RANGER-506:Update password script should update the right config file Signed-off-by: sneethiraj <[email protected]>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/ab4683eb Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/ab4683eb Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/ab4683eb Branch: refs/heads/tag-policy Commit: ab4683eb1fa325494b36b516ef2d80a2962f4548 Parents: 94ba6be Author: Gautam Borad <[email protected]> Authored: Sat May 30 17:44:37 2015 +0530 Committer: sneethiraj <[email protected]> Committed: Sat May 30 23:15:04 2015 -0400 ---------------------------------------------------------------------- .../resources/conf.dist/ranger-admin-site.xml | 2 +- .../process/PolicyMgrUserGroupBuilder.java | 4 + .../config/UserGroupSyncConfig.java | 9 +- unixauthservice/scripts/setup.py | 4 + .../scripts/updatepolicymgrpassword.py | 105 +++++++------------ .../UnixAuthenticationService.java | 2 +- 6 files changed, 49 insertions(+), 77 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ab4683eb/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml ---------------------------------------------------------------------- diff --git a/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml b/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml index 2660e19..822a507 100644 --- a/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml +++ b/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml @@ -180,7 +180,7 @@ <property> <name>ranger.service.https.attrib.keystore.pass</name> - <value>ranger</value> + <value>_</value> </property> <property> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ab4683eb/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/PolicyMgrUserGroupBuilder.java ---------------------------------------------------------------------- diff --git a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/PolicyMgrUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/PolicyMgrUserGroupBuilder.java index 2013f1c..c99f7a0 100644 --- a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/PolicyMgrUserGroupBuilder.java +++ b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/PolicyMgrUserGroupBuilder.java @@ -673,6 +673,10 @@ public class PolicyMgrUserGroupBuilder implements UserGroupSink { if(ret!=null){ String username = config.getPolicyMgrUserName(); String password = config.getPolicyMgrPassword(); + if(username==null||password==null||username.trim().isEmpty()||password.trim().isEmpty()){ + username=config.getDefaultPolicyMgrUserName(); + password=config.getDefaultPolicyMgrPassword(); + } if(username!=null && password!=null){ ret.addFilter(new HTTPBasicAuthFilter(username, password)); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ab4683eb/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java ---------------------------------------------------------------------- diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java index 5aba0e9..d9efe1a 100644 --- a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java +++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java @@ -88,7 +88,7 @@ public class UserGroupSyncConfig { private static final String LGSYNC_LDAP_BIND_DN = "ranger.usersync.ldap.binddn"; - private static final String LGSYNC_LDAP_BIND_KEYSTORE = "ranger.usersync.ldap.bindkeystore"; + private static final String LGSYNC_LDAP_BIND_KEYSTORE = "ranger.usersync.credstore.filename"; private static final String LGSYNC_LDAP_BIND_ALIAS = "ranger.usersync.ldap.bindalias"; @@ -422,18 +422,17 @@ public class UserGroupSyncConfig { if (prop == null) { return null; } - if(prop.containsKey(LGSYNC_LDAP_BIND_KEYSTORE) && prop.containsKey(LGSYNC_LDAP_BIND_ALIAS)){ + if(prop.containsKey(LGSYNC_LDAP_BIND_KEYSTORE)){ String path=prop.getProperty(LGSYNC_LDAP_BIND_KEYSTORE); - String alias=prop.getProperty(LGSYNC_LDAP_BIND_ALIAS); + String alias=LGSYNC_LDAP_BIND_ALIAS; if(path!=null && alias!