fileName
+updatePropertyToFile(){
+ sed -i 's@^'$1'=[^ ]*$@'$1'='$2'@g' $3
+ #validate=`sed -i 's/^'$1'=[^ ]*$/'$1'='$2'/g' $3` #for validation
+ validate=$(sed '/^\#/d' $3 | grep "^$1" | tail -n 1 | cut -d "=" -f2-) # for validation
+ #echo 'V1:'$validate
+ if test -z "$validate" ; then echo "[E] '$1' not found in $3 file while Updating....!!"; exit 1; fi
+ echo "[I] File $3 Updated successfully : {'$1'}"
+}
+
hive_dir=/usr/lib/hive
hive_lib_dir=${hive_dir}/lib
hive_conf_dir=/etc/hive/conf
@@ -62,6 +73,16 @@ install_dir=`dirname $0`
#echo "Current Install Directory: [${install_dir}]"
+#verify sql-connector path is valid
+SQL_CONNECTOR_JAR=`grep '^SQL_CONNECTOR_JAR' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+echo "[I] Checking SQL CONNECTOR FILE : $SQL_CONNECTOR_JAR"
+if test -f "$SQL_CONNECTOR_JAR"; then
+ echo "[I] SQL CONNECTOR FILE : $SQL_CONNECTOR_JAR file found"
+else
+ echo "[E] SQL CONNECTOR FILE : $SQL_CONNECTOR_JAR does not exists" ; exit 1;
+fi
+#copying sql connector jar file to lib directory
+cp $SQL_CONNECTOR_JAR ${install_dir}/lib
#
# --- Backup current configuration for backup - START
@@ -201,6 +222,39 @@ chown ${CONFIG_FILE_OWNER} ${CredFile}
PROP_ARGS="-p ${install_dir}/install.properties"
+to_file="${install_dir}/install.properties"
+DB_FLAVOR=`grep '^XAAUDIT.DB.FLAVOUR' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+DB_FLAVOR=`echo $DB_FLAVOR | tr '[:lower:]' '[:upper:]'`
+if [ "${DB_FLAVOR}" == "" ]
+then
+ $DB_FLAVOR="MYSQL"
+fi
+echo "[I] Updating install.properites setting for : $DB_FLAVOR"
+
+if [ "${DB_FLAVOR}" == "MYSQL" ]
+then
+ audit_db_hostname=`grep '^XAAUDIT.DB.HOSTNAME' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+ audit_db_name=`grep '^XAAUDIT.DB.DATABASE_NAME' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+ propertyName=XAAUDIT.DB.JDBC_URL
+ newPropertyValue="jdbc:mysql://${audit_db_hostname}/${audit_db_name}"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+
+ propertyName=XAAUDIT.DB.JDBC_DRIVER
+ newPropertyValue="com.mysql.jdbc.Driver"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+fi
+
+if [ "${DB_FLAVOR}" == "ORACLE" ]
+then
+ audit_db_hostname=`grep '^XAAUDIT.DB.HOSTNAME' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+ propertyName=XAAUDIT.DB.JDBC_URL
+ newPropertyValue="jdbc:oracle:thin:\@//${audit_db_hostname}"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+
+ propertyName=XAAUDIT.DB.JDBC_DRIVER
+ newPropertyValue="oracle.jdbc.OracleDriver"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+fi
for f in ${install_dir}/installer/conf/*-changes.cfg
do
if [ -f ${f} ]
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/knox-agent/conf/xasecure-audit-changes.cfg
----------------------------------------------------------------------
diff --git a/knox-agent/conf/xasecure-audit-changes.cfg b/knox-agent/conf/xasecure-audit-changes.cfg
index d788796..22a4da7 100644
--- a/knox-agent/conf/xasecure-audit-changes.cfg
+++ b/knox-agent/conf/xasecure-audit-changes.cfg
@@ -1,4 +1,5 @@
-xasecure.audit.jpa.javax.persistence.jdbc.url jdbc:mysql://%XAAUDIT.DB.HOSTNAME%/%XAAUDIT.DB.DATABASE_NAME% mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists
+xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT.DB.JDBC_URL% mod create-if-not-exists
+xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists
xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists
xasecure.audit.repository.name %REPOSITORY_NAME% mod create-if-not-exists
+xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT.DB.JDBC_DRIVER% mod create-if-not-exists
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/knox-agent/scripts/install.properties
----------------------------------------------------------------------
diff --git a/knox-agent/scripts/install.properties b/knox-agent/scripts/install.properties
index b7db025..f84168d 100644
--- a/knox-agent/scripts/install.properties
+++ b/knox-agent/scripts/install.properties
@@ -8,10 +8,17 @@
POLICY_MGR_URL=http://localhost:6080
+# Example:
+# XAAUDIT.DB.FLAVOUR=MYSQL
+# XAAUDIT.DB.FLAVOUR=ORACLE
+XAAUDIT.DB.FLAVOUR=MYSQL
+
#
-# Location of mysql client library (please check the location of the jar file)
+# Location of db client library (please check the location of the jar file)
#
-MYSQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
+#SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
+#SQL_CONNECTOR_JAR=/usr/share/java/ojdbc6.jar
+SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
#
# This is the repository name created within policy manager
@@ -71,3 +78,16 @@ SSL_KEYSTORE_FILE_PATH=agentKey.jks
SSL_KEYSTORE_PASSWORD=myKeyFilePassword
SSL_TRUSTSTORE_FILE_PATH=cacert
SSL_TRUSTSTORE_PASSWORD=changeit
+
+#
+# do not change value of below given properties as value will be assigned by system based on above settings.
+# Example:
+# MySQL:
+# XAAUDIT.DB.JDBC_URL=jdbc:mysql://localhost:3306/xasecure
+# XAAUDIT.DB.JDBC_DRIVER=com.mysql.jdbc.Driver
+# Oracle:
+# XAAUDIT.DB.JDBC_URL=jdbc:oracle:thin:@//127.0.0.1:1521/XE
+# XAAUDIT.DB.JDBC_DRIVER=oracle.jdbc.OracleDriver
+
+XAAUDIT.DB.JDBC_URL=jdbc:mysql://localhost:3306/xasecure
+XAAUDIT.DB.JDBC_DRIVER=com.mysql.jdbc.Driver
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/knox-agent/scripts/install.sh
----------------------------------------------------------------------
diff --git a/knox-agent/scripts/install.sh b/knox-agent/scripts/install.sh
index 9ae9213..db67ba3 100644
--- a/knox-agent/scripts/install.sh
+++ b/knox-agent/scripts/install.sh
@@ -8,6 +8,16 @@ function create_jceks()
java -cp "${install_dir}/cred/lib/*" com.hortonworks.credentialapi.buildks create ${alias} -value ${pass} -provider jceks://file${jceksFile}
}
+#Update Properties to File
+#$1 -> propertyName $2 -> newPropertyValue $3 -> fileName
+updatePropertyToFile(){
+ sed -i 's@^'$1'=[^ ]*$@'$1'='$2'@g' $3
+ #validate=`sed -i 's/^'$1'=[^ ]*$/'$1'='$2'/g' $3` #for validation
+ validate=$(sed '/^\#/d' $3 | grep "^$1" | tail -n 1 | cut -d "=" -f2-) # for validation
+ #echo 'V1:'$validate
