RANGER-302: Fix privilege issue for audit user, Add dry run mode, Remove revoke statements
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/dc49a1a4 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/dc49a1a4 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/dc49a1a4 Branch: refs/heads/master Commit: dc49a1a495794fa7140b335f9a4a5298d3fa3b3d Parents: bb0bdce Author: Velmurugan Periasamy <[email protected]> Authored: Tue Mar 24 15:06:35 2015 -0400 Committer: Velmurugan Periasamy <[email protected]> Committed: Tue Mar 24 15:06:35 2015 -0400 ---------------------------------------------------------------------- security-admin/scripts/db_setup.py | 726 +---------------- security-admin/scripts/dba_script.py | 1209 ++++++++++++++++------------- 2 files changed, 702 insertions(+), 1233 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/dc49a1a4/security-admin/scripts/db_setup.py ---------------------------------------------------------------------- diff --git a/security-admin/scripts/db_setup.py b/security-admin/scripts/db_setup.py index aa9d73e..09a7b57 100644 --- a/security-admin/scripts/db_setup.py +++ b/security-admin/scripts/db_setup.py @@ -50,7 +50,6 @@ def populate_global_dict(): if re.search('=', each_line): key , value = each_line.strip().split("=",1) key = key.strip() - if 'PASSWORD' in key: jceks_file_path = os.path.join(os.getenv('RANGER_HOME'), 'jceks','ranger_db.jceks') statuscode,value = call_keystore(library_path,key,'',jceks_file_path,'get') @@ -62,15 +61,9 @@ def populate_global_dict(): class BaseDB(object): - def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password): - log("[I] ---------- Creating user ----------", "info") - def check_connection(self, db_name, db_user, db_password): log("[I] ---------- Verifying DB connection ----------", "info") - def create_db(self, root_user, db_root_password, db_name, db_user, db_password): - log("[I] ---------- Verifying database ----------", "info") - def check_table(self, db_name, db_user, db_password, TABLE_NAME): log("[I] ---------- Verifying table ----------", "info") @@ -96,11 +89,10 @@ class BaseDB(object): else: log("[I] No patches to apply!","info") - def create_auditdb_user(self, xa_db_host , audit_db_host , db_name ,audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, file_name, TABLE_NAME): + def auditdb_operation(self, xa_db_host , audit_db_host , db_name ,audit_db_name, db_user, audit_db_user, db_password, audit_db_password, file_name, TABLE_NAME): log("[I] ----------------- Create audit user ------------", "info") - class MysqlConf(BaseDB): # Constructor def __init__(self, host,SQL_CONNECTOR_JAR,JAVA_BIN): @@ -109,19 +101,9 @@ class MysqlConf(BaseDB): self.JAVA_BIN = JAVA_BIN def get_jisql_cmd(self, user, password ,db_name): - #TODO: User array for forming command jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN,self.SQL_CONNECTOR_JAR,self.host,db_name,user,password) return jisql_cmd - def verify_user(slef, root_user, db_root_password, host, db_user, get_cmd): - log("[I] Verifying user " + db_user , "info") - query = get_cmd + " -query \"select user from mysql.user where user='%s' and host='%s';\"" %(db_user,host) - output = check_output(shlex.split(query)) - if output.strip(db_user + " |"): - return True - else: - return False - def check_connection(self, db_name, db_user, db_password): log("[I] Checking connection..", "info") get_cmd = self.get_jisql_cmd(db_user, db_password, db_name) @@ -132,152 +114,22 @@ class MysqlConf(BaseDB): return True else: log("[E] Can't establish connection!! Exiting.." ,"error") + log("[I] Please run DB setup first or contact Administrator.." ,"info") sys.exit(1) - def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password): - if self.check_connection('mysql', root_user, db_root_password): - hosts_arr =["%", "localhost"] - for host in hosts_arr: - get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql') - if self.verify_user(root_user, db_root_password, host, db_user, get_cmd): - log("[I] MySQL user " + db_user + " already exists for host " + host, "info") - else: - log("[I] MySQL user " + db_user + " does not exists for host " + host, "info") - if db_password == "": - query = get_cmd + " -query \"create user '%s'@'%s';\"" %(db_user, host) - ret = subprocess.check_call(shlex.split(query)) - if ret == 0: - if self.verify_user(root_user, db_root_password, host, db_user, get_cmd): - log("[I] MySQL user " + db_user +" created for host " + host ,"info") - else: - log("[E] Creating MySQL user " + db_user +" failed","error") - sys.exit(1) - else: - query = get_cmd + " -query \"create user '%s'@'%s' identified by '%s';\"" %(db_user, host, db_password) - ret = subprocess.check_call(shlex.split(query)) - if ret == 0: - if self.verify_user(root_user, db_root_password, host, db_user, get_cmd): - log("[I] MySQL user " + db_user +" created for host " + host ,"info") - else: - log("[E] Creating MySQL user " + db_user +" failed","error") - sys.exit(1) - else: - log("[E] Creating MySQL user " + db_user +" failed","error") - sys.exit(1) - - - def verify_db(self, root_user, db_root_password, db_name): - log("[I] Verifying database " + db_name , "info") - get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql') - query = get_cmd + " -query \"show databases like '%s';\"" %(db_name) - output = check_output(shlex.split(query)) - if output.strip(db_name + " |"): - return True - else: - return False - - - def create_db(self, root_user, db_root_password, db_name, db_user, db_password): - if self.verify_db(root_user, db_root_password, db_name): - log("[I] Database "+db_name + " already exists.","info") - else: - log("[I] Database does not