Repository: ranger
Updated Branches:
  refs/heads/master 343668b42 -> c394fa42c


RANGER-2058: Add SSL enabled Postgres support in Ranger Admin


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/c394fa42
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/c394fa42
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/c394fa42

Branch: refs/heads/master
Commit: c394fa42c770deb4981e226b8037174f5a9d260a
Parents: 343668b
Author: pradeep <prad...@apache.org>
Authored: Wed Apr 11 18:11:59 2018 +0530
Committer: pradeep <prad...@apache.org>
Committed: Thu Apr 12 09:30:47 2018 +0530

----------------------------------------------------------------------
 kms/scripts/db_setup.py                         | 31 ++++++++++++++---
 kms/scripts/dba_script.py                       | 33 ++++++++++++++----
 .../apache/hadoop/crypto/key/RangerKMSDB.java   | 23 +++++++++----
 security-admin/scripts/db_setup.py              | 35 ++++++++++++++++----
 security-admin/scripts/dba_script.py            | 34 +++++++++++++++----
 .../apache/ranger/common/PropertiesUtil.java    | 15 +++++++--
 6 files changed, 137 insertions(+), 34 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/c394fa42/kms/scripts/db_setup.py
----------------------------------------------------------------------
diff --git a/kms/scripts/db_setup.py b/kms/scripts/db_setup.py
index a431b60..b68ff5c 100644
--- a/kms/scripts/db_setup.py
+++ b/kms/scripts/db_setup.py
@@ -292,19 +292,39 @@ class OracleConf(BaseDB):
 
 class PostgresConf(BaseDB):
        # Constructor
-       def __init__(self, host, SQL_CONNECTOR_JAR, JAVA_BIN):
+       def __init__(self, 
host,SQL_CONNECTOR_JAR,JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type):
                self.host = host
                self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR
                self.JAVA_BIN = JAVA_BIN
+               self.db_ssl_enabled=db_ssl_enabled.lower()
+               self.db_ssl_required=db_ssl_required.lower()
+               
self.db_ssl_verifyServerCertificate=db_ssl_verifyServerCertificate.lower()
+               self.db_ssl_auth_type=db_ssl_auth_type.lower()
+               self.javax_net_ssl_keyStore=javax_net_ssl_keyStore
+               
self.javax_net_ssl_keyStorePassword=javax_net_ssl_keyStorePassword
+               self.javax_net_ssl_trustStore=javax_net_ssl_trustStore
+               
self.javax_net_ssl_trustStorePassword=javax_net_ssl_trustStorePassword
 
        def get_jisql_cmd(self, user, password, db_name):
                #TODO: User array for forming command
                path = RANGER_KMS_HOME
                self.JAVA_BIN = self.JAVA_BIN.strip("'")
+               db_ssl_param=''
+               db_ssl_cert_param=''
+               if self.db_ssl_enabled == 'true':
+                       db_ssl_param="?ssl=%s" %(self.db_ssl_enabled)
+                       if self.db_ssl_verifyServerCertificate == 'true' or 
self.db_ssl_required == 'true':
+                               db_ssl_param="?ssl=%s" %(self.db_ssl_enabled)
+                               if self.db_ssl_auth_type == '1-way':
+                                       db_ssl_cert_param=" 
-Djavax.net.ssl.trustStore=%s -Djavax.net.ssl.trustStorePassword=%s " 
%(self.javax_net_ssl_trustStore,self.javax_net_ssl_trustStorePassword)
+                               else:
+                                       db_ssl_cert_param=" 
-Djavax.net.ssl.keyStore=%s -Djavax.net.ssl.keyStorePassword=%s 
-Djavax.net.ssl.trustStore=%s -Djavax.net.ssl.trustStorePassword=%s " 
%(self.javax_net_ssl_keyStore,self.javax_net_ssl_keyStorePassword,self.javax_net_ssl_trustStore,self.javax_net_ssl_trustStorePassword)
+                       else:
+                               
db_ssl_param="?ssl=%s&sslfactory=org.postgresql.ssl.NonValidatingFactory" 
%(self.db_ssl_enabled)
                if is_unix:
-                       jisql_cmd = "%s -cp %s:%s/jisql/lib/* 
org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s 
-u %s -p '%s' -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, 
path,self.host, db_name, user, password)
+                       jisql_cmd = "%s %s -cp %s:%s/jisql/lib/* 
org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s%s 
-u %s -p '%s' -noheader -trim -c \;" %(self.JAVA_BIN, 
db_ssl_cert_param,self.SQL_CONNECTOR_JAR,path, self.host, db_name, 
db_ssl_param,user, password)
                elif os_name == "WINDOWS":
-                       jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* 
org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s 
-u %s -p \"%s\" -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, 
self.host, db_name, user, password)
+                       jisql_cmd = "%s %s -cp %s;%s\jisql\\lib\\* 
org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s%s 
-u %s -p \"%s\" -noheader -trim" %(self.JAVA_BIN, 
db_ssl_cert_param,self.SQL_CONNECTOR_JAR, path, self.host, db_name, 
db_ssl_param,user, password)
                return jisql_cmd
 