+ if test -z "$validate" ; then echo "[E] '$1' not found in $3 file while Updating....!!"; exit 1; fi
+ echo "[I] File $3 Updated successfully : {'$1'}"
+}
MY_ID=`id -u`
@@ -24,15 +34,17 @@ install_dir=`dirname $0`
#echo "Current Install Directory: [${install_dir}]"
-#verify mysql-connector path is valid
-MYSQL_CONNECTOR_JAR=`grep '^MYSQL_CONNECTOR_JAR' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
-echo "[I] Checking MYSQL CONNECTOR FILE : $MYSQL_CONNECTOR_JAR"
-if test -f "$MYSQL_CONNECTOR_JAR"; then
- echo "[I] MYSQL CONNECTOR FILE : $MYSQL_CONNECTOR_JAR file found"
+#verify sql-connector path is valid
+SQL_CONNECTOR_JAR=`grep '^SQL_CONNECTOR_JAR' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+echo "[I] Checking SQL CONNECTOR FILE : $SQL_CONNECTOR_JAR"
+if test -f "$SQL_CONNECTOR_JAR"; then
+ echo "[I] SQL CONNECTOR FILE : $SQL_CONNECTOR_JAR file found"
else
- echo "[E] MYSQL CONNECTOR FILE : $MYSQL_CONNECTOR_JAR not found, aborting installation"
+ echo "[E] SQL CONNECTOR FILE : $SQL_CONNECTOR_JAR not found, aborting installation"
exit 1
fi
+#copying sql connector jar file to lib directory
+cp $SQL_CONNECTOR_JAR ${install_dir}/lib
KNOX_HOME=`grep 'KNOX_HOME' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
if [ "${KNOX_HOME}" == "" ]
@@ -66,9 +78,9 @@ echo "Copying knox agent lib, dist jars to ${KNOX_EXT}"
cp lib/*.jar ${KNOX_EXT}
cp dist/*.jar ${KNOX_EXT}
-# copy mysql connector jar in to KNOX_EXT
-echo "Copying mysql connector jar to ${KNOX_EXT}"
-cp ${MYSQL_CONNECTOR_JAR} ${KNOX_EXT}
+# copy sql connector jar in to KNOX_EXT
+echo "Copying db connector jar to ${KNOX_EXT}"
+cp ${SQL_CONNECTOR_JAR} ${KNOX_EXT}
CONFIG_FILE_OWNER="knox:hadoop"
@@ -131,6 +143,40 @@ done
PROP_ARGS="-p ${install_dir}/install.properties"
+to_file="${install_dir}/install.properties"
+DB_FLAVOR=`grep '^XAAUDIT.DB.FLAVOUR' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+DB_FLAVOR=`echo $DB_FLAVOR | tr '[:lower:]' '[:upper:]'`
+if [ "${DB_FLAVOR}" == "" ]
+then
+ $DB_FLAVOR="MYSQL"
+fi
+echo "[I] Updating install.properites setting for : $DB_FLAVOR"
+
+if [ "${DB_FLAVOR}" == "MYSQL" ]
+then
+ audit_db_hostname=`grep '^XAAUDIT.DB.HOSTNAME' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+ audit_db_name=`grep '^XAAUDIT.DB.DATABASE_NAME' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+ propertyName=XAAUDIT.DB.JDBC_URL
+ newPropertyValue="jdbc:mysql://${audit_db_hostname}/${audit_db_name}"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+
+ propertyName=XAAUDIT.DB.JDBC_DRIVER
+ newPropertyValue="com.mysql.jdbc.Driver"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+fi
+
+if [ "${DB_FLAVOR}" == "ORACLE" ]
+then
+ audit_db_hostname=`grep '^XAAUDIT.DB.HOSTNAME' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+ propertyName=XAAUDIT.DB.JDBC_URL
+ newPropertyValue="jdbc:oracle:thin:\@//${audit_db_hostname}"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+
+ propertyName=XAAUDIT.DB.JDBC_DRIVER
+ newPropertyValue="oracle.jdbc.OracleDriver"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+fi
+
for f in ${install_dir}/installer/conf/*-changes.cfg
do
if [ -f ${f} ]
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/security-admin/db/oracle/create_dbversion_catalog.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/oracle/create_dbversion_catalog.sql b/security-admin/db/oracle/create_dbversion_catalog.sql
new file mode 100644
index 0000000..d1ab275
--- /dev/null
+++ b/security-admin/db/oracle/create_dbversion_catalog.sql
@@ -0,0 +1,10 @@
+create table X_DB_VERSION_H (
+ id NUMBER(20) NOT NULL,
+ version VARCHAR(64) NOT NULL,
+ inst_at DATE DEFAULT SYSDATE NOT NULL,
+ inst_by VARCHAR(256) NOT NULL,
+ updated_at DATE DEFAULT SYSDATE NOT NULL,
+ updated_by VARCHAR(256) NOT NULL,
+ active VARCHAR(1) DEFAULT 'Y'
+);
+commit;
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/security-admin/db/oracle/patches/001-groupsource.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/oracle/patches/001-groupsource.sql b/security-admin/db/oracle/patches/001-groupsource.sql
new file mode 100644
index 0000000..6b3e2d0
--- /dev/null
+++ b/security-admin/db/oracle/patches/001-groupsource.sql
@@ -0,0 +1,14 @@
+DECLARE
+ v_column_exists number := 0;
+BEGIN
+ Select count(*) into v_column_exists
+ from user_tab_cols
+ where column_name = upper('group_src')
+ and table_name = upper('x_group');
+
+ if (v_column_exists = 0) then
+ execute immediate 'ALTER TABLE x_group ADD group_src NUMBER(10) DEFAULT 0 NOT NULL';
+ commit;
+ end if;
+end;
+/
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/security-admin/db/oracle/patches/002-policyname.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/oracle/patches/002-policyname.sql b/security-admin/db/oracle/patches/002-policyname.sql
new file mode 100644
index 0000000..d55a9a6
--- /dev/null
+++ b/security-admin/db/oracle/patches/002-policyname.sql
@@ -0,0 +1,14 @@
+DECLARE
+ v_column_exists number := 0;
+BEGIN
+ Select count(*) into v_column_exists
+ from user_tab_cols
+ where column_name = upper('policy_name')
+ and table_name = upper('x_resource');
+ if (v_column_exists = 0) then
+ execute immediate 'ALTER TABLE x_resource ADD policy_name VARCHAR(500) DEFAULT NULL NULL';
+ execute immediate 'ALTER TABLE x_resource ADD CONSTRAINT x_resource_UK_policy_name UNIQUE(policy_name)';
+ commit;
+ end if;
+end;
+/
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/security-admin/db/oracle/patches/003-knoxrepo.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/oracle/patches/003-knoxrepo.sql b/security-admin/db/oracle/patches/003-knoxrepo.sql
new file mode 100644
index 0000000..aaf06fb
--- /dev/null
+++ b/security-admin/db/oracle/patches/003-knoxrepo.sql
@@ -0,0 +1,34 @@
+DECLARE
+ v_column_exists number := 0;
+BEGIN
+ Select count(*) into v_column_exists
+ from user_tab_cols
+ where column_name = upper('res_topologies')
+ and table_name = upper('x_resource');
+
+ if (v_column_exists = 0) then
+ execute immediate 'ALTER TABLE x_resource ADD res_topologies CLOB DEFAULT NULL NULL';
+ commit;
+ end if;