exist! Creating database " + db_name,"info") - get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql') - query = get_cmd + " -query \"create database %s;\"" %(db_name) - ret = subprocess.check_call(shlex.split(query)) - if ret != 0: - log("[E] Database creation failed!!","error") - sys.exit(1) - else: - if self.verify_db(root_user, db_root_password, db_name): - log("[I] Creating database " + db_name + " succeeded", "info") - return True - else: - log("[E] Database creation failed!!","error") - sys.exit(1) - - - def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, is_revoke): - hosts_arr =["%", "localhost"] - for host in hosts_arr: - get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql') - if self.verify_user(root_user, db_root_password, host, db_user, get_cmd): - log("[I] MySQL user " + db_user + " exists for host " + host, "info") - else: - log("[I] MySQL user " + db_user + " does not exists for host " + host, "error") - sys.exit(E) - if self.verify_db(root_user, db_root_password, db_name): - log("[I] Database "+db_name + " exists!","info") - else: - log("[I] Database "+db_name + " does not exists!","error") - sys.exit(E) - - if is_revoke: - for host in hosts_arr: - get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql') - query = get_cmd + " -query \"REVOKE ALL PRIVILEGES,GRANT OPTION FROM '%s'@'%s';\"" %(db_user, host) - ret = subprocess.check_call(shlex.split(query)) - if ret == 0: - query = get_cmd + " -query \"FLUSH PRIVILEGES;\"" - ret = subprocess.check_call(shlex.split(query)) - if ret != 0: - sys.exit(1) - else: - sys.exit(1) - - for host in hosts_arr: - log("[I] ---------------Granting privileges TO user '"+db_user+"'@'"+host+"' on db '"+db_name+"'-------------" , "info") - get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql') - query = get_cmd + " -query \"grant all privileges on %s.* to '%s'@'%s' with grant option;\"" %(db_name,db_user, host) - ret = subprocess.check_call(shlex.split(query)) - if ret == 0: - log("[I] ---------------FLUSH PRIVILEGES -------------" , "info") - query = get_cmd + " -query \"FLUSH PRIVILEGES;\"" - ret = subprocess.check_call(shlex.split(query)) - if ret == 0: - log("[I] Privileges granted to '" + db_user + "' on '"+db_name+"'", "info") - else: - log("[E] Granting privileges to '" +db_user+"' failed on '"+db_name+"'", "error") - sys.exit(1) - else: - log("[E] Granting privileges to '" +db_user+"' failed on '"+db_name+"'", "error") - sys.exit(1) - - - def grant_audit_db_user(self, audit_root_user, audit_db_name, audit_db_user, audit_db_password, audit_db_root_password,TABLE_NAME, is_revoke): + def grant_audit_db_user(self, db_user, audit_db_name, audit_db_user, audit_db_password, db_password,TABLE_NAME): hosts_arr =["%", "localhost"] - if is_revoke == True: - for host in hosts_arr: - get_cmd = self.get_jisql_cmd(audit_root_user, audit_db_root_password, 'mysql') - query = get_cmd + " -query \"REVOKE ALL PRIVILEGES,GRANT OPTION FROM '%s'@'%s';\"" %(audit_db_user, host) - ret = subprocess.check_call(shlex.split(query)) - if ret == 0: - query = get_cmd + " -query \"FLUSH PRIVILEGES;\"" - ret = subprocess.check_call(shlex.split(query)) - if ret != 0: - sys.exit(1) - else: - sys.exit(1) - for host in hosts_arr: log("[I] ---------------Granting privileges TO '"+ audit_db_user + "' on '" + audit_db_name+"'-------------" , "info") - get_cmd = self.get_jisql_cmd(audit_root_user, audit_db_root_password, 'mysql') + get_cmd = self.get_jisql_cmd(db_user, db_password, audit_db_name) query = get_cmd + " -query \"GRANT INSERT ON %s.%s TO '%s'@'%s';\"" %(audit_db_name,TABLE_NAME,audit_db_user,host) ret = subprocess.check_call(shlex.split(query)) if ret == 0: - get_cmd = self.get_jisql_cmd(audit_root_user, audit_db_root_password, 'mysql') - query = get_cmd + " -query \"FLUSH PRIVILEGES;\"" - ret = subprocess.check_call(shlex.split(query)) - if ret == 0: - log("[I] Granting privileges to '" + audit_db_user+"' done on '"+ audit_db_name+"'", "info") - else: - log("[E] Granting privileges to '" +audit_db_user+"' failed on '" + audit_db_name+"'", "error") - sys.exit(1) + log("[I] Granting privileges to '" + audit_db_user+"' done on '"+ audit_db_name+"'", "info") else: - log("[E] Granting privileges to '" + audit_db_user+"' failed on '" + audit_db_name+"'", "error") + log("[E] Granting privileges to '" +audit_db_user+"' failed on '" + audit_db_name+"'", "error") sys.exit(1) - def import_db_file(self, db_name, db_user, db_password, file_name): name = basename(file_name) if os.path.isfile(file_name): @@ -294,7 +146,6 @@ class MysqlConf(BaseDB): log("[E] DB schema file " + name+ " not found","error") sys.exit(1) - def import_db_patches(self, db_name, db_user, db_password, file_name): name = basename(file_name) if os.path.isfile(file_name): @@ -325,7 +176,6 @@ class MysqlConf(BaseDB): log("[I] Import " +name + " file not found","error") sys.exit(1) - def check_table(self, db_name, db_user, db_password, TABLE_NAME): get_cmd = self.get_jisql_cmd(db_user, db_password, db_name) query = get_cmd + " -query \"show tables like '%s';\"" %(TABLE_NAME) @@ -337,39 +187,14 @@ class MysqlConf(BaseDB): log("[I] Table " + TABLE_NAME +" does not exist in database " + db_name + "","info") return False - def create_auditdb_user(self, xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, file_name, TABLE_NAME, DBA_MODE): - if DBA_MODE == "TRUE" : - log("[I] --------- Setup audit user ---------","info") - self.create_rangerdb_user(audit_db_root_user, audit_db_user, audit_db_password, audit_db_root_password) - hosts_arr =["%", "localhost"] - for host in hosts_arr: - get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password ,'mysql') - query = get_cmd + " -query \"REVOKE ALL PRIVILEGES,GRANT OPTION FROM '%s'@'%s';\"" %(audit_db_user, host) - ret = subprocess.check_call(shlex.split(query)) - if ret == 0: - query = get_cmd + " -query \"FLUSH PRIVILEGES;\"" - ret = subprocess.check_call(shlex.split(query)) - if ret != 0: - sys.exit(1) - else: - sys.exit(1) - self.create_db(audit_db_root_user, audit_db_root_password, audit_db_name, db_user, db_password) - self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, False) - - log("[I] --------- Check admin user connection ---------","info") + def auditdb_operation(self, xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, file_name, TABLE_NAME): + log("[I] --------- Check ranger user connection ---------","info") self.check_connection(audit_db_name, db_user, db_password) - #log("[I] --------- Check audit user connection ---------","info") - #self.check_connection(audit_db_name, audit_db_user, audit_db_password) log("[I] --------- Check audit table exists --------- ","info") output = self.check_table(audit_db_name, db_user, db_password, TABLE_NAME) if output == False: self.import_db_file(audit_db_name ,db_user, db_password, file_name) - if DBA_MODE == "TRUE": - if audit_db_user == db_user: - is_revoke = False - else: - is_revoke = True - self.grant_audit_db_user(audit_db_root_user, audit_db_name, audit_db_user, audit_db_password, audit_db_root_password,TABLE_NAME, is_revoke) + self.grant_audit_db_user(db_user, audit_db_name, audit_db_user, audit_db_password, db_password,TABLE_NAME) class OracleConf(BaseDB): @@ -380,7 +205,6 @@ class OracleConf(BaseDB): self.JAVA_BIN = JAVA_BIN def get_jisql_cmd(self, user, password): - #TODO: User array for forming command jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@%s -u '%s' -p '%s' -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, self.host, user, password) return jisql_cmd @@ -396,209 +220,8 @@ class OracleConf(BaseDB): log("[E] Can't establish connection!", "error") sys.exit(1) - def verify_user(self, root_user, db_user, db_root_password): - log("[I] Verifying user " + db_user ,"info") - get_cmd = self.get_jisql_cmd(root_user, db_root_password) - query = get_cmd + " -c \; -query \"select username from all_users where upper(username)=upper('%s');\"" %(db_user) - output = check_output(shlex.split(query)) - if output.strip(db_user + " |"): - return True - else: - return False - - def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password): - if self.check_connection(self, root_user, db_root_password): - if self.verify_user(root_user, db_user, db_root_password): - log("[I] Oracle user " + db_user + " already exists!", "info") - else: - log("[I] User does not exists, Creating user : " + db_user, "info") - get_cmd = self.get_jisql_cmd(root_user, db_root_password) - query = get_cmd + " -c \; -query 'create user %s identified by \"%s\";'" %(db_user, db_password) - ret = subprocess.check_call(shlex.split(query)) - if ret == 0: - if self.verify_user(root_user, db_user, db_root_password): - log("[I] User " + db_user + " created", "info") - log("[I] Granting permission to " + db_user, "info") - query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) - ret = subprocess.check_call(shlex.split(query)) - if ret == 0: - log("[I] Granting permissions to Oracle user '" + db_user + "' for %s done" %(self.host), "info") - else: - log("[E] Granting permissions to Oracle user '" + db_user + "' failed", "error") - sys.exit(1) - else: - log("[E] Creating Oracle user '" + db_user + "' failed", "error") - sys.exit(1) - else: - log("[E] Creating Oracle user '" + db_user + "' failed", "error") - sys.exit(1) - - def verify_tablespace(self, root_user, db_root_password, db_name): - log("[I] Verifying tablespace " + db_name, "info") - get_cmd = self.get_jisql_cmd(root_user, db_root_password) - query = get_cmd + " -c \; -query \"SELECT DISTINCT UPPER(TABLESPACE_NAME) FROM USER_TablespaceS where UPPER(Tablespace_Name)=UPPER(\'%s\');\"" %(db_name) - output = check_output(shlex.split(query)) - if output.strip(db_name+' |'): - return True - else: - return False - - def create_db(self, root_user, db_root_password, db_name, db_user, db_password): - if self.verify_tablespace(root_user, db_root_password, db_name): - log("[I] Tablespace " + db_name + " already exists.","info") - if self.verify_user(root_user, db_user, db_root_password): - get_cmd = self.get_jisql_cmd(db_user ,db_password) - query = get_cmd + " -c \; -query 'select default_tablespace from user_users;'" - output = check_output(shlex.split(query)).strip() - db_name = db_name.upper() +' |' - if output == db_name: - log("[I] User name " + db_user + " and tablespace " + db_name + " already exists.","info") - else: - log("[E] "+db_user + " user already assigned some other tablespace , give some other DB name.","error") - sys.exit(1) - #status = self.assign_tablespace(root_user, db_root_password, db_user, db_password, db_name, False) - #return status - else: - log("[I] Tablespace does not exist. Creating tablespace: " + db_name,"info") - get_cmd = self.get_jisql_cmd(root_user, db_root_password) - query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(db_name, db_name) - ret = subprocess.check_call(shlex.split(query)) - if ret == 0: - if self.verify_tablespace(root_user, db_root_password, db_name): - log("[I] Creating tablespace "+db_name+" succeeded", "info") - status = self.assign_tablespace(root_user, db_root_password, db_user, db_password, db_name, True) - return status - else: - log("[E] Creating tablespace "+db_name+" failed", "error") - sys.exit(1) - else: - log("[E] Creating tablespace "+db_name+" failed", "error") - sys.exit(1) - - def