Repository: incubator-ranger Updated Branches: refs/heads/master 101d17673 -> 91d1e1374
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/11bb55ba/unixauthservice/scripts/setup.py ---------------------------------------------------------------------- diff --git a/unixauthservice/scripts/setup.py b/unixauthservice/scripts/setup.py new file mode 100755 index 0000000..26078be --- /dev/null +++ b/unixauthservice/scripts/setup.py @@ -0,0 +1,397 @@ +#!/usr/bin/python +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import re +import StringIO +import xml.etree.ElementTree as ET +import ConfigParser +import os,errno,sys,getopt +from os import listdir +from os.path import isfile, join, dirname, basename +from urlparse import urlparse +from time import gmtime, strftime, localtime +from xml import etree +import shutil +import pwd, grp + +if (not 'JAVA_HOME' in os.environ): + print "ERROR: JAVA_HOME environment variable is not defined. Please define JAVA_HOME before running this script" + sys.exit(1) + +debugLevel = 1 +generateXML = 0 +installPropDirName = '.' +pidFolderName = '/var/run/ranger' +logFolderName = '/var/log/ranger' +initdDirName = '/etc/init.d' + +rangerBaseDirName = os.getcwd() #'/etc/ranger' +usersyncBaseDirName = 'usersync' +confBaseDirName = 'conf' +confDistBaseDirName = 'conf.dist' +certBaseDirName = 'cert' +defaultCertFileName = 'unixauthservice.jks' + +outputFileName = 'ranger-ugsync-site.xml' +installPropFileName = 'install.properties' +defaultSiteXMLFileName = 'ranger-ugsync-default.xml' +log4jFileName = 'log4j.xml' +install2xmlMapFileName = 'installprop2xml.properties' +templateFileName = 'ranger-ugsync-template.xml' +initdProgramName = 'ranger-usersync' +PROP2ALIASMAP = { 'ranger.usersync.ldap.ldapbindpassword':'ldap.bind.password' , + 'ranger.usersync.keystore.password':'usersync.ssl.key.password', + 'ranger.usersync.truststore.password':'usersync.ssl.truststore.password'} + +installTemplateDirName = join(installPropDirName,'templates') +confDistDirName = join(installPropDirName, confDistBaseDirName) +ugsyncLogFolderName = join(logFolderName, 'ugsync') +nativeAuthFolderName = join(installPropDirName, 'native') +nativeAuthProgramName = join(nativeAuthFolderName, 'credValidator.uexe') +usersyncBaseDirFullName = join(rangerBaseDirName, usersyncBaseDirName) +confFolderName = join(usersyncBaseDirFullName, confBaseDirName) +localConfFolderName = join(installPropDirName, confBaseDirName) +certFolderName = join(confFolderName, certBaseDirName) +defaultKSFileName = join(certFolderName, defaultCertFileName) +defaultKSPassword = 'UnIx529p' +defaultDNAME = 'cn=unixauthservice,ou=authenticator,o=mycompany,c=US' + +unixUserProp = 'unix_user' +unixGroupProp = 'unix_group' + +logFolderPermMode = 0770 +rootOwnerId = 0 +initPrefixList = ['S99', 'K00'] + +SYNC_SOURCE_KEY = 'SYNC_SOURCE' +SYNC_INTERVAL_NEW_KEY = 'ranger.usersync.sleeptimeinmillisbetweensynccycle' +SYNC_SOURCE_UNIX = 'unix' +SYNC_SOURCE_LDAP = 'ldap' +SYNC_SOURCE_LIST = [ SYNC_SOURCE_UNIX, SYNC_SOURCE_LDAP ] + +credUpdateClassName = 'org.apache.ranger.credentialapi.buildks' +#credUpdateClassName = 'com.hortonworks.credentialapi.buildks' + +def archiveFile(originalFileName): + archiveDir = dirname(originalFileName) + archiveFileName = "." + basename(originalFileName) + "." + (strftime("%d%m%Y%H%M%S", localtime())) + movedFileName = join(archiveDir,archiveFileName) + print "INFO: moving [%s] to [%s] ......." % (originalFileName,movedFileName) + os.rename(originalFileName, movedFileName) + +def getXMLConfigKeys(xmlFileName): + ret = [] + tree = ET.parse(xmlFileName) + root = tree.getroot() + for config in root.iter('property'): + name = config.find('name').text + ret.append(name) + return ret + +def getXMLConfigMap(xmlFileName): + ret = {} + tree = ET.parse(xmlFileName) + root = tree.getroot() + for config in root.findall('property'): + name = config.find('name').text + val = config.find('value').text + ret[name] = val + return ret + + +def getPropertiesConfigMap(configFileName): + ret = {} + config = StringIO.StringIO() + config.write('[dummysection]\n') + config.write(open(configFileName).read()) + config.seek(0,os.SEEK_SET) + fcp = ConfigParser.ConfigParser() + fcp.optionxform = str + fcp.readfp(config) + for k,v in fcp.items('dummysection'): + ret[k] = v + return ret + +def getPropertiesKeyList(configFileName): + ret = [] + config = StringIO.StringIO() + config.write('[dummysection]\n') + config.write(open(configFileName).read()) + config.seek(0,os.SEEK_SET) + fcp = ConfigParser.ConfigParser() + fcp.optionxform = str + fcp.readfp(config) + for k,v in fcp.items('dummysection'): + ret.append(k) + return ret + +def writeXMLUsingProperties(xmlTemplateFileName,prop,xmlOutputFileName): + tree = ET.parse(xmlTemplateFileName) + root = tree.getroot() + for config in root.findall('property'): + name = config.find('name').text + if (name in prop.keys()): + config.find('value').text = prop[name] + else: + print "ERROR: key not found: %s" % (name) + if