+ v_column_exists:=0;
+ Select count(*) into v_column_exists
+ from user_tab_cols
+ where column_name = upper('res_services')
+ and table_name = upper('x_resource');
+
+ if (v_column_exists = 0) then
+ execute immediate 'ALTER TABLE x_resource ADD res_services CLOB DEFAULT NULL NULL';
+ commit;
+ end if;
+ v_column_exists:=0;
+Select count(*) into v_column_exists
+ from user_tab_cols
+ where column_name = upper('ip_address')
+ and table_name = upper('x_perm_map');
+
+ if (v_column_exists = 0) then
+ execute immediate 'ALTER TABLE x_perm_map ADD ip_address CLOB DEFAULT NULL NULL';
+ commit;
+ end if;
+end;
+/
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/security-admin/db/oracle/patches/006-createdefaultpublicgroup.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/oracle/patches/006-createdefaultpublicgroup.sql b/security-admin/db/oracle/patches/006-createdefaultpublicgroup.sql
new file mode 100644
index 0000000..bf2b8f4
--- /dev/null
+++ b/security-admin/db/oracle/patches/006-createdefaultpublicgroup.sql
@@ -0,0 +1,14 @@
+DECLARE
+ v_column_exists number := 0;
+BEGIN
+ Select count(*) into v_column_exists from user_tab_cols
+ where column_name = upper('GROUP_NAME') and table_name = upper('x_group');
+ if (v_column_exists = 0) then
+ Select count(*) into v_column_exists from x_group where GROUP_NAME ='public';
+ if (v_column_exists = 0) then
+ execute immediate 'INSERT INTO x_group (ID,ADDED_BY_ID, CREATE_TIME, DESCR, GROUP_SRC, GROUP_TYPE, GROUP_NAME, STATUS, UPDATE_TIME, UPD_BY_ID) VALUES (X_GROUP_SEQ.nextval,1, sys_extract_utc(systimestamp), "public group", 0, 0, "public", 0, sys_extract_utc(systimestamp),1)';
+ commit;
+ end if;
+ end if;
+end;
+/
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/security-admin/db/oracle/xa_audit_db_oracle.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/oracle/xa_audit_db_oracle.sql b/security-admin/db/oracle/xa_audit_db_oracle.sql
new file mode 100644
index 0000000..6cc3127
--- /dev/null
+++ b/security-admin/db/oracle/xa_audit_db_oracle.sql
@@ -0,0 +1,88 @@
+CREATE OR REPLACE PROCEDURE sp_dropobject(ObjName IN varchar2,ObjType IN varchar2)
+IS
+v_counter integer;
+BEGIN
+if (ObjType = 'TABLE') then
+ select count(*) into v_counter from user_tables where table_name = upper(ObjName);
+ if (v_counter > 0) then
+ execute immediate 'drop table ' || ObjName || ' cascade constraints';
+ end if;
+end if;
+ if (ObjType = 'PROCEDURE') then
+ select count(*) into v_counter from User_Objects where object_type = 'PROCEDURE' and OBJECT_NAME = upper(ObjName);
+ if (v_counter > 0) then
+ execute immediate 'DROP PROCEDURE ' || ObjName;
+ end if;
+ end if;
+ if (ObjType = 'FUNCTION') then
+ select count(*) into v_counter from User_Objects where object_type = 'FUNCTION' and OBJECT_NAME = upper(ObjName);
+ if (v_counter > 0) then
+ execute immediate 'DROP FUNCTION ' || ObjName;
+ end if;
+ end if;
+ if (ObjType = 'TRIGGER') then
+ select count(*) into v_counter from User_Triggers where TRIGGER_NAME = upper(ObjName);
+ if (v_counter > 0) then
+ execute immediate 'DROP TRIGGER ' || ObjName;
+ end if;
+ end if;
+ if (ObjType = 'VIEW') then
+ select count(*) into v_counter from User_Views where VIEW_NAME = upper(ObjName);
+ if (v_counter > 0) then
+ execute immediate 'DROP VIEW ' || ObjName;
+ end if;
+ end if;
+ if (ObjType = 'SEQUENCE') then
+ select count(*) into v_counter from user_sequences where sequence_name = upper(ObjName);
+ if (v_counter > 0) then
+ execute immediate 'DROP SEQUENCE ' || ObjName;
+ end if;
+ end if;
+ if (ObjType = 'INDEX') then
+ select count(*) into v_counter from user_indexes where index_name = upper(ObjName);
+ if (v_counter > 0) then
+ execute immediate 'DROP INDEX ' || ObjName;
+ end if;
+ end if;
+END;
+/
+call sp_dropobject('XA_ACCESS_AUDIT','TABLE');
+call sp_dropobject('XA_ACCESS_AUDIT_SEQ','SEQUENCE');
+call sp_dropobject('xa_access_audit_FK_added_by_id','INDEX');
+call sp_dropobject('xa_access_audit_FK_upd_by_id','INDEX');
+call sp_dropobject('xa_access_audit_cr_time','INDEX');
+call sp_dropobject('xa_access_audit_up_time','INDEX');
+call sp_dropobject('xa_access_audit_event_time','INDEX');
+CREATE SEQUENCE XA_ACCESS_AUDIT_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE TABLE xa_access_audit (
+ id NUMBER(20) NOT NULL,
+ create_time DATE DEFAULT NULL NULL ,
+ update_time DATE DEFAULT NULL NULL ,
+ added_by_id NUMBER(20) DEFAULT NULL NULL ,
+ upd_by_id NUMBER(20) DEFAULT NULL NULL ,
+ audit_type NUMBER(11) DEFAULT '0' NOT NULL ,
+ access_result NUMBER(11) DEFAULT '0' NULL ,
+ access_type VARCHAR(255) DEFAULT NULL NULL ,
+ acl_enforcer VARCHAR(255) DEFAULT NULL NULL ,
+ agent_id VARCHAR(255) DEFAULT NULL NULL ,
+ client_ip VARCHAR(255) DEFAULT NULL NULL ,
+ client_type VARCHAR(255) DEFAULT NULL NULL ,
+ policy_id NUMBER(20) DEFAULT '0' NULL ,
+ repo_name VARCHAR(255) DEFAULT NULL NULL ,
+ repo_type NUMBER(11) DEFAULT '0' NULL,
+ result_reason VARCHAR(255) DEFAULT NULL NULL ,
+ session_id VARCHAR(255) DEFAULT NULL NULL ,
+ event_time DATE DEFAULT NULL NULL ,
+ request_user VARCHAR(255) DEFAULT NULL NULL ,
+ action VARCHAR(2000) DEFAULT NULL NULL ,
+ request_data VARCHAR(2000) DEFAULT NULL NULL ,
+ resource_path VARCHAR(2000) DEFAULT NULL NULL ,
+ resource_type VARCHAR(255) DEFAULT NULL NULL ,
+ PRIMARY KEY (id)
+);
+CREATE INDEX xa_access_audit_FK_added_by_id ON xa_access_audit(added_by_id);
+CREATE INDEX xa_access_audit_FK_upd_by_id ON xa_access_audit(upd_by_id);
+CREATE INDEX xa_access_audit_cr_time ON xa_access_audit(create_time);
+CREATE INDEX xa_access_audit_up_time ON xa_access_audit(update_time);
+CREATE INDEX xa_access_audit_event_time ON xa_access_audit(event_time);
+commit;
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/security-admin/db/oracle/xa_core_db_oracle.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/oracle/xa_core_db_oracle.sql b/security-admin/db/oracle/xa_core_db_oracle.sql
new file mode 100644
index 0000000..db0ef07
--- /dev/null
+++ b/security-admin/db/oracle/xa_core_db_oracle.sql
@@ -0,0 +1,563 @@
+/* create or replace procedure */
