Repository: incubator-ranger Updated Branches: refs/heads/master 0ee29405d -> 84a03b159
RANGER-398: Store config params in standard format (Gautam Borad via Velmurugan Periasamy) Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/84a03b15 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/84a03b15 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/84a03b15 Branch: refs/heads/master Commit: 84a03b1590c4b3857fb6808d1577b4353116a28b Parents: 0ee2940 Author: Velmurugan Periasamy <[email protected]> Authored: Wed Apr 15 15:23:56 2015 -0400 Committer: Velmurugan Periasamy <[email protected]> Committed: Wed Apr 15 15:23:56 2015 -0400 ---------------------------------------------------------------------- security-admin/scripts/dba_script.py | 2 +- .../org/apache/ranger/biz/ServiceDBStore.java | 31 ++++++++++++++++++++ .../java/org/apache/ranger/biz/ServiceMgr.java | 19 +++++++++++- .../ranger/service/RangerServiceService.java | 29 +++++++++++++++++- 4 files changed, 78 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/84a03b15/security-admin/scripts/dba_script.py ---------------------------------------------------------------------- diff --git a/security-admin/scripts/dba_script.py b/security-admin/scripts/dba_script.py index b44b6d2..c4cba5b 100644 --- a/security-admin/scripts/dba_script.py +++ b/security-admin/scripts/dba_script.py @@ -164,7 +164,7 @@ class MysqlConf(BaseDB): query = get_cmd + " -query \"create user '%s'@'%s';\" -c ;" %(db_user, host) ret = subprocess.call(query) if ret == 0: - if self.verify_user(root_user, db_root_password, host, db_user, get_cmd): + if self.verify_user(root_user, db_root_password, host, db_user, get_cmd, dryMode): log("[I] MySQL user " + db_user +" created for host " + host ,"info") else: log("[E] Creating MySQL user " + db_user +" failed..","error") http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/84a03b15/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java index 59295d3..12aa31c 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java @@ -36,6 +36,7 @@ import org.apache.ranger.common.AppConstants; import org.apache.ranger.common.ContextUtil; import org.apache.ranger.common.DateUtil; import org.apache.ranger.common.MessageEnums; +import org.apache.ranger.common.PasswordUtils; import org.apache.ranger.common.RESTErrorUtil; import org.apache.ranger.common.RangerCommonEnums; import org.apache.ranger.common.StringUtil; @@ -172,6 +173,9 @@ public class ServiceDBStore extends AbstractServiceStore { private static volatile boolean legacyServiceDefsInitDone = false; private Boolean populateExistingBaseFields = false; + public static final String HIDDEN_PASSWORD_STR = "*****"; + public static final String CONFIG_KEY_PASSWORD = "password"; + @Override public void init() throws Exception { if (LOG.isDebugEnabled()) { @@ -997,6 +1001,15 @@ public class ServiceDBStore extends AbstractServiceStore { } } + if (StringUtils.equalsIgnoreCase(configKey, CONFIG_KEY_PASSWORD)) { + String encryptedPwd = PasswordUtils.encryptPassword(configValue); + String decryptedPwd = PasswordUtils.decryptPassword(encryptedPwd); + + if (StringUtils.equals(decryptedPwd, configValue)) { + configValue = encryptedPwd; + } + } + XXServiceConfigMap xConfMap = new XXServiceConfigMap(); xConfMap = (XXServiceConfigMap) rangerAuditFields.populateAuditFields(xConfMap, xCreatedService); xConfMap.setServiceId(xCreatedService.getId()); @@ -1082,8 +1095,13 @@ public class ServiceDBStore extends AbstractServiceStore { XXService xUpdService = daoMgr.getXXService().getById(service.getId()); + String oldPassword = null; + List<XXServiceConfigMap> dbConfigMaps = daoMgr.getXXServiceConfigMap().findByServiceId(service.getId()); for(XXServiceConfigMap dbConfigMap : dbConfigMaps) { + if(StringUtils.equalsIgnoreCase(dbConfigMap.getConfigkey(), CONFIG_KEY_PASSWORD)) { + oldPassword = dbConfigMap.getConfigvalue(); + } daoMgr.getXXServiceConfigMap().remove(dbConfigMap); } @@ -1106,6 +1124,19 @@ public class ServiceDBStore extends AbstractServiceStore { } } + if (StringUtils.equalsIgnoreCase(configKey, CONFIG_KEY_PASSWORD)) { + if (StringUtils.equalsIgnoreCase(configValue, HIDDEN_PASSWORD_STR)) { + configValue = oldPassword; + } else { + String encryptedPwd = PasswordUtils.encryptPassword(configValue); + String decryptedPwd = PasswordUtils.decryptPassword(encryptedPwd); + + if (StringUtils.equals(decryptedPwd, configValue)) { + configValue = encryptedPwd; + } + } + } + XXServiceConfigMap