isfile(xmlOutputFileName): + archiveFile(xmlOutputFileName) + tree.write(xmlOutputFileName) + +def updateProppertyInJCKSFile(jcksFileName,propName,value): + fn = jcksFileName + if (value == ''): + value = ' ' + cmd = "java -cp './lib/*' %s create '%s' -value '%s' -provider jceks://file%s 2>&1" % (credUpdateClassName,propName,value,fn) + ret = os.system(cmd) + if (ret != 0): + print "ERROR: Unable update the JCKSFile(%s) for aliasName (%s)" % (fn,propName) + sys.exit(1) + return ret + + +def convertInstallPropsToXML(props): + directKeyMap = getPropertiesConfigMap(join(installTemplateDirName,install2xmlMapFileName)) + ret = {} + for k,v in props.iteritems(): + if (k in directKeyMap.keys()): + newKey = directKeyMap[k] + ret[newKey] = v + else: + print "Direct Key not found:%s" % (k) + + ret['ranger.usersync.sink.impl.class'] = 'org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder' + if (SYNC_SOURCE_KEY in ret): + syncSource = ret[SYNC_SOURCE_KEY] + if (syncSource == SYNC_SOURCE_UNIX): + ret['ranger.usersync.source.impl.class'] = 'org.apache.ranger.unixusersync.process.UnixUserGroupBuilder' + if (SYNC_INTERVAL_NEW_KEY not in ret or len(str(ret[SYNC_INTERVAL_NEW_KEY])) == 0): + ret[SYNC_INTERVAL_NEW_KEY] = '5' + #for key in ret.keys(): + # if (key.startswith("ranger.usersync.ldap") or key.startswith("ranger.usersync.group") or key.startswith("ranger.usersync.paged")): + # del ret[key] + elif (syncSource == SYNC_SOURCE_LDAP): + ret['ranger.usersync.source.impl.class'] = 'org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder' + if (SYNC_INTERVAL_NEW_KEY not in ret or len(str(ret[SYNC_INTERVAL_NEW_KEY])) == 0): + ret[SYNC_INTERVAL_NEW_KEY] = '60' + else: + print "ERROR: Invalid value (%s) defined for %s in install.properties. Only valid values are %s" % (syncSource, SYNC_SOURCE_KEY,SYNC_SOURCE_LIST) + sys.exit(1) + del ret['SYNC_SOURCE'] + else: + print "ERROR: No value defined for SYNC_SOURCE in install.properties. valid values are %s" % (SYNC_SOURCE_KEY, SYNC_SOURCE_LIST) + sys.exit(1) + + return ret + +def createUser(username,groupname): + cmd = "useradd -g %s %s -m" % (groupname,username) + ret = os.system(cmd) + if (ret != 0): + print "ERROR: os command execution (%s) failed. error code = %d " % (cmd, ret) + sys.exit(1) + try: + ret = pwd.getpwnam(username).pw_uid + return ret + except KeyError, e: + print "ERROR: Unable to create a new user account: %s with group %s - error [%s]" % (username,groupname,e) + sys.exit(1) + +def createGroup(groupname): + cmd = "groupadd %s" % (groupname) + ret = os.system(cmd) + if (ret != 0): + print "ERROR: os command execution (%s) failed. error code = %d " % (cmd, ret) + sys.exit(1) + try: + ret = grp.getgrnam(groupname).gr_gid + return ret + except KeyError, e: + print "ERROR: Unable to create a new group: %s" % (groupname,e) + sys.exit(1) + +def initializeInitD(): + if (os.path.isdir(initdDirName)): + fn = join(installPropDirName,initdProgramName) + initdFn = join(initdDirName,initdProgramName) + shutil.copy(fn, initdFn) + os.chmod(initdFn,0550) + rcDirList = [ "/etc/rc2.d", "/etc/rc3.d", "/etc/rc.d/rc2.d", "/etc/rc.d/rc3.d" ] + for rcDir in rcDirList: + if (os.path.isdir(rcDir)): + for prefix in initPrefixList: + scriptFn = prefix + initdProgramName + scriptName = join(rcDir, scriptFn) + if isfile(scriptName): + os.remove(scriptName) + #print "+ ln -sf %s %s" % (initdFn, scriptName) + os.symlink(initdFn,scriptName) + userSyncScriptName = "ranger-usersync-services.sh" + localScriptName = os.path.abspath(join(installPropDirName,userSyncScriptName)) + ubinScriptName = join("/usr/bin",initdProgramName) + if isfile(ubinScriptName): + os.remove(ubinScriptName) + os.symlink(localScriptName,ubinScriptName) + + +def createJavaKeystoreForSSL(fn,passwd): + cmd = "keytool -genkeypair -keyalg RSA -alias selfsigned -keystore '%s' -keypass '%s' -storepass '%s' -validity 3600 -keysize 2048 -dname '%s'" % (fn, passwd, passwd, defaultDNAME) + ret = os.system(cmd) + if (ret != 0): + print "ERROR: unable to create JavaKeystore for SSL: file (%s)" % (fn) + sys.exit(1) + return ret + + +def main(): + + dirList = [ rangerBaseDirName, usersyncBaseDirName, confFolderName, certFolderName ] + for dir in dirList: + if (not os.path.isdir(dir)): + os.makedirs(dir,0750) + + defFileList = [ defaultSiteXMLFileName, log4jFileName ] + for defFile in defFileList: + fn = join(confDistDirName, defFile) + if ( isfile(fn) ): + shutil.copy(fn,join(confFolderName,defFile)) + + # + # Create JAVA_HOME setting in confFolderName + # + java_home_setter_fn = join(confFolderName, 'java_home.sh') + if isfile(java_home_setter_fn): + archiveFile(java_home_setter_fn) + jhf = open(java_home_setter_fn, 'w') + str = "export JAVA_HOME=%s\n" % os.environ['JAVA_HOME'] + jhf.write(str) + jhf.close() + os.chmod(java_home_setter_fn,0750) + + + if (not os.path.isdir(localConfFolderName)): + os.symlink(confFolderName, localConfFolderName) + + defaultProps = getXMLConfigMap(join(confFolderName,defaultSiteXMLFileName)) + installProps = getPropertiesConfigMap(join(installPropDirName,installPropFileName)) + modifiedInstallProps = convertInstallPropsToXML(installProps) + + mergeProps = {} + mergeProps.update(defaultProps) + mergeProps.update(modifiedInstallProps) + + localLogFolderName = mergeProps['ranger.usersync.logdir'] + if (not os.path.isdir(localLogFolderName)): + if (localLogFolderName != ugsyncLogFolderName): + os.symlink(ugsyncLogFolderName, localLogFolderName) + + if (not 'ranger.usersync.keystore.file' in mergeProps): + mergeProps['ranger.usersync.keystore.file'] = defaultKSFileName + + ksFileName = mergeProps['ranger.usersync.keystore.file'] + + if (not isfile(ksFileName)): + mergeProps['ranger.usersync.keystore.password'] = defaultKSPassword + createJavaKeystoreForSSL(ksFileName, defaultKSPassword) + + + + + fn = join(installTemplateDirName,templateFileName) + outfn = join(confFolderName, outputFileName) + writeXMLUsingProperties(fn, mergeProps, outfn) + + if ( os.path.isdir(logFolderName) ): + logStat = os.stat(logFolderName) + logStat.st_uid + logStat.st_gid + ownerName = pwd.getpwuid(logStat.st_uid).pw_name + groupName = pwd.getpwuid(logStat.st_uid).pw_name + else: + os.makedirs(logFolderName,logFolderPermMode) + + if (not os.path.isdir(pidFolderName)): + os.makedirs(pidFolderName,logFolderPermMode) + + if (not os.path.isdir(ugsyncLogFolderName)): + os.makedirs(ugsyncLogFolderName,logFolderPermMode) + + if (unixUserProp in mergeProps): + ownerName = mergeProps[unixUserProp] + else: + print "ERROR: Property [%s] not defined." % (unixUserProp) + sys.exit(1) + + if (unixGroupProp in mergeProps): + groupName = mergeProps[unixGroupProp] + else: + print "ERROR: Property [%s] not defined." % (unixGroupProp) + sys.exit(1) + + try: + ownerId = pwd.getpwnam(ownerName).pw_uid + except KeyError, e: + ownerId = createUser(ownerName, groupName) + + try: + groupId = grp.getgrnam(groupName).gr_gid + except KeyError, e: + groupId = createGroup(groupId) + + os.chown(logFolderName,ownerId,groupId) + os.chown(ugsyncLogFolderName,ownerId,groupId) + os.chown(pidFolderName,ownerId,groupId) + + initializeInitD() + + # + # Add password to crypt path + # + + cryptPath = mergeProps['ranger.usersync.credstore.filename'] + + for keyName,aliasName in PROP2ALIASMAP.iteritems() : + if (keyName in mergeProps): + keyPassword = mergeProps[keyName] + updateProppertyInJCKSFile(cryptPath,aliasName,keyPassword) + else: + updateProppertyInJCKSFile(cryptPath,aliasName," ") + + + fixPermList = [ "." ] + for d in dirList: + fixPermList.append(d) + + for dir in fixPermList: + for root, dirs, files in os.walk(dir): + os.chown(root, ownerId, groupId) + os.chmod(root,0755) + for obj in dirs: + dn = join(root,obj) + os.chown(dn, ownerId, groupId) + os.chmod(dn, 0755) + for obj in files: + fn = join(root,obj) + os.chown(fn, ownerId, groupId) + os.chmod(fn, 0750) + + if isfile(nativeAuthProgramName): + os.chown(nativeAuthProgramName, rootOwnerId, groupId) + os.chmod(nativeAuthProgramName, 04550) + else: + print "WARNING: Unix Authentication Program (%s) is not available for setting chmod(4550), chown(%s:%s) " % (nativeAuthProgramName, "root", groupName) + +main() http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/11bb55ba/unixauthservice/scripts/setup.sh ---------------------------------------------------------------------- diff --git a/unixauthservice/scripts/setup.sh b/unixauthservice/scripts/setup.sh index 858318c..ed64a36 100755 --- a/unixauthservice/scripts/setup.sh +++ b/unixauthservice/scripts/setup.sh @@ -15,371 +15,4 @@ # See the License for the specific language governing permissions and # limitations under the License. - -INSTALL_BASE=$PWD - -MOD_NAME="ranger-usersync" -unix_user=ranger -unix_group=ranger - -INSTALL_DIR=${INSTALL_BASE} -pidf=/var/run/ranger -curDt=`date '+%Y%m%d%H%M%S'` -LOGFILE=setup.log.$curDt - -log() { - local prefix="[$(date +%Y/%m/%d\ %H:%M:%S)]: " - echo "${prefix} $@" >> $LOGFILE - echo "${prefix} $@" -} - -mkdir -p ${pidf} -chown -R ${unix_user} ${pidf} - -# Ensure that the user is root -MY_ID=`id -u` -if [ "${MY_ID}" -ne 0 ] -then - echo "ERROR: You must run the installation as root user." - exit 1 -fi - -# Ensure JAVA_HOME is set -if [ "${JAVA_HOME}" == "" ] -then - echo "ERROR: JAVA_HOME environment property not defined, aborting installation" - exit 2 -fi - - -# Grep configuration properties from install.properties -cdir=`dirname $0` - -check_ret_status(){ - if [ $1 -ne 0 ]; then - log "[E] $2"; - exit 1; - fi -} - -check_ret_status_for_groupadd(){ -# 9 is the response if the group exists - if [ $1 -ne 0 ] && [ $1 -ne 9 ]; then - log "[E] $2"; - exit 1; - fi -} - -setup_unix_user_group(){ - - log "[I] Setting up UNIX user : ${unix_user} and group: ${unix_group}"; - - groupadd ${unix_group} - check_ret_status_for_groupadd $? "Creating group ${unix_group} failed" - - id -u ${unix_user} > /dev/null 2>&1 - - if [ $? -ne 0 ] - then - log "[I] Creating new user and adding to group"; - useradd ${unix_user} -g ${unix_group} -m - check_ret_status $? "useradd ${unix_user} failed" - else - log "[I] User already exists, adding it to