+commit;
+CREATE OR REPLACE PROCEDURE sp_dropobject(ObjName IN varchar2,ObjType IN varchar2)
+IS
+v_counter integer;
+BEGIN
+if (ObjType = 'TABLE') then
+ select count(*) into v_counter from user_tables where table_name = upper(ObjName);
+ if (v_counter > 0) then
+ execute immediate 'drop table ' || ObjName || ' cascade constraints';
+ end if;
+end if;
+ if (ObjType = 'PROCEDURE') then
+ select count(*) into v_counter from User_Objects where object_type = 'PROCEDURE' and OBJECT_NAME = upper(ObjName);
+ if (v_counter > 0) then
+ execute immediate 'DROP PROCEDURE ' || ObjName;
+ end if;
+ end if;
+ if (ObjType = 'FUNCTION') then
+ select count(*) into v_counter from User_Objects where object_type = 'FUNCTION' and OBJECT_NAME = upper(ObjName);
+ if (v_counter > 0) then
+ execute immediate 'DROP FUNCTION ' || ObjName;
+ end if;
+ end if;
+ if (ObjType = 'TRIGGER') then
+ select count(*) into v_counter from User_Triggers where TRIGGER_NAME = upper(ObjName);
+ if (v_counter > 0) then
+ execute immediate 'DROP TRIGGER ' || ObjName;
+ end if;
+ end if;
+ if (ObjType = 'VIEW') then
+ select count(*) into v_counter from User_Views where VIEW_NAME = upper(ObjName);
+ if (v_counter > 0) then
+ execute immediate 'DROP VIEW ' || ObjName;
+ end if;
+ end if;
+ if (ObjType = 'SEQUENCE') then
+ select count(*) into v_counter from user_sequences where sequence_name = upper(ObjName);
+ if (v_counter > 0) then
+ execute immediate 'DROP SEQUENCE ' || ObjName;
+ end if;
+ end if;
+ if (ObjType = 'INDEX') then
+ select count(*) into v_counter from user_indexes where index_name = upper(ObjName);
+ if (v_counter > 0) then
+ execute immediate 'DROP INDEX ' || ObjName;
+ end if;
+ end if;
+ if (ObjType = 'CONSTRAINT') then
+ select count(*) into v_counter from user_constraints where constraint_name = upper(ObjName);
+ if (v_counter > 0) then
+ execute immediate 'DROP CONSTRAINT ' || ObjName;
+ end if;
+ end if;
+END;
+/
+/* sequence */
+call sp_dropobject('SEQ_GEN_IDENTITY','SEQUENCE');
+call sp_dropobject('X_ACCESS_AUDIT_SEQ','SEQUENCE');
+call sp_dropobject('X_ASSET_SEQ','SEQUENCE');
+call sp_dropobject('X_AUDIT_MAP_SEQ','SEQUENCE');
+call sp_dropobject('X_AUTH_SESS_SEQ','SEQUENCE');
+call sp_dropobject('X_CRED_STORE_SEQ','SEQUENCE');
+call sp_dropobject('X_DB_BASE_SEQ','SEQUENCE');
+call sp_dropobject('X_GROUP_SEQ','SEQUENCE');
+call sp_dropobject('X_GROUP_GROUPS_SEQ','SEQUENCE');
+call sp_dropobject('X_GROUP_USERS_SEQ','SEQUENCE');
+call sp_dropobject('X_PERM_MAP_SEQ','SEQUENCE');
+call sp_dropobject('X_POLICY_EXPORT_SEQ','SEQUENCE');
+call sp_dropobject('X_PORTAL_USER_SEQ','SEQUENCE');
+call sp_dropobject('X_PORTAL_USER_ROLE_SEQ','SEQUENCE');
+call sp_dropobject('X_RESOURCE_SEQ','SEQUENCE');
+call sp_dropobject('X_TRX_LOG_SEQ','SEQUENCE');
+call sp_dropobject('X_USER_SEQ','SEQUENCE');
+call sp_dropobject('X_DB_VERSION_H_SEQ','SEQUENCE');
+call sp_dropobject('V_TRX_LOG_SEQ','SEQUENCE');
+
+commit;
+
+/* drop table */
+call sp_dropobject('vx_trx_log','VIEW');
+call sp_dropobject('x_perm_map','TABLE');
+call sp_dropobject('x_audit_map','TABLE');
+call sp_dropobject('x_trx_log','TABLE');
+call sp_dropobject('x_resource','TABLE');
+call sp_dropobject('x_policy_export_audit','TABLE');
+call sp_dropobject('x_group_users','TABLE');
+call sp_dropobject('x_user','TABLE');
+call sp_dropobject('x_group_groups','TABLE');
+call sp_dropobject('X_GROUP','TABLE');
+call sp_dropobject('x_db_base','TABLE');
+call sp_dropobject('x_cred_store','TABLE');
+call sp_dropobject('x_auth_sess','TABLE');
+call sp_dropobject('x_asset','TABLE');
+call sp_dropobject('xa_access_audit','TABLE');
+call sp_dropobject('x_portal_user_role','TABLE');
+call sp_dropobject('x_portal_user','TABLE');
+
+commit;
+/* create sequences */
+CREATE SEQUENCE SEQ_GEN_IDENTITY START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE SEQUENCE X_ACCESS_AUDIT_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE SEQUENCE X_ASSET_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE SEQUENCE X_AUDIT_MAP_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE SEQUENCE X_AUTH_SESS_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE SEQUENCE X_CRED_STORE_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE SEQUENCE X_DB_BASE_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE SEQUENCE X_GROUP_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE SEQUENCE X_GROUP_GROUPS_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE SEQUENCE X_GROUP_USERS_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE SEQUENCE X_PERM_MAP_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE SEQUENCE X_POLICY_EXPORT_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE SEQUENCE X_PORTAL_USER_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE SEQUENCE X_PORTAL_USER_ROLE_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE SEQUENCE X_RESOURCE_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE SEQUENCE X_TRX_LOG_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE SEQUENCE X_USER_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE SEQUENCE X_DB_VERSION_H_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE SEQUENCE V_TRX_LOG_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+commit;
+
+
+/* create tables */
+CREATE TABLE x_portal_user (
+ id NUMBER(20) NOT NULL,
+ create_time DATE DEFAULT NULL NULL ,
+ update_time DATE DEFAULT NULL NULL ,
+ added_by_id NUMBER(20) DEFAULT NULL NULL ,
+ upd_by_id NUMBER(20) DEFAULT NULL NULL ,
+ first_name VARCHAR(256) DEFAULT NULL NULL ,
+ last_name VARCHAR(256) DEFAULT NULL NULL ,
+ pub_scr_name VARCHAR(2048) DEFAULT NULL NULL ,
+ login_id VARCHAR(767) DEFAULT NULL NULL ,
+ password VARCHAR(512) NOT NULL,
+ email VARCHAR(512) DEFAULT NULL NULL ,
+ status NUMBER(11) DEFAULT '0' NOT NULL ,
+ user_src NUMBER(11) DEFAULT '0' NOT NULL ,
+ notes VARCHAR(4000) DEFAULT NULL NULL ,
+ PRIMARY KEY (id),
+ CONSTRAINT x_portal_user_UK_login_id UNIQUE (login_id) ,
+ CONSTRAINT x_portal_user_UK_email UNIQUE (email),
+ CONSTRAINT x_portal_user_FK_added_by_id FOREIGN KEY (added_by_id) REFERENCES x_portal_user (id),
