Repository: incubator-ranger Updated Branches: refs/heads/master ce139e013 -> bb0bdcede
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bb0bdced/kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAudit.java ---------------------------------------------------------------------- diff --git a/kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAudit.java b/kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAudit.java new file mode 100644 index 0000000..04daeee --- /dev/null +++ b/kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAudit.java @@ -0,0 +1,135 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hadoop.crypto.key.kms.server; + +import java.io.ByteArrayOutputStream; +import java.io.FilterOutputStream; +import java.io.OutputStream; +import java.io.PrintStream; + +import org.apache.hadoop.crypto.key.kms.server.KMS.KMSOp; +import org.apache.hadoop.security.UserGroupInformation; +import org.apache.log4j.LogManager; +import org.apache.log4j.PropertyConfigurator; +import org.junit.After; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mockito; + +public class TestKMSAudit { + + private PrintStream originalOut; + private ByteArrayOutputStream memOut; + private FilterOut filterOut; + private PrintStream capturedOut; + + private KMSAudit kmsAudit; + + private static class FilterOut extends FilterOutputStream { + public FilterOut(OutputStream out) { + super(out); + } + + public void setOutputStream(OutputStream out) { + this.out = out; + } + } + + @Before + public void setUp() { + originalOut = System.err; + memOut = new ByteArrayOutputStream(); + filterOut = new FilterOut(memOut); + capturedOut = new PrintStream(filterOut); + System.setErr(capturedOut); + PropertyConfigurator.configure(Thread.currentThread(). + getContextClassLoader() + .getResourceAsStream("log4j-kmsaudit.properties")); + this.kmsAudit = new KMSAudit(1000); + } + + @After + public void cleanUp() { + System.setErr(originalOut); + LogManager.resetConfiguration(); + kmsAudit.shutdown(); + } + + private String getAndResetLogOutput() { + capturedOut.flush(); + String logOutput = new String(memOut.toByteArray()); + memOut = new ByteArrayOutputStream(); + filterOut.setOutputStream(memOut); + return logOutput; + } + + @Test + public void testAggregation() throws Exception { + UserGroupInformation luser = Mockito.mock(UserGroupInformation.class); + Mockito.when(luser.getShortUserName()).thenReturn("luser"); + kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg"); + kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg"); + kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg"); + kmsAudit.ok(luser, KMSOp.DELETE_KEY, "k1", "testmsg"); + kmsAudit.ok(luser, KMSOp.ROLL_NEW_VERSION, "k1", "testmsg"); + kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg"); + kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg"); + kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg"); + Thread.sleep(1500); + kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg"); + Thread.sleep(1500); + String out = getAndResetLogOutput(); + System.out.println(out); + Assert.assertTrue( + out.matches( + "OK\\[op=DECRYPT_EEK, key=k1, user=luser, accessCount=1, interval=[^m]{1,4}ms\\] testmsg" + // Not aggregated !! + + "OK\\[op=DELETE_KEY, key=k1, user=luser\\] testmsg" + + "OK\\[op=ROLL_NEW_VERSION, key=k1, user=luser\\] testmsg" + // Aggregated + + "OK\\[op=DECRYPT_EEK, key=k1, user=luser, accessCount=6, interval=[^m]{1,4}ms\\] testmsg" + + "OK\\[op=DECRYPT_EEK, key=k1, user=luser, accessCount=1, interval=[^m]{1,4}ms\\] testmsg")); + } + + @Test + public void testAggregationUnauth() throws Exception { + UserGroupInformation luser = Mockito.mock(UserGroupInformation.class); + Mockito.when(luser.getShortUserName()).thenReturn("luser"); + kmsAudit.unauthorized(luser, KMSOp.GENERATE_EEK, "k2"); + Thread.sleep(1000); + kmsAudit.ok(luser, KMSOp.GENERATE_EEK, "k3", "testmsg"); + kmsAudit.ok(luser, KMSOp.GENERATE_EEK, "k3", "testmsg"); + kmsAudit.ok(luser, KMSOp.GENERATE_EEK, "k3", "testmsg"); + kmsAudit.ok(luser, KMSOp.GENERATE_EEK, "k3", "testmsg"); + kmsAudit.ok(luser, KMSOp.GENERATE_EEK, "k3", "testmsg"); + kmsAudit.unauthorized(luser, KMSOp.GENERATE_EEK, "k3"); + kmsAudit.ok(luser, KMSOp.GENERATE_EEK, "k3", "testmsg"); + Thread.sleep(2000); + String out = getAndResetLogOutput(); + System.out.println(out); + Assert.assertTrue( + out.matches( + "UNAUTHORIZED\\[op=GENERATE_EEK, key=k2, user=luser\\] " + + "OK\\[op=GENERATE_EEK, key=k3, user=luser, accessCount=1, interval=[^m]{1,4}ms\\] testmsg" + + "OK\\[op=GENERATE_EEK, key=k3, user=luser, accessCount=5, interval=[^m]{1,4}ms\\] testmsg" + + "UNAUTHORIZED\\[op=GENERATE_EEK, key=k3, user=luser\\] " + + "OK\\[op=GENERATE_EEK, key=k3, user=luser, accessCount=1, interval=[^m]{1,4}ms\\] testmsg")); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bb0bdced/kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKeyAuthorizationKeyProvider.java ---------------------------------------------------------------------- diff --git a/kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKeyAuthorizationKeyProvider.java b/kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKeyAuthorizationKeyProvider.java new file mode 100644 index 0000000..1db3d70 --- /dev/null +++ b/kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKeyAuthorizationKeyProvider.java @@ -0,0 +1,271 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hadoop.crypto.key.kms.server; + +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + +import java.io.IOException; +import java.net.URI; +import java.security.PrivilegedExceptionAction; +import java.security.SecureRandom; +import java.util.HashMap; +import java.util.Map; + +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.crypto.key.KeyProvider; +import org.apache.hadoop.crypto.key.KeyProvider.KeyVersion; +import org.apache.hadoop.crypto.key.KeyProvider.Options; +import org.apache.hadoop.crypto.key.KeyProviderCryptoExtension; +import org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion; +import org.apache.hadoop.crypto.key.UserProvider; +import org.apache.hadoop.crypto.key.kms.server.KeyAuthorizationKeyProvider.KeyACLs; +import org.apache.hadoop.crypto.key.kms.server.KeyAuthorizationKeyProvider.KeyOpType; +import org.apache.hadoop.security.UserGroupInformation; +import org.junit.Assert; +import org.junit.Test; + +public class TestKeyAuthorizationKeyProvider { + + private static final String CIPHER = "AES"; + + @Test + public void testCreateKey() throws Exception { + final Configuration conf = new Configuration(); + KeyProvider kp = + new UserProvider.Factory().createProvider(new URI("user:///"), conf); + KeyACLs mock = mock(KeyACLs.class); + when(mock.isACLPresent("foo", KeyOpType.MANAGEMENT)).thenReturn(true); + UserGroupInformation u1 = UserGroupInformation.createRemoteUser("u1"); + when(mock.hasAccessToKey("foo", u1, KeyOpType.MANAGEMENT)).thenReturn(true); + final KeyProviderCryptoExtension kpExt = + new KeyAuthorizationKeyProvider( + KeyProviderCryptoExtension.createKeyProviderCryptoExtension(kp), + mock); + + u1.doAs( + new PrivilegedExceptionAction<Void>() { + @Override + public Void run() throws Exception { + try { + kpExt.createKey("foo", SecureRandom.getSeed(16), + newOptions(conf)); + } catch (IOException ioe) { + Assert.fail("User should be Authorized !!"); + } + + // "bar" key not configured + try { + kpExt.createKey("bar", SecureRandom.getSeed(16), + newOptions(conf)); + Assert.fail("User should NOT be Authorized !!"); + } catch (IOException ioe) { + // Ignore + } + return null; + } + } + ); + + // Unauthorized