Repository: incubator-ranger Updated Branches: refs/heads/master 1283c9652 -> 9c2f0d1fb
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9c2f0d1f/security-admin/db/xa_db.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/xa_db.sql b/security-admin/db/xa_db.sql deleted file mode 100644 index 4b2919f..0000000 --- a/security-admin/db/xa_db.sql +++ /dev/null @@ -1,778 +0,0 @@ --- Licensed to the Apache Software Foundation (ASF) under one or more --- contributor license agreements. See the NOTICE file distributed with --- this work for additional information regarding copyright ownership. --- The ASF licenses this file to You under the Apache License, Version 2.0 --- (the "License"); you may not use this file except in compliance with --- the License. You may obtain a copy of the License at --- --- http://www.apache.org/licenses/LICENSE-2.0 --- --- Unless required by applicable law or agreed to in writing, software --- distributed under the License is distributed on an "AS IS" BASIS, --- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. --- See the License for the specific language governing permissions and --- limitations under the License. - --- MySQL dump 10.13 Distrib 5.1.50, for apple-darwin10.3.0 (i386) --- --- Host: localhost Database: xa_db --- ------------------------------------------------------ --- Server version 5.1.50 - -/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; -/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; -/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; -/*!40101 SET NAMES utf8 */; -/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */; -/*!40103 SET TIME_ZONE='+00:00' */; -/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */; -/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */; -/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */; -/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */; - --- --- Current Database: `xa_db` --- - -/*!40000 DROP DATABASE IF EXISTS `xa_db`*/; - -CREATE DATABASE /*!32312 IF NOT EXISTS*/ `xa_db` /*!40100 DEFAULT CHARACTER SET latin1 */; - -USE `xa_db`; - --- --- Temporary table structure for view `vx_trx_log` --- - -DROP TABLE IF EXISTS `vx_trx_log`; -/*!50001 DROP VIEW IF EXISTS `vx_trx_log`*/; -SET @saved_cs_client = @@character_set_client; -SET character_set_client = utf8; -/*!50001 CREATE TABLE `vx_trx_log` ( - `id` bigint(20), - `create_time` datetime, - `update_time` datetime, - `added_by_id` bigint(20), - `upd_by_id` bigint(20), - `class_type` int(11), - `object_id` bigint(20), - `parent_object_id` bigint(20), - `parent_object_class_type` int(11), - `attr_name` varchar(255), - `parent_object_name` varchar(1024), - `object_name` varchar(1024), - `prev_val` varchar(1024), - `new_val` varchar(1024), - `trx_id` varchar(1024), - `action` varchar(255), - `sess_id` varchar(512), - `req_id` varchar(30), - `sess_type` varchar(30) -) ENGINE=MyISAM */; -SET character_set_client = @saved_cs_client; - --- --- Table structure for table `x_asset` --- - -DROP TABLE IF EXISTS `x_asset`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `x_asset` ( - `id` bigint(20) NOT NULL AUTO_INCREMENT, - `create_time` datetime DEFAULT NULL, - `update_time` datetime DEFAULT NULL, - `added_by_id` bigint(20) DEFAULT NULL, - `upd_by_id` bigint(20) DEFAULT NULL, - `asset_name` varchar(1024) NOT NULL, - `descr` varchar(4000) NOT NULL, - `act_status` int(11) NOT NULL DEFAULT '0', - `asset_type` int(11) NOT NULL DEFAULT '0', - `config` text, - `sup_native` tinyint(1) NOT NULL DEFAULT '0', - PRIMARY KEY (`id`), - KEY `x_asset_FK_added_by_id` (`added_by_id`), - KEY `x_asset_FK_upd_by_id` (`upd_by_id`), - KEY `x_asset_cr_time` (`create_time`), - KEY `x_asset_up_time` (`update_time`), - CONSTRAINT `x_asset_FK_added_by_id` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), - CONSTRAINT `x_asset_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `x_asset` --- - -LOCK TABLES `x_asset` WRITE; -/*!40000 ALTER TABLE `x_asset` DISABLE KEYS */; -/*!40000 ALTER TABLE `x_asset` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `x_audit_map` --- - -DROP TABLE IF EXISTS `x_audit_map`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `x_audit_map` ( - `id` bigint(20) NOT NULL AUTO_INCREMENT, - `create_time` datetime DEFAULT NULL, - `update_time` datetime DEFAULT NULL, - `added_by_id` bigint(20) DEFAULT NULL, - `upd_by_id` bigint(20) DEFAULT NULL, - `res_id` bigint(20) DEFAULT NULL, - `group_id` bigint(20) DEFAULT NULL, - `user_id` bigint(20) DEFAULT NULL, - `audit_type` int(11) NOT NULL DEFAULT '0', - PRIMARY KEY (`id`), - KEY `x_audit_map_FK_added_by_id` (`added_by_id`), - KEY `x_audit_map_FK_upd_by_id` (`upd_by_id`), - KEY `x_audit_map_FK_res_id` (`res_id`), - KEY `x_audit_map_FK_group_id` (`group_id`), - KEY `x_audit_map_FK_user_id` (`user_id`), - KEY `x_audit_map_cr_time` (`create_time`), - KEY `x_audit_map_up_time` (`update_time`), - CONSTRAINT `x_audit_map_FK_added_by_id` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), - CONSTRAINT `x_audit_map_FK_group_id` FOREIGN KEY (`group_id`) REFERENCES `x_group` (`id`), - CONSTRAINT `x_audit_map_FK_res_id` FOREIGN KEY (`res_id`) REFERENCES `x_resource` (`id`), - CONSTRAINT `x_audit_map_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`), - CONSTRAINT `x_audit_map_FK_user_id` FOREIGN KEY (`user_id`) REFERENCES `x_user` (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `x_audit_map` --- - -LOCK TABLES `x_audit_map` WRITE; -/*!40000 ALTER TABLE `x_audit_map` DISABLE KEYS */; -/*!40000 ALTER TABLE `x_audit_map` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `x_auth_sess` --- - -DROP TABLE IF EXISTS `x_auth_sess`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `x_auth_sess` ( - `id` bigint(20) NOT NULL AUTO_INCREMENT, - `create_time` datetime DEFAULT NULL, - `update_time` datetime DEFAULT NULL, - `added_by_id` bigint(20) DEFAULT NULL, - `upd_by_id` bigint(20) DEFAULT NULL, - `login_id` varchar(767) NOT NULL, - `user_id` bigint(20) DEFAULT NULL, - `ext_sess_id` varchar(512) DEFAULT NULL, - `auth_time` datetime NOT NULL, - `auth_status` int(11) NOT NULL DEFAULT '0', - `auth_type` int(11) NOT NULL DEFAULT '0', - `auth_provider` int(11) NOT NULL DEFAULT '0', - `device_type` int(11) NOT NULL DEFAULT '0', - `req_ip` varchar(48) NOT NULL, - `req_ua` varchar(1024) DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `x_auth_sess_FK_added_by_id` (`added_by_id`), - KEY `x_auth_sess_FK_upd_by_id` (`upd_by_id`), - KEY `x_auth_sess_FK_user_id` (`user_id`), - KEY `x_auth_sess_cr_time` (`create_time`), - KEY `x_auth_sess_up_time` (`update_time`), - CONSTRAINT `x_auth_sess_FK_added_by_id` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), - CONSTRAINT `x_auth_sess_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`), - CONSTRAINT `x_auth_sess_FK_user_id` FOREIGN KEY (`user_id`) REFERENCES `x_portal_user` (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `x_auth_sess` --- - -LOCK TABLES `x_auth_sess` WRITE; -/*!40000 ALTER TABLE `x_auth_sess` DISABLE KEYS */; -/*!40000 ALTER TABLE `x_auth_sess` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `x_cred_store` --- - -DROP TABLE IF EXISTS `x_cred_store`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `x_cred_store` ( - `id` bigint(20) NOT NULL AUTO_INCREMENT, - `create_time` datetime DEFAULT NULL, - `update_time` datetime DEFAULT NULL, - `added_by_id` bigint(20) DEFAULT NULL, - `upd_by_id` bigint(20) DEFAULT NULL, - `store_name` varchar(1024) NOT NULL, - `descr` varchar(4000) NOT NULL, - PRIMARY KEY (`id`), - KEY `x_cred_store_FK_added_by_id` (`added_by_id`), - KEY `x_cred_store_FK_upd_by_id` (`upd_by_id`), - KEY `x_cred_store_cr_time` (`create_time`), - KEY `x_cred_store_up_time` (`update_time`), - CONSTRAINT `x_cred_store_FK_added_by_id` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), - CONSTRAINT `x_cred_store_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `x_cred_store` --- - -LOCK TABLES `x_cred_store` WRITE; -/*!40000 ALTER TABLE `x_cred_store` DISABLE KEYS */; -/*!40000 ALTER TABLE `x_cred_store` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `x_db_base` --- - -DROP TABLE IF EXISTS `x_db_base`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `x_db_base` ( - `id` bigint(20) NOT NULL AUTO_INCREMENT, - `create_time` datetime DEFAULT NULL, - `update_time` datetime DEFAULT NULL, - `added_by_id` bigint(20) DEFAULT NULL, - `upd_by_id` bigint(20) DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `x_db_base_FK_added_by_id` (`added_by_id`), - KEY `x_db_base_FK_upd_by_id` (`upd_by_id`), - KEY `x_db_base_cr_time` (`create_time`), - KEY `x_db_base_up_time` (`update_time`), - CONSTRAINT `x_db_base_FK_added_by_id` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), - CONSTRAINT `x_db_base_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `x_db_base` --- - -LOCK TABLES `x_db_base` WRITE; -/*!40000 ALTER TABLE `x_db_base` DISABLE KEYS */; -/*!40000 ALTER TABLE `x_db_base` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `x_group` --- - -DROP