+ CONSTRAINT x_portal_user_FK_upd_by_id FOREIGN KEY (upd_by_id) REFERENCES x_portal_user (id)
+);
+
+CREATE TABLE x_portal_user_role (
+ id NUMBER(20) NOT NULL,
+ create_time DATE DEFAULT NULL NULL ,
+ update_time DATE DEFAULT NULL NULL ,
+ added_by_id NUMBER(20) DEFAULT NULL NULL ,
+ upd_by_id NUMBER(20) DEFAULT NULL NULL ,
+ user_id NUMBER(20) NOT NULL ,
+ user_role VARCHAR(128) DEFAULT NULL NULL ,
+ status NUMBER(11) DEFAULT 0 NOT NULL ,
+ PRIMARY KEY (id),
+ CONSTRAINT x_portal_user_role_FK_addedby FOREIGN KEY (added_by_id) REFERENCES x_portal_user (id),
+ CONSTRAINT x_portal_user_role_FK_updby FOREIGN KEY (upd_by_id) REFERENCES x_portal_user (id),
+ CONSTRAINT x_portal_user_role_FK_user_id FOREIGN KEY (user_id) REFERENCES x_portal_user (id)
+);
+
+CREATE TABLE xa_access_audit (
+ id NUMBER(20) NOT NULL,
+ create_time DATE DEFAULT NULL NULL ,
+ update_time DATE DEFAULT NULL NULL ,
+ added_by_id NUMBER(20) DEFAULT NULL NULL ,
+ upd_by_id NUMBER(20) DEFAULT NULL NULL ,
+ audit_type NUMBER(11) DEFAULT '0' NOT NULL ,
+ access_result NUMBER(11) DEFAULT '0' NULL ,
+ access_type VARCHAR(255) DEFAULT NULL NULL ,
+ acl_enforcer VARCHAR(255) DEFAULT NULL NULL ,
+ agent_id VARCHAR(255) DEFAULT NULL NULL ,
+ client_ip VARCHAR(255) DEFAULT NULL NULL ,
+ client_type VARCHAR(255) DEFAULT NULL NULL ,
+ policy_id NUMBER(20) DEFAULT '0' NULL ,
+ repo_name VARCHAR(255) DEFAULT NULL NULL ,
+ repo_type NUMBER(11) DEFAULT '0' NULL,
+ result_reason VARCHAR(255) DEFAULT NULL NULL ,
+ session_id VARCHAR(255) DEFAULT NULL NULL ,
+ event_time DATE DEFAULT NULL NULL ,
+ request_user VARCHAR(255) DEFAULT NULL NULL ,
+ action VARCHAR(2000) DEFAULT NULL NULL ,
+ request_data VARCHAR(2000) DEFAULT NULL NULL ,
+ resource_path VARCHAR(2000) DEFAULT NULL NULL ,
+ resource_type VARCHAR(255) DEFAULT NULL NULL ,
+ PRIMARY KEY (id),
+ CONSTRAINT xa_access_audit_FK_added_by_id FOREIGN KEY (added_by_id) REFERENCES x_portal_user (id),
+ CONSTRAINT xa_access_audit_FK_upd_by_id FOREIGN KEY (upd_by_id) REFERENCES x_portal_user (id)
+);
+
+CREATE TABLE x_asset (
+ id NUMBER(20) NOT NULL,
+ create_time DATE DEFAULT NULL NULL ,
+ update_time DATE DEFAULT NULL NULL ,
+ added_by_id NUMBER(20) DEFAULT NULL NULL ,
+ upd_by_id NUMBER(20) DEFAULT NULL NULL ,
+ asset_name VARCHAR(1024) NOT NULL,
+ descr VARCHAR(4000) DEFAULT NULL NULL,
+ act_status NUMBER(11) DEFAULT '0' NOT NULL ,
+ asset_type NUMBER(11) DEFAULT '0' NOT NULL,
+ config CLOB NULL,
+ sup_native NUMBER(1) DEFAULT '0' NOT NULL,
+ PRIMARY KEY (id),
+ CONSTRAINT x_asset_FK_added_by_id FOREIGN KEY (added_by_id) REFERENCES x_portal_user (id),
+ CONSTRAINT x_asset_FK_upd_by_id FOREIGN KEY (upd_by_id) REFERENCES x_portal_user (id)
+);
+
+CREATE TABLE x_auth_sess (
+ id NUMBER(20) NOT NULL,
+ create_time DATE DEFAULT NULL NULL ,
+ update_time DATE DEFAULT NULL NULL ,
+ added_by_id NUMBER(20) DEFAULT NULL NULL ,
+ upd_by_id NUMBER(20) DEFAULT NULL NULL ,
+ login_id VARCHAR(767) NOT NULL,
+ user_id NUMBER(20) DEFAULT NULL NULL ,
+ ext_sess_id VARCHAR(512) DEFAULT NULL NULL ,
+ auth_time DATE NOT NULL,
+ auth_status NUMBER(11) DEFAULT '0' NOT NULL ,
+ auth_type NUMBER(11) DEFAULT '0' NOT NULL ,
+ auth_provider NUMBER(11) DEFAULT '0' NOT NULL ,
+ device_type NUMBER(11) DEFAULT '0' NOT NULL ,
+ req_ip VARCHAR(48) NOT NULL,
+ req_ua VARCHAR(1024) DEFAULT NULL NULL ,
+ PRIMARY KEY (id),
+ CONSTRAINT x_auth_sess_FK_added_by_id FOREIGN KEY (added_by_id) REFERENCES x_portal_user (id),
+ CONSTRAINT x_auth_sess_FK_upd_by_id FOREIGN KEY (upd_by_id) REFERENCES x_portal_user (id),
+ CONSTRAINT x_auth_sess_FK_user_id FOREIGN KEY (user_id) REFERENCES x_portal_user (id)
+);
+
+CREATE TABLE x_cred_store (
+ id NUMBER(20) NOT NULL,
+ create_time DATE DEFAULT NULL NULL ,
+ update_time DATE DEFAULT NULL NULL ,
+ added_by_id NUMBER(20) DEFAULT NULL NULL ,
+ upd_by_id NUMBER(20) DEFAULT NULL NULL ,
+ store_name VARCHAR(1024) NOT NULL,
+ descr VARCHAR(4000) NOT NULL,
+ PRIMARY KEY (id),
+ CONSTRAINT x_cred_store_FK_added_by_id FOREIGN KEY (added_by_id) REFERENCES x_portal_user (id),
+ CONSTRAINT x_cred_store_FK_upd_by_id FOREIGN KEY (upd_by_id) REFERENCES x_portal_user (id)
+);
+
+CREATE TABLE x_db_base (
+ id NUMBER(20) NOT NULL,
+ create_time DATE DEFAULT NULL NULL ,
+ update_time DATE DEFAULT NULL NULL ,
+ added_by_id NUMBER(20) DEFAULT NULL NULL ,
+ upd_by_id NUMBER(20) DEFAULT NULL NULL ,
+ PRIMARY KEY (id),
+ CONSTRAINT x_db_base_FK_added_by_id FOREIGN KEY (added_by_id) REFERENCES x_portal_user (id),
+ CONSTRAINT x_db_base_FK_upd_by_id FOREIGN KEY (upd_by_id) REFERENCES x_portal_user (id)
+);
+
+CREATE TABLE X_GROUP(
+ ID NUMBER(20,0) NOT NULL ENABLE,
+ CREATE_TIME DATE DEFAULT NULL,
+ UPDATE_TIME DATE DEFAULT NULL,
+ ADDED_BY_ID NUMBER(20,0) DEFAULT NULL,
+ UPD_BY_ID NUMBER(20,0) DEFAULT NULL,
+ GROUP_NAME VARCHAR2(1024) NOT NULL ENABLE,
+ DESCR VARCHAR2(4000) DEFAULT NULL NULL,
+ STATUS NUMBER(11,0) DEFAULT '0' NOT NULL ENABLE,
+ GROUP_TYPE NUMBER(11,0) DEFAULT '0' NOT NULL ENABLE,
+ CRED_STORE_ID NUMBER(20,0) DEFAULT NULL,
+ PRIMARY KEY (ID),
+ CONSTRAINT X_GROUP_FK_ADDED_BY_ID FOREIGN KEY (ADDED_BY_ID) REFERENCES X_PORTAL_USER (ID) ENABLE,
+ CONSTRAINT X_GROUP_FK_CRED_STORE_ID FOREIGN KEY (CRED_STORE_ID) REFERENCES X_CRED_STORE (ID) ENABLE,
+ CONSTRAINT X_GROUP_FK_UPD_BY_ID FOREIGN KEY (UPD_BY_ID) REFERENCES X_PORTAL_USER (ID) ENABLE
+) ;
+
+CREATE TABLE x_group_groups (
+ id NUMBER(20) NOT NULL,
+ create_time DATE DEFAULT NULL NULL ,
+ update_time DATE DEFAULT NULL NULL ,
+ added_by_id NUMBER(20) DEFAULT NULL NULL ,
+ upd_by_id NUMBER(20) DEFAULT NULL NULL ,
+ group_name VARCHAR(1024) NOT NULL,
+ p_group_id NUMBER(20) DEFAULT NULL NULL ,
+ group_id NUMBER(20) DEFAULT NULL NULL ,
+ PRIMARY KEY (id),
+ CONSTRAINT x_group_groups_FK_added_by_id FOREIGN KEY (added_by_id) REFERENCES x_portal_user (id),
+ CONSTRAINT x_group_groups_FK_group_id FOREIGN KEY (group_id) REFERENCES x_group (id),
+ CONSTRAINT x_group_groups_FK_p_group_id FOREIGN KEY (p_group_id) REFERENCES x_group (id),