        def check_connection(self, db_name, db_user, db_password):
@@ -583,7 +603,7 @@ def main(argv):
        javax_net_ssl_trustStore=''
        javax_net_ssl_trustStorePassword=''
 
-       if XA_DB_FLAVOR == "MYSQL":
+       if XA_DB_FLAVOR == "MYSQL" or XA_DB_FLAVOR == "POSTGRES":
                if 'db_ssl_enabled' in globalDict:
                        db_ssl_enabled=globalDict['db_ssl_enabled'].lower()
                        if db_ssl_enabled == 'true':
@@ -616,6 +636,7 @@ def main(argv):
                                                        log("[E] Invalid ssl 
keystore password!","error")
                                                        sys.exit(1)
 
+       if XA_DB_FLAVOR == "MYSQL":
                MYSQL_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR']
                xa_sqlObj = MysqlConf(xa_db_host, MYSQL_CONNECTOR_JAR, 
JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type)
                xa_db_core_file = os.path.join(RANGER_KMS_HOME , 
mysql_core_file)
@@ -629,7 +650,7 @@ def main(argv):
                db_user=db_user.lower()
                db_name=db_name.lower()
                POSTGRES_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
-               xa_sqlObj = PostgresConf(xa_db_host, POSTGRES_CONNECTOR_JAR, 
JAVA_BIN)
+               xa_sqlObj = PostgresConf(xa_db_host, POSTGRES_CONNECTOR_JAR, 
JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type)
                xa_db_core_file = os.path.join(RANGER_KMS_HOME , 
postgres_core_file)
 
        elif XA_DB_FLAVOR == "MSSQL":

http://git-wip-us.apache.org/repos/asf/ranger/blob/c394fa42/kms/scripts/dba_script.py
----------------------------------------------------------------------
diff --git a/kms/scripts/dba_script.py b/kms/scripts/dba_script.py
index bcd4aa2..91477c6 100755
--- a/kms/scripts/dba_script.py
+++ b/kms/scripts/dba_script.py
@@ -577,19 +577,38 @@ class OracleConf(BaseDB):
 
 class PostgresConf(BaseDB):
        # Constructor
-       def __init__(self, host, SQL_CONNECTOR_JAR, JAVA_BIN):
-               self.host = host
+       def __init__(self, 
host,SQL_CONNECTOR_JAR,JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type):
+               self.host = host.lower()
                self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR
                self.JAVA_BIN = JAVA_BIN
+               self.db_ssl_enabled=db_ssl_enabled.lower()
+               self.db_ssl_required=db_ssl_required.lower()
+               
self.db_ssl_verifyServerCertificate=db_ssl_verifyServerCertificate.lower()
+               self.db_ssl_auth_type=db_ssl_auth_type.lower()
+               self.javax_net_ssl_keyStore=javax_net_ssl_keyStore
+               
self.javax_net_ssl_keyStorePassword=javax_net_ssl_keyStorePassword
+               self.javax_net_ssl_trustStore=javax_net_ssl_trustStore
+               
self.javax_net_ssl_trustStorePassword=javax_net_ssl_trustStorePassword
 