xConfMap = new XXServiceConfigMap(); xConfMap = (XXServiceConfigMap) rangerAuditFields.populateAuditFields(xConfMap, xUpdService); xConfMap.setServiceId(service.getId()); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/84a03b15/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java index b5ca24e..8498fbf 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java @@ -36,8 +36,10 @@ import org.apache.ranger.plugin.model.RangerServiceDef; import org.apache.ranger.plugin.service.RangerBaseService; import org.apache.ranger.plugin.service.ResourceLookupContext; import org.apache.ranger.plugin.store.ServiceStore; +import org.apache.ranger.service.RangerServiceService; import org.apache.ranger.view.VXMessage; import org.apache.ranger.view.VXResponse; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; @@ -46,10 +48,21 @@ public class ServiceMgr { private static final Log LOG = LogFactory.getLog(ServiceMgr.class); + @Autowired + RangerServiceService rangerSvcService; + + @Autowired + ServiceDBStore svcDBStore; public List<String> lookupResource(String serviceName, ResourceLookupContext context, ServiceStore svcStore) throws Exception { List<String> ret = null; - RangerBaseService svc = getRangerServiceByName(serviceName, svcStore); + + RangerService service = svcDBStore.getServiceByName(serviceName); + + Map<String, String> newConfigs = rangerSvcService.getConfigsWithDecryptedPassword(service); + service.setConfigs(newConfigs); + + RangerBaseService svc = getRangerServiceByService(service, svcStore); if(LOG.isDebugEnabled()) { LOG.debug("==> ServiceMgr.lookupResource for Service: (" + svc + "Context: " + context + ")"); @@ -79,6 +92,10 @@ public class ServiceMgr { public VXResponse validateConfig(RangerService service, ServiceStore svcStore) throws Exception { VXResponse ret = new VXResponse(); + + Map<String, String> newConfigs = rangerSvcService.getConfigsWithDecryptedPassword(service); + service.setConfigs(newConfigs); + RangerBaseService svc = getRangerServiceByService(service, svcStore); if(LOG.isDebugEnabled()) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/84a03b15/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java index c673611..ce4d544 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java @@ -17,6 +17,7 @@ package org.apache.ranger.service; +import java.io.IOException; import java.lang.reflect.Field; import java.util.ArrayList; import java.util.HashMap; @@ -24,8 +25,11 @@ import java.util.List; import java.util.Map; import java.util.Map.Entry; +import org.apache.commons.lang.StringUtils; +import org.apache.ranger.biz.ServiceDBStore; import org.apache.ranger.common.AppConstants; import org.apache.ranger.common.JSONUtil; +import org.apache.ranger.common.PasswordUtils; import org.apache.ranger.common.PropertiesUtil; import org.apache.ranger.common.view.VTrxLogAttr; import org.apache.ranger.entity.XXService; @@ -95,7 +99,12 @@ public class RangerServiceService extends RangerServiceServiceBase<XXService, Ra List<XXServiceConfigMap> svcConfigMapList = daoMgr.getXXServiceConfigMap() .findByServiceId(xService.getId()); for(XXServiceConfigMap svcConfMap : svcConfigMapList) { - configs.put(svcConfMap.getConfigkey(), svcConfMap.getConfigvalue()); + String configValue = svcConfMap.getConfigvalue(); + + if(StringUtils.equalsIgnoreCase(svcConfMap.getConfigkey(), ServiceDBStore.CONFIG_KEY_PASSWORD)) { + configValue = ServiceDBStore.HIDDEN_PASSWORD_STR; + } + configs.put(svcConfMap.getConfigkey(), configValue); } vService.setConfigs(configs); @@ -264,4 +273,22 @@ public class RangerServiceService extends RangerServiceServiceBase<XXService, Ra return xTrxLog; } + public Map<String, String> getConfigsWithDecryptedPassword(RangerService service) throws IOException { + Map<String, String> configs = service.getConfigs(); + + String pwd = configs.get(ServiceDBStore.CONFIG_KEY_PASSWORD); + if(!stringUtil.isEmpty(pwd) && pwd.equalsIgnoreCase(ServiceDBStore.HIDDEN_PASSWORD_STR)) { + XXServiceConfigMap pwdConfig = daoMgr.getXXServiceConfigMap().findByServiceAndConfigKey(service.getId(), + ServiceDBStore.CONFIG_KEY_PASSWORD); + if(pwdConfig != null) { + String encryptedPwd = pwdConfig.getConfigvalue(); + String decryptedPwd = PasswordUtils.decryptPassword(encryptedPwd); + if(StringUtils.equalsIgnoreCase(PasswordUtils.encryptPassword(decryptedPwd), encryptedPwd)) { + configs.put(ServiceDBStore.CONFIG_KEY_PASSWORD, decryptedPwd); + } + } + } + return configs; + } + }