assign_tablespace(self, root_user, db_root_password, db_user, db_password, db_name, status): - log("[I] Assign default tablespace " +db_name + " to " + db_user, "info") - # Assign default tablespace db_name - get_cmd = self.get_jisql_cmd(root_user , db_root_password) - query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(db_user, db_password, db_name) - ret = subprocess.check_call(shlex.split(query)) - if ret == 0: - log("[I] Granting permission to " + db_user, "info") - query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) - ret = subprocess.check_call(shlex.split(query)) - if ret == 0: - log("[I] Granting Oracle user '" + db_user + "' done", "info") - return status - else: - log("[E] Granting Oracle user '" + db_user + "' failed", "error") - sys.exit(1) - else: - log("[E] Assigning default tablespace to user '" + db_user + "' failed", "error") - sys.exit(1) - - - def import_audit_file_to_db(self, audit_db_root_user, db_name ,audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_db_root_password, file_name, TABLE_NAME): - #Verifying Users - if self.verify_user(audit_db_root_user, db_user, audit_db_root_password): - log("[I] User " +db_user + " already exists.", "info") - else: - log("[E] User does not exist " + db_user, "error") - sys.exit(1) - - if self.verify_user(audit_db_root_user, audit_db_user, audit_db_root_password): - log("[I] User " +audit_db_user + " already exists.", "info") - else: - log("[E] User does not exist " + audit_db_user, "error") - sys.exit(1) - - if self.verify_tablespace(audit_db_root_user, audit_db_root_password, audit_db_name): - log("[I] Tablespace " + audit_db_name + " already exists.","info") - status1 = True - else: - log("[I] Tablespace does not exist. Creating tablespace: " + audit_db_name,"info") - get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password) - query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(audit_db_name, audit_db_name) - ret = subprocess.check_call(shlex.split(query)) - if ret != 0: - log("[E] Tablespace creation failed!!","error") - sys.exit(1) - else: - log("[I] Creating tablespace "+ audit_db_name + " succeeded", "info") - status1 = True - - if self.verify_tablespace(audit_db_root_user, audit_db_root_password, db_name): - log("[I] Tablespace " + db_name + " already exists.","info") - status2 = True - else: - log("[I] Tablespace does not exist. Creating tablespace: " + db_name,"info") - get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password) - query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(db_name, db_name) - ret = subprocess.check_call(shlex.split(query)) - if ret != 0: - log("[E] Tablespace creation failed!!","error") - sys.exit(1) - else: - log("[I] Creating tablespace "+ db_name + " succeeded", "info") - status2 = True - - if (status1 == True and status2 == True): - log("[I] Assign default tablespace " + db_name + " to : " + audit_db_user, "info") - # Assign default tablespace db_name - get_cmd = self.get_jisql_cmd(audit_db_root_user , audit_db_root_password) - query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(audit_db_user, audit_db_password, db_name) - ret1 = subprocess.check_call(shlex.split(query)) - - log("[I] Assign default tablespace " + audit_db_name + " to : " + audit_db_user, "info") - # Assign default tablespace audit_db_name - get_cmd = self.get_jisql_cmd(audit_db_root_user , audit_db_root_password) - query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(audit_db_user, audit_db_password, audit_db_name) - ret2 = subprocess.check_call(shlex.split(query)) - - if (ret1 == 0 and ret2 == 0): - log("[I] Granting permission to " + db_user, "info") - query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) - ret = subprocess.check_call(shlex.split(query)) - if ret == 0: - return True - else: - log("[E] Granting Oracle user '" + db_user + "' failed", "error") - sys.exit(1) - else: - return False - - - def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, invoke): - if self.verify_user(root_user, db_user, db_root_password): - pass - else: - log("[E] User does not exist " + db_user, "error") - sys.exit(1) - if self.verify_tablespace(root_user, db_root_password, db_name): - pass - else: - log("[E] Tablespace " + db_name + " does not exists.","error") - sys.exit(1) - - get_cmd = self.get_jisql_cmd(root_user ,db_root_password) - query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) - ret = subprocess.check_call(shlex.split(query)) - if ret == 0: - log("[I] Granted permission to " + db_user, "info") - return True - else: - log("[E] Granting Oracle user '" + db_user + "' failed", "error") - sys.exit(1) - - - def grant_audit_db_user(self, audit_db_root_user, audit_db_name ,db_user,audit_db_user,db_password,audit_db_password, audit_db_root_password): - get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password) - query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) - ret = subprocess.check_call(shlex.split(query)) - if ret == 0: - log("[I] Granted permission to " + db_user, "info") - return True - else: - log("[E] Granting Oracle user '" + db_user + "' failed", "error") - sys.exit(1) + def grant_audit_db_user(self, audit_db_name ,db_user,audit_db_user,db_password,audit_db_password): + get_cmd = self.get_jisql_cmd(db_user, db_password) query = get_cmd + " -c \; -query 'GRANT CREATE SESSION TO %s;'" % (audit_db_user) ret = subprocess.check_call(shlex.split(query)) if ret != 0: @@ -612,7 +235,6 @@ class OracleConf(BaseDB): if ret != 0: sys.exit(1) - def import_db_file(self, db_name, db_user, db_password, file_name): name = basename(file_name) if os.path.isfile(file_name): @@ -659,8 +281,6 @@ class OracleConf(BaseDB): log("[I] Patch file not