        def get_jisql_cmd(self, user, password, db_name):
                #TODO: User array for forming command
                path = RANGER_KMS_HOME
                self.JAVA_BIN = self.JAVA_BIN.strip("'")
+               db_ssl_param=''
+               db_ssl_cert_param=''
+               if self.db_ssl_enabled == 'true':
+                       db_ssl_param="?ssl=%s" %(self.db_ssl_enabled)
+                       if self.db_ssl_verifyServerCertificate == 'true' or 
self.db_ssl_required == 'true':
+                               if self.db_ssl_auth_type == '1-way':
+                                       db_ssl_cert_param=" 
-Djavax.net.ssl.trustStore=%s -Djavax.net.ssl.trustStorePassword=%s " 
%(self.javax_net_ssl_trustStore,self.javax_net_ssl_trustStorePassword)
+                               else:
+                                       db_ssl_cert_param=" 
-Djavax.net.ssl.keyStore=%s -Djavax.net.ssl.keyStorePassword=%s 
-Djavax.net.ssl.trustStore=%s -Djavax.net.ssl.trustStorePassword=%s " 
%(self.javax_net_ssl_keyStore,self.javax_net_ssl_keyStorePassword,self.javax_net_ssl_trustStore,self.javax_net_ssl_trustStorePassword)
+                       else:
+                               
db_ssl_param="?ssl=%s&sslfactory=org.postgresql.ssl.NonValidatingFactory" 
%(self.db_ssl_enabled)
                if is_unix:
-                       jisql_cmd = "%s -cp %s:%s/jisql/lib/* 
org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s 
-u %s -p '%s' -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, 
path,self.host, db_name, user, password)
+                       jisql_cmd = "%s %s -cp %s:%s/jisql/lib/* 
org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s%s 
-u %s -p '%s' -noheader -trim -c \;" %(self.JAVA_BIN, 
db_ssl_cert_param,self.SQL_CONNECTOR_JAR,path, self.host, db_name, 
db_ssl_param,user, password)
                elif os_name == "WINDOWS":
-                       jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* 
org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s 
-u %s -p \"%s\" -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, 
self.host, db_name, user, password)
+                       jisql_cmd = "%s %s -cp %s;%s\jisql\\lib\\* 
org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s%s 
-u %s -p \"%s\" -noheader -trim" %(self.JAVA_BIN, 
db_ssl_cert_param,self.SQL_CONNECTOR_JAR, path, self.host, db_name, 
db_ssl_param,user, password)
                return jisql_cmd
 
        def verify_user(self, root_user, db_root_password, db_user,dryMode):
@@ -1374,7 +1393,7 @@ def main(argv):
        javax_net_ssl_keyStorePassword=''
        javax_net_ssl_trustStore=''
        javax_net_ssl_trustStorePassword=''
-       if XA_DB_FLAVOR == "MYSQL":
+       if XA_DB_FLAVOR == "MYSQL" or XA_DB_FLAVOR == "POSTGRES":
                if 'db_ssl_enabled' in globalDict:
                        db_ssl_enabled=globalDict['db_ssl_enabled'].lower()
                        if db_ssl_enabled == 'true':
@@ -1407,7 +1426,7 @@ def main(argv):
                                                log("[E] Invalid ssl keystore 
password!","error")
                                                sys.exit(1)
 
-
+       if XA_DB_FLAVOR == "MYSQL":
                MYSQL_CONNECTOR_JAR=CONNECTOR_JAR
                xa_sqlObj = MysqlConf(xa_db_host, MYSQL_CONNECTOR_JAR, 
JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type)
                xa_db_core_file = os.path.join(RANGER_KMS_HOME,mysql_core_file)
@@ -1424,7 +1443,7 @@ def main(argv):
                db_user=db_user.lower()
                db_name=db_name.lower()
                POSTGRES_CONNECTOR_JAR=CONNECTOR_JAR
-               xa_sqlObj = PostgresConf(xa_db_host, POSTGRES_CONNECTOR_JAR, 
JAVA_BIN)
+               xa_sqlObj = PostgresConf(xa_db_host, POSTGRES_CONNECTOR_JAR, 
JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type)
                xa_db_core_file = 
os.path.join(RANGER_KMS_HOME,postgres_core_file)
 
        elif XA_DB_FLAVOR == "MSSQL":