group"; - usermod -g ${unix_group} ${unix_user} - fi - - log "[I] Setting up UNIX user : ${unix_user} and group: ${unix_group} DONE"; -} - -setup_unix_user_group - -POLICY_MGR_URL=`grep '^[ \t]*POLICY_MGR_URL[ \t]*=' ${cdir}/install.properties | awk -F= '{ print $2 }' | sed -e 's:[ \t]*::g'` -MIN_UNIX_USER_ID_TO_SYNC=`grep '^[ \t]*MIN_UNIX_USER_ID_TO_SYNC[ \t]*=' ${cdir}/install.properties | awk -F= '{ print $2 }' | sed -e 's:[ \t]*::g'` - -logdir=`grep '^[ \t]*logdir[ \t]*=' ${cdir}/install.properties | awk -F= '{ print $2 }' | sed -e 's:[ \t]*::g'` - -SYNC_SOURCE=`grep '^[ \t]*SYNC_SOURCE[ \t]*=' ${cdir}/install.properties | awk -F= '{ print $2 }' | sed -e 's:[ \t]*::g'` - -SYNC_INTERVAL=`grep '^[ \t]*SYNC_INTERVAL[ \t]*=' ${cdir}/install.properties | awk -F= '{ print $2 }' | sed -e 's:[ \t]*::g'` - -SYNC_LDAP_URL=`grep '^[ \t]*SYNC_LDAP_URL[ \t]*=' ${cdir}/install.properties | sed -e 's:^[ \t]*SYNC_LDAP_URL[ \t]*=[ \t]*::'` - -SYNC_LDAP_BIND_DN=`grep '^[ \t]*SYNC_LDAP_BIND_DN[ \t]*=' ${cdir}/install.properties | sed -e 's:^[ \t]*SYNC_LDAP_BIND_DN[ \t]*=[ \t]*::'` - -SYNC_LDAP_BIND_PASSWORD=`grep '^[ \t]*SYNC_LDAP_BIND_PASSWORD[ \t]*=' ${cdir}/install.properties | sed -e 's:^[ \t]*SYNC_LDAP_BIND_PASSWORD[ \t]*=[ \t]*::'` - -SYNC_LDAP_SEARCH_BASE=`grep '^[ \t]*SYNC_LDAP_SEARCH_BASE[ \t]*=' ${cdir}/install.properties | sed -e 's:^[ \t]*SYNC_LDAP_SEARCH_BASE[ \t]*=[ \t]*::'` -echo "$SYNC_LDAP_SEARCH_BASE" - -SYNC_LDAP_USER_SEARCH_BASE=`grep '^[ \t]*SYNC_LDAP_USER_SEARCH_BASE[ \t]*=' ${cdir}/install.properties | sed -e 's:^[ \t]*SYNC_LDAP_USER_SEARCH_BASE[ \t]*=[ \t]*::'` - -SYNC_LDAP_USER_SEARCH_SCOPE=`grep '^[ \t]*SYNC_LDAP_USER_SEARCH_SCOPE[ \t]*=' ${cdir}/install.properties | awk -F= '{ print $2 }' | sed -e 's:[ \t]*::g'` - -SYNC_LDAP_USER_OBJECT_CLASS=`grep '^[ \t]*SYNC_LDAP_USER_OBJECT_CLASS[ \t]*=' ${cdir}/install.properties | awk -F= '{ print $2 }' | sed -e 's:[ \t]*::g'` - -SYNC_LDAP_USER_SEARCH_FILTER=`grep '^[ \t]*SYNC_LDAP_USER_SEARCH_FILTER[ \t]*=' ${cdir}/install.properties | sed -e 's:^[ \t]*SYNC_LDAP_USER_SEARCH_FILTER[ \t]*=[ \t]*::'` - -SYNC_LDAP_USER_NAME_ATTRIBUTE=`grep '^[ \t]*SYNC_LDAP_USER_NAME_ATTRIBUTE[ \t]*=' ${cdir}/install.properties | awk -F= '{ print $2 }' | sed -e 's:[ \t]*::g'` - -SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE=`grep '^[ \t]*SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE[ \t]*=' ${cdir}/install.properties | awk -F= '{ print $2 }' | sed -e 's:[ \t]*::g'` - -SYNC_LDAP_USERNAME_CASE_CONVERSION=`grep '^[ \t]*SYNC_LDAP_USERNAME_CASE_CONVERSION[ \t]*=' ${cdir}/install.properties | awk -F= '{ print $2 }' | sed -e 's:[ \t]*::g'` - -SYNC_LDAP_GROUPNAME_CASE_CONVERSION=`grep '^[ \t]*SYNC_LDAP_GROUPNAME_CASE_CONVERSION[ \t]*=' ${cdir}/install.properties | awk -F= '{ print $2 }' | sed -e 's:[ \t]*::g'` - -SYNC_PAGED_RESULTS_ENABLED=`grep '^[ \t]*SYNC_PAGED_RESULTS_ENABLED[ \t]*=' ${cdir}/install.properties | awk -F= '{ print $2 }' | sed -e 's:[ \t]*::g'` -SYNC_PAGED_RESULTS_SIZE=`grep '^[ \t]*SYNC_PAGED_RESULTS_SIZE[ \t]*=' ${cdir}/install.properties | awk -F= '{ print $2 }' | sed -e 's:[ \t]*::g'` - - -SYNC_GROUP_SEARCH_ENABLED=`grep '^[ \t]*SYNC_GROUP_SEARCH_ENABLED[ \t]*=' ${cdir}/install.properties | awk -F= '{ print $2 }' | sed -e 's:[ \t]*::g'` -SYNC_GROUP_USER_MAP_SYNC_ENABLED=`grep '^[ \t]*SYNC_GROUP_USER_MAP_SYNC_ENABLED[ \t]*=' ${cdir}/install.properties | awk -F= '{ print $2 }' | sed -e 's:[ \t]*::g'` - -SYNC_GROUP_SEARCH_BASE=`grep '^[ \t]*SYNC_GROUP_SEARCH_BASE[ \t]*=' ${cdir}/install.properties | awk -F= '{ print $2 }' | sed -e 's:[ \t]*::g'` -SYNC_GROUP_SEARCH_SCOPE=`grep '^[ \t]*SYNC_GROUP_SEARCH_SCOPE[ \t]*=' ${cdir}/install.properties | awk -F= '{ print $2 }' | sed -e 's:[ \t]*::g'` -SYNC_GROUP_OBJECT_CLASS=`grep '^[ \t]*SYNC_GROUP_OBJECT_CLASS[ \t]*=' ${cdir}/install.properties | awk -F= '{ print $2 }' | sed -e 's:[ \t]*::g'` -SYNC_LDAP_GROUP_SEARCH_FILTER=`grep '^[ \t]*SYNC_LDAP_GROUP_SEARCH_FILTER[ \t]*=' ${cdir}/install.properties | sed -e 's:^[ \t]*SYNC_LDAP_GROUP_SEARCH_FILTER[ \t]*=[ \t]*::'` -SYNC_GROUP_NAME_ATTRIBUTE=`grep '^[ \t]*SYNC_GROUP_NAME_ATTRIBUTE[ \t]*=' ${cdir}/install.properties | awk -F= '{ print $2 }' | sed -e 's:[ \t]*::g'` -SYNC_GROUP_MEMBER_ATTRIBUTE_NAME=`grep '^[ \t]*SYNC_GROUP_MEMBER_ATTRIBUTE_NAME[ \t]*=' ${cdir}/install.properties | awk -F= '{ print $2 }' | sed -e 's:[ \t]*::g'` - - -if [ "${SYNC_LDAP_USERNAME_CASE_CONVERSION}" == "" ] -then - SYNC_LDAP_USERNAME_CASE_CONVERSION="none" -fi - -if [ "${SYNC_LDAP_GROUPNAME_CASE_CONVERSION}" == "" ] -then - SYNC_LDAP_GROUPNAME_CASE_CONVERSION="none" -fi - -SYNC_LDAP_BIND_KEYSTOREPATH=`grep '^[ \t]*CRED_KEYSTORE_FILENAME[ \t]*=' ${cdir}/install.properties | sed -e 's:^[ \t]*CRED_KEYSTORE_FILENAME[ \t]*=[ \t]*::'` - -SYNC_LDAP_BIND_ALIAS=ldap.bind.password - -if [ "${SYNC_INTERVAL}" != "" ] -then - SYNC_INTERVAL=$((${SYNC_INTERVAL}*60*1000)) -else - SYNC_INTERVAL=$((5*60*1000)) -fi - -if [ "${SYNC_SOURCE}" == "" ] -then - SYNC_SOURCE="org.apache.ranger.unixusersync.process.UnixUserGroupBuilder" -elif [ "${SYNC_SOURCE}" == "unix" ] -then - SYNC_SOURCE="org.apache.ranger.unixusersync.process.UnixUserGroupBuilder" -elif [ "${SYNC_SOURCE}" == "ldap" ] -then - SYNC_SOURCE="org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder" -else - echo "Unsupported value for SYNC_SOURCE: ${SYNC_SOURCE}, supported values: ldap, unix, default: unix" - exit 3 -fi - - -if [ "${SYNC_SOURCE}" == "org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder" ] -then - - if [ "${SYNC_INTERVAL}" == "" ] - then - SYNC_INTERVAL=$((360*60*1000)) - fi - - if [ "${SYNC_LDAP_URL}" == "" ] - then - echo "SYNC_LDAP_URL must be specified when SYNC_SOURCE is ldap" - exit 4 - fi - - if [ "${SYNC_LDAP_BIND_DN}" == "" ] - then - echo "SYNC_LDAP_BIND_DN must be specified when SYNC_SOURCE is ldap" - exit 5 - fi - - if [ "${SYNC_LDAP_USER_SEARCH_BASE}" == "" ] && [ "${SYNC_LDAP_SEARCH_BASE}" == "" ] - then - echo "SYNC_LDAP_USER_SEARCH_BASE or SYNC_LDAP_SEARCH_BASE must be specified when SYNC_SOURCE is ldap" - exit 6 - fi - - if [ "${SYNC_LDAP_USER_SEARCH_SCOPE}" == "" ] - then - SYNC_LDAP_USER_SEARCH_SCOPE="sub" - fi - - if [ "${SYNC_LDAP_USER_SEARCH_SCOPE}" != "base" ] && [ "${SYNC_LDAP_USER_SEARCH_SCOPE}" != "one" ] && [ "${SYNC_LDAP_USER_SEARCH_SCOPE}" != "sub" ] - then - echo "Unsupported value for SYNC_LDAP_USER_SEARCH_SCOPE: ${SYNC_LDAP_USER_SEARCH_SCOPE}, supported values: base, one, sub" - exit 7 - fi - - if [ "${SYNC_LDAP_USER_OBJECT_CLASS}" == "" ] - then - SYNC_LDAP_USER_OBJECT_CLASS="person" - fi - - if [ "${SYNC_LDAP_USER_NAME_ATTRIBUTE}" == "" ] - then - SYNC_LDAP_USER_NAME_ATTRIBUTE="cn" - fi - - if [ "${SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE}" == "" ] - then - SYNC_LDAP_USER_NAME_ATTRIBUTE="memberof,ismemberof" - fi - - # Store ldap bind password in credential store - if [[ "${SYNC_LDAP_BIND_ALIAS}" != "" && "${SYNC_LDAP_BIND_KEYSTOREPATH}" != "" ]] - then - echo "Storing ldap bind password in credential store" - mkdir -p `dirname "${SYNC_LDAP_BIND_KEYSTOREPATH}"` - chown ${unix_user}:${unix_group} `dirname "${SYNC_LDAP_BIND_KEYSTOREPATH}"` - $JAVA_HOME/bin/java -cp "./lib/*" org.apache.ranger.credentialapi.buildks create $SYNC_LDAP_BIND_ALIAS -value $SYNC_LDAP_BIND_PASSWORD -provider jceks://file$SYNC_LDAP_BIND_KEYSTOREPATH - SYNC_LDAP_BIND_PASSWORD="_" - fi - -fi -# END Grep configuration properties from install.properties - -# changing ownership for ranger-usersync install directory -if [ -d ${INSTALL_DIR} ]; then - chown -R ${unix_user}:${unix_group} ${INSTALL_DIR} -fi - - -# Create $INSTALL_DIR/conf/unixauthservice.properties - -if [ ! -d conf ]; then - #Manual install - log "[I] Copying conf.dist conf" - mkdir conf - cp conf.dist/* conf - chown ${unix_user}:${unix_group} conf - chmod 750 conf -fi -if [ ! -f conf/cert/unixauthservice.jks ] -then - if [ ! -d conf/cert ] - then - mkdir -p conf/cert - fi - ${JAVA_HOME}/bin/keytool -genkeypair -keyalg RSA -alias selfsigned -keystore conf/cert/unixauthservice.jks \ - -keypass UnIx529p -storepass UnIx529p -validity 360 -keysize 2048 \ - -dname "cn=unixauthservice,ou=authenticator,o=mycompany,c=US" - - chmod o-rwx conf/cert/unixauthservice.jks - chgrp ${unix_group} conf/cert/unixauthservice.jks - -fi - -echo "export JAVA_HOME=${JAVA_HOME}" > conf/java_home.sh -chmod a+rx conf/java_home.sh - -if [ ! -d logs ]; then - #Manual install - log "[I] Creating logs folder" - mkdir logs - chown ${unix_user}:${unix_group} logs -fi - - -CFG_FILE="${cdir}/conf/unixauthservice.properties" -NEW_CFG_FILE=${cdir}/conf/unixauthservice.properties.tmp - -if [ -f ${CFG_FILE} ] -then - sed \ - -e "s|^\( *usergroupSync.policymanager.baseURL *=\).*|\1 ${POLICY_MGR_URL}|" \ - -e "s|^\( *usergroupSync.unix.minUserId *=\).*|\1 ${MIN_UNIX_USER_ID_TO_SYNC}|" \ - -e "s|^\( *usergroupSync.sleepTimeInMillisBetweenSyncCycle *=\).*|\1 ${SYNC_INTERVAL}|" \ - -e "s|^\( *usergroupSync.source.impl.class *=\).*|\1 ${SYNC_SOURCE}|" \ - -e "s|^\( *ldapGroupSync.ldapUrl *=\).*|\1 ${SYNC_LDAP_URL}|" \ - -e "s|^\( *ldapGroupSync.ldapBindDn *=\).*|\1 ${SYNC_LDAP_BIND_DN}|" \ - -e "s|^\( *ldapGroupSync.ldapBindPassword *=\).*|\1 ${SYNC_LDAP_BIND_PASSWORD}|" \ - -e "s|^\( *ldapGroupSync.ldapBindKeystore *=\).*|\1 ${SYNC_LDAP_BIND_KEYSTOREPATH}|" \ - -e "s|^\( *ldapGroupSync.ldapBindAlias *=\).*|\1 ${SYNC_LDAP_BIND_ALIAS}|" \ - -e "s|^\( *ldapGroupSync.searchBase *=\).*|\1 ${SYNC_LDAP_SEARCH_BASE}|" \ - -e "s|^\( *ldapGroupSync.userSearchScope *=\).*|\1 ${SYNC_LDAP_USER_SEARCH_SCOPE}|" \ - -e "s|^\( *ldapGroupSync.userObjectClass *=\).*|\1 ${SYNC_LDAP_USER_OBJECT_CLASS}|" \ - -e "s%^\( *ldapGroupSync.userSearchFilter *=\).*%\1 ${SYNC_LDAP_USER_SEARCH_FILTER}%" \ - -e "s|^\( *ldapGroupSync.userNameAttribute *=\).*|\1 ${SYNC_LDAP_USER_NAME_ATTRIBUTE}|" \ - -e "s|^\( *ldapGroupSync.userGroupNameAttribute *=\).*|\1 ${SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE}|" \ - -e "s|^\( *ldapGroupSync.username.caseConversion *=\).*|\1 ${SYNC_LDAP_USERNAME_CASE_CONVERSION}|" \ - -e "s|^\( *ldapGroupSync.groupname.caseConversion *=\).