TABLE IF EXISTS `x_group`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `x_group` ( - `id` bigint(20) NOT NULL AUTO_INCREMENT, - `create_time` datetime DEFAULT NULL, - `update_time` datetime DEFAULT NULL, - `added_by_id` bigint(20) DEFAULT NULL, - `upd_by_id` bigint(20) DEFAULT NULL, - `group_name` varchar(1024) NOT NULL, - `descr` varchar(4000) NOT NULL, - `status` int(11) NOT NULL DEFAULT '0', - `group_type` int(11) NOT NULL DEFAULT '0', - `group_src` int(11) NOT NULL DEFAULT '0', - `cred_store_id` bigint(20) DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `x_group_FK_added_by_id` (`added_by_id`), - KEY `x_group_FK_upd_by_id` (`upd_by_id`), - KEY `x_group_FK_cred_store_id` (`cred_store_id`), - KEY `x_group_cr_time` (`create_time`), - KEY `x_group_up_time` (`update_time`), - CONSTRAINT `x_group_FK_added_by_id` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), - CONSTRAINT `x_group_FK_cred_store_id` FOREIGN KEY (`cred_store_id`) REFERENCES `x_cred_store` (`id`), - CONSTRAINT `x_group_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `x_group` --- - -LOCK TABLES `x_group` WRITE; -/*!40000 ALTER TABLE `x_group` DISABLE KEYS */; -/*!40000 ALTER TABLE `x_group` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `x_group_groups` --- - -DROP TABLE IF EXISTS `x_group_groups`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `x_group_groups` ( - `id` bigint(20) NOT NULL AUTO_INCREMENT, - `create_time` datetime DEFAULT NULL, - `update_time` datetime DEFAULT NULL, - `added_by_id` bigint(20) DEFAULT NULL, - `upd_by_id` bigint(20) DEFAULT NULL, - `group_name` varchar(1024) NOT NULL, - `p_group_id` bigint(20) DEFAULT NULL, - `group_id` bigint(20) DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `x_group_groups_FK_added_by_id` (`added_by_id`), - KEY `x_group_groups_FK_upd_by_id` (`upd_by_id`), - KEY `x_group_groups_FK_p_group_id` (`p_group_id`), - KEY `x_group_groups_FK_group_id` (`group_id`), - KEY `x_group_groups_cr_time` (`create_time`), - KEY `x_group_groups_up_time` (`update_time`), - CONSTRAINT `x_group_groups_FK_added_by_id` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), - CONSTRAINT `x_group_groups_FK_group_id` FOREIGN KEY (`group_id`) REFERENCES `x_group` (`id`), - CONSTRAINT `x_group_groups_FK_p_group_id` FOREIGN KEY (`p_group_id`) REFERENCES `x_group` (`id`), - CONSTRAINT `x_group_groups_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `x_group_groups` --- - -LOCK TABLES `x_group_groups` WRITE; -/*!40000 ALTER TABLE `x_group_groups` DISABLE KEYS */; -/*!40000 ALTER TABLE `x_group_groups` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `x_group_users` --- - -DROP TABLE IF EXISTS `x_group_users`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `x_group_users` ( - `id` bigint(20) NOT NULL AUTO_INCREMENT, - `create_time` datetime DEFAULT NULL, - `update_time` datetime DEFAULT NULL, - `added_by_id` bigint(20) DEFAULT NULL, - `upd_by_id` bigint(20) DEFAULT NULL, - `group_name` varchar(1024) NOT NULL, - `p_group_id` bigint(20) DEFAULT NULL, - `user_id` bigint(20) DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `x_group_users_FK_added_by_id` (`added_by_id`), - KEY `x_group_users_FK_upd_by_id` (`upd_by_id`), - KEY `x_group_users_FK_p_group_id` (`p_group_id`), - KEY `x_group_users_FK_user_id` (`user_id`), - KEY `x_group_users_cr_time` (`create_time`), - KEY `x_group_users_up_time` (`update_time`), - CONSTRAINT `x_group_users_FK_added_by_id` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), - CONSTRAINT `x_group_users_FK_p_group_id` FOREIGN KEY (`p_group_id`) REFERENCES `x_group` (`id`), - CONSTRAINT `x_group_users_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`), - CONSTRAINT `x_group_users_FK_user_id` FOREIGN KEY (`user_id`) REFERENCES `x_user` (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `x_group_users` --- - -LOCK TABLES `x_group_users` WRITE; -/*!40000 ALTER TABLE `x_group_users` DISABLE KEYS */; -/*!40000 ALTER TABLE `x_group_users` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `x_perm_map` --- - -DROP TABLE IF EXISTS `x_perm_map`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `x_perm_map` ( - `id` bigint(20) NOT NULL AUTO_INCREMENT, - `create_time` datetime DEFAULT NULL, - `update_time` datetime DEFAULT NULL, - `added_by_id` bigint(20) DEFAULT NULL, - `upd_by_id` bigint(20) DEFAULT NULL, - `perm_group` varchar(1024) DEFAULT NULL, - `res_id` bigint(20) DEFAULT NULL, - `group_id` bigint(20) DEFAULT NULL, - `user_id` bigint(20) DEFAULT NULL, - `perm_for` int(11) NOT NULL DEFAULT '0', - `perm_type` int(11) NOT NULL DEFAULT '0', - `is_recursive` int(11) NOT NULL DEFAULT '0', - `is_wild_card` tinyint(1) NOT NULL DEFAULT '1', - `grant_revoke` tinyint(1) NOT NULL DEFAULT '1', - `ip_address` text, - PRIMARY KEY (`id`), - KEY `x_perm_map_FK_added_by_id` (`added_by_id`), - KEY `x_perm_map_FK_upd_by_id` (`upd_by_id`), - KEY `x_perm_map_FK_res_id` (`res_id`), - KEY `x_perm_map_FK_group_id` (`group_id`), - KEY `x_perm_map_FK_user_id` (`user_id`), - KEY `x_perm_map_cr_time` (`create_time`), - KEY `x_perm_map_up_time` (`update_time`), - CONSTRAINT `x_perm_map_FK_added_by_id` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), - CONSTRAINT `x_perm_map_FK_group_id` FOREIGN KEY (`group_id`) REFERENCES `x_group` (`id`), - CONSTRAINT `x_perm_map_FK_res_id` FOREIGN KEY (`res_id`) REFERENCES `x_resource` (`id`), - CONSTRAINT `x_perm_map_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`), - CONSTRAINT `x_perm_map_FK_user_id` FOREIGN KEY (`user_id`) REFERENCES `x_user` (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `x_perm_map` --- - -LOCK TABLES `x_perm_map` WRITE; -/*!40000 ALTER TABLE `x_perm_map` DISABLE KEYS */; -/*!40000 ALTER TABLE `x_perm_map` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `x_policy_export_audit` --- - -DROP TABLE IF EXISTS `x_policy_export_audit`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `x_policy_export_audit` ( - `id` bigint(20) NOT NULL AUTO_INCREMENT, - `create_time` datetime DEFAULT NULL, - `update_time` datetime DEFAULT NULL, - `added_by_id` bigint(20) DEFAULT NULL, - `upd_by_id` bigint(20) DEFAULT NULL, - `client_ip` varchar(255) NOT NULL, - `agent_id` varchar(255) DEFAULT NULL, - `req_epoch` bigint(20) NOT NULL, - `last_updated` datetime DEFAULT NULL, - `repository_name` varchar(1024) DEFAULT NULL, - `exported_json` text, - `http_ret_code` int(11) NOT NULL DEFAULT '0', - PRIMARY KEY (`id`), - KEY `x_policy_export_audit_FK_added_by_id` (`added_by_id`), - KEY `x_policy_export_audit_FK_upd_by_id` (`upd_by_id`), - KEY `x_policy_export_audit_cr_time` (`create_time`), - KEY `x_policy_export_audit_up_time` (`update_time`), - CONSTRAINT `x_policy_export_audit_FK_added_by_id` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), - CONSTRAINT `x_policy_export_audit_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `x_policy_export_audit` --- - -LOCK TABLES `x_policy_export_audit` WRITE; -/*!40000 ALTER TABLE `x_policy_export_audit` DISABLE KEYS */; -/*!40000 ALTER TABLE `x_policy_export_audit` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `x_portal_user` --- - -DROP TABLE IF EXISTS `x_portal_user`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `x_portal_user` ( - `id` bigint(20) NOT NULL AUTO_INCREMENT, - `create_time` datetime DEFAULT NULL, - `update_time` datetime DEFAULT NULL, - `added_by_id` bigint(20) DEFAULT NULL, - `upd_by_id` bigint(20) DEFAULT NULL, - `first_name` varchar(1022) DEFAULT NULL, - `last_name` varchar(1022) DEFAULT NULL, - `pub_scr_name` varchar(2048) DEFAULT NULL, - `login_id` varchar(767) DEFAULT NULL, - `password` varchar(512) NOT NULL, - `email` varchar(512) DEFAULT NULL, - `status` int(11) NOT NULL DEFAULT '0', - `user_src` int(11) NOT NULL DEFAULT '0', - `notes` varchar(4000) DEFAULT NULL, - PRIMARY KEY (`id`), - UNIQUE KEY `x_portal_user_UK_login_id` (`login_id`), - UNIQUE KEY `x_portal_user_UK_email` (`email`), - KEY `x_portal_user_FK_added_by_id` (`added_by_id`), - KEY `x_portal_user_FK_upd_by_id` (`upd_by_id`), - KEY `x_portal_user_cr_time` (`create_time`), - KEY `x_portal_user_up_time` (`update_time`), - KEY `x_portal_user_name` (`first_name`(767)), - KEY `x_portal_user_email` (`email`), - CONSTRAINT `x_portal_user_FK_added_by_id` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), - CONSTRAINT `x_portal_user_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`) -) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `x_portal_user` --- - -LOCK TABLES `x_portal_user` WRITE; -/*!40000 ALTER TABLE `x_portal_user` DISABLE KEYS */; -INSERT INTO `x_portal_user` VALUES (1,'2014-05-25 00:07:26','2014-05-25 00:07:26',NULL,NULL,'Admin','','Admin','admin','ceb4f32325eda6142bd65215f4c0f371','',1,0,NULL); -/*!40000 ALTER TABLE `x_portal_user` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `x_portal_user_role` --- - -DROP TABLE IF EXISTS `x_portal_user_role`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `x_portal_user_role` ( - `id` bigint(20) NOT