http://git-wip-us.apache.org/repos/asf/ranger/blob/c394fa42/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSDB.java
----------------------------------------------------------------------
diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSDB.java 
b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSDB.java
index 12585ca..8b9bf4b 100755
--- a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSDB.java
+++ b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSDB.java
@@ -94,7 +94,7 @@ public class RangerKMSDB {
                        jpaProperties.put(JPA_DB_URL, 
conf.get(PROPERTY_PREFIX+DB_URL));
                        jpaProperties.put(JPA_DB_USER, 
conf.get(PROPERTY_PREFIX+DB_USER));
                        jpaProperties.put(JPA_DB_PASSWORD, 
conf.get(PROPERTY_PREFIX+DB_PASSWORD));
-                       if(getDBFlavor(conf)==DB_FLAVOR_MYSQL){
+                       if(getDBFlavor(conf)==DB_FLAVOR_MYSQL || 
getDBFlavor(conf)==DB_FLAVOR_POSTGRES){
                                updateDBSSLURL();
                        }
 
@@ -185,14 +185,25 @@ public class RangerKMSDB {
                                conf.set(PROPERTY_PREFIX+DB_SSL_AUTH_TYPE, 
db_ssl_auth_type);
                                String 
ranger_jpa_jdbc_url=conf.get(PROPERTY_PREFIX+DB_URL);
                                if(!StringUtils.isEmpty(ranger_jpa_jdbc_url)){
-                                       String ranger_jpa_jdbc_url_ssl= 
ranger_jpa_jdbc_url + "?useSSL=" + db_ssl_enabled + 
-                                               "&requireSSL=" + 
db_ssl_required + "&verifyServerCertificate=" + db_ssl_verifyServerCertificate;
-                                       conf.set(PROPERTY_PREFIX+DB_URL, 
ranger_jpa_jdbc_url_ssl);
+                                       if(ranger_jpa_jdbc_url.contains("?")) {
+                                               
ranger_jpa_jdbc_url=ranger_jpa_jdbc_url.substring(0,ranger_jpa_jdbc_url.indexOf("?"));
+                                       }
+                                       StringBuffer 
ranger_jpa_jdbc_url_ssl=new StringBuffer(ranger_jpa_jdbc_url);
+                                       if(getDBFlavor(conf)==DB_FLAVOR_MYSQL){
+                                               
ranger_jpa_jdbc_url_ssl.append("?useSSL="+db_ssl_enabled+"&requireSSL="+db_ssl_required+"&verifyServerCertificate="+db_ssl_verifyServerCertificate);
+                                       }else 
if(getDBFlavor(conf)==DB_FLAVOR_POSTGRES){
+                                               
if("true".equalsIgnoreCase(db_ssl_verifyServerCertificate) || 
"true".equalsIgnoreCase(db_ssl_required)){
+                                                       
ranger_jpa_jdbc_url_ssl.append("?ssl="+db_ssl_enabled);
+                                               }else{
+                                                       
ranger_jpa_jdbc_url_ssl.append("?ssl="+db_ssl_enabled+"&sslfactory=org.postgresql.ssl.NonValidatingFactory");
+                                               }
+                                       }
+                                       conf.set(PROPERTY_PREFIX+DB_URL, 
ranger_jpa_jdbc_url_ssl.toString());
                                        jpaProperties.put(JPA_DB_URL, 
conf.get(PROPERTY_PREFIX+DB_URL));
-                                       
logger.info(PROPERTY_PREFIX+DB_URL+"="+ranger_jpa_jdbc_url_ssl);
+                                       
logger.info(PROPERTY_PREFIX+DB_URL+"="+ranger_jpa_jdbc_url_ssl.toString());
                                }
 