+ CONSTRAINT x_group_groups_FK_upd_by_id FOREIGN KEY (upd_by_id) REFERENCES x_portal_user (id)
+);
+
+CREATE TABLE x_user (
+ id NUMBER(20) NOT NULL,
+ create_time DATE DEFAULT NULL NULL ,
+ update_time DATE DEFAULT NULL NULL ,
+ added_by_id NUMBER(20) DEFAULT NULL NULL ,
+ upd_by_id NUMBER(20) DEFAULT NULL NULL ,
+ user_name VARCHAR(1024) NOT NULL,
+ descr VARCHAR(4000) DEFAULT NULL NULL,
+ status NUMBER(11) DEFAULT '0' NOT NULL,
+ cred_store_id NUMBER(20) DEFAULT NULL NULL ,
+ PRIMARY KEY (id),
+ CONSTRAINT x_user_FK_added_by_id FOREIGN KEY (added_by_id) REFERENCES x_portal_user (id),
+ CONSTRAINT x_user_FK_cred_store_id FOREIGN KEY (cred_store_id) REFERENCES x_cred_store (id),
+ CONSTRAINT x_user_FK_upd_by_id FOREIGN KEY (upd_by_id) REFERENCES x_portal_user (id)
+);
+
+CREATE TABLE x_group_users (
+ id NUMBER(20) NOT NULL ,
+ create_time DATE DEFAULT NULL NULL ,
+ update_time DATE DEFAULT NULL NULL ,
+ added_by_id NUMBER(20) DEFAULT NULL NULL ,
+ upd_by_id NUMBER(20) DEFAULT NULL NULL ,
+ group_name VARCHAR(1024) NOT NULL,
+ p_group_id NUMBER(20) DEFAULT NULL NULL ,
+ user_id NUMBER(20) DEFAULT NULL NULL ,
+ PRIMARY KEY (id),
+ CONSTRAINT x_group_users_FK_added_by_id FOREIGN KEY (added_by_id) REFERENCES x_portal_user (id),
+ CONSTRAINT x_group_users_FK_p_group_id FOREIGN KEY (p_group_id) REFERENCES x_group (id),
+ CONSTRAINT x_group_users_FK_upd_by_id FOREIGN KEY (upd_by_id) REFERENCES x_portal_user (id),
+ CONSTRAINT x_group_users_FK_user_id FOREIGN KEY (user_id) REFERENCES x_user (id)
+);
+
+CREATE TABLE x_policy_export_audit (
+ id NUMBER(20) NOT NULL,
+ create_time DATE DEFAULT NULL NULL ,
+ update_time DATE DEFAULT NULL NULL ,
+ added_by_id NUMBER(20) DEFAULT NULL NULL ,
+ upd_by_id NUMBER(20) DEFAULT NULL NULL ,
+ client_ip VARCHAR(255) NOT NULL,
+ agent_id VARCHAR(255) DEFAULT NULL NULL ,
+ req_epoch NUMBER(20) NOT NULL,
+ last_updated DATE DEFAULT NULL NULL ,
+ repository_name VARCHAR(1024) DEFAULT NULL NULL ,
+ exported_json CLOB NULL,
+ http_ret_code NUMBER(11) DEFAULT '0' NOT NULL ,
+ PRIMARY KEY (id),
+ CONSTRAINT x_policy_export_audit_FK_added FOREIGN KEY (added_by_id) REFERENCES x_portal_user (id),
+ CONSTRAINT x_policy_export_audit_FK_upd FOREIGN KEY (upd_by_id) REFERENCES x_portal_user (id)
+);
+
+CREATE TABLE x_resource (
+ id NUMBER(20) NOT NULL,
+ create_time DATE DEFAULT NULL NULL ,
+ update_time DATE DEFAULT NULL NULL ,
+ added_by_id NUMBER(20) DEFAULT NULL NULL ,
+ upd_by_id NUMBER(20) DEFAULT NULL NULL ,
+ res_name VARCHAR(4000) DEFAULT NULL NULL ,
+ descr VARCHAR(4000) DEFAULT NULL NULL ,
+ res_type NUMBER(11) DEFAULT '0' NOT NULL ,
+ asset_id NUMBER(20) NOT NULL,
+ parent_id NUMBER(20) DEFAULT NULL NULL ,
+ parent_path VARCHAR(4000) DEFAULT NULL NULL ,
+ is_encrypt NUMBER(11) DEFAULT '0' NOT NULL ,
+ is_recursive NUMBER(11) DEFAULT '0' NOT NULL ,
+ res_group VARCHAR(1024) DEFAULT NULL NULL ,
+ res_dbs CLOB NULL,
+ res_tables CLOB NULL,
+ res_col_fams CLOB NULL,
+ res_cols CLOB NULL,
+ res_udfs CLOB NULL,
+ res_status NUMBER(11) DEFAULT '1' NOT NULL,
+ table_type NUMBER(11) DEFAULT '0' NOT NULL,
+ col_type NUMBER(11) DEFAULT '0' NOT NULL,
+ PRIMARY KEY (id),
+ CONSTRAINT x_resource_FK_added_by_id FOREIGN KEY (added_by_id) REFERENCES x_portal_user (id),
+ CONSTRAINT x_resource_FK_asset_id FOREIGN KEY (asset_id) REFERENCES x_asset (id),
+ CONSTRAINT x_resource_FK_parent_id FOREIGN KEY (parent_id) REFERENCES x_resource (id),
+ CONSTRAINT x_resource_FK_upd_by_id FOREIGN KEY (upd_by_id) REFERENCES x_portal_user (id)
+);
+
+
+CREATE TABLE x_trx_log (
+ id NUMBER(20) NOT NULL,
+ create_time DATE DEFAULT NULL NULL ,
+ update_time DATE DEFAULT NULL NULL ,
+ added_by_id NUMBER(20) DEFAULT NULL NULL ,
+ upd_by_id NUMBER(20) DEFAULT NULL NULL ,
+ class_type NUMBER(11) DEFAULT '0' NOT NULL ,
+ object_id NUMBER(20) DEFAULT NULL NULL ,
+ parent_object_id NUMBER(20) DEFAULT NULL NULL ,
+ parent_object_class_type NUMBER(11) DEFAULT '0' NOT NULL ,
+ parent_object_name VARCHAR(1024) DEFAULT NULL NULL ,
+ object_name VARCHAR(1024) DEFAULT NULL NULL ,
+ attr_name VARCHAR(255) DEFAULT NULL NULL ,
+ prev_val CLOB DEFAULT NULL NULL ,
+ new_val CLOB DEFAULT NULL NULL ,
+ trx_id VARCHAR(1024) DEFAULT NULL NULL ,
+ action VARCHAR(255) DEFAULT NULL NULL ,
+ sess_id VARCHAR(512) DEFAULT NULL NULL ,
+ req_id VARCHAR(30) DEFAULT NULL NULL ,
+ sess_type VARCHAR(30) DEFAULT NULL NULL ,
+ PRIMARY KEY (id),
+ CONSTRAINT x_trx_log_FK_added_by_id FOREIGN KEY (added_by_id) REFERENCES x_portal_user (id),
+ CONSTRAINT x_trx_log_FK_upd_by_id FOREIGN KEY (upd_by_id) REFERENCES x_portal_user (id)
+);
+CREATE TABLE x_perm_map (
+ id NUMBER(20) NOT NULL,
+ create_time DATE DEFAULT NULL NULL ,
+ update_time DATE DEFAULT NULL NULL ,
+ added_by_id NUMBER(20) DEFAULT NULL NULL ,
+ upd_by_id NUMBER(20) DEFAULT NULL NULL ,
+ perm_group VARCHAR(1024) DEFAULT NULL NULL ,
+ res_id NUMBER(20) DEFAULT NULL NULL ,
+ group_id NUMBER(20) DEFAULT NULL NULL ,
+ user_id NUMBER(20) DEFAULT NULL NULL ,
+ perm_for NUMBER(11) DEFAULT '0' NOT NULL ,
+ perm_type NUMBER(11) DEFAULT '0' NOT NULL ,
+ is_recursive NUMBER(11) DEFAULT '0' NOT NULL ,
+ is_wild_card NUMBER(1) DEFAULT '1' NOT NULL ,
+ grant_revoke NUMBER(1) DEFAULT '1' NOT NULL ,
+ PRIMARY KEY (id),
+ CONSTRAINT x_perm_map_FK_added_by_id FOREIGN KEY (added_by_id) REFERENCES x_portal_user (id),
+ CONSTRAINT x_perm_map_FK_group_id FOREIGN KEY (group_id) REFERENCES x_group (id),
+ CONSTRAINT x_perm_map_FK_res_id FOREIGN KEY (res_id) REFERENCES x_resource (id),
+ CONSTRAINT x_perm_map_FK_upd_by_id FOREIGN KEY (upd_by_id) REFERENCES x_portal_user (id),
+ CONSTRAINT x_perm_map_FK_user_id FOREIGN KEY (user_id) REFERENCES x_user (id)
+);
+
+CREATE TABLE X_AUDIT_MAP
+( ID NUMBER(20,0) NOT NULL ENABLE,
+ CREATE_TIME DATE DEFAULT NULL,
+ UPDATE_TIME DATE DEFAULT NULL,
+ ADDED_BY_ID NUMBER(20,0) DEFAULT NULL,
+ UPD_BY_ID NUMBER(20,0) DEFAULT NULL,
+ RES_ID NUMBER(20,0) DEFAULT NULL,
+ GROUP_ID NUMBER(20,0) DEFAULT NULL,
+ USER_ID NUMBER(20,0) DEFAULT NULL,
+ AUDIT_TYPE NUMBER(11,0) DEFAULT 0 NOT NULL ENABLE,
+ PRIMARY KEY (ID),