User + UserGroupInformation.createRemoteUser("badGuy").doAs( + new PrivilegedExceptionAction<Void>() { + @Override + public Void run() throws Exception { + try { + kpExt.createKey("foo", SecureRandom.getSeed(16), + newOptions(conf)); + Assert.fail("User should NOT be Authorized !!"); + } catch (IOException ioe) { + // Ignore + } + return null; + } + } + ); + } + + @Test + public void testOpsWhenACLAttributeExists() throws Exception { + final Configuration conf = new Configuration(); + KeyProvider kp = + new UserProvider.Factory().createProvider(new URI("user:///"), conf); + KeyACLs mock = mock(KeyACLs.class); + when(mock.isACLPresent("testKey", KeyOpType.MANAGEMENT)).thenReturn(true); + when(mock.isACLPresent("testKey", KeyOpType.GENERATE_EEK)).thenReturn(true); + when(mock.isACLPresent("testKey", KeyOpType.DECRYPT_EEK)).thenReturn(true); + when(mock.isACLPresent("testKey", KeyOpType.ALL)).thenReturn(true); + UserGroupInformation u1 = UserGroupInformation.createRemoteUser("u1"); + UserGroupInformation u2 = UserGroupInformation.createRemoteUser("u2"); + UserGroupInformation u3 = UserGroupInformation.createRemoteUser("u3"); + UserGroupInformation sudo = UserGroupInformation.createRemoteUser("sudo"); + when(mock.hasAccessToKey("testKey", u1, KeyOpType.MANAGEMENT)).thenReturn(true); + when(mock.hasAccessToKey("testKey", u2, KeyOpType.GENERATE_EEK)).thenReturn(true); + when(mock.hasAccessToKey("testKey", u3, KeyOpType.DECRYPT_EEK)).thenReturn(true); + when(mock.hasAccessToKey("testKey", sudo, KeyOpType.ALL)).thenReturn(true); + final KeyProviderCryptoExtension kpExt = + new KeyAuthorizationKeyProvider( + KeyProviderCryptoExtension.createKeyProviderCryptoExtension(kp), + mock); + + final KeyVersion barKv = u1.doAs( + new PrivilegedExceptionAction<KeyVersion>() { + @Override + public KeyVersion run() throws Exception { + Options opt = newOptions(conf); + Map<String, String> m = new HashMap<String, String>(); + m.put("key.acl.name", "testKey"); + opt.setAttributes(m); + try { + KeyVersion kv = + kpExt.createKey("foo", SecureRandom.getSeed(16), opt); + kpExt.rollNewVersion(kv.getName()); + kpExt.rollNewVersion(kv.getName(), SecureRandom.getSeed(16)); + kpExt.deleteKey(kv.getName()); + } catch (IOException ioe) { + Assert.fail("User should be Authorized !!"); + } + + KeyVersion retkv = null; + try { + retkv = kpExt.createKey("bar", SecureRandom.getSeed(16), opt); + kpExt.generateEncryptedKey(retkv.getName()); + Assert.fail("User should NOT be Authorized to generate EEK !!"); + } catch (IOException ioe) { + } + Assert.assertNotNull(retkv); + return retkv; + } + } + ); + + final EncryptedKeyVersion barEKv = + u2.doAs( + new PrivilegedExceptionAction<EncryptedKeyVersion>() { + @Override + public EncryptedKeyVersion run() throws Exception { + try { + kpExt.deleteKey(barKv.getName()); + Assert.fail("User should NOT be Authorized to " + + "perform any other operation !!"); + } catch (IOException ioe) { + } + return kpExt.generateEncryptedKey(barKv.getName()); + } + }); + + u3.doAs( + new PrivilegedExceptionAction<KeyVersion>() { + @Override + public KeyVersion run() throws Exception { + try { + kpExt.deleteKey(barKv.getName()); + Assert.fail("User should NOT be Authorized to " + + "perform any other operation !!"); + } catch (IOException ioe) { + } + return kpExt.decryptEncryptedKey(barEKv); + } + }); + + sudo.doAs( + new PrivilegedExceptionAction<Void>() { + @Override + public Void run() throws Exception { + Options opt = newOptions(conf); + Map<String, String> m = new HashMap<String, String>(); + m.put("key.acl.name", "testKey"); + opt.setAttributes(m); + try { + KeyVersion kv = + kpExt.createKey("foo", SecureRandom.getSeed(16), opt); + kpExt.rollNewVersion(kv.getName()); + kpExt.rollNewVersion(kv.getName(), SecureRandom.getSeed(16)); + EncryptedKeyVersion