-                               
if("true".equalsIgnoreCase(db_ssl_verifyServerCertificate)){
+                               
if("true".equalsIgnoreCase(db_ssl_verifyServerCertificate) || 
"true".equalsIgnoreCase(db_ssl_required)){
                                        
if(!"1-way".equalsIgnoreCase((db_ssl_auth_type))){
                                                // update system key store path 
with custom key store.
                                                String 
keystore=conf.get(PROPERTY_PREFIX+DB_SSL_KEYSTORE);

http://git-wip-us.apache.org/repos/asf/ranger/blob/c394fa42/security-admin/scripts/db_setup.py
----------------------------------------------------------------------
diff --git a/security-admin/scripts/db_setup.py 
b/security-admin/scripts/db_setup.py
index b8664d2..2cbe665 100644
--- a/security-admin/scripts/db_setup.py
+++ b/security-admin/scripts/db_setup.py
@@ -1554,19 +1554,39 @@ class OracleConf(BaseDB):
 
 class PostgresConf(BaseDB):
        # Constructor
-       def __init__(self, host, SQL_CONNECTOR_JAR, JAVA_BIN):
-               self.host = host
+       def __init__(self, 
host,SQL_CONNECTOR_JAR,JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type):
+               self.host = host.lower()
                self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR
                self.JAVA_BIN = JAVA_BIN
+               self.db_ssl_enabled=db_ssl_enabled.lower()
+               self.db_ssl_required=db_ssl_required.lower()
+               
self.db_ssl_verifyServerCertificate=db_ssl_verifyServerCertificate.lower()
+               self.db_ssl_auth_type=db_ssl_auth_type.lower()
+               self.javax_net_ssl_keyStore=javax_net_ssl_keyStore
+               
self.javax_net_ssl_keyStorePassword=javax_net_ssl_keyStorePassword
+               self.javax_net_ssl_trustStore=javax_net_ssl_trustStore
+               
self.javax_net_ssl_trustStorePassword=javax_net_ssl_trustStorePassword
 
        def get_jisql_cmd(self, user, password, db_name):
                #TODO: User array for forming command
                path = RANGER_ADMIN_HOME
                self.JAVA_BIN = self.JAVA_BIN.strip("'")
+               db_ssl_param=''
+               db_ssl_cert_param=''
+               if self.db_ssl_enabled == 'true':
+                       db_ssl_param="?ssl=%s" %(self.db_ssl_enabled)
+                       if self.db_ssl_verifyServerCertificate == 'true' or 
self.db_ssl_required == 'true':
+                               db_ssl_param="?ssl=%s" %(self.db_ssl_enabled)
+                               if self.db_ssl_auth_type == '1-way':
+                                       db_ssl_cert_param=" 
-Djavax.net.ssl.trustStore=%s -Djavax.net.ssl.trustStorePassword=%s " 
%(self.javax_net_ssl_trustStore,self.javax_net_ssl_trustStorePassword)
+                               else:
+                                       db_ssl_cert_param=" 
-Djavax.net.ssl.keyStore=%s -Djavax.net.ssl.keyStorePassword=%s 
-Djavax.net.ssl.trustStore=%s -Djavax.net.ssl.trustStorePassword=%s " 
%(self.javax_net_ssl_keyStore,self.javax_net_ssl_keyStorePassword,self.javax_net_ssl_trustStore,self.javax_net_ssl_trustStorePassword)
+                       else:
+                               
db_ssl_param="?ssl=%s&sslfactory=org.postgresql.ssl.NonValidatingFactory" 
%(self.db_ssl_enabled)
                if is_unix:
-                       jisql_cmd = "%s -cp %s:%s/jisql/lib/* 
org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s 
-u %s -p '%s' -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, 
path, self.host, db_name, user, password)
+                       jisql_cmd = "%s %s -cp %s:%s/jisql/lib/* 
org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s%s 
-u %s -p '%s' -noheader -trim -c \;" %(self.JAVA_BIN, 
db_ssl_cert_param,self.SQL_CONNECTOR_JAR,path, self.host, db_name, 
db_ssl_param,user, password)
                elif os_name == "WINDOWS":
-                       jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* 
org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s 
-u %s -p \"%s\" -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, 
self.host, db_name, user, password)
+                       jisql_cmd = "%s %s -cp %s;%s\jisql\\lib\\* 
org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s%s 
-u %s -p \"%s\" -noheader -trim" %(self.JAVA_BIN, 
db_ssl_cert_param,self.SQL_CONNECTOR_JAR, path, self.host, db_name, 
db_ssl_param,user, password)
                return jisql_cmd
 
        def check_connection(self, db_name, db_user, db_password):
@@ -3615,7 +3635,7 @@ def main(argv):
        javax_net_ssl_trustStore=''
        javax_net_ssl_trustStorePassword=''
 