+ CONSTRAINT X_AUDIT_MAP_FK_ADDED_BY_ID FOREIGN KEY (ADDED_BY_ID) REFERENCES X_PORTAL_USER (ID) ENABLE,
+ CONSTRAINT X_AUDIT_MAP_FK_GROUP_ID FOREIGN KEY (GROUP_ID) REFERENCES X_GROUP (ID) ENABLE,
+ CONSTRAINT X_AUDIT_MAP_FK_RES_ID FOREIGN KEY (RES_ID) REFERENCES X_RESOURCE (ID) ENABLE,
+ CONSTRAINT X_AUDIT_MAP_FK_UPD_BY_ID FOREIGN KEY (UPD_BY_ID) REFERENCES X_PORTAL_USER (ID) ENABLE,
+ CONSTRAINT X_AUDIT_MAP_FK_USER_ID FOREIGN KEY (USER_ID) REFERENCES X_USER (ID) ENABLE
+);
+commit;
+CREATE VIEW vx_trx_log AS select x_trx_log.id AS id,x_trx_log.create_time AS create_time,x_trx_log.update_time AS update_time,x_trx_log.added_by_id AS added_by_id,x_trx_log.upd_by_id AS upd_by_id,x_trx_log.class_type AS class_type,x_trx_log.object_id AS object_id,x_trx_log.parent_object_id AS parent_object_id,x_trx_log.parent_object_class_type AS parent_object_class_type,x_trx_log.attr_name AS attr_name,x_trx_log.parent_object_name AS parent_object_name,x_trx_log.object_name AS object_name,x_trx_log.prev_val AS prev_val,x_trx_log.new_val AS new_val,x_trx_log.trx_id AS trx_id,x_trx_log.action AS action,x_trx_log.sess_id AS sess_id,x_trx_log.req_id AS req_id,x_trx_log.sess_type AS sess_type from x_trx_log where id in(select min(x_trx_log.id) from x_trx_log group by x_trx_log.trx_id);
+commit;
+
+CREATE INDEX xa_access_audit_FK_added_by_id ON xa_access_audit(added_by_id);
+CREATE INDEX xa_access_audit_FK_upd_by_id ON xa_access_audit(upd_by_id);
+CREATE INDEX xa_access_audit_cr_time ON xa_access_audit(create_time);
+CREATE INDEX xa_access_audit_up_time ON xa_access_audit(update_time);
+CREATE INDEX xa_access_audit_event_time ON xa_access_audit(event_time);
+CREATE INDEX x_asset_FK_added_by_id ON x_asset(added_by_id);
+CREATE INDEX x_asset_FK_upd_by_id ON x_asset(upd_by_id);
+CREATE INDEX x_asset_cr_time ON x_asset (create_time);
+CREATE INDEX x_asset_up_time ON x_asset (update_time);
+CREATE INDEX x_audit_map_FK_added_by_id ON x_audit_map (added_by_id);
+CREATE INDEX x_audit_map_FK_upd_by_id ON x_audit_map (upd_by_id);
+CREATE INDEX x_audit_map_FK_res_id ON x_audit_map(res_id);
+CREATE INDEX x_audit_map_FK_group_id ON x_audit_map (group_id);
+CREATE INDEX x_audit_map_FK_user_id ON x_audit_map(user_id);
+CREATE INDEX x_audit_map_cr_time ON x_audit_map(create_time);
+CREATE INDEX x_audit_map_up_time ON x_audit_map (update_time);
+CREATE INDEX x_auth_sess_FK_added_by_id ON x_auth_sess (added_by_id);
+CREATE INDEX x_auth_sess_FK_upd_by_id ON x_auth_sess (upd_by_id);
+CREATE INDEX x_auth_sess_FK_user_id ON x_auth_sess (user_id);
+CREATE INDEX x_auth_sess_cr_time ON x_auth_sess (create_time);
+CREATE INDEX x_auth_sess_up_time ON x_auth_sess (update_time);
+CREATE INDEX x_cred_store_FK_added_by_id ON x_cred_store (added_by_id);
+CREATE INDEX x_cred_store_FK_upd_by_id ON x_cred_store (upd_by_id);
+CREATE INDEX x_cred_store_cr_time ON x_cred_store (create_time);
+CREATE INDEX x_cred_store_up_time ON x_cred_store (update_time);
+CREATE INDEX x_db_base_FK_added_by_id ON x_db_base (added_by_id);
+CREATE INDEX x_db_base_FK_upd_by_id ON x_db_base (upd_by_id);
+CREATE INDEX x_db_base_cr_time ON x_db_base (create_time);
+CREATE INDEX x_db_base_up_time ON x_db_base(update_time);
+CREATE INDEX x_group_FK_added_by_id ON x_group (added_by_id);
+CREATE INDEX x_group_FK_upd_by_id ON x_group (upd_by_id);
+CREATE INDEX x_group_FK_cred_store_id ON x_group (cred_store_id);
+CREATE INDEX x_group_cr_time ON x_group (create_time);
+CREATE INDEX x_group_up_time ON x_group (update_time);
+CREATE INDEX x_group_groups_FK_added_by_id ON x_group_groups (added_by_id);
+CREATE INDEX x_group_groups_FK_upd_by_id ON x_group_groups(upd_by_id);
+CREATE INDEX x_group_groups_FK_p_group_id ON x_group_groups (p_group_id);
+CREATE INDEX x_group_groups_FK_group_id ON x_group_groups(group_id);
+CREATE INDEX x_group_groups_cr_time ON x_group_groups (create_time);
+CREATE INDEX x_group_groups_up_time ON x_group_groups (update_time);
+CREATE INDEX x_group_users_FK_added_by_id ON x_group_users (added_by_id);
+CREATE INDEX x_group_users_FK_upd_by_id ON x_group_users(upd_by_id);
+CREATE INDEX x_group_users_FK_p_group_id ON x_group_users (p_group_id);
+CREATE INDEX x_group_users_FK_user_id ON x_group_users (user_id);
+CREATE INDEX x_group_users_cr_time ON x_group_users(create_time);
+CREATE INDEX x_group_users_up_time ON x_group_users(update_time);
+CREATE INDEX x_perm_map_FK_added_by_id ON x_perm_map (added_by_id);
+CREATE INDEX x_perm_map_FK_upd_by_id ON x_perm_map (upd_by_id);
+CREATE INDEX x_perm_map_FK_res_id ON x_perm_map(res_id);
+CREATE INDEX x_perm_map_FK_group_id ON x_perm_map(group_id);
+CREATE INDEX x_perm_map_FK_user_id ON x_perm_map(user_id);
+CREATE INDEX x_perm_map_cr_time ON x_perm_map (create_time);
+CREATE INDEX x_perm_map_up_time ON x_perm_map(update_time);
+CREATE INDEX x_policy_export_audit_FK_added ON x_policy_export_audit (added_by_id);
+CREATE INDEX x_policy_export_audit_FK_upd ON x_policy_export_audit (upd_by_id);
+CREATE INDEX x_policy_export_audit_cr_time ON x_policy_export_audit (create_time);
+CREATE INDEX x_policy_export_audit_up_time ON x_policy_export_audit(update_time);
+CREATE INDEX x_portal_user_FK_added_by_id ON x_portal_user (added_by_id);
+CREATE INDEX x_portal_user_FK_upd_by_id ON x_portal_user (upd_by_id);
+CREATE INDEX x_portal_user_cr_time ON x_portal_user(create_time);
+CREATE INDEX x_portal_user_up_time ON x_portal_user (update_time);
+CREATE INDEX x_portal_user_name ON x_portal_user(first_name);
+CREATE INDEX x_portal_user_role_FK_added ON x_portal_user_role(added_by_id);
+CREATE INDEX x_portal_user_role_FK_upd ON x_portal_user_role(upd_by_id);
+CREATE INDEX x_portal_user_role_FK_user_id ON x_portal_user_role(user_id);
+CREATE INDEX x_portal_user_role_cr_time ON x_portal_user_role(create_time);
+CREATE INDEX x_portal_user_role_up_time ON x_portal_user_role (update_time);
+CREATE INDEX x_resource_FK_added_by_id ON x_resource(added_by_id);
+CREATE INDEX x_resource_FK_upd_by_id ON x_resource(upd_by_id);
+CREATE INDEX x_resource_FK_asset_id ON x_resource (asset_id);