=null){ if(!path.trim().isEmpty() && !alias.trim().isEmpty()){ String password=CredentialReader.getDecryptedString(path.trim(),alias.trim()); if(password!=null&& !password.trim().isEmpty() && !password.trim().equalsIgnoreCase("none")){ prop.setProperty(LGSYNC_LDAP_BIND_PASSWORD,password); - //System.out.println("Password IS :"+password); } } - } + } } return prop.getProperty(LGSYNC_LDAP_BIND_PASSWORD); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ab4683eb/unixauthservice/scripts/setup.py ---------------------------------------------------------------------- diff --git a/unixauthservice/scripts/setup.py b/unixauthservice/scripts/setup.py index e45ea63..5ba50d3 100755 --- a/unixauthservice/scripts/setup.py +++ b/unixauthservice/scripts/setup.py @@ -141,8 +141,12 @@ def getPropertiesKeyList(configFileName): def writeXMLUsingProperties(xmlTemplateFileName,prop,xmlOutputFileName): tree = ET.parse(xmlTemplateFileName) root = tree.getroot() + prop_arr =["ranger.usersync.ldap.ldapbindpassword", "ranger.usersync.keystore.password","ranger.usersync.truststore.password","ranger.usersync.policymgr"] for config in root.findall('property'): name = config.find('name').text + if name in prop_arr: + config.find('value').text = "_" + continue if (name in prop.keys()): config.find('value').text = str(prop[name]) #else: http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ab4683eb/unixauthservice/scripts/updatepolicymgrpassword.py ---------------------------------------------------------------------- diff --git a/unixauthservice/scripts/updatepolicymgrpassword.py b/unixauthservice/scripts/updatepolicymgrpassword.py index b07458b..92c4805 100644 --- a/unixauthservice/scripts/updatepolicymgrpassword.py +++ b/unixauthservice/scripts/updatepolicymgrpassword.py @@ -23,6 +23,8 @@ import platform import fileinput import getpass import shutil +from xml.etree import ElementTree as ET +import update_property from os.path import basename from subprocess import Popen,PIPE from datetime import date @@ -52,75 +54,37 @@ def log(msg,type): if type == 'error': logging.error(" %s",msg) -def populate_global_dict(): - global globalDict - read_config_file = open(os.path.join(os.getcwd(),'install.properties')) - for each_line in read_config_file.read().split('\n') : - if len(each_line) == 0 : continue - if re.search('=', each_line): - key , value = each_line.strip().split("=",1) - key = key.strip() - value = value.strip() - globalDict[key] = value - -def ModConfig(File, Variable, Setting): - """ - Modify Config file variable with new setting - """ - VarFound = False - AlreadySet = False - V=str(Variable) - S=str(Setting) - # use quotes if setting has spaces # - if ' ' in S: - S = '"%s"' % S - - for line in fileinput.input(File, inplace = 1): - # process lines that look like config settings # - if not line.lstrip(' ').startswith('#') and '=' in line: - _infile_var = str(line.split('=')[0].rstrip(' ')) - _infile_set = str(line.split('=')[1].lstrip(' ').rstrip()) - # only change the first matching occurrence # - if VarFound == False and _infile_var.rstrip(' ') == V: - VarFound = True - # don't change it if it is already set # - if _infile_set.lstrip(' ') == S: - AlreadySet = True - else: - line = "%s = %s\n" % (V, S) - - sys.stdout.write(line) - - # Append the variable if it wasn't found # - if not VarFound: - print "property '%s' not found. Adding it to %s" % (V, File) - with open(File, "a") as f: - f.write("%s = %s\n" % (V, S)) - elif AlreadySet == True: - print "property '%s' unchanged" % (V) +def import_properties_from_xml(xml_path, properties_from_xml=None): + print('getting values from file : ' + str(xml_path)) + if os.path.isfile(xml_path): + xml = ET.parse(xml_path) + root = xml.getroot() + if properties_from_xml is None: + properties_from_xml = dict() + for child in root.findall('property'): + name = child.find("name").text.strip() + value = child.find("value").text.strip() if child.find("value").text is not None else "" + properties_from_xml[name] = value else: - print "property '%s' modified to '%s'" % (V, S) + print('XML file not found at path : ' + str(xml_path)) + return properties_from_xml - return def main(): - + global globalDict FORMAT = '%(asctime)-15s %(message)s' logging.basicConfig(format=FORMAT, level=logging.DEBUG) - populate_global_dict() - SYNC_LDAP_BIND_KEYSTOREPATH=globalDict['CRED_KEYSTORE_FILENAME'] - SYNC_POLICY_MGR_ALIAS="policymgr.user.password" - SYNC_POLICY_MGR_PASSWORD = '' - SYNC_POLICY_MGR_USERNAME = '' - JAVA_BIN = '' - unix_user = "ranger" - unix_group = "ranger" + CFG_FILE=os.path.join(os.getcwd(),'conf','ranger-ugsync-site.xml') + if os.path.isfile(CFG_FILE): + pass + else: + log("[E] Required file not found: ["+CFG_FILE+"]","error") + sys.exit(1) if os.environ['JAVA_HOME'] == "": log("[E] ---------- JAVA_HOME environment property not defined, aborting installation. ----------", "error") sys.exit(1) - JAVA_BIN=os.path.join(os.environ['JAVA_HOME'],'bin','java') if os_name == "WINDOWS" : JAVA_BIN = JAVA_BIN+'.exe' @@ -130,9 +94,17 @@ def main(): while os.path.isfile(JAVA_BIN) == False: log("Enter java executable path: :","info") JAVA_BIN=raw_input() - log("[I] Using Java:" + str(JAVA_BIN),"info") + globalDict=import_properties_from_xml(CFG_FILE,globalDict) + SYNC_LDAP_BIND_KEYSTOREPATH=globalDict['ranger.usersync.credstore.filename'] + log("[I] SYNC_LDAP_BIND_KEYSTOREPATH:" + str(SYNC_LDAP_BIND_KEYSTOREPATH),"info") + SYNC_POLICY_MGR_ALIAS="ranger.usersync.policymgr.password" + SYNC_POLICY_MGR_PASSWORD = '' + SYNC_POLICY_MGR_USERNAME = '' + unix_user = "ranger" + unix_group = "ranger" + while SYNC_POLICY_MGR_USERNAME == "": print "Enter policymgr user name:" SYNC_POLICY_MGR_USERNAME=raw_input() @@ -148,18 +120,12 @@ def main(): cmd="chown %s:%s %s" %(unix_user,unix_group,SYNC_LDAP_BIND_KEYSTOREPATH) ret=subprocess.call(shlex.split(cmd)) if ret == 0: - CFG_FILE=os.path.join(os.getcwd(),'conf','unixauthservice.properties') - NEW_CFG_FILE=os.path.join(os.getcwd(),'conf','unixauthservice.properties.tmp') if os.path.isfile(CFG_FILE): - shutil.copyfile(CFG_FILE, NEW_CFG_FILE) - ModConfig(NEW_CFG_FILE, "userSync.policyMgrUserName", SYNC_POLICY_MGR_USERNAME) - ModConfig(NEW_CFG_FILE, "userSync.policyMgrKeystore", SYNC_LDAP_BIND_KEYSTOREPATH) - ModConfig(NEW_CFG_FILE, "userSync.policyMgrAlias", SYNC_POLICY_MGR_ALIAS) - now = datetime.now() - shutil.copyfile(CFG_FILE, CFG_FILE+"."+now.strftime('%Y%m%d%H%M%S')) - shutil.copyfile(NEW_CFG_FILE,CFG_FILE) + update_property.write_properties_to_xml(CFG_FILE,"ranger.usersync.policymgr.username",SYNC_POLICY_MGR_USERNAME) + update_property.write_properties_to_xml(CFG_FILE,"ranger.usersync.policymgr.keystore",SYNC_LDAP_BIND_KEYSTOREPATH) + update_property.write_properties_to_xml(CFG_FILE,"ranger.usersync.policymgr.alias",SYNC_POLICY_MGR_ALIAS) else: - log("[E] Required file not found: ["+CFG_FILE+"]","error") + log("[E] Required file not found: ["+CFG_FILE+"]","error") else: log("[E] unable to execute command ["+cmd+"]","error") else: @@ -167,5 +133,4 @@ def main(): else: log("[E] Input Error","error") - main() http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/ab4683eb/unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java ---------------------------------------------------------------------- diff --git a/unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java b/unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java index ff2838f..16e7324 100644 --- a/unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java +++ b/unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java @@ -184,7 +184,7 @@ public class UnixAuthenticationService { .item(0).getTextContent().trim(); } - LOG.info("Adding Property:[" + propertyName + "] Value:["+ propertyValue + "]"); + //LOG.info("Adding Property:[" + propertyName + "] Value:["+ propertyValue + "]"); if (prop.get(propertyName) != null ) { prop.remove(propertyName) ; }