-       if XA_DB_FLAVOR == "MYSQL":
+       if XA_DB_FLAVOR == "MYSQL" or XA_DB_FLAVOR == "POSTGRES":
                if 'db_ssl_enabled' in globalDict:
                        db_ssl_enabled=globalDict['db_ssl_enabled'].lower()
                        if db_ssl_enabled == 'true':
@@ -3648,6 +3668,7 @@ def main(argv):
                                                        log("[E] Invalid ssl 
keystore password!","error")
                                                        sys.exit(1)
 
+       if XA_DB_FLAVOR == "MYSQL":
                MYSQL_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR']
                xa_sqlObj = MysqlConf(xa_db_host, MYSQL_CONNECTOR_JAR, 
JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type)
                xa_db_version_file = os.path.join(RANGER_ADMIN_HOME , 
mysql_dbversion_catalog)
@@ -3671,7 +3692,7 @@ def main(argv):
                db_user=db_user.lower()
                db_name=db_name.lower()
                POSTGRES_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
-               xa_sqlObj = PostgresConf(xa_db_host, POSTGRES_CONNECTOR_JAR, 
JAVA_BIN)
+               xa_sqlObj = PostgresConf(xa_db_host, POSTGRES_CONNECTOR_JAR, 
JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type)
                xa_db_version_file = os.path.join(RANGER_ADMIN_HOME , 
postgres_dbversion_catalog)
                xa_db_core_file = os.path.join(RANGER_ADMIN_HOME , 
postgres_core_file)
                xa_patch_file = os.path.join(RANGER_ADMIN_HOME , 
postgres_patches)
@@ -3721,7 +3742,7 @@ def main(argv):
                audit_db_user=audit_db_user.lower()
                audit_db_name=audit_db_name.lower()
                POSTGRES_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
-               audit_sqlObj = PostgresConf(audit_db_host, 
POSTGRES_CONNECTOR_JAR, JAVA_BIN)
+               audit_sqlObj = 
PostgresConf(audit_db_host,POSTGRES_CONNECTOR_JAR,JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type)
                audit_db_file = os.path.join(RANGER_ADMIN_HOME , 
postgres_audit_file)
 
        elif AUDIT_DB_FLAVOR == "MSSQL":

http://git-wip-us.apache.org/repos/asf/ranger/blob/c394fa42/security-admin/scripts/dba_script.py
----------------------------------------------------------------------
diff --git a/security-admin/scripts/dba_script.py 
b/security-admin/scripts/dba_script.py
index 69fff41..4a57bba 100644
--- a/security-admin/scripts/dba_script.py
+++ b/security-admin/scripts/dba_script.py
@@ -727,19 +727,38 @@ class OracleConf(BaseDB):
 
 class PostgresConf(BaseDB):
        # Constructor
-       def __init__(self, host, SQL_CONNECTOR_JAR, JAVA_BIN):
-               self.host = host
+       def __init__(self, 
host,SQL_CONNECTOR_JAR,JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type):
+               self.host = host.lower()
                self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR
                self.JAVA_BIN = JAVA_BIN
+               self.db_ssl_enabled=db_ssl_enabled.lower()
+               self.db_ssl_required=db_ssl_required.lower()
+               
self.db_ssl_verifyServerCertificate=db_ssl_verifyServerCertificate.lower()
+               self.db_ssl_auth_type=db_ssl_auth_type.lower()
+               self.javax_net_ssl_keyStore=javax_net_ssl_keyStore
+               
self.javax_net_ssl_keyStorePassword=javax_net_ssl_keyStorePassword
+               self.javax_net_ssl_trustStore=javax_net_ssl_trustStore
+               
self.javax_net_ssl_trustStorePassword=javax_net_ssl_trustStorePassword
 