ekv = kpExt.generateEncryptedKey(kv.getName()); + kpExt.decryptEncryptedKey(ekv); + kpExt.deleteKey(kv.getName()); + } catch (IOException ioe) { + Assert.fail("User should be Allowed to do everything !!"); + } + return null; + } + } + ); + } + + private static KeyProvider.Options newOptions(Configuration conf) { + KeyProvider.Options options = new KeyProvider.Options(conf); + options.setCipher(CIPHER); + options.setBitLength(128); + return options; + } + + + @Test(expected = IllegalArgumentException.class) + public void testDecryptWithKeyVersionNameKeyMismatch() throws Exception { + final Configuration conf = new Configuration(); + KeyProvider kp = + new UserProvider.Factory().createProvider(new URI("user:///"), conf); + KeyACLs mock = mock(KeyACLs.class); + when(mock.isACLPresent("testKey", KeyOpType.MANAGEMENT)).thenReturn(true); + when(mock.isACLPresent("testKey", KeyOpType.GENERATE_EEK)).thenReturn(true); + when(mock.isACLPresent("testKey", KeyOpType.DECRYPT_EEK)).thenReturn(true); + when(mock.isACLPresent("testKey", KeyOpType.ALL)).thenReturn(true); + UserGroupInformation u1 = UserGroupInformation.createRemoteUser("u1"); + UserGroupInformation u2 = UserGroupInformation.createRemoteUser("u2"); + UserGroupInformation u3 = UserGroupInformation.createRemoteUser("u3"); + UserGroupInformation sudo = UserGroupInformation.createRemoteUser("sudo"); + when(mock.hasAccessToKey("testKey", u1, + KeyOpType.MANAGEMENT)).thenReturn(true); + when(mock.hasAccessToKey("testKey", u2, + KeyOpType.GENERATE_EEK)).thenReturn(true); + when(mock.hasAccessToKey("testKey", u3, + KeyOpType.DECRYPT_EEK)).thenReturn(true); + when(mock.hasAccessToKey("testKey", sudo, + KeyOpType.ALL)).thenReturn(true); + final KeyProviderCryptoExtension kpExt = + new KeyAuthorizationKeyProvider( + KeyProviderCryptoExtension.createKeyProviderCryptoExtension(kp), + mock); + + sudo.doAs( + new PrivilegedExceptionAction<Void>() { + @Override + public Void run() throws Exception { + Options opt = newOptions(conf); + Map<String, String> m = new HashMap<String, String>(); + m.put("key.acl.name", "testKey"); + opt.setAttributes(m); + KeyVersion kv = + kpExt.createKey("foo", SecureRandom.getSeed(16), opt); + kpExt.rollNewVersion(kv.getName()); + kpExt.rollNewVersion(kv.getName(), SecureRandom.getSeed(16)); + EncryptedKeyVersion ekv = kpExt.generateEncryptedKey(kv.getName()); + ekv = EncryptedKeyVersion.createForDecryption( + ekv.getEncryptionKeyName() + "x", + ekv.getEncryptionKeyVersionName(), + ekv.getEncryptedKeyIv(), + ekv.getEncryptedKeyVersion().getMaterial()); + kpExt.decryptEncryptedKey(ekv); + return null; + } + } + ); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bb0bdced/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index 94e0e3c..0f9ccfb 100644 --- a/pom.xml +++ b/pom.xml @@ -175,6 +175,28 @@ <powermock.version>1.5.6</powermock.version> <aspectj.version>1.8.2</aspectj.version> <findbugs.plugin.version>3.0.0</findbugs.plugin.version> + <hadoop.minikdc.version>2.3.0</hadoop.minikdc.version> + <jersey-server.version>1.9</jersey-server.version> + <asm.all.version>3.2</asm.all.version> + <mortbay.jetty.version>6.1.26</mortbay.jetty.version> + <metrics.core.version>3.0.2</metrics.core.version> + <curator.test.version>2.7.0</curator.test.version> + <servlet.api.version>2.5</servlet.api.version> + <httpcomponents.httpclient.version>4.2.5</httpcomponents.httpclient.version> + <xz.version>1.0</xz.version> + <xmlenc.version>0.52</xmlenc.version> + <snappy-java.version>1.0.4.1</snappy-java.version> + <protobuf-java.version>2.5.0</protobuf-java.version> + <paranamer.version>2.3</paranamer.version> + <netty.version>3.6.2.Final</netty.version> + <jsr305.version>1.3.9</jsr305.version> + <jsch.version>0.1.42</jsch.version> + <jline.version>0.9.94</jline.version> + <jettison.version>1.1</jettison.version> + <jaxb-impl.version>2.2.3-1</jaxb-impl.version> + <jaxb-api.version>2.2.2</jaxb-api.version> + <jackson.version>1.9.13</jackson.version> + <sun-jersey-bundle.version>1.19</sun-jersey-bundle.version> <distMgmtStagingId>apache.staging.https</distMgmtStagingId> <distMgmtStagingName>Apache