NULL AUTO_INCREMENT, - `create_time` datetime DEFAULT NULL, - `update_time` datetime DEFAULT NULL, - `added_by_id` bigint(20) DEFAULT NULL, - `upd_by_id` bigint(20) DEFAULT NULL, - `user_id` bigint(20) NOT NULL, - `user_role` varchar(128) DEFAULT NULL, - `status` int(11) NOT NULL DEFAULT '0', - PRIMARY KEY (`id`), - KEY `x_portal_user_role_FK_added_by_id` (`added_by_id`), - KEY `x_portal_user_role_FK_upd_by_id` (`upd_by_id`), - KEY `x_portal_user_role_FK_user_id` (`user_id`), - KEY `x_portal_user_role_cr_time` (`create_time`), - KEY `x_portal_user_role_up_time` (`update_time`), - CONSTRAINT `x_portal_user_role_FK_added_by_id` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), - CONSTRAINT `x_portal_user_role_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`), - CONSTRAINT `x_portal_user_role_FK_user_id` FOREIGN KEY (`user_id`) REFERENCES `x_portal_user` (`id`) -) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `x_portal_user_role` --- - -LOCK TABLES `x_portal_user_role` WRITE; -/*!40000 ALTER TABLE `x_portal_user_role` DISABLE KEYS */; -INSERT INTO `x_portal_user_role` VALUES (1,'2014-05-25 00:07:26','2014-05-25 00:07:26',NULL,NULL,1,'ROLE_SYS_ADMIN',1); -/*!40000 ALTER TABLE `x_portal_user_role` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `x_resource` --- - -DROP TABLE IF EXISTS `x_resource`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `x_resource` ( - `id` bigint(20) NOT NULL AUTO_INCREMENT, - `create_time` datetime DEFAULT NULL, - `update_time` datetime DEFAULT NULL, - `added_by_id` bigint(20) DEFAULT NULL, - `upd_by_id` bigint(20) DEFAULT NULL, - `res_name` varchar(4000) DEFAULT NULL, - `policy_name` varchar(500) DEFAULT NULL, - `descr` varchar(4000) DEFAULT NULL, - `res_type` int(11) NOT NULL DEFAULT '0', - `asset_id` bigint(20) NOT NULL, - `parent_id` bigint(20) DEFAULT NULL, - `parent_path` varchar(4000) DEFAULT NULL, - `is_encrypt` int(11) NOT NULL DEFAULT '0', - `is_recursive` int(11) NOT NULL DEFAULT '0', - `res_group` varchar(1024) DEFAULT NULL, - `res_dbs` text, - `res_tables` text, - `res_col_fams` text, - `res_cols` text, - `res_udfs` text, - `res_status` int(11) NOT NULL DEFAULT '1', - `table_type` int(11) NOT NULL DEFAULT '0', - `col_type` int(11) NOT NULL DEFAULT '0', - `res_topologies` text, - `res_services` text, - PRIMARY KEY (`id`), - UNIQUE KEY `policy_name` (`policy_name`), - KEY `x_resource_FK_added_by_id` (`added_by_id`), - KEY `x_resource_FK_upd_by_id` (`upd_by_id`), - KEY `x_resource_FK_asset_id` (`asset_id`), - KEY `x_resource_FK_parent_id` (`parent_id`), - KEY `x_resource_cr_time` (`create_time`), - KEY `x_resource_up_time` (`update_time`), - CONSTRAINT `x_resource_FK_added_by_id` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), - CONSTRAINT `x_resource_FK_asset_id` FOREIGN KEY (`asset_id`) REFERENCES `x_asset` (`id`), - CONSTRAINT `x_resource_FK_parent_id` FOREIGN KEY (`parent_id`) REFERENCES `x_resource` (`id`), - CONSTRAINT `x_resource_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `x_resource` --- - -LOCK TABLES `x_resource` WRITE; -/*!40000 ALTER TABLE `x_resource` DISABLE KEYS */; -/*!40000 ALTER TABLE `x_resource` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `x_trx_log` --- - -DROP TABLE IF EXISTS `x_trx_log`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `x_trx_log` ( - `id` bigint(20) NOT NULL AUTO_INCREMENT, - `create_time` datetime DEFAULT NULL, - `update_time` datetime DEFAULT NULL, - `added_by_id` bigint(20) DEFAULT NULL, - `upd_by_id` bigint(20) DEFAULT NULL, - `class_type` int(11) NOT NULL DEFAULT '0', - `object_id` bigint(20) DEFAULT NULL, - `parent_object_id` bigint(20) DEFAULT NULL, - `parent_object_class_type` int(11) NOT NULL DEFAULT '0', - `parent_object_name` varchar(1024) DEFAULT NULL, - `object_name` varchar(1024) DEFAULT NULL, - `attr_name` varchar(255) DEFAULT NULL, - `prev_val` varchar(1024) DEFAULT NULL, - `new_val` varchar(1024) DEFAULT NULL, - `trx_id` varchar(1024) DEFAULT NULL, - `action` varchar(255) DEFAULT NULL, - `sess_id` varchar(512) DEFAULT NULL, - `req_id` varchar(30) DEFAULT NULL, - `sess_type` varchar(30) DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `x_trx_log_FK_added_by_id` (`added_by_id`), - KEY `x_trx_log_FK_upd_by_id` (`upd_by_id`), - KEY `x_trx_log_cr_time` (`create_time`), - KEY `x_trx_log_up_time` (`update_time`), - CONSTRAINT `x_trx_log_FK_added_by_id` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), - CONSTRAINT `x_trx_log_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `x_trx_log` --- - -LOCK TABLES `x_trx_log` WRITE; -/*!40000 ALTER TABLE `x_trx_log` DISABLE KEYS */; -/*!40000 ALTER TABLE `x_trx_log` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `x_user` --- - -DROP TABLE IF EXISTS `x_user`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `x_user` ( - `id` bigint(20) NOT NULL AUTO_INCREMENT, - `create_time` datetime DEFAULT NULL, - `update_time` datetime DEFAULT NULL, - `added_by_id` bigint(20) DEFAULT NULL, - `upd_by_id` bigint(20) DEFAULT NULL, - `user_name` varchar(1024) NOT NULL, - `descr` varchar(4000) NOT NULL, - `status` int(11) NOT NULL DEFAULT '0', - `cred_store_id` bigint(20) DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `x_user_FK_added_by_id` (`added_by_id`), - KEY `x_user_FK_upd_by_id` (`upd_by_id`), - KEY `x_user_FK_cred_store_id` (`cred_store_id`), - KEY `x_user_cr_time` (`create_time`), - KEY `x_user_up_time` (`update_time`), - CONSTRAINT `x_user_FK_added_by_id` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), - CONSTRAINT `x_user_FK_cred_store_id` FOREIGN KEY (`cred_store_id`) REFERENCES `x_cred_store` (`id`), - CONSTRAINT `x_user_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `x_user` --- - -LOCK TABLES `x_user` WRITE; -/*!40000 ALTER TABLE `x_user` DISABLE KEYS */; -/*!40000 ALTER TABLE `x_user` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `xa_access_audit` --- - -DROP TABLE IF EXISTS `xa_access_audit`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `xa_access_audit` ( - `id` bigint(20) NOT NULL AUTO_INCREMENT, - `create_time` datetime DEFAULT NULL, - `update_time` datetime DEFAULT NULL, - `added_by_id` bigint(20) DEFAULT NULL, - `upd_by_id` bigint(20) DEFAULT NULL, - `audit_type` int(11) NOT NULL DEFAULT '0', - `access_result` int(11) DEFAULT '0', - `access_type` varchar(255) DEFAULT NULL, - `acl_enforcer` varchar(255) DEFAULT NULL, - `agent_id` varchar(255) DEFAULT NULL, - `client_ip` varchar(255) DEFAULT NULL, - `client_type` varchar(255) DEFAULT NULL, - `policy_id` bigint(20) DEFAULT '0', - `repo_name` varchar(255) DEFAULT NULL, - `repo_type` int(11) DEFAULT '0', - `result_reason` varchar(255) DEFAULT NULL, - `session_id` varchar(255) DEFAULT NULL, - `event_time` datetime DEFAULT NULL, - `request_user` varchar(255) DEFAULT NULL, - `action` varchar(2000) DEFAULT NULL, - `request_data` varchar(2000) DEFAULT NULL, - `resource_path` varchar(2000) DEFAULT NULL, - `resource_type` varchar(255) DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `xa_access_audit_FK_added_by_id` (`added_by_id`), - KEY `xa_access_audit_FK_upd_by_id` (`upd_by_id`), - KEY `xa_access_audit_cr_time` (`create_time`), - KEY `xa_access_audit_up_time` (`update_time`), - CONSTRAINT `xa_access_audit_FK_added_by_id` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), - CONSTRAINT `xa_access_audit_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `xa_access_audit` --- - -LOCK TABLES `xa_access_audit` WRITE; -/*!40000 ALTER TABLE `xa_access_audit` DISABLE KEYS */; -/*!40000 ALTER TABLE `xa_access_audit` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Current Database: `xa_db` --- - -USE `xa_db`; - --- --- Final view structure for view `vx_trx_log` --- - -/*!50001 DROP TABLE IF EXISTS `vx_trx_log`*/; -/*!50001 DROP VIEW IF EXISTS `vx_trx_log`*/; -/*!50001 SET @saved_cs_client = @@character_set_client */; -/*!50001 SET @saved_cs_results = @@character_set_results */; -/*!50001 SET @saved_col_connection = @@collation_connection */; -/*!50001 SET character_set_client = latin1 */; -/*!50001 SET character_set_results = latin1 */; -/*!50001 SET collation_connection = latin1_swedish_ci */; -/*!50001 CREATE ALGORITHM=UNDEFINED */ -/*!50013 DEFINER=`xaadmin`@`localhost` SQL SECURITY DEFINER */ -/*!50001 VIEW `vx_trx_log` AS select `x_trx_log`.`id` AS `id`,`x_trx_log`.`create_time` AS `create_time`,`x_trx_log`.`update_time` AS `update_time`,`x_trx_log`.`added_by_id` AS `added_by_id`,`x_trx_log`.`upd_by_id` AS `upd_by_id`,`x_trx_log`.`class_type` AS `class_type`,`x_trx_log`.`object_id` AS `object_id`,`x_trx_log`.`parent_object_id` AS `parent_object_id`,`x_trx_log`.`parent_object_class_type` AS `parent_object_class_type`,`x_trx_log`.`attr_name` AS `attr_name`,`x_trx_log`.`parent_object_name` AS `parent_object_name`,`x_trx_log`.`object_name` AS `object_name`,`x_trx_log`.`prev_val` AS `prev_val`,`x_trx_log`.`new_val` AS `new_val`,`x_trx_log`.`trx_id` AS `trx_id`,`x_trx_log`.`action` AS `action`,`x_trx_log`.