        def get_jisql_cmd(self, user, password, db_name):
                #TODO: User array for forming command
                path = RANGER_ADMIN_HOME
                self.JAVA_BIN = self.JAVA_BIN.strip("'")
+               db_ssl_param=''
+               db_ssl_cert_param=''
+               if self.db_ssl_enabled == 'true':
+                       db_ssl_param="?ssl=%s" %(self.db_ssl_enabled)
+                       if self.db_ssl_verifyServerCertificate == 'true' or 
self.db_ssl_required == 'true':
+                               if self.db_ssl_auth_type == '1-way':
+                                       db_ssl_cert_param=" 
-Djavax.net.ssl.trustStore=%s -Djavax.net.ssl.trustStorePassword=%s " 
%(self.javax_net_ssl_trustStore,self.javax_net_ssl_trustStorePassword)
+                               else:
+                                       db_ssl_cert_param=" 
-Djavax.net.ssl.keyStore=%s -Djavax.net.ssl.keyStorePassword=%s 
-Djavax.net.ssl.trustStore=%s -Djavax.net.ssl.trustStorePassword=%s " 
%(self.javax_net_ssl_keyStore,self.javax_net_ssl_keyStorePassword,self.javax_net_ssl_trustStore,self.javax_net_ssl_trustStorePassword)
+                       else:
+                               
db_ssl_param="?ssl=%s&sslfactory=org.postgresql.ssl.NonValidatingFactory" 
%(self.db_ssl_enabled)
                if is_unix:
-                       jisql_cmd = "%s -cp %s:%s/jisql/lib/* 
org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s 
-u %s -p '%s' -noheader -trim -c \;" %(self.JAVA_BIN, 
self.SQL_CONNECTOR_JAR,path, self.host, db_name, user, password)
+                       jisql_cmd = "%s %s -cp %s:%s/jisql/lib/* 
org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s%s 
-u %s -p '%s' -noheader -trim -c \;" %(self.JAVA_BIN, 
db_ssl_cert_param,self.SQL_CONNECTOR_JAR,path, self.host, db_name, 
db_ssl_param,user, password)
                elif os_name == "WINDOWS":
-                       jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* 
org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s 
-u %s -p \"%s\" -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, 
self.host, db_name, user, password)
+                       jisql_cmd = "%s %s -cp %s;%s\jisql\\lib\\* 
org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s%s 
-u %s -p \"%s\" -noheader -trim" %(self.JAVA_BIN, 
db_ssl_cert_param,self.SQL_CONNECTOR_JAR, path, self.host, db_name, 
db_ssl_param,user, password)
                return jisql_cmd
 
        def verify_user(self, root_user, db_root_password, db_user,dryMode):
@@ -1673,7 +1692,7 @@ def main(argv):
        javax_net_ssl_keyStorePassword=''
        javax_net_ssl_trustStore=''
        javax_net_ssl_trustStorePassword=''
-       if XA_DB_FLAVOR == "MYSQL":
+       if XA_DB_FLAVOR == "MYSQL" or XA_DB_FLAVOR == "POSTGRES":
                if 'db_ssl_enabled' in globalDict:
                        db_ssl_enabled=globalDict['db_ssl_enabled'].lower()
                        if db_ssl_enabled == 'true':
@@ -1706,6 +1725,7 @@ def main(argv):
                                                        log("[E] Invalid ssl 
keystore password!","error")
                                                        sys.exit(1)
 
+       if XA_DB_FLAVOR == "MYSQL":
                MYSQL_CONNECTOR_JAR=CONNECTOR_JAR
                xa_sqlObj = MysqlConf(xa_db_host, MYSQL_CONNECTOR_JAR, 
JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type)
                xa_db_version_file = 
os.path.join(RANGER_ADMIN_HOME,mysql_dbversion_catalog)
@@ -1726,7 +1746,7 @@ def main(argv):
                db_user=db_user.lower()
                db_name=db_name.lower()
                POSTGRES_CONNECTOR_JAR=CONNECTOR_JAR
-               xa_sqlObj = PostgresConf(xa_db_host, POSTGRES_CONNECTOR_JAR, 
JAVA_BIN)
+               xa_sqlObj = PostgresConf(xa_db_host, POSTGRES_CONNECTOR_JAR, 
JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type)
                xa_db_version_file = 
os.path.join(RANGER_ADMIN_HOME,postgres_dbversion_catalog)
                xa_db_core_file = 
os.path.join(RANGER_ADMIN_HOME,postgres_core_file)
                xa_patch_file = os.path.join(RANGER_ADMIN_HOME,postgres_patches)
@@ -1769,7 +1789,7 @@ def main(argv):
                audit_db_user=audit_db_user.lower()
                audit_db_name=audit_db_name.lower()
                POSTGRES_CONNECTOR_JAR=CONNECTOR_JAR
-               audit_sqlObj = PostgresConf(audit_db_host, 
POSTGRES_CONNECTOR_JAR, JAVA_BIN)
+               audit_sqlObj = 
PostgresConf(audit_db_host,POSTGRES_CONNECTOR_JAR,JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type)
                audit_db_file = 
os.path.join(RANGER_ADMIN_HOME,postgres_audit_file)
 