*|\1 ${SYNC_LDAP_GROUPNAME_CASE_CONVERSION}|" \ - -e "s|^\( *logdir *=\).*|\1 ${logdir}|" \ - -e "s|^\( *ldapGroupSync.pagedResultsEnabled *=\).*|\1 ${SYNC_PAGED_RESULTS_ENABLED}|" \ - -e "s|^\( *ldapGroupSync.pagedResultsSize *=\).*|\1 ${SYNC_PAGED_RESULTS_SIZE}|" \ - -e "s|^\( *ldapGroupSync.groupSearchEnabled *=\).*|\1 ${SYNC_GROUP_SEARCH_ENABLED}|" \ - -e "s|^\( *ldapGroupSync.groupUserMapSyncEnabled *=\).*|\1 ${SYNC_GROUP_USER_MAP_SYNC_ENABLED}|" \ - -e "s|^\( *ldapGroupSync.groupSearchBase *=\).*|\1 ${SYNC_GROUP_SEARCH_BASE}|" \ - -e "s|^\( *ldapGroupSync.groupSearchScope *=\).*|\1 ${SYNC_GROUP_SEARCH_SCOPE}|" \ - -e "s|^\( *ldapGroupSync.groupObjectClass *=\).*|\1 ${SYNC_GROUP_OBJECT_CLASS}|" \ - -e "s|^\( *ldapGroupSync.groupSearchFilter *=\).*|\1 ${SYNC_GROUP_SEARCH_FILTER}|" \ - -e "s|^\( *ldapGroupSync.groupNameAttribute *=\).*|\1 ${SYNC_GROUP_NAME_ATTRIBUTE}|" \ - -e "s|^\( *ldapGroupSync.groupMemberAttributeName *=\).*|\1 ${SYNC_GROUP_MEMBER_ATTRIBUTE_NAME}|" \ - ${CFG_FILE} > ${NEW_CFG_FILE} - - echo "<${logdir}> ${CFG_FILE} > ${NEW_CFG_FILE}" -else - echo "ERROR: Required file, not found: ${CFG_FILE}, Aborting installation" - exit 8 -fi - -mv ${cdir}/conf/unixauthservice.properties ${cdir}/conf/unixauthservice.properties.${curDt} -mv ${cdir}/conf/unixauthservice.properties.tmp ${cdir}/conf/unixauthservice.properties - -#END Create $INSTALL_DIR/conf/unixauthservice.properties - -#Update native exe -#ranger-usersync/native/credValidator.uexe -if [ -f ${cdir}/native/credValidator.uexe ]; then - chmod 750 ${cdir}/native/credValidator.uexe - chown root ${cdir}/native/credValidator.uexe - chgrp $unix_group ${cdir}/native/credValidator.uexe - chmod u+s ${cdir}/native/credValidator.uexe -fi - -# Install the init.d process in /etc/init.d and create appropriate link to /etc/rc2.d folder -if [ -d /etc/init.d ] -then - cp ${cdir}/initd /etc/init.d/${MOD_NAME} - chmod +x /etc/init.d/${MOD_NAME} - - if [ -d /etc/rc2.d ] - then - echo "Creating boot script S99${MOD_NAME} in rc2.d directory .... " - ln -sf /etc/init.d/${MOD_NAME} /etc/rc2.d/S99${MOD_NAME} - ln -sf /etc/init.d/${MOD_NAME} /etc/rc2.d/K00${MOD_NAME} - fi - if [ -d /etc/rc3.d ] - then - echo "Creating boot script S99${MOD_NAME} in rc3.d directory .... " - ln -sf /etc/init.d/${MOD_NAME} /etc/rc3.d/S99${MOD_NAME} - ln -sf /etc/init.d/${MOD_NAME} /etc/rc3.d/K00${MOD_NAME} - fi - - # SUSE has rc2.d and rc3.d under /etc/rc.d - if [ -d /etc/rc.d/rc2.d ] - then - echo "Creating boot script S99${MOD_NAME} in rc2.d directory .... " - ln -sf /etc/init.d/${MOD_NAME} /etc/rc.d/rc2.d/S99${MOD_NAME} - ln -sf /etc/init.d/${MOD_NAME} /etc/rc.d/rc2.d/K00${MOD_NAME} - fi - if [ -d /etc/rc.d/rc3.d ] - then - echo "Creating boot script S99${MOD_NAME} in rc3.d directory .... " - ln -sf /etc/init.d/${MOD_NAME} /etc/rc.d/rc3.d/S99${MOD_NAME} - ln -sf /etc/init.d/${MOD_NAME} /etc/rc.d/rc3.d/K00${MOD_NAME} - fi - -fi - -# Create SoftLink of ranger-usersync-services to /usr/bin/ -ln -sf ${INSTALL_DIR}/ranger-usersync-services.sh /usr/bin/${MOD_NAME} -chmod ug+rx /usr/bin/${MOD_NAME} - -# Start the service -#service ${MOD_NAME} start +./setup.py http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/11bb55ba/unixauthservice/scripts/templates/installprop2xml.properties ---------------------------------------------------------------------- diff --git a/unixauthservice/scripts/templates/installprop2xml.properties b/unixauthservice/scripts/templates/installprop2xml.properties new file mode 100644 index 0000000..f102b52 --- /dev/null +++ b/unixauthservice/scripts/templates/installprop2xml.properties @@ -0,0 +1,50 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +POLICY_MGR_URL = ranger.usersync.policymanager.baseURL +MIN_UNIX_USER_ID_TO_SYNC = ranger.usersync.unix.minUserId +SYNC_INTERVAL = ranger.usersync.sleeptimeinmillisbetweensynccycle +SYNC_LDAP_URL = ranger.usersync.ldap.url +SYNC_LDAP_BIND_DN = ranger.usersync.ldap.binddn +SYNC_LDAP_BIND_PASSWORD = ranger.usersync.ldap.ldapbindpassword +CRED_KEYSTORE_FILENAME= ranger.usersync.credstore.filename +SYNC_LDAP_SEARCH_BASE = ranger.usersync.ldap.searchBase +SYNC_LDAP_USER_SEARCH_BASE = ranger.usersync.ldap.user.searchbase +SYNC_LDAP_USER_SEARCH_SCOPE = ranger.usersync.ldap.user.searchscope +SYNC_LDAP_USER_OBJECT_CLASS = ranger.usersync.ldap.user.objectclass +SYNC_LDAP_USER_SEARCH_FILTER = ranger.usersync.ldap.user.searchfilter +SYNC_LDAP_USER_NAME_ATTRIBUTE = ranger.usersync.ldap.user.nameattribute +SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE = ranger.usersync.ldap.user.groupnameattribute +SYNC_LDAP_USERNAME_CASE_CONVERSION = ranger.usersync.ldap.username.caseconversion +SYNC_LDAP_GROUPNAME_CASE_CONVERSION = ranger.usersync.ldap.groupname.caseconversion +logdir=ranger.usersync.logdir +SYNC_GROUP_SEARCH_ENABLED = ranger.usersync.group.searchenabled +SYNC_GROUP_USER_MAP_SYNC_ENABLED = ranger.usersync.group.usermapsyncenabled +SYNC_GROUP_SEARCH_BASE=ranger.usersync.group.searchbase +SYNC_GROUP_SEARCH_SCOPE=ranger.usersync.group.searchscope +SYNC_GROUP_OBJECT_CLASS=ranger.usersync.group.objectclass +SYNC_LDAP_GROUP_SEARCH_FILTER=ranger.usersync.group.searchfilter +SYNC_GROUP_NAME_ATTRIBUTE=ranger.usersync.group.nameattribute +SYNC_GROUP_MEMBER_ATTRIBUTE_NAME=ranger.usersync.group.memberattributename +SYNC_PAGED_RESULTS_ENABLED=ranger.usersync.pagedresultsenabled +SYNC_PAGED_RESULTS_SIZE=ranger.usersync.pagedresultssize +SYNC_SOURCE = SYNC_SOURCE +unix_user = unix_user +unix_group = unix_group +AUTH_SSL_KEYSTORE_FILE = ranger.usersync.keystore.file +AUTH_SSL_KEYSTORE_PASSWORD = ranger.usersync.keystore.password +AUTH_SSL_TRUSTSTORE_FILE = ranger.usersync.truststore.file +AUTH_SSL_TRUSTSTORE_PASSWORD = ranger.usersync.truststore.password +AUTH_SSL_ENABLED = ranger.usersync.enabled http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/11bb55ba/unixauthservice/scripts/templates/ranger-ugsync-template.xml ---------------------------------------------------------------------- diff --git a/unixauthservice/scripts/templates/ranger-ugsync-template.xml b/unixauthservice/scripts/templates/ranger-ugsync-template.xml new file mode 100644 index 0000000..15a04dc --- /dev/null +++ b/unixauthservice/scripts/templates/ranger-ugsync-template.xml @@ -0,0 +1,168 @@ +<?xml version="1.0"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> +<configuration xmlns:xi="http://www.w3.org/2001/XInclude";> + <property> + <name>ranger.usersync.credstore.filename</name> + <value></value> + </property> + <property> + <name>ranger.usersync.enabled</name> + <value></value> + </property> + <property> + <name>ranger.usersync.group.memberattributename</name> + <value></value> + </property> + <property> + <name>ranger.usersync.group.nameattribute</name> + <value></value> + </property> + <property> + <name>ranger.usersync.group.objectclass</name> + <value></value> + </property> + <property> + <name>ranger.usersync.group.searchbase</name> + <value></value> + </property> + <property> + <name>ranger.usersync.group.searchenabled</name> + <value></value> + </property> + <property> + <name>ranger.usersync.group.searchfilter</name> + <value></value> + </property> + <property> + <name>ranger.usersync.group.searchscope</name> + <value></value> + </property> + <property> + <name>ranger.usersync.group.usermapsyncenabled</name> + <value></value> + </property> + <property> + <name>ranger.usersync.ldap.binddn</name> + <value></value> + </property> + <property> + <name>ranger.usersync.ldap.groupname.caseconversion</name> + <value></value> + </property> + <property> + <name>ranger.usersync.ldap.ldapbindpassword</name> + <value></value> + </property> + <property> + <name>ranger.usersync.ldap.searchBase</name> + <value></value> + </property> + <property> + <name>ranger.usersync.ldap.url</name> + <value></value> + </property> + <property> + <name>ranger.usersync.ldap.user.groupnameattribute</name> + <value></value> + </property> + <property> + <name>ranger.usersync.ldap.user.nameattribute</name> + <value></value> + </property> + <property> + <name>ranger.usersync.ldap.user.objectclass</name> + <value></value> + </property> + <property> + <name>ranger.usersync.ldap.user.searchbase</name> + <value></value> + </property> + <property> + <name>ranger.usersync.ldap.user.searchfilter</name> + <value></value> + </property> + <property> + <name>ranger.usersync.ldap.user.searchscope</name> + <value></value> + </property> + <property> + <name>ranger.usersync.ldap.username.caseconversion</name> + <value></value> + </property> + <property> + <name>ranger.usersync.logdir</name> + <value></value> + </property> + <property> + <name>ranger.usersync.pagedresultsenabled</name> + <value></value> + </property> + <property> + <name>ranger.usersync.pagedresultssize</name> + <value></value> + </property> + <property> + <name>ranger.usersync.passwordvalidator.path</name> + <value></value> + </property> + <property> + <name>ranger.usersync.policymanager.baseURL</name> + <value></value> + </property> + <property> + <name>ranger.usersync.policymanager.maxrecordsperapicall</name> + <value></value> + </property> + <property> + <name>ranger.usersync.policymanager.mockrun</name> + <value></value> + </property> + <property> + <name>ranger.usersync.port</name> + <value></value> + </property> + <property> + <name>ranger.usersync.sink.impl.class</name> + <value></value> + </property> + <property> + <name>ranger.usersync.sleeptimeinmillisbetweensynccycle</name> + <value></value> + </property> + <property> + <name>ranger.usersync.source.impl.class</name> + <value></value> + </property> + <property> + <name>ranger.usersync.ssl</name> + <value></value> + </property> + <property> + <name>ranger.usersync.unix.minUserId</name> + <value></value> + </property> + <property> + <name>ranger.usersync.keystore.file</name> + <value></value> + </property> + <property> + <name>ranger.usersync.truststore.file</name> + <value></value> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/11bb55ba/unixauthservice/scripts/update_property.py ---------------------------------------------------------------------- diff --git a/unixauthservice/scripts/update_property.py b/unixauthservice/scripts/update_property.py new file mode 100644 index 0000000..ba2aec8 --- /dev/null +++ b/unixauthservice/scripts/update_property.py @@ -0,0 +1,40 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import sys +import os +from xml.etree import ElementTree as ET + +def write_properties_to_xml(xml_path, property_name='', property_value=''): + if(os.path.isfile(xml_path)): + xml = ET.parse(xml_path) + root = xml.getroot() + for child in root.findall('property'): + name = child.find("name").text.strip() + if name == property_name: + child.find("value").text = property_value + xml.write(xml_path) + return 0 + else: + return -1 + + + +if __name__ == '__main__': + if(len(sys.argv) > 1): + parameter_name = sys.argv[1] if len(sys.argv) > 1 else None + parameter_value = sys.argv[2] if len(sys.argv) > 2 else None + ranger_admin_site_xml_path = sys.argv[3] if len(sys.argv) > 3 else None + write_properties_to_xml(ranger_admin_site_xml_path,parameter_name,parameter_value) http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/11bb55ba/unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java ---------------------------------------------------------------------- diff --git a/unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java b/unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java index 01ad7f4..e9e5272 100644 --- a/unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java +++ b/unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java @@ -41,9 +41,15 @@ import javax.net.ssl.SSLServerSocket; import javax.net.ssl.SSLServerSocketFactory; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; import org.apache.log4j.Logger; import org.apache.ranger.usergroupsync.UserGroupSync; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; public class UnixAuthenticationService { @@ -52,15 +58,15 @@ public class UnixAuthenticationService { private static final String serviceName = "UnixAuthenticationService" ; private static final String SSL_ALGORITHM = "TLS" ; - private static final String REMOTE_LOGIN_AUTH_SERVICE_PORT_PARAM = "authServicePort" ; - private static final String SSL_KEYSTORE_PATH_PARAM = "keyStore" ; - private static final String SSL_KEYSTORE_PATH_PASSWORD_PARAM = "keyStorePassword" ; - private static final String SSL_TRUSTSTORE_PATH_PARAM = "trustStore" ; - private static final String SSL_TRUSTSTORE_PATH_PASSWORD_PARAM = "trustStorePassword" ; - private static final String CRED_VALIDATOR_PROG = "passwordValidatorPath" ; + private static final String REMOTE_LOGIN_AUTH_SERVICE_PORT_PARAM = "ranger.usersync.port" ; + private static final String SSL_KEYSTORE_PATH_PARAM = "ranger.usersync.keystore.file" ; + private static final String SSL_KEYSTORE_PATH_PASSWORD_PARAM = "ranger.usersync.keystore.password" ; + private static final String SSL_TRUSTSTORE_PATH_PARAM = "ranger.usersync.truststore.file" ; + private static final String SSL_TRUSTSTORE_PATH_PASSWORD_PARAM = "ranger.usersync.truststore.password" ; + private static final String CRED_VALIDATOR_PROG = "ranger.usersync.passwordvalidator.path" ; private static final String ADMIN_USER_LIST_PARAM = "admin.users" ; private static final String ADMIN_ROLE_LIST_PARAM = "admin.roleNames" ; - private static final String SSL_ENABLED_PARAM = "useSSL" ; + private static final String SSL_ENABLED_PARAM = "ranger.usersync.ssl" ; private String keyStorePath ; private String keyStorePathPassword ; @@ -127,11 +133,51 @@ public class UnixAuthenticationService { //TODO: add more validation code private void init() throws Throwable { Properties prop = new Properties() ; - InputStream in = getFileInputStream("unixauthservice.properties") ; + InputStream in = getFileInputStream("ranger-ugsync-site.xml") ; if (in != null) { try { - prop.load(in); +// prop.load(in); + DocumentBuilderFactory xmlDocumentBuilderFactory = DocumentBuilderFactory + .newInstance(); + xmlDocumentBuilderFactory.setIgnoringComments(true); + xmlDocumentBuilderFactory.setNamespaceAware(true); + DocumentBuilder xmlDocumentBuilder = xmlDocumentBuilderFactory + .newDocumentBuilder(); + Document xmlDocument = xmlDocumentBuilder.parse(in); + xmlDocument.getDocumentElement().normalize(); + + NodeList nList = xmlDocument + .getElementsByTagName("property"); + + for (int temp = 0; temp < nList.getLength(); temp++) { + + Node nNode = nList.item(temp); + + if (nNode.getNodeType() == Node.ELEMENT_NODE) { + + Element eElement = (Element) nNode; + + String propertyName = ""; + String propertyValue = ""; + if (eElement.getElementsByTagName("name").item( + 0) != null) { + propertyName = eElement + .getElementsByTagName("name") + .item(0).getTextContent().trim(); + } + if (eElement.getElementsByTagName("value") + .item(0) != null) { + propertyValue = eElement + .getElementsByTagName("value") + .item(0).getTextContent().trim(); + } + + LOG.info("Adding Property:[" + propertyName + "] Value:"+ propertyValue); + prop.put(propertyName, propertyValue); + + } + } } finally { try {