found","error") sys.exit(1) - - def check_table(self, db_name, db_user, db_password, TABLE_NAME): get_cmd = self.get_jisql_cmd(db_user ,db_password) query = get_cmd + " -c \; -query 'select default_tablespace from user_users;'" @@ -683,55 +303,7 @@ class OracleConf(BaseDB): log("[E] "+db_user + " user already assigned to some other tablespace , provide different DB name.","error") sys.exit(1) - - def create_auditdb_user(self, xa_db_host , audit_db_host , db_name ,audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, file_name, TABLE_NAME, DBA_MODE): - if DBA_MODE == "TRUE": - log("[I] --------- Setup audit user ---------","info") - #self.create_rangerdb_user(audit_db_root_user, db_user, db_password, audit_db_root_password) - if self.verify_user(audit_db_root_user, db_user, audit_db_root_password): - log("[I] Oracle admin user " + db_user + " already exists!", "info") - else: - log("[I] User does not exists, Creating user " + db_user, "info") - get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password) - query = get_cmd + " -c \; -query 'create user %s identified by \"%s\";'" %(db_user, db_password) - ret = subprocess.check_call(shlex.split(query)) - if ret == 0: - if self.verify_user(audit_db_root_user, db_user, audit_db_root_password): - log("[I] User " + db_user + " created", "info") - log("[I] Granting permission to " + db_user, "info") - query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) - ret = subprocess.check_call(shlex.split(query)) - if ret == 0: - log("[I] Granting permissions to Oracle user '" + db_user + "' for %s Done" %(self.host), "info") - else: - log("[E] Granting permissions to Oracle user '" + db_user + "' failed", "error") - sys.exit(1) - else: - log("[E] Creating Oracle user '" + db_user + "' failed", "error") - sys.exit(1) - else: - log("[E] Creating Oracle user '" + db_user + "' failed", "error") - sys.exit(1) - - if self.verify_user(audit_db_root_user, audit_db_user, audit_db_root_password): - log("[I] Oracle audit user " + audit_db_user + " already exist!", "info") - else: - log("[I] Audit user does not exists, Creating audit user " + audit_db_user, "info") - get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password) - query = get_cmd + " -c \; -query 'create user %s identified by \"%s\";'" %(audit_db_user, audit_db_password) - ret = subprocess.check_call(shlex.split(query)) - if ret == 0: - if self.verify_user(audit_db_root_user, audit_db_user, audit_db_root_password): - query = get_cmd + " -c \; -query \"GRANT CREATE SESSION TO %s;\"" %(audit_db_user) - ret = subprocess.check_call(shlex.split(query)) - if ret == 0: - log("[I] Granting permission to " + audit_db_user + " done", "info") - else: - log("[E] Granting permission to " + audit_db_user + " failed", "error") - sys.exit(1) - else: - log("[I] Creating audit user " + audit_db_user + " failed!", "info") - self.import_audit_file_to_db(audit_db_root_user, db_name ,audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_db_root_password, file_name, TABLE_NAME) + def auditdb_operation(self, xa_db_host , audit_db_host , db_name ,audit_db_name, db_user, audit_db_user, db_password, audit_db_password, file_name, TABLE_NAME): log("[I] --------- Check admin user connection ---------","info") self.check_connection(db_name, db_user, db_password) log("[I] --------- Check audit user connection ---------","info") @@ -741,11 +313,8 @@ class OracleConf(BaseDB): pass else: self.import_db_file(audit_db_name, db_user, db_password ,file_name) - - if DBA_MODE == "TRUE": - self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, True) - self.grant_audit_db_user(audit_db_root_user, audit_db_name ,db_user, audit_db_user, db_password,audit_db_password, audit_db_root_password) - + log("[I] ---------------Granting privileges TO '"+ audit_db_user + "' on audit table-------------" , "info") + self.grant_audit_db_user( audit_db_name ,db_user, audit_db_user, db_password,audit_db_password) class PostgresConf(BaseDB): # Constructor @@ -754,22 +323,11 @@ class PostgresConf(BaseDB): self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR self.JAVA_BIN = JAVA_BIN - def get_jisql_cmd(self, user, password, db_name): #TODO: User array for forming command jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, self.host, db_name, user, password) return jisql_cmd - def verify_user(self, root_user, db_root_password, db_user): - log("[I] Verifying user " + db_user , "info") - get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres') - query = get_cmd + " -query \"SELECT rolname FROM pg_roles WHERE rolname='%s';\"" %(db_user) - output = check_output(shlex.split(query)) - if output.strip(db_user + " |"): - return True - else: - return False - def check_connection(self, db_name, db_user, db_password): log("[I] Checking connection", "info") get_cmd = self.get_jisql_cmd(db_user, db_password, db_name) @@ -782,57 +340,6 @@ class PostgresConf(BaseDB): log("[E] Can't establish connection", "error") sys.exit(1) - def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password): - if self.check_connection('postgres', root_user, db_root_password): - if self.verify_user(root_user, db_root_password, db_user): - log("[I] Postgres user " + db_user + " already exists!", "info") - else: - log("[I] User does not exists, Creating user : " + db_user, "info") - get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres') - query = get_cmd + " -query \"CREATE USER %s WITH LOGIN PASSWORD '%s';\"" %(db_user, db_password) - ret = subprocess.check_call(shlex.split(query)) - if ret == 0: - if self.verify_user(root_user, db_root_password, db_user): - log("[I] Postgres user " + db_user + " created", "info") - else: - log("[E] Postgres user " +db_user+" creation failed", "error") - sys.exit(1) - else: - log("[E] Postgres user " +db_user+" creation failed", "error") - sys.exit(1) - - - def verify_db(self, root_user, db_root_password, db_name): - log("[I] Verifying database " + db_name , "info") - get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres') - query = get_cmd + " -query \"SELECT datname FROM pg_database where datname='%s';\"" %(db_name) - output = check_output(shlex.split(query)) - if output.strip(db_name + " |"): - return True - else: - return False - - - def create_db(self, root_user, db_root_password, db_name, db_user, db_password): - if self.verify_db(root_user, db_root_password, db_name): - log("[I] Database "+db_name + " already exists.", "info") - else: - log("[I] Database does not exist! Creating database : " + db_name,"info") - get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres') - query = get_cmd + " -query \"create database %s with OWNER %s;\"" %(db_name, db_user) - ret = subprocess.check_call(shlex.split(query)) - if ret != 0: - log("[E] Database creation failed!!","error") - sys.exit(1) - else: - if self.verify_db(root_user, db_root_password, db_name): - log("[I] Creating database " + db_name + " succeeded", "info") - return True - else: - log("[E] Database creation failed!!","error") - sys.exit(1) - - def import_db_file(self, db_name, db_user, db_password, file_name): name = basename(file_name) if os.path.isfile(file_name): @@ -849,39 +356,9 @@ class PostgresConf(BaseDB): log("[E] DB schema file " + name+ " not found","error") sys.exit(1) - - def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password , True): - log("[I] Granting privileges TO user '"+db_user+"' on db '"+db_name+"'" , "info") - get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name) - query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON DATABASE %s to %s;\"" %(db_name, db_user) - ret = subprocess.check_call(shlex.split(query)) - if ret != 0: - log("[E] Granting privileges on tables in schema public failed", "error") - sys.exit(1) - - query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SCHEMA public TO %s;\"" %(db_user) - ret = subprocess.check_call(shlex.split(query)) - if ret != 0: - log("[E] Granting privileges on schema public failed", "error") - sys.exit(1) - - query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO %s;\"" %(db_user) - ret = subprocess.check_call(shlex.split(query)) - if ret != 0: - log("[E] Granting privileges on database "+db_name+ " failed", "error") - sys.exit(1) - - query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO %s;\"" %(db_user) - ret = subprocess.check_call(shlex.split(query)) - if ret != 0: - log("[E] Granting privileges on database "+db_name+ " failed", "error") - sys.exit(1) - log("[I] Granting privileges TO user '"+db_user+"' on db '"+db_name+"' Done" , "info") - - - def grant_audit_db_user(self, audit_db_root_user, audit_db_name , db_user, audit_db_user, db_password, audit_db_password, audit_db_root_password): + def grant_audit_db_user(self, audit_db_name , db_user, audit_db_user, db_password, audit_db_password): log("[I] Granting permission to " + audit_db_user, "info") - get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password, audit_db_name) + get_cmd = self.get_jisql_cmd(db_user, db_password, audit_db_name) log("[I] Granting select and usage privileges to Postgres audit user '" + audit_db_user + "' on XA_ACCESS_AUDIT_SEQ", "info") query = get_cmd + " -query 'GRANT SELECT,USAGE ON XA_ACCESS_AUDIT_SEQ TO %s;'" % (audit_db_user) ret = subprocess.check_call(shlex.split(query)) @@ -896,7 +373,6 @@ class PostgresConf(BaseDB): log("[E] Granting insert privileges to Postgres user '" + audit_db_user + "' failed", "error") sys.exit(1) - def import_db_patches(self, db_name, db_user, db_password, file_name): name = basename(file_name) if os.path.isfile(file_name): @@ -926,7 +402,6 @@ class PostgresConf(BaseDB): log("[E] Import " +name + " file not found","error") sys.exit(1) - def check_table(self, db_name, db_user, db_password, TABLE_NAME): log("[I] Verifying table " + TABLE_NAME +" in database " + db_name, "info") get_cmd = self.get_jisql_cmd(db_user, db_password, db_name) @@ -939,14 +414,8 @@ class PostgresConf(BaseDB): log("[I] Table " + TABLE_NAME +" does not exist in database " + db_name, "info") return False - - def create_auditdb_user(self, xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, file_name, TABLE_NAME, DBA_MODE): - if DBA_MODE == "TRUE": - log("[I] --------- Setup audit user ---------","info") - self.create_rangerdb_user(audit_db_root_user, db_user, db_password, audit_db_root_password) - self.create_rangerdb_user(audit_db_root_user, audit_db_user, audit_db_password, audit_db_root_password) - self.create_db(audit_db_root_user, audit_db_root_password, audit_db_name, db_user, db_password) - + def auditdb_operation(self, xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, file_name, TABLE_NAME): + log("[I] --------- Check admin user connection ---------","info") self.check_connection(audit_db_name, db_user, db_password) log("[I] --------- Check audit user connection ---------","info") @@ -955,9 +424,8 @@ class PostgresConf(BaseDB): output = self.check_table(audit_db_name, audit_db_user, audit_db_password, TABLE_NAME) if output == False: self.import_db_file(audit_db_name, db_user, db_password, file_name) - if DBA_MODE == "TRUE": - self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, True) - self.grant_audit_db_user(audit_db_root_user, audit_db_name ,db_user, audit_db_user, db_password,audit_db_password, audit_db_root_password) + self.grant_audit_db_user(audit_db_name ,db_user, audit_db_user, db_password,audit_db_password) + class SqlServerConf(BaseDB): # Constructor @@ -966,22 +434,11 @@ class SqlServerConf(BaseDB): self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR self.JAVA_BIN = JAVA_BIN - def get_jisql_cmd(self, user, password, db_name): #TODO: User array for forming command jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s:1433\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, user, password, self.host,db_name) return jisql_cmd - def verify_user(self, root_user, db_root_password, db_user): - log("[I] Verifying user " + db_user , "info") - get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb') - query = get_cmd + " -c \; -query \"select loginname from master.dbo.syslogins where loginname = '%s';\"" %(db_user) - output = check_output(shlex.split(query)) - if output.strip(db_user + " |"): - return True - else: - return False - def check_connection(self, db_name, db_user, db_password): log("[I] Checking connection", "info") get_cmd = self.get_jisql_cmd(db_user, db_password, db_name) @@ -994,79 +451,6 @@ class SqlServerConf(BaseDB): log("[E] Can't establish connection", "error") sys.exit(1) - def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password): - if self.check_connection('msdb', root_user, db_root_password): - if self.verify_user(root_user, db_root_password, db_user): - log("[I] SQL Server user " + db_user + " already exists!", "info") - else: - get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb') - log("[I] User does not exists, Creating Login user " + db_user, "info") - query = get_cmd + " -c \; -query \"CREATE LOGIN %s WITH PASSWORD = '%s';\"" %(db_user,db_password) - ret = subprocess.check_call(shlex.split(query)) - if ret == 0: - if self.verify_user(root_user, db_root_password, db_user): - log("[I] SQL Server user " + db_user + " created", "info") - else: - log("[E] SQL Server user " +db_user+" creation failed", "error") - sys.exit(1) - else: - log("[E] SQL Server user " +db_user+" creation failed", "error") - sys.exit(1) - - - def verify_db(self, root_user, db_root_password, db_name): - log("[I] Verifying database " + db_name, "info") - get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb') - query = get_cmd + " -c \; -query \"SELECT name from sys.databases where name='%s';\"" %(db_name) - output = check_output(shlex.split(query)) - if output.strip(db_name + " |"): - return True - else: - return False - - def create_db(self, root_user, db_root_password, db_name, db_user, db_password): - if self.verify_db(root_user, db_root_password, db_name): - log("[I] Database " + db_name + " already exists.","info") - else: - log("[I] Database does not exist! Creating database : " + db_name,"info") - get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb') - query = get_cmd + " -c \; -query \"create database %s;\"" %(db_name) - ret = subprocess.check_call(shlex.split(query)) - if ret != 0: - log("[E] Database creation failed!!","error") - sys.exit(1) - else: - if self.verify_db(root_user, db_root_password, db_name): - self.create_user(root_user, db_name ,db_user, db_password, db_root_password) - log("[I] Creating database " + db_name + " succeeded", "info") - return True -# self.import_db_file(db_name, root_user, db_user, db_password, db_root_password, file_name) - else: - log("[E] Database creation failed!!","error") - sys.exit(1) - - - def create_user(self, root_user, db_name ,db_user, db_password, db_root_password): - get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb') - query = get_cmd + " -c \; -query \"USE %s SELECT name FROM sys.database_principals WHERE name = N'%s';\"" %(db_name, db_user) - output = check_output(shlex.split(query)) - if output.strip(db_user + " |"): - log("[I] User "+db_user+" exist ","info") - else: - query = get_cmd + " -c \; -query \"USE %s CREATE USER %s for LOGIN %s;\"" %(db_name ,db_user, db_user) - ret = subprocess.check_call(shlex.split(query)) - if ret == 0: - query = get_cmd + " -c \; -query \"USE %s SELECT name FROM sys.database_principals WHERE name = N'%s';\"" %(db_name ,db_user) - output = check_output(shlex.split(query)) - if output.strip(db_user + " |"): - log("[I] User "+db_user+" exist ","info") - else: - log("[E] Database creation failed!!","error") - sys.exit(1) - else: - log("[E] Database creation failed!!","error") - sys.exit(1) - def import_db_file(self, db_name, db_user, db_password, file_name): name = basename(file_name) if os.path.isfile(file_name): @@ -1094,25 +478,10 @@ class SqlServerConf(BaseDB): log("[I] Table '" + TABLE_NAME + "' does not exist in database '" + db_name + "'","info") return False - - def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, True): - log("[I] Granting permission to admin user '" + db_user + "' on db '" + db_name + "'" , "info") - get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb') - query = get_cmd + " -c \; -query \"ALTER LOGIN [%s] WITH DEFAULT_DATABASE=[%s];\"" %(db_user, db_name) - ret = subprocess.check_call(shlex.split(query)) - if ret != 0: - sys.exit(1) - query = get_cmd + " -c \; -query \" USE %s EXEC sp_addrolemember N'db_owner', N'%s';\"" %(db_name, db_user) -# query = get_cmd + " -c \; -query \" USE %s GRANT ALL PRIVILEGES to %s;\"" %(db_name , db_user) - ret = subprocess.check_call(shlex.split(query)) - if ret != 0: - sys.exit(1) - - - def grant_audit_db_user(self, audit_db_root_user, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_db_root_password,TABLE_NAME): + def grant_audit_db_user(self, audit_db_name, db_user, audit_db_user, db_password, audit_db_password,TABLE_NAME): log("[I] Granting permission to audit user '" + audit_db_user + "' on db '" + audit_db_name + "'","info") - get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password, 'msdb') - query = get_cmd + " -c \; -query \"USE %s GRANT SELECT,INSERT to %s;\"" %(audit_db_name ,audit_db_user) + get_cmd = self.get_jisql_cmd(db_user, db_password,audit_db_name) + query = get_cmd + " -c \; -query \"USE %s GRANT INSERT to %s;\"" %(audit_db_name ,audit_db_user) ret = subprocess.check_call(shlex.split(query)) if ret != 0 : sys.exit(1) @@ -1148,17 +517,7 @@ class SqlServerConf(BaseDB): log("[E] Import " +name + " file not found","error") sys.exit(1) - - def create_auditdb_user(self, xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, file_name, TABLE_NAME, DBA_MODE): - if DBA_MODE == "TRUE": - log("[I] --------- Setup audit user --------- ","info") - self.create_rangerdb_user(audit_db_root_user, db_user, db_password, audit_db_root_password) - #log("[I] --------- Setup audit user --------- ","info") - self.create_rangerdb_user(audit_db_root_user, audit_db_user, audit_db_password, audit_db_root_password) - self.create_db(audit_db_root_user, audit_db_root_password ,audit_db_name, audit_db_user, audit_db_password) - self.create_user(xa_db_root_user, audit_db_name ,db_user, db_password, xa_db_root_password) - self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, True) - + def auditdb_operation(self, xa_db_host, audit_db_host, db_name, audit_db_name,db_user, audit_db_user, db_password, audit_db_password, file_name, TABLE_NAME): log("[I] --------- Check admin user connection --------- ","info") self.check_connection(audit_db_name, db_user, db_password) log("[I] --------- Check audit user connection --------- ","info") @@ -1167,9 +526,7 @@ class SqlServerConf(BaseDB): output = self.check_table(audit_db_name, db_user, db_password, TABLE_NAME) if output == False: self.import_db_file(audit_db_name ,db_user, db_password, file_name) - if DBA_MODE == "TRUE": - self.grant_audit_db_user(audit_db_root_user, audit_db_name ,db_user, audit_db_user, db_password,audit_db_password, audit_db_root_password,TABLE_NAME) - + self.grant_audit_db_user( audit_db_name ,db_user, audit_db_user, db_password,audit_db_password,TABLE_NAME) def main(): populate_global_dict() @@ -1177,19 +534,6 @@ def main(): FORMAT = '%(asctime)-15s %(message)s' logging.basicConfig(format=FORMAT, level=logging.DEBUG) - if 'DBA_MODE' in globalDict : - DBA_MODE = globalDict['DBA_MODE'] - DBA_MODE = DBA_MODE.upper() - if DBA_MODE == "FALSE" or DBA_MODE == "TRUE": - pass - else: - log("[E] --------- DBA_MODE should be TRUE or FALSE --------- ","error") - sys.exit(1) - else: - DBA_MODE = "FALSE" - - log("[I] --------- DBA_MODE is :" + DBA_MODE +" --------- ","info") - JAVA_BIN=globalDict['JAVA_BIN'] XA_DB_FLAVOR=globalDict['DB_FLAVOR'] AUDIT_DB_FLAVOR=globalDict['DB_FLAVOR'] @@ -1222,8 +566,6 @@ def main(): db_name = globalDict['db_name'] db_user = globalDict['db_user'] db_password = globalDict['db_password'] - xa_db_root_user = globalDict['db_root_user'] - xa_db_root_password = globalDict['db_root_password'] x_db_version = 'x_db_version_h' xa_access_audit = 'xa_access_audit' @@ -1232,8 +574,6 @@ def main(): audit_db_name = globalDict['audit_db_name'] audit_db_user = globalDict['audit_db_user'] audit_db_password = globalDict['audit_db_password'] - audit_db_root_user = globalDict['db_root_user'] - audit_db_root_password = globalDict['db_root_password'] if XA_DB_FLAVOR == "MYSQL": MYSQL_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR'] @@ -1244,7 +584,6 @@ def main(): elif XA_DB_FLAVOR == "ORACLE": ORACLE_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR'] - xa_db_root_user = xa_db_root_user+" AS SYSDBA" xa_sqlObj = OracleConf(xa_db_host, ORACLE_CONNECTOR_JAR, JAVA_BIN) xa_db_version_file = os.path.join(os.getcwd(),oracle_dbversion_catalog) xa_db_core_file = os.path.join(os.getcwd(),oracle_core_file) @@ -1274,7 +613,6 @@ def main(): elif AUDIT_DB_FLAVOR == "ORACLE": ORACLE_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR'] - audit_db_root_user = audit_db_root_user+" AS SYSDBA" audit_sqlObj = OracleConf(audit_db_host, ORACLE_CONNECTOR_JAR, JAVA_BIN) audit_db_file = os.path.join(os.getcwd(),oracle_audit_file) @@ -1291,15 +629,6 @@ def main(): log("[E] --------- NO SUCH SUPPORTED DB FLAVOUR!! ---------", "error") sys.exit(1) - # Methods Begin - if DBA_MODE == "TRUE" : - log("[I] --------- Creating Ranger Admin db user --------- ","info") - xa_sqlObj.create_rangerdb_user(xa_db_root_user, db_user, db_password, xa_db_root_password) - log("[I] --------- Creating Ranger Admin database ---------","info") - xa_sqlObj.create_db(xa_db_root_user, xa_db_root_password, db_name, db_user, db_password) - log("[I] --------- Granting permission to Ranger Admin db user ---------","info") - xa_sqlObj.grant_xa_db_user(xa_db_root_user, db_name, db_user, db_password, xa_db_root_password, True) - log("[I] --------- Verifying Ranger DB connection ---------","info") xa_sqlObj.check_connection(db_name, db_user, db_password) log("[I] --------- Verifying Ranger DB tables ---------","info") @@ -1315,9 +644,6 @@ def main(): xa_sqlObj.upgrade_db(db_name, db_user, db_password, xa_db_version_file) log("[I] --------- Applying patches ---------","info") xa_sqlObj.apply_patches(db_name, db_user, db_password, xa_patch_file) - - # Ranger Admin DB Host AND Ranger Audit DB Host are Different OR Same - #log("[I] --------- Verifying/Creating audit user --------- ","info") - audit_sqlObj.create_auditdb_user(xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, audit_db_file, xa_access_audit, DBA_MODE) + audit_sqlObj.auditdb_operation(xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_db_file, xa_access_audit) main() \ No newline at end of file