`sess_id` AS `sess_id`,`x_trx_log`.`req_id` AS `req_id`,`x_trx_log`.`sess_type` AS `sess_type` from `x_trx_log` group by `x_trx_log`.`trx_id` */; -/*!50001 SET character_set_client = @saved_cs_client */; -/*!50001 SET character_set_results = @saved_cs_results */; -/*!50001 SET collation_connection = @saved_col_connection */; -/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; - -/*!40101 SET SQL_MODE=@OLD_SQL_MODE */; -/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */; -/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */; -/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; -/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; -/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; -/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; - --- Dump completed on 2014-05-25 0:07:27 http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9c2f0d1f/security-admin/db/xa_db_bare.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/xa_db_bare.sql b/security-admin/db/xa_db_bare.sql deleted file mode 100644 index 8204f1d..0000000 --- a/security-admin/db/xa_db_bare.sql +++ /dev/null @@ -1,15 +0,0 @@ --- Licensed to the Apache Software Foundation (ASF) under one or more --- contributor license agreements. See the NOTICE file distributed with --- this work for additional information regarding copyright ownership. --- The ASF licenses this file to You under the Apache License, Version 2.0 --- (the "License"); you may not use this file except in compliance with --- the License. You may obtain a copy of the License at --- --- http://www.apache.org/licenses/LICENSE-2.0 --- --- Unless required by applicable law or agreed to in writing, software --- distributed under the License is distributed on an "AS IS" BASIS, --- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. --- See the License for the specific language governing permissions and --- limitations under the License. - http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9c2f0d1f/security-admin/pom.xml ---------------------------------------------------------------------- diff --git a/security-admin/pom.xml b/security-admin/pom.xml index 97606b6..6d313b6 100644 --- a/security-admin/pom.xml +++ b/security-admin/pom.xml @@ -257,11 +257,13 @@ <artifactId>log4jdbc</artifactId> <version>${googlecode.log4jdbc.version}</version> </dependency> + <!-- <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <version>${mysql-connector-java.version}</version> </dependency> + --> <dependency> <groupId>com.googlecode.owasp-java-html-sanitizer</groupId> <artifactId>owasp-java-html-sanitizer</artifactId> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9c2f0d1f/security-admin/scripts/db_setup.py ---------------------------------------------------------------------- diff --git a/security-admin/scripts/db_setup.py b/security-admin/scripts/db_setup.py new file mode 100644 index 0000000..e488403 --- /dev/null +++ b/security-admin/scripts/db_setup.py @@ -0,0 +1,757 @@ +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. See accompanying LICENSE file. +# + +import os +import re +import sys +import errno +import shlex +import logging +import subprocess +import fileinput +from os.path import basename +#import commands +from datetime import date +globalDict = {} + +def check_output(query): + p = subprocess.Popen(query, stdout=subprocess.PIPE) + output = p.communicate ()[0] + return output + +def log(msg,type): + if type == 'info': + logging.info(" %s",msg) + if type == 'debug': + logging.debug(" %s",msg) + if type == 'warning': + logging.warning(" %s",msg) + if type == 'exception': + logging.exception(" %s",msg) + +#''' +def populate_global_dict(): + global globalDict + #RANGER_ADMIN_HOME = os.getenv("RANGER_ADMIN_HOME") + read_config_file = open(os.path.join(os.getcwd(),'install.properties')) + #library_path = os.path.join(RANGER_ADMIN_HOME,"cred","lib","*") + for each_line in read_config_file.read().split('\n') : + if len(each_line) == 0 : continue + if re.search('=', each_line): + key , value = each_line.strip().split("=",1) + key = key.strip() + + if 'PASSWORD' in key: + jceks_file_path = os.path.join(os.getenv('RANGER_HOME'), 'jceks','ranger_db.jceks') + statuscode,value = call_keystore(library_path,key,'',jceks_file_path,'get') + if statuscode == 1: + value = '' + value = value.strip() + globalDict[key] = value +#''' +#---------------------------------------------- +class BaseDB(object): + + def init_logfiles(self): + FORMAT = '%(asctime)-15s %(message)s' + logging.basicConfig(format=FORMAT, level=logging.DEBUG) + + def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password): + log("---------- Creating User ----------", "info") + + def check_table(self, db_name, root_user, db_root_password, TABLE_NAME): + log("---------- Verifying table ----------", "info") + def import_file_to_db(self, root_user, db_name, db_user, db_password, db_root_password, file_name): + log("---------- Importing db schema ----------", "info") + + def upgrade_db(self, db_name, root_user, db_user, db_password, db_root_password, DBVERSION_CATALOG_CREATION): + log("\nCreating Baseline DB upgrade ... \n", "debug") + self.import_db_file(db_name, root_user, db_user, db_password, db_root_password, DBVERSION_CATALOG_CREATION) + log("\nBaseline DB upgraded successfully\n", "info") + + + def apply_patches(self, db_name, root_user, db_user, db_password ,db_root_password, PATCHES_PATH): + #first get all patches and then apply each patch + files = os.listdir(PATCHES_PATH) + # files: coming from os.listdir() sorted alphabetically, thus not numerically + if files: + sorted_files = sorted(files, key=lambda x: str(x.split('.')[0])) + for filename in sorted_files: + currentPatch = PATCHES_PATH + "/"+filename + self.import_db_patches(db_name, root_user, db_user, db_password ,db_root_password, currentPatch) + else: + log("No Patches to apply.","info") + + def create_auditdb_user(self, xa_db_host , audit_db_host , db_name ,audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, file_name , TABLE_NAME): + log("----------------- Create Audit User ------------", "info") + + + +class MysqlConf(BaseDB): + # Constructor + def __init__(self, host,SQL_CONNECTOR_JAR,JAVA_BIN): + self.host = host + self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR + self.JAVA_BIN = JAVA_BIN + BaseDB.init_logfiles(self) + + def get_jisql_cmd(self, user, password ,db_name): + #TODO: User array for forming command + jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN,self.SQL_CONNECTOR_JAR,self.host,db_name,user,password) + return jisql_cmd + + + def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password): + hosts_arr =["%", "localhost"] + for host in hosts_arr: + get_cmd = self.get_jisql_cmd(root_user, db_root_password ,'mysql') + query = get_cmd + " -query \"select user from mysql.user where user='%s' and host='%s';\"" %(db_user,host) + output = check_output(shlex.split(query)) + if output.strip(db_user + " |"): + log( "\nMYSQL User: " + db_user + " already exists!", "debug") + else: + log("User does not exists", "info") + if db_password == "": + log ("Creating MySQL user: "+ db_user +" with DB password blank\n", "info") + query = get_cmd + " -query \"create user '%s'@'%s';\"" %(db_user, host) + ret = subprocess.check_call(shlex.split(query)) + if ret == 0: + query = get_cmd + " -query \"select user from mysql.user where user='%s' and host='%s';\"" %(db_user,host) + output = check_output(shlex.split(query)) + if output.strip(db_user + " |"): + log("Mysql user " + db_user +" created","info") + else: + log("Creating Mysql user " + db_user +" Failed","info") + sys.exit(1) + else: + log ("Creating MySQL user: "+ db_user +" with DB password\n", "info") + query = get_cmd + " -query \"create user '%s'@'%s' identified by '%s';\"" %(db_user, host, db_password) + ret = subprocess.check_call(shlex.split(query)) + if ret == 0: + log("Mysql user " + db_user +" created","info") + else: + log("Creating Mysql user " + db_user +" Failed","info") + sys.exit(1) + + def verify_db(self, root_user, db_root_password, db_name): + log("\nVerifying Database: " + db_name + "\n", "debug") + get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql') + query = get_cmd + " -query \"show databases like '%s';\"" %(db_name) + output = check_output(shlex.split(query)) + if output.strip(db_name + " |"): + return True + else: + return False + + + def import_file_to_db(self, root_user, db_name, db_user, db_password, db_root_password, file_name): + log ("\nImporting db schema to Database: " + db_name,"debug"); + if self.verify_db(root_user, db_root_password, db_name): + log("\nDatabase: "+db_name + " already exists. Ignoring import_db\n","info") + else: + log("\nDatabase does not exist. Creating database : " + db_name,"info") + get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql') + query = get_cmd + " -query \"create database %s;\"" %(db_name) + ret = subprocess.check_call(shlex.split(query)) + if ret != 0: + log("\nDatabase creation failed!!