Release Distribution Repository</distMgmtStagingName> <distMgmtStagingUrl>https://repository.apache.org/service/local/staging/deploy/maven2</distMgmtStagingUrl> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bb0bdced/src/main/assembly/kms.xml ---------------------------------------------------------------------- diff --git a/src/main/assembly/kms.xml b/src/main/assembly/kms.xml index 80f907c..0cd4673 100644 --- a/src/main/assembly/kms.xml +++ b/src/main/assembly/kms.xml @@ -23,27 +23,84 @@ </formats> <baseDirectory>${project.name}-${project.version}-kms</baseDirectory> <includeBaseDirectory>true</includeBaseDirectory> - <moduleSets> - - <moduleSet> + + <moduleSets> + <moduleSet> <binaries> <includeDependencies>false</includeDependencies> <unpack>false</unpack> <outputDirectory>/ews/webapp/lib</outputDirectory> <dependencySets> <dependencySet> - <outputDirectory>/ews/webapp/root</outputDirectory> - <unpack>false</unpack> - <includes> - <include>org.apache.hadoop:hadoop-kms:war:2.6.0</include> - </includes> - </dependencySet> - <dependencySet> <outputDirectory>/ews/webapp/lib</outputDirectory> <unpack>false</unpack> <includes> <include>org.apache.hadoop:hadoop-common:jar:${hadoop-common.version}</include> - </includes> + <include>org.apache.hadoop:hadoop-auth:jar:${hadoop-auth.version}</include> + <include>org.eclipse.persistence:eclipselink</include> + <include>org.eclipse.persistence:javax.persistence</include> + <include>com.googlecode.log4jdbc:log4jdbc</include> + <include>log4j:log4j</include> + <include>org.slf4j:slf4j-api</include> + <include>org.slf4j:slf4j-log4j12</include> + <include>com.codahale.metrics:metrics-core</include> + <include>org.slf4j:jul-to-slf4j</include> + <include>commons-logging:commons-logging</include> + <include>com.google.guava:guava</include> + <include>com.sun.jersey:jersey-core</include> + <include>com.sun.jersey:jersey-server</include> + <include>javax.servlet:servlet-api</include> + <include>org.mortbay.jetty:jetty</include> + <include>org.mortbay.jetty:jetty-util</include> + <include>commons-collections:commons-collections</include> + <include>commons-lang:commons-lang</include> + <include>org.apache.zookeeper:zookeeper</include> + <include>org.apache.curator:curator-framework</include> + <include>org.apache.curator:curator-client</include> + <include>org.apache.curator:curator-test</include> + <include>asm:asm-all</include> + <include>com.sun.jersey:jersey-bundle</include> + <include>org.apache.httpcomponents:httpclient</include> + <include>javax.activation:activation</include> + <include>org.apache.directory.server:apacheds-i18n</include> + <include>org.apache.directory.server:apacheds-kerberos-codec</include> + <include>org.apache.directory.api:api-asn1-api</include> + <include>org.apache.directory.api:api-i18n</include> + <include>org.apache.directory.api:api-util</include> + <include>org.apache.avro:avro</include> + <include>commons-beanutils:commons-beanutils</include> + <include>commons-beanutils:commons-beanutils-core</include> + <include>commons-cli:commons-cli</include> + <include>commons-codec:commons-codec</include> + <include>org.apache.commons:commons-compress</include> + <include>commons-configuration:commons-configuration</include> + <include>commons-digester:commons-digester</include> + <include>commons-io:commons-io</include> + <include>org.apache.commons:commons-math3</include> + <include>commons-net