        elif AUDIT_DB_FLAVOR == "MSSQL":

http://git-wip-us.apache.org/repos/asf/ranger/blob/c394fa42/security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java
----------------------------------------------------------------------
diff --git 
a/security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java 
b/security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java
index edd9d36..ee8ce8d 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java
@@ -250,7 +250,7 @@ public class PropertiesUtil extends 
PropertyPlaceholderConfigurer {
                propertiesMap.put("ranger.sha256Password.update.disable", 
sha256PasswordUpdateDisable);
                props.put("ranger.sha256Password.update.disable", 
sha256PasswordUpdateDisable);
        }
-       if(RangerBizUtil.getDBFlavor()==AppConstants.DB_FLAVOR_MYSQL){
+       if(RangerBizUtil.getDBFlavor()==AppConstants.DB_FLAVOR_MYSQL || 
RangerBizUtil.getDBFlavor()==AppConstants.DB_FLAVOR_POSTGRES){
                if(propertiesMap!=null && 
propertiesMap.containsKey("ranger.db.ssl.enabled")){
                        String 
db_ssl_enabled=propertiesMap.get("ranger.db.ssl.enabled");
                        if(StringUtils.isEmpty(db_ssl_enabled)|| 
!"true".equalsIgnoreCase(db_ssl_enabled)){
@@ -282,8 +282,19 @@ public class PropertiesUtil extends 
PropertyPlaceholderConfigurer {
                                props.put("ranger.db.ssl.auth.type", 
db_ssl_auth_type);
                                String 
ranger_jpa_jdbc_url=propertiesMap.get("ranger.jpa.jdbc.url");
                                if(!StringUtils.isEmpty(ranger_jpa_jdbc_url)){
+                                       if(ranger_jpa_jdbc_url.contains("?")) {
+                                               
ranger_jpa_jdbc_url=ranger_jpa_jdbc_url.substring(0,ranger_jpa_jdbc_url.indexOf("?"));
+                                       }
                                        StringBuffer 
ranger_jpa_jdbc_url_ssl=new StringBuffer(ranger_jpa_jdbc_url);
-                                       
ranger_jpa_jdbc_url_ssl.append("?useSSL="+db_ssl_enabled+"&requireSSL="+db_ssl_required+"&verifyServerCertificate="+db_ssl_verifyServerCertificate);
+                                       if 
(RangerBizUtil.getDBFlavor()==AppConstants.DB_FLAVOR_MYSQL) {
+                                               
ranger_jpa_jdbc_url_ssl.append("?useSSL="+db_ssl_enabled+"&requireSSL="+db_ssl_required+"&verifyServerCertificate="+db_ssl_verifyServerCertificate);
+                                       }else 
if(RangerBizUtil.getDBFlavor()==AppConstants.DB_FLAVOR_POSTGRES) {
+                                               
if("true".equalsIgnoreCase(db_ssl_verifyServerCertificate) || 
"true".equalsIgnoreCase(db_ssl_required)){
+                                                       
ranger_jpa_jdbc_url_ssl.append("?ssl="+db_ssl_enabled);
+                                               }else{
+                                                       
ranger_jpa_jdbc_url_ssl.append("?ssl="+db_ssl_enabled+"&sslfactory=org.postgresql.ssl.NonValidatingFactory");
+                                               }
+                                       }
                                        
propertiesMap.put("ranger.jpa.jdbc.url", ranger_jpa_jdbc_url_ssl.toString());
                                        props.put("ranger.jpa.jdbc.url", 
ranger_jpa_jdbc_url_ssl.toString());
                                        
logger.info("ranger.jpa.jdbc.url="+ranger_jpa_jdbc_url_ssl.toString());

Reply via email to