\n","info") + sys.exit(1) + else: + if self.verify_db(root_user, db_root_password, db_name): + log("Creating database: " + db_name + " succeeded", "info") + self.import_db_file(db_name, root_user , db_user, db_password, db_root_password, file_name) + else: + log("\nDatabase creation failed!!\n","info") + sys.exit(1) + + + def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password , is_revoke): + hosts_arr =["%", "localhost"] + if is_revoke: + for host in hosts_arr: + get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql') + query = get_cmd + " -query \"REVOKE ALL PRIVILEGES,GRANT OPTION FROM '%s'@'%s';\"" %(db_user, host) + ret = subprocess.check_call(shlex.split(query)) + if ret == 0: + query = get_cmd + " -query \"FLUSH PRIVILEGES;\"" + ret = subprocess.check_call(shlex.split(query)) + if ret != 0: + sys.exit(1) + else: + sys.exit(1) + + for host in hosts_arr: + log ("---------------GRANTING PRIVILEGES TO user '"+db_user+"'@'"+host+"' on db '"+db_name+"'-------------" , "info") + get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql') + query = get_cmd + " -query \"grant all privileges on %s.* to '%s'@'%s' with grant option;\"" %(db_name,db_user, host) + ret = subprocess.check_call(shlex.split(query)) + if ret == 0: + log ("---------------FLUSH PRIVILEGES -------------" , "info") + query = get_cmd + " -query \"FLUSH PRIVILEGES;\"" + ret = subprocess.check_call(shlex.split(query)) + if ret == 0: + log("Privileges granted to '" + db_user + "' on '"+db_name+"'\n", "info") + else: + log("Granting privileges to '" +db_user+"' FAILED on '"+db_name+"'\n", "info") + sys.exit(1) + else: + log("\nGranting privileges to '" +db_user+"' FAILED on '"+db_name+"'\n", "info") + sys.exit(1) + + + def grant_audit_db_user(self, audit_root_user, audit_db_name, audit_db_user, audit_db_password, audit_db_root_password,TABLE_NAME, is_revoke): + hosts_arr =["%", "localhost"] + if is_revoke == True: + for host in hosts_arr: + get_cmd = self.get_jisql_cmd(audit_root_user, audit_db_root_password, 'mysql') + query = get_cmd + " -query \"REVOKE ALL PRIVILEGES,GRANT OPTION FROM '%s'@'%s';\"" %(audit_db_user, host) + ret = subprocess.check_call(shlex.split(query)) + if ret == 0: + query = get_cmd + " -query \"FLUSH PRIVILEGES;\"" + ret = subprocess.check_call(shlex.split(query)) + if ret != 0: + sys.exit(1) + else: + sys.exit(1) + + for host in hosts_arr: + log ("---------------GRANTING PRIVILEGES TO '"+ audit_db_user + "' on '" + audit_db_name+"'-------------" , "info") + get_cmd = self.get_jisql_cmd(audit_root_user, audit_db_root_password, 'mysql') + query = get_cmd + " -query \"GRANT INSERT ON %s.%s TO '%s'@'%s';\"" %(audit_db_name,TABLE_NAME,audit_db_user,host) + ret = subprocess.check_call(shlex.split(query)) + if ret == 0: + get_cmd = self.get_jisql_cmd(audit_root_user, audit_db_root_password, 'mysql') + query = get_cmd + " -query \"FLUSH PRIVILEGES;\"" + ret = subprocess.check_call(shlex.split(query)) + if ret == 0: + log("Granting privileges to '" + audit_db_user+"' Done on '"+ audit_db_name+"'\n", "info") + else: + log("Granting privileges to '" +audit_db_user+"' Failed on '" + audit_db_name+"'\n", "info") + sys.exit(1) + else: + log("\nGranting privileges to '" + audit_db_user+"' Failed on '" + audit_db_name+"'\n", "info") + sys.exit(1) + + + def import_db_file(self, db_name, root_user, db_user, db_password, db_root_password, file_name): + name = basename(file_name) + if os.path.isfile(file_name): + log("Importing db schema to database : " + db_name + " from file: " + name,"info") + get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name) + query = get_cmd + " -input %s" %file_name + ret = subprocess.check_call(shlex.split(query)) + if ret == 0: + log(name + " DB schema imported successfully\n","info") + else: + log(name + " DB Schema import failed!\n","info") + sys.exit(1) + else: + log("\nDB Schema file " + name+ " not found\n","exception") + sys.exit(1) + + def import_db_patches(self, db_name, root_user, db_user, db_password, db_root_password, file_name): + name = basename(file_name) + if os.path.isfile(file_name): + version = name.split('-')[0] + log("Executing patch on : " + db_name + " from file: " + name,"info") + get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name) + query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version) + output = check_output(shlex.split(query)) + if output.strip(version + " |"): + log("Patch "+ name +" is already Applied" ,"info") + else: + get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name) + query = get_cmd + " -input %s" %file_name + ret = subprocess.check_call(shlex.split(query)) + if ret == 0: + log(name + " Patch Applied\n","info") + query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('%s', now(), user(), now(), user()) ;\"" %(version) + ret = subprocess.check_call(shlex.split(query)) + if ret == 0: + log("Patch version updated", "info") + else: + log("Updating Patch version failed", "info") + sys.exit(1) + else: + log(name + "\n Import failed!\n","info") + sys.exit(1) + else: + log("\nImport " +name + " file not found\n","exception") + sys.exit(1) + + + def check_table(self, db_name, root_user, db_root_password, TABLE_NAME): + if self.verify_db(root_user, db_root_password, db_name): + log("Verifying table " + TABLE_NAME +" in database " + db_name, "debug") + + get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name) + query = get_cmd + " -query \"show tables like '%s';\"" %(TABLE_NAME) + output = check_output(shlex.split(query)) + if output.strip(TABLE_NAME + " |"): + log("Table " + TABLE_NAME +" already exists in database " + db_name + "\n","info") + return True + else: + log("Table " + TABLE_NAME +" does not exist in database " + db_name + "\n","info") + return False + else: + log("Database " + db_name +" does not exist\n","info") + return False + + + def create_auditdb_user(self, xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, file_name , TABLE_NAME): + hosts_arr =["%", "localhost"] + for host in hosts_arr: + get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password ,'mysql') + query = get_cmd + " -query \"select user from mysql.user where user='%s' and host='%s';\"" %(audit_db_user,host) + output = check_output(shlex.split(query)) + if output.strip(audit_db_user + " |"): + log( "\nMYSQL User: " + audit_db_user + " already exists!", "debug") + else: + log("User does not exists", "info") + if audit_db_password == "": + log ("Creating MySQL user: "+ audit_db_user +" with DB password blank\n", "info") + query = get_cmd + " -query \" create user '%s'@'%s';\"" %(audit_db_user, host) + ret = subprocess.check_call(shlex.split(query)) + else: + log ("Creating MySQL user: "+ audit_db_user +" with DB password\n", "info") + query = get_cmd + " -query \"create user '%s'@'%s' identified by '%s';\"" %(audit_db_user,host,audit_db_password) + ret = subprocess.check_call(shlex.split(query)) + if ret == 0: + log( "\nMYSQL User: " + audit_db_user + " Created", "info") + else: + sys.exit(1) + + query = get_cmd + " -query \"REVOKE ALL PRIVILEGES,GRANT OPTION FROM '%s'@'%s';\"" %(audit_db_user, host) + ret = subprocess.check_call(shlex.split(query)) + if ret == 0: + query = get_cmd + " -query \"FLUSH PRIVILEGES;\"" + ret = subprocess.check_call(shlex.split(query)) + else: + sys.exit(1) + + log("\n--------- Check audit table exists --------- \n","info") + output = self.check_table(audit_db_name,audit_db_root_user,audit_db_root_password,TABLE_NAME) + if output == False: + self.import_file_to_db(audit_db_root_user, audit_db_name ,audit_db_user, audit_db_password, audit_db_root_password, file_name) + self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, False) + if audit_db_user == db_user: + is_revoke = False + else: + is_revoke = True + self.grant_audit_db_user(audit_db_root_user, audit_db_name, audit_db_user, audit_db_password, audit_db_root_password,TABLE_NAME, is_revoke) + + + +class OracleConf(BaseDB): + # Constructor + def __init__(self, host,SQL_CONNECTOR_JAR,JAVA_BIN): + self.host = host + self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR + self.JAVA_BIN = JAVA_BIN + BaseDB.init_logfiles(self) + + def get_jisql_cmd(self, user, password): + #TODO: User array for forming command + jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@%s -u '%s' -p '%s' -noheader -trim" %(self.JAVA_BIN,self.SQL_CONNECTOR_JAR,self.host, user, password) + return jisql_cmd + + + def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password): + get_cmd = self.get_jisql_cmd(root_user, db_root_password) + query = get_cmd + " -c \; -query \"select username from all_users where UPPER(username)=UPPER('%s');\"" %(db_user) + output = check_output(shlex.split(query)) + if output.strip(db_user+" |"): + log( "Oracle User: " + db_user + " already exists!", "debug") + else: + log("User does not exists, Creating User : " + db_user, "info") + query = get_cmd + " -c \; -query 'create user %s identified by \"%s\";'" %(db_user, db_password) + ret = subprocess.check_call(shlex.split(query)) + if ret == 0: + query = get_cmd + " -c \; -query \"select username from all_users where UPPER(username)=UPPER('%s');\"" %(db_user) + output = check_output(shlex.split(query)) + if output.strip(db_user+" |"): + log("Granting Permission to " + db_user, "info") + query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) + ret = subprocess.check_call(shlex.split(query)) + if ret == 0: + log("\nGranting permissions to oracle user '" + db_user + "' for %s DONE\n" %(self.host), "info") + else: + log("\nGranting permissions to oracle user '" + db_user + "' FAILED\n", "info") + sys.exit(1) + else: + log("\nCreating ORACLE user '" + db_user + "' FAILED\n", "info") + sys.exit(1) + + + def verify_user(self, root_user, db_user, db_root_password): + log("Verifying User: " + db_user +"\n","debug") + get_cmd = self.get_jisql_cmd(root_user, db_root_password) + query = get_cmd + " -c \; -query \"select count(*) from all_users where upper(username)=upper('%s');\"" %(db_user) + output = check_output(shlex.split(query)) + if output.strip(db_user+" |"): + return True + else: + return False + + + def verify_tablespace(self, root_user,db_user, db_root_password, db_name): + log("Verifying Tablespace: " + db_name+"\n","debug") + get_cmd = self.get_jisql_cmd(root_user, db_root_password) + query = get_cmd + " -c \; -query \"SELECT DISTINCT UPPER(TABLESPACE_NAME) FROM USER_TablespaceS where UPPER(Tablespace_Name)=UPPER(\'%s\');\"" %(db_name) + output = check_output(shlex.split(query)) + if output.strip(db_name+' |'): + return True + else: + return False + + + def import_file_to_db(self, root_user ,db_name, db_user, db_password, db_root_password,file_name): + #Verifying Users + if self.verify_user(root_user,db_user, db_root_password): + log("User : " +db_user + " already exists.", "info") + else: + log("User does not exist " + db_user, "info") + sys.exit(1) + + if self.verify_tablespace(root_user, db_user, db_root_password, db_name): + log("Tablespace " + db_name + " already exists.","info") + if re.search('xa_core_db' , file_name): + status = False + else: + status = True + else: + log("Tablespace does not exist. Creating Tablespace: " + db_name,"info") + get_cmd = self.get_jisql_cmd(root_user, db_root_password) + query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(db_name, db_name) + ret = subprocess.check_call(shlex.split(query)) + if ret != 0: + log("Tablespace creation failed!!\n","exception" ) + sys.exit(1) + else: + log("Creating Tablespace "+db_name+" succeeded", "info") + status = self.verify_tablespace(root_user, db_user, db_root_password, db_name) + if status == False: + sys.exit(1) + + if status == True: + log("ASSIGN DEFAULT Tablespace :" +db_name , "info") + # ASSIGN DEFAULT Tablespace db_name + get_cmd = self.get_jisql_cmd(root_user , db_root_password) + query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(db_user, db_password, db_name) + ret = subprocess.check_call(shlex.split(query)) + if ret == 0: + log("Granting Permission to " + db_user, "info") + query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) + ret = subprocess.check_call(shlex.split(query)) + if ret == 0: + self.import_db_file(db_name, root_user ,db_user, db_password, db_root_password ,file_name) + return True + else: + log("\nGranting Oracle user '" + db_user + "' FAILED\n", "info") + sys.exit(1) + else: + return False + + def import_audit_file_to_db(self, audit_db_root_user, db_name ,audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_db_root_password, file_name, TABLE_NAME): + #Verifying Users + if self.verify_user(audit_db_root_user, db_user, audit_db_root_password): + log("User : " +db_user + " already exists.", "info") + else: + log("User does not exist " + db_user, "info") + sys.exit(1) + + if self.verify_user(audit_db_root_user, audit_db_user, audit_db_root_password): + log("User : " +audit_db_user + " already exists.", "info") + else: + log("User does not exist " + audit_db_user, "info") + sys.exit(1) + + if self.verify_tablespace(audit_db_root_user, db_user, audit_db_root_password, audit_db_name): + log("\nTablespace " + audit_db_name + " already exists.","info") + status1 = True + else: + log("\nTablespace does not exist. Creating Tablespace: \n" + audit_db_name,"info") + get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password) + query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(audit_db_name, audit_db_name) + ret = subprocess.check_call(shlex.split(query)) + if ret != 0: + log("\nTablespace creation failed!!\n","info") + sys.exit(1) + else: + log("Creating Tablespace "+ audit_db_name + " succeeded", "info") + status1 = True + + if self.verify_tablespace(audit_db_root_user, db_user, audit_db_root_password, db_name): + log("Tablespace " + db_name + " already exists.","info") + status2 = True + else: + log("Tablespace does not exist. Creating Tablespace: " + db_name,"info") + get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password) + query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(db_name, db_name) + ret = subprocess.check_call(shlex.split(query)) + if ret != 0: + log("\nTablespace creation failed!!\n","info") + sys.exit(1) + else: + log("Creating Tablespace "+ db_name + " succeeded", "info") + status2 = True + + if (status1 == True and status2 == True): + log("ASSIGN DEFAULT Tablespace :" + db_name , "info") + # ASSIGN DEFAULT Tablespace db_name + get_cmd = self.get_jisql_cmd(audit_db_root_user , audit_db_root_password) + query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(audit_db_user, audit_db_password, db_name) + ret1 = subprocess.check_call(shlex.split(query)) + + log("ASSIGN DEFAULT Tablespace :" + audit_db_name , "info") + # ASSIGN DEFAULT Tablespace db_name + get_cmd = self.get_jisql_cmd(audit_db_root_user , audit_db_root_password) + query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(audit_db_user, audit_db_password, audit_db_name) + ret2 = subprocess.check_call(shlex.split(query)) + + if (ret1 == 0 and ret2 == 0): + log("Granting Permission to " + db_user, "info") + query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) + ret = subprocess.check_call(shlex.split(query)) + if ret == 0: + + if self.check_table(db_name, audit_db_root_user, audit_db_root_password, TABLE_NAME): + log("Table exists " + TABLE_NAME +" in tablespace " + db_name ,"info") + else: + self.import_db_file(audit_db_name, audit_db_root_user ,db_user, db_password, audit_db_root_password ,file_name) + query = get_cmd + " -c \; -query 'GRANT CREATE SESSION TO %s;'" % (audit_db_user) + ret = subprocess.check_call(shlex.split(query)) + if ret != 0: + sys.exit(1) + query = get_cmd + " -c \; -query 'GRANT SELECT ON %s.XA_ACCESS_AUDIT_SEQ TO %s;'" % (db_user,audit_db_user) + ret = subprocess.check_call(shlex.split(query)) + if ret != 0: + sys.exit(1) + query = get_cmd + " -c \; -query 'GRANT INSERT ON %s.XA_ACCESS_AUDIT TO %s;'" % (db_user,audit_db_user) + ret = subprocess.check_call(shlex.split(query)) + if ret != 0: + sys.exit(1) + return True + else: + log("\nGranting Oracle user '" + db_user + "' FAILED\n", "info") + sys.exit(1) + else: + return False + + + def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, invoke): + log("Granting Permission to " + db_user, "info") + get_cmd = self.get_jisql_cmd(root_user ,db_root_password) + query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) + ret = subprocess.check_call(shlex.split(query)) + if ret == 0: + return True + else: + log("\nGranting Oracle user '" + db_user + "' FAILED\n", "info") + sys.exit(1) + + + def grant_audit_db_user(self, audit_db_root_user, audit_db_name ,db_user,audit_db_user,db_password,audit_db_password, audit_db_root_password): + log("Granting Permission to " + db_user, "info") + get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password) + query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) + ret = subprocess.check_call(shlex.split(query)) + if ret == 0: + return True + else: + log("\nGranting Oracle user '" + db_user + "' FAILED\n", "info") + sys.exit(1) + + def import_db_file(self, db_name, root_user ,db_user, db_password, db_root_password,file_name): + name = basename(file_name) + if os.path.isfile(file_name): + log("Importing script : " + db_name + " from file: " + name,"info") + get_cmd = self.get_jisql_cmd(db_user, db_password) + query = get_cmd + " -input %s -c \;" %file_name + ret = subprocess.check_call(shlex.split(query)) + if ret == 0: + log(name + " Imported successfully\n","info") + else: + log(name + " Import failed!