:commons-net</include> + <include>org.apache.curator:curator-recipes</include> + <include>com.google.code.gson:gson</include> + <include>org.apache.hadoop:hadoop-annotations</include> + <include>org.htrace:htrace-core</include> + <include>org.apache.httpcomponents:httpcore</include> + <include>org.codehaus.jackson:jackson-core-asl</include> + <include>org.codehaus.jackson:jackson-jaxrs</include> + <include>org.codehaus.jackson:jackson-mapper-asl</include> + <include>org.codehaus.jackson:jackson-xc</include> + <include>javax.xml.bind:jaxb-api</include> + <include>com.sun.xml.bind:jaxb-impl</include> + <include>com.sun.jersey:jersey-json</include> + <include>org.codehaus.jettison:jettison</include> + <include>jline:jline</include> + <include>com.jcraft:jsch</include> + <include>com.google.code.findbugs:jsr305</include> + <include>io.netty:netty</include> + <include>com.thoughtworks.paranamer:paranamer</include> + <include>com.google.protobuf:protobuf-java</include> + <include>org.xerial.snappy:snappy-java</include> + <include>xmlenc:xmlenc</include> + <include>org.tukaani:xz</include> + </includes> </dependencySet> </dependencySets> </binaries> @@ -51,6 +108,17 @@ <include>org.apache.ranger:ranger-kms</include> </includes> </moduleSet> + + <moduleSet> + <binaries> + <includeDependencies>false</includeDependencies> + <unpack>true</unpack> + <outputDirectory>/ews/webapp</outputDirectory> + </binaries> + <includes> + <include>org.apache.ranger:ranger-kms</include> + </includes> + </moduleSet> <moduleSet> <binaries> @@ -75,37 +143,68 @@ </includes> </moduleSet> + <moduleSet> + <binaries> + <includeDependencies>false</includeDependencies> + <outputDirectory>/jisql/lib</outputDirectory> + <unpack>false</unpack> + <directoryMode>755</directoryMode> + <fileMode>644</fileMode> + <dependencySets> + <dependencySet> + <outputDirectory>/jisql/lib</outputDirectory> + <unpack>false</unpack> + <includes> + <include>net.sourceforge.javacsv:javacsv</include> + <include>net.sf.jopt-simple:jopt-simple</include> + </includes> + </dependencySet> + </dependencySets> + </binaries> + <includes> + <include>org.apache.ranger:jisql</include> + </includes> + </moduleSet> </moduleSets> - + <fileSets> - - <fileSet> - <outputDirectory>/ews/webapp/config</outputDirectory> - <directoryMode>755</directoryMode> - <directory>kms/config/kms-webapp</directory> - <fileMode>400</fileMode> - </fileSet> - - <fileSet> - <outputDirectory>/ews/conf</outputDirectory> + <fileSet> + <outputDirectory>/ews/webapp/WEB-INF/classes/conf.dist</outputDirectory> + <directory>embeddedwebserver/conf</directory> + <fileMode>700</fileMode> + </fileSet> + <fileSet> + <outputDirectory>/scripts/db/mysql</outputDirectory> <directoryMode>755</directoryMode> - <directory>kms/config/webserver</directory> - <fileMode>400</fileMode> - </fileSet> - - <fileSet> + <directory>kms/scripts/db/mysql</directory> + <includes> + <include>*</include> + </includes> + <fileMode>544</fileMode> + </fileSet> + <fileSet> <outputDirectory>/scripts</outputDirectory> - <directoryMode>755</directoryMode> <directory>kms/scripts</directory> <includes> - <include>ranger-*</include> + <include>db_setup.py</include> + <include>ranger-kms</include> + <include>ranger-kms-services.sh</include> + <include>setup.sh</include> + <include>migrate-keystore-dbks.sh</include> </includes> <fileMode>544</fileMode> + </fileSet> + <fileSet> + <outputDirectory>/ews/webapp/config</outputDirectory> + <directoryMode>0500</directoryMode> + <directory>kms/config/kms-webapp</directory> + <fileMode>0400</fileMode> + </fileSet> + <fileSet> + <outputDirectory>/ews/conf</outputDirectory> + <directoryMode>0500</directoryMode> + <directory>kms/config/webserver</directory> + <fileMode>0400</fileMode> </fileSet> - - </fileSets> - - - </assembly>