+CREATE INDEX x_resource_FK_parent_id ON x_resource (parent_id);
+CREATE INDEX x_resource_cr_time ON x_resource(create_time);
+CREATE INDEX x_resource_up_time ON x_resource (update_time);
+CREATE INDEX x_trx_log_FK_added_by_id ON x_trx_log (added_by_id);
+CREATE INDEX x_trx_log_FK_upd_by_id ON x_trx_log(upd_by_id);
+CREATE INDEX x_trx_log_cr_time ON x_trx_log (create_time);
+CREATE INDEX x_trx_log_up_time ON x_trx_log (update_time);
+CREATE INDEX x_user_FK_added_by_id ON x_user (added_by_id);
+CREATE INDEX x_user_FK_upd_by_id ON x_user (upd_by_id);
+CREATE INDEX x_user_FK_cred_store_id ON x_user (cred_store_id);
+CREATE INDEX x_user_cr_time ON x_user (create_time);
+CREATE INDEX x_user_up_time ON x_user(update_time);
+
+insert into x_portal_user (
+ id,CREATE_TIME, UPDATE_TIME,
+ FIRST_NAME, LAST_NAME, PUB_SCR_NAME,
+ LOGIN_ID, PASSWORD, EMAIL, STATUS
+) values (
+X_PORTAL_USER_SEQ.NEXTVAL, SYSDATE, SYSDATE,
+ 'Admin', '', 'Admin',
+ 'admin', 'ceb4f32325eda6142bd65215f4c0f371', '', 1
+);
+
+insert into x_portal_user_role (
+ id, CREATE_TIME, UPDATE_TIME,
+ USER_ID, USER_ROLE, STATUS
+) values (
+X_PORTAL_USER_ROLE_SEQ.NEXTVAL, SYSDATE, SYSDATE,
+ 1, 'ROLE_SYS_ADMIN', 1
+);
+
+insert into x_user (id,CREATE_TIME, UPDATE_TIME,user_name, status,descr) values (
+X_USER_SEQ.NEXTVAL, SYSDATE, SYSDATE,'Admin', 0,'Administrator');
+
+INSERT INTO x_group (ID,ADDED_BY_ID, CREATE_TIME, DESCR, GROUP_TYPE, GROUP_NAME, STATUS, UPDATE_TIME, UPD_BY_ID) VALUES (X_GROUP_SEQ.nextval,1, sys_extract_utc(systimestamp), 'public group', 0, 'public', 0, sys_extract_utc(systimestamp), 1);
+commit;
+
+
+
+CREATE OR REPLACE TRIGGER x_auth_sess_trigger
+ BEFORE INSERT
+ ON x_auth_sess
+ FOR EACH ROW
+ -- Optionally restrict this trigger to fire only when really needed
+ WHEN (new.id is null)
+DECLARE
+ v_id x_auth_sess.id%TYPE;
+BEGIN
+ -- Select a new value from the sequence into a local variable. As
+ -- commented, this step is optional. You can directly select into :new.qname_id
+ SELECT x_auth_sess_seq.nextval INTO v_id FROM DUAL;
+
+ -- :new references the record that you are about to insert into qname. Hence,
+ -- you can overwrite the value of :new.qname_id (qname.qname_id) with the value
+ -- obtained from your sequence, before inserting
+ :new.id := v_id;
+END my_trigger;
+/
+commit;
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/security-admin/pom.xml
----------------------------------------------------------------------
diff --git a/security-admin/pom.xml b/security-admin/pom.xml
index 43e941d..bb037ac 100644
--- a/security-admin/pom.xml
+++ b/security-admin/pom.xml
@@ -362,7 +362,11 @@
<version>${hive.version}</version>
<scope>runtime</scope>
</dependency>
-
+ <dependency>
+ <groupId>cn.guoyukun.jdbc</groupId>
+ <artifactId>oracle-ojdbc6</artifactId>
+ <version>11.2.0.3.0</version>
+ </dependency>
</dependencies>
<build>
<pluginManagement>
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/security-admin/scripts/install.properties
----------------------------------------------------------------------
diff --git a/security-admin/scripts/install.properties b/security-admin/scripts/install.properties
index 5facf0c..63f193d 100644
--- a/security-admin/scripts/install.properties
+++ b/security-admin/scripts/install.properties
@@ -2,38 +2,48 @@
# This file provides list of deployment variables for the Policy Manager Web Application
#
-#------------------------- MYSQL CONFIG - BEGIN ----------------------------------
+#------------------------- DB CONFIG - BEGIN ----------------------------------
+#DB_FLAVOR=ORACLE
+#DB_FLAVOR=MYSQL
+DB_FLAVOR=MYSQL
#
# The executable path to be used to invoke command-line MYSQL
#
-MYSQL_BIN='mysql'
+#SQL_COMMAND_INVOKER='mysql'
+#SQL_COMMAND_INVOKER='sqlplus'
+SQL_COMMAND_INVOKER='mysql'
#
-# Location of mysql client library (please check the location of the jar file)
+# Location of DB client library (please check the location of the jar file)
#
-MYSQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
+#SQL_CONNECTOR_JAR=/usr/share/java/ojdbc6.jar
+#SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
+SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
+
#
-# MYSQL password for the MYSQL root user-id
+# DB password for the DB admin user-id
# **************************************************************************
# ** If the password is left empty or not-defined here,
# ** it will be prompted to enter the password during installation process
# **************************************************************************
#
-
+#db_root_user=root
+#db_root_user=SYS
+db_root_user=root
db_root_password=
db_host=localhost
#
-# MySQL UserId used for the XASecure schema
+# DB UserId used for the XASecure schema
#
db_name=xasecure
db_user=xaadmin
db_password=
#
-# MySQL UserId for storing auditlog infromation
+# DB UserId for storing auditlog infromation
#
# * audit_db can be same as the XASecure schema db
# * audit_db must exists in the same ${db_host} as xaserver database ${db_name}
@@ -43,7 +53,7 @@ audit_db_name=xasecure
audit_db_user=xalogger
audit_db_password=
-#------------------------- MYSQL CONFIG - END ----------------------------------
+#------------------------- DB CONFIG - END ----------------------------------
#
# ------- PolicyManager CONFIG ----------------
@@ -127,10 +137,15 @@ JAVA_BIN='java'
JAVA_VERSION_REQUIRED='1.7'
JAVA_ORACLE='Java(TM) SE Runtime Environment'
-db_create_user_file=${PWD}/db/create_dev_user.sql
-db_core_file=${PWD}/db/xa_core_db.sql
-db_audit_file=${PWD}/db/xa_audit_db.sql
-db_asset_file=${PWD}/db/reset_asset.sql
+mysql_create_user_file=${PWD}/db/create_dev_user.sql
+mysql_core_file=${PWD}/db/xa_core_db.sql
+mysql_audit_file=${PWD}/db/xa_audit_db.sql
+mysql_asset_file=${PWD}/db/reset_asset.sql
+
+#oracle_create_user_file=${PWD}/db/oracle/create_dev_user_oracle.sql
+oracle_core_file=${PWD}/db/oracle/xa_core_db_oracle.sql
+oracle_audit_file=${PWD}/db/oracle/xa_audit_db_oracle.sql
+#oracle_asset_file=${PWD}/db/oracle/reset_asset_oracle.sql
#
cred_keystore_filename=/usr/lib/xapolicymgr/.jceks/xapolicymgr.jceks