\n","info") + sys.exit(1) + else: + log("\nImport " +name + " sql file not found\n","debug") + sys.exit(1) + + def import_db_patches(self, db_name, root_user, db_user, db_password, db_root_password,file_name): + if os.path.isfile(file_name): + name = basename(file_name) + version = name.split('-')[0] + log("Executing patch on : " + db_name + " from file: " + name,"info") + get_cmd = self.get_jisql_cmd(db_user, db_password) + query = get_cmd + " -c \; -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version) + output = check_output(shlex.split(query)) + if output.strip(version +" |"): + log("Patch "+ name +" is already Applied" ,"info") + else: + get_cmd = self.get_jisql_cmd(db_user, db_password) + query = get_cmd + " -input %s -c /" %file_name + ret = subprocess.check_call(shlex.split(query)) + if ret == 0: + log(name + " Patch Applied\n","info") + query = get_cmd + " -c \; -query \"insert into x_db_version_h (id,version, inst_at, inst_by, updated_at, updated_by) values ( X_DB_VERSION_H_SEQ.nextval,'%s', sysdate, '%s', sysdate, '%s');\"" %(version, db_user, db_user) + ret = subprocess.check_call(shlex.split(query)) + if ret == 0: + log("Patch version updated", "info") + else: + log("Updating Patch version failed", "info") + sys.exit(1) + else: + log(name + "\n Import failed!\n","info") + sys.exit(1) + else: + log("\nPatch file not found\n","debug") + sys.exit(1) + + + def check_table(self, db_name, root_user, db_root_password, TABLE_NAME): + log("Verifying table " + TABLE_NAME +" in tablespace " + db_name, "debug") + get_cmd = self.get_jisql_cmd(root_user, db_root_password) + query = get_cmd + " -c \; -query \"select UPPER(table_name) from all_tables where UPPER(tablespace_name)=UPPER('%s') and UPPER(table_name)=UPPER('%s');\"" %(db_name ,TABLE_NAME) + output = check_output(shlex.split(query)) + if output.strip(TABLE_NAME.upper() + ' |'): + log("Table " + TABLE_NAME +" already exists in Tablespace " + db_name + "\n","info") + return True + else: + log("Table " + TABLE_NAME +" does not exist in Tablespace " + db_name + "\n","info") + return False + + + def create_auditdb_user(self, xa_db_host , audit_db_host , db_name ,audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, file_name , TABLE_NAME): + self.create_rangerdb_user(audit_db_root_user, db_user, db_password, audit_db_root_password) + + get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password) + query = get_cmd + " -c \; -query \"select username from all_users where UPPER(username)=UPPER('%s');\"" %(audit_db_user) + output = check_output(shlex.split(query)) + if output.strip(audit_db_user+" |"): + log( "Oracle Audit User: " + audit_db_user + " already exists!", "debug") + else: + log("Audit User does not exists, Creating Audit User : " + audit_db_user, "info") + query = get_cmd + " -c \; -query 'create user %s identified by \"%s\";'" %(audit_db_user, audit_db_password) + ret = subprocess.check_call(shlex.split(query)) + if ret == 0: + query = get_cmd + " -c \; -query \"GRANT CREATE SESSION TO %s;\"" %(audit_db_user) + ret = subprocess.check_call(shlex.split(query)) + if ret == 0: + log("Granting Permission to " + audit_db_user + " Done", "info") + else: + log("Granting Permission to " + audit_db_user + " Failed", "info") + sys.exit(1) + + + log("\n--------- Check audit table exists --------- \n","info") + output = self.check_table(audit_db_name, audit_db_root_user, audit_db_root_password, TABLE_NAME) + if output == False: + self.import_audit_file_to_db(audit_db_root_user, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_db_root_password, file_name,TABLE_NAME) + self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, True) + self.grant_audit_db_user(audit_db_root_user, audit_db_name ,db_user, audit_db_user, db_password,audit_db_password, audit_db_root_password) + + + +def main(): + populate_global_dict() + JAVA_BIN=globalDict['JAVA_BIN'] + XA_DB_FLAVOR=globalDict['DB_FLAVOR'] + AUDIT_DB_FLAVOR=globalDict['DB_FLAVOR'] + XA_DB_FLAVOR.upper() + AUDIT_DB_FLAVOR.upper() + + xa_db_host = globalDict['db_host'] + audit_db_host = globalDict['db_host'] + + mysql_dbversion_catalog = 'db/mysql/create_dbversion_catalog.sql' + mysql_core_file = globalDict['mysql_core_file'] + mysql_audit_file = globalDict['mysql_audit_file'] + mysql_patches = 'db/mysql/patches' + + oracle_dbversion_catalog = 'db/oracle/create_dbversion_catalog.sql' + oracle_core_file = globalDict['oracle_core_file'] + oracle_audit_file = globalDict['oracle_audit_file'] + oracle_patches = 'db/oracle/patches' + + db_name = globalDict['db_name'] + db_user = globalDict['db_user'] + db_password = globalDict['db_password'] + xa_db_root_user = globalDict['db_root_user'] + xa_db_root_password = globalDict['db_root_password'] + + x_db_version = 'x_db_version_h' + xa_access_audit = 'xa_access_audit' + + audit_db_name = globalDict['audit_db_name'] + audit_db_user = globalDict['audit_db_user'] + audit_db_password = globalDict['audit_db_password'] + audit_db_root_user = globalDict['db_root_user'] + audit_db_root_password = globalDict['db_root_password'] + + + + + if XA_DB_FLAVOR == "MYSQL": + MYSQL_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR'] + xa_sqlObj = MysqlConf(xa_db_host,MYSQL_CONNECTOR_JAR,JAVA_BIN) + xa_db_version_file = os.path.join(os.getcwd(),mysql_dbversion_catalog) + xa_db_core_file = os.path.join(os.getcwd(),mysql_core_file) + xa_patch_file = os.path.join(os.getcwd(),mysql_patches) + + elif XA_DB_FLAVOR == "ORACLE": + ORACLE_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR'] + xa_db_root_user = xa_db_root_user+" AS SYSDBA" + xa_sqlObj = OracleConf(xa_db_host,ORACLE_CONNECTOR_JAR,JAVA_BIN) + xa_db_version_file = os.path.join(os.getcwd(),oracle_dbversion_catalog) + xa_db_core_file = os.path.join(os.getcwd(),oracle_core_file) + xa_patch_file = os.path.join(os.getcwd(),oracle_patches) + else: + log ("--------- NO SUCH FLAVOUR ---------", "info") + sys.exit(1) + + if AUDIT_DB_FLAVOR == "MYSQL": + MYSQL_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR'] + audit_sqlObj = MysqlConf(audit_db_host,MYSQL_CONNECTOR_JAR,JAVA_BIN) + audit_db_file = os.path.join(os.getcwd(),mysql_audit_file) + + elif AUDIT_DB_FLAVOR == "ORACLE": + ORACLE_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR'] + audit_db_root_user = audit_db_root_user+" AS SYSDBA" + audit_sqlObj = OracleConf(audit_db_host,ORACLE_CONNECTOR_JAR,JAVA_BIN) + audit_db_file = os.path.join(os.getcwd(),oracle_audit_file) + else: + log ("--------- NO SUCH FLAVOUR ---------", "info") + sys.exit(1) + + + # Methods Begin + log("\n--------- Creating admin user --------- \n","info") + xa_sqlObj.create_rangerdb_user(xa_db_root_user, db_user, db_password, xa_db_root_password) + log("\n--------- Importing DB Core Database ---------\n","info") + xa_sqlObj.import_file_to_db(xa_db_root_user, db_name, db_user, db_password, xa_db_root_password, xa_db_core_file) + xa_sqlObj.grant_xa_db_user(xa_db_root_user, db_name, db_user, db_password, xa_db_root_password, True) + log("\n--------- Check Table ---------\n","info") + output = xa_sqlObj.check_table(db_name, xa_db_root_user, xa_db_root_password, x_db_version) + if output == False: + log("\n--------- Updating Database ---------\n","info") + xa_sqlObj.upgrade_db(db_name, xa_db_root_user, db_user, db_password, xa_db_root_password, xa_db_version_file) + log("\n--------- Applying Patches ---------\n","info") + xa_sqlObj.apply_patches(db_name, xa_db_root_user, db_user, db_password, xa_db_root_password, xa_patch_file) + # Ranger Admin DB Host AND Ranger Audit DB Host are Different OR Same + log("\n--------- Creating audit user --------- \n","info") + audit_sqlObj.create_auditdb_user(xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, audit_db_file, xa_access_audit) + +main() + http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9c2f0d1f/security-admin/scripts/install.properties ---------------------------------------------------------------------- diff --git a/security-admin/scripts/install.properties b/security-admin/scripts/install.properties index b835bba..0ff950b 100644 --- a/security-admin/scripts/install.properties +++ b/security-admin/scripts/install.properties @@ -18,6 +18,7 @@ # #------------------------- DB CONFIG - BEGIN ---------------------------------- +PYTHON_COMMAND_INVOKER='python' #DB_FLAVOR=ORACLE #DB_FLAVOR=MYSQL @@ -52,7 +53,7 @@ db_host=localhost # # DB UserId used for the XASecure schema -# +# db_name=ranger db_user=rangeradmin db_password= @@ -152,14 +153,14 @@ JAVA_BIN='java' JAVA_VERSION_REQUIRED='1.7' JAVA_ORACLE='Java(TM) SE Runtime Environment' -mysql_create_user_file=${PWD}/db/create_dev_user.sql -mysql_core_file=${PWD}/db/xa_core_db.sql -mysql_audit_file=${PWD}/db/xa_audit_db.sql -mysql_asset_file=${PWD}/db/reset_asset.sql +#mysql_create_user_file=${PWD}/db/mysql/create_dev_user.sql +mysql_core_file=db/mysql/xa_core_db.sql +mysql_audit_file=db/mysql/xa_audit_db.sql +#mysql_asset_file=${PWD}/db/mysql/reset_asset.sql #oracle_create_user_file=${PWD}/db/oracle/create_dev_user_oracle.sql -oracle_core_file=${PWD}/db/oracle/xa_core_db_oracle.sql -oracle_audit_file=${PWD}/db/oracle/xa_audit_db_oracle.sql +oracle_core_file=db/oracle/xa_core_db_oracle.sql +oracle_audit_file=db/oracle/xa_audit_db_oracle.sql #oracle_asset_file=${PWD}/db/oracle/reset_asset_oracle.sql # http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9c2f0d1f/security-admin/scripts/setup.sh ---------------------------------------------------------------------- diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh index e9b69a6..beb1a55 100755 --- a/security-admin/scripts/setup.sh +++ b/security-admin/scripts/setup.sh @@ -171,6 +171,15 @@ check_db_version() { fi } +check_python_command() { + if is_command ${PYTHON_COMMAND_INVOKER} ; then + log "[I] '${PYTHON_COMMAND_INVOKER}' command found" + else + log "[E] '${PYTHON_COMMAND_INVOKER}' command not found" + exit 1; + fi +} + check_db_connector() { if [ "${DB_FLAVOR}" == "MYSQL" ] then @@ -446,7 +455,7 @@ upgrade_db() { log "[I] - starting upgradedb ... " if [ "${DB_FLAVOR}" == "MYSQL" ] then - DBVERSION_CATALOG_CREATION=db/create_dbversion_catalog.sql + DBVERSION_CATALOG_CREATION=db/mysql/create_dbversion_catalog.sql if [ -f ${DBVERSION_CATALOG_CREATION} ] then log "[I] Verifying database version catalog table .... " @@ -457,7 +466,7 @@ upgrade_db() { dt=`date '+%s'` tempFile=/tmp/sql_${dt}_$$.sql - sqlfiles=`ls -1 db/patches/*.sql 2> /dev/null | awk -F/ '{ print $NF }' | awk -F- '{ print $1, $0 }' | sort -k1 -n | awk '{ printf("db/patches/%s\n",$2) ; }'` + sqlfiles=`ls -1 db/mysql/patches/*.sql 2> /dev/null | awk -F/ '{ print $NF }' | awk -F- '{ print $1, $0 }' | sort -k1 -n | awk '{ printf("db/mysql/patches/%s\n",$2) ; }'` for sql in ${sqlfiles} do if [ -f ${sql} ] @@ -685,20 +694,10 @@ import_db(){ } copy_db_connector(){ - if [ "${DB_FLAVOR}" == "MYSQL" ] - then - log "[I] Copying MYSQL Connector to $app_home/WEB-INF/lib "; - cp -f $SQL_CONNECTOR_JAR $app_home/WEB-INF/classes/lib - check_ret_status $? "Copying MYSQL Connector to $app_home/WEB-INF/lib failed" - log "[I] Copying MYSQL Connector to $app_home/WEB-INF/lib DONE"; - fi - if [ "${DB_FLAVOR}" == "ORACLE" ] - then - log "[I] Copying ORACLE Connector to $app_home/WEB-INF/lib "; - cp -f $SQL_CONNECTOR_JAR $app_home/WEB-INF/classes/lib - check_ret_status $? "Copying ORACLE Connector to $app_home/WEB-INF/lib failed" - log "[I] Copying ORACLE Connector to $app_home/WEB-INF/lib DONE"; - fi + log "[I] Copying ${DB_FLAVOR} Connector to $app_home/WEB-INF/lib "; + cp -f $SQL_CONNECTOR_JAR $app_home/WEB-INF/lib + check_ret_status $? "Copying ${DB_FLAVOR} Connector to $app_home/WEB-INF/lib failed" + log "[I] Copying ${DB_FLAVOR} Connector to $app_home/WEB-INF/lib DONE"; } update_properties() { @@ -1241,7 +1240,7 @@ execute_java_patches(){ then dt=`date '+%s'` tempFile=/tmp/sql_${dt}_$$.sql - mysqlexec="${SQL_COMMAND_INVOKER} -u ${db_root_user} --password="${db_root_password}" -h ${DB_HOST} ${db_name}" + #mysqlexec="${SQL_COMMAND_INVOKER} -u ${db_root_user} --password="${db_root_password}" -h ${DB_HOST} ${db_name}" javaFiles=`ls -1 $app_home/WEB-INF/classes/org/apache/ranger/patch/Patch*.class 2> /dev/null | awk -F/ '{ print $NF }' | awk -F_J '{ print $2, $0 }' | sort -k1 -n | awk '{ printf("%s\n",$2) ; }'` for javaPatch in ${javaFiles} do @@ -1250,9 +1249,11 @@ execute_java_patches(){ version=`echo ${className} | awk -F'_' '{ print $2 }'` if [ "${version}" != "" ] then - c=`${mysqlexec} -B --skip-column-names -e "select count(id) from x_db_version_h where version = '${version}' and active = 'Y'"` + #c=`${mysqlexec} -B --skip-column-names -e "select count(id) from x_db_version_h where version = '${version}' and active = 'Y'"` + c=`$JAVA_HOME/bin/java -cp $SQL_CONNECTOR_JAR:jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://$DB_HOST/$db_name -u ${db_user} -p "${db_password}" -noheader -trim -delimiter '' -c \; -query "select version from x_db_version_h where version = '${version}' and active = 'Y';"` check_ret_status $? "DBVerionCheck - ${version} Failed." - if [ ${c} -eq 0 ] + #if [ ${c} -eq 0 ] + if [ "${c}" != "${version}" ] then log "[I] patch ${javaPatch} is being applied.."; msg=`$JAVA_HOME/bin/java -cp "$app_home/WEB-INF/classes/conf:$app_home/WEB-INF/classes/lib/*:$app_home/WEB-INF/:$app_home/META-INF/:$app_home/WEB-INF/lib/*:$app_home/WEB-INF/classes/:$app_home/WEB-INF/classes/META-INF/" org.apache.ranger.patch.${className}` @@ -1260,7 +1261,8 @@ execute_java_patches(){ touch ${tempFile} echo >> ${tempFile} echo "insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ( '${version}', now(), user(), now(), user()) ;" >> ${tempFile} - ${mysqlexec} < ${tempFile} + #${mysqlexec} < ${tempFile} + c=`$JAVA_HOME/bin/java -cp $SQL_CONNECTOR_JAR:jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://$DB_HOST/$db_name -u ${db_user} -p "${db_password}" -noheader -trim -delimiter '' -c \; -input ${tempFile}` check_ret_status $? "Update patch - ${javaPatch} has failed." rm -f ${tempFile} log "[I] patch ${javaPatch} has been applied!!"; @@ -1283,7 +1285,8 @@ execute_java_patches(){ version=`echo ${className} | awk -F'_' '{ print $2 }'` if [ "${version}" != "" ] then - result2=`${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" <<< "select version from x_db_version_h where version = '${version}' and active = 'Y';"` + #result2=`${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" <<< "select version from x_db_version_h where version = '${version}' and active = 'Y';"` + result2=`$JAVA_HOME/bin/java -cp $SQL_CONNECTOR_JAR:jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@$DB_HOST -u ${db_user} -p "${db_password}" -noheader -trim -delimiter '' -c \; -query "select version from x_db_version_h where version = '${version}' and active = 'Y';"` #does not contains record so insert if test "${result2#*$version}" == "$result2" then @@ -1293,7 +1296,8 @@ execute_java_patches(){ touch ${tempFile} echo >> ${tempFile} echo "insert into x_db_version_h (id,version, inst_at, inst_by, updated_at, updated_by) values ( X_DB_VERSION_H_SEQ.nextval,'${version}', sysdate, '${db_user}', sysdate, '${db_user}') ;" >> ${tempFile} - result3=`echo "exit"|${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" @$tempFile` + #result3=`echo "exit"|${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" @$tempFile` + result3=`$JAVA_HOME/bin/java -cp $SQL_CONNECTOR_JAR:jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@$DB_HOST -u ${db_user} -p "${db_password}" -noheader -trim -delimiter '' -c \; -input ${tempFile}` if test "${result3#*$strError}" == "$result3" then log "[I] patch ${javaPatch} has been applied!!"; @@ -1320,17 +1324,19 @@ log "[I] hostname=`hostname`" init_variables get_distro check_java_version -check_db_version +#check_db_version check_db_connector setup_unix_user_group setup_install_files sanity_check_files -check_db_admin_password -create_db_user +#check_db_admin_password +#create_db_user copy_db_connector -import_db -upgrade_db -create_audit_db_user +#import_db +#upgrade_db +#create_audit_db_user +check_python_command +$PYTHON_COMMAND_INVOKER db_setup.py update_properties do_authentication_setup execute_java_patches http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9c2f0d1f/security-admin/src/main/java/org/apache/ranger/entity/XXEnumElementDef.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXEnumElementDef.java b/security-admin/src/main/java/org/apache/ranger/entity/XXEnumElementDef.java index f2522f3..a4532f5 100644 --- a/security-admin/src/main/java/org/apache/ranger/entity/XXEnumElementDef.java +++ b/security-admin/src/main/java/org/apache/ranger/entity/XXEnumElementDef.java @@ -34,8 +34,8 @@ public class XXEnumElementDef extends XXDBBase implements java.io.Serializable { * */ @Id - @SequenceGenerator(name = "x_enum_def_element_SEQ", sequenceName = "x_enum_def_element_SEQ", allocationSize = 1) - @GeneratedValue(strategy = GenerationType.AUTO, generator = "x_enum_def_element_SEQ") + @SequenceGenerator(name = "x_enum_element_def_SEQ", sequenceName = "x_enum_element_def_SEQ", allocationSize = 1) + @GeneratedValue(strategy = GenerationType.AUTO, generator = "x_enum_element_def_SEQ") @Column(name = "id") protected Long id; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9c2f0d1f/security-admin/src/main/java/org/apache/ranger/entity/XXResourceDef.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXResourceDef.java b/security-admin/src/main/java/org/apache/ranger/entity/XXResourceDef.java index 7d5df92..9b8a71e 100644 --- a/security-admin/src/main/java/org/apache/ranger/entity/XXResourceDef.java +++ b/security-admin/src/main/java/org/apache/ranger/entity/XXResourceDef.java @@ -72,7 +72,7 @@ public class XXResourceDef extends XXDBBase implements java.io.Serializable { * </ul> * */ - @Column(name = "level") + @Column(name = "res_level") protected Integer level; /** http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9c2f0d1f/src/main/assembly/admin-web.xml ---------------------------------------------------------------------- diff --git a/src/main/assembly/admin-web.xml b/src/main/assembly/admin-web.xml index 8696252..c252e1f 100644 --- a/src/main/assembly/admin-web.xml +++ b/src/main/assembly/admin-web.xml @@ -169,6 +169,7 @@ <include>setup.sh</include> <include>setup_authentication.sh</include> <include>set_globals.sh</include> + <include>db_setup.py</include> </includes> <fileMode>544</fileMode> </fileSet>
