RANGER-566: modified to use private synonym for ranger-admin installation on oracle
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/088f3cf6 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/088f3cf6 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/088f3cf6 Branch: refs/heads/tag-policy Commit: 088f3cf6aea19e4b46d5296fd2c17bdd87111fc5 Parents: 0614046 Author: sneethiraj <[email protected]> Authored: Tue Jun 23 21:54:27 2015 -0700 Committer: sneethiraj <[email protected]> Committed: Tue Jun 23 21:54:27 2015 -0700 ---------------------------------------------------------------------- security-admin/db/oracle/xa_core_db_oracle.sql | 3 --- security-admin/scripts/db_setup.py | 27 ++++++++++++++++++++ security-admin/scripts/dba_script.py | 28 ++++++++++----------- security-admin/scripts/setup.sh | 4 +-- 4 files changed, 43 insertions(+), 19 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/088f3cf6/security-admin/db/oracle/xa_core_db_oracle.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/oracle/xa_core_db_oracle.sql b/security-admin/db/oracle/xa_core_db_oracle.sql index 9cc22ff..2ede810 100644 --- a/security-admin/db/oracle/xa_core_db_oracle.sql +++ b/security-admin/db/oracle/xa_core_db_oracle.sql @@ -429,9 +429,6 @@ CREATE INDEX x_user_FK_upd_by_id ON x_user (upd_by_id); CREATE INDEX x_user_FK_cred_store_id ON x_user (cred_store_id); CREATE INDEX x_user_cr_time ON x_user (create_time); CREATE INDEX x_user_up_time ON x_user(update_time); - -CREATE OR REPLACE PUBLIC SYNONYM xa_access_audit FOR xa_access_audit; -CREATE OR REPLACE PUBLIC SYNONYM XA_ACCESS_AUDIT_SEQ FOR XA_ACCESS_AUDIT_SEQ; commit; insert into x_portal_user ( id,CREATE_TIME, UPDATE_TIME, http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/088f3cf6/security-admin/scripts/db_setup.py ---------------------------------------------------------------------- diff --git a/security-admin/scripts/db_setup.py b/security-admin/scripts/db_setup.py index 90d7d4e..0d6c49b 100644 --- a/security-admin/scripts/db_setup.py +++ b/security-admin/scripts/db_setup.py @@ -147,6 +147,9 @@ class BaseDB(object): def execute_java_patches(xa_db_host, db_user, db_password, db_name): log("[I] ----------------- Executing java patches ------------", "info") + def create_synonym(db_name, db_user, db_password,audit_db_user): + log("[I] ----------------- Creating Synonym ------------", "info") + class MysqlConf(BaseDB): # Constructor def __init__(self, host,SQL_CONNECTOR_JAR,JAVA_BIN): @@ -465,6 +468,26 @@ class OracleConf(BaseDB): log("[E] "+name + " import failed!","error") sys.exit(1) + def create_synonym(self,db_name, db_user, db_password,audit_db_user): + log("[I] ----------------- Creating Synonym ------------", "info") + get_cmd = self.get_jisql_cmd(db_user, db_password) + if os_name == "LINUX": + query = get_cmd + " -c \; -query 'CREATE OR REPLACE SYNONYM %s.XA_ACCESS_AUDIT FOR %s.XA_ACCESS_AUDIT;'" % (audit_db_user,db_user) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"CREATE OR REPLACE SYNONYM %s.XA_ACCESS_AUDIT FOR %s.XA_ACCESS_AUDIT;\" -c ;" % (audit_db_user,db_user) + ret = subprocess.call(query) + if ret != 0: + sys.exit(1) + if os_name == "LINUX": + query = get_cmd + " -c \; -query 'CREATE OR REPLACE SYNONYM %s.XA_ACCESS_AUDIT_SEQ FOR %s.XA_ACCESS_AUDIT_SEQ;'" % (audit_db_user,db_user) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"CREATE OR REPLACE SYNONYM %s.XA_ACCESS_AUDIT_SEQ FOR %s.XA_ACCESS_AUDIT_SEQ;\" -c ;" % (audit_db_user,db_user) + ret = subprocess.call(query) + if ret != 0: + sys.exit(1) + def import_db_patches(self, db_name, db_user, db_password, file_name): if os.path.isfile(file_name): name = basename(file_name) @@ -1285,6 +1308,10 @@ def main(argv): else: log("[I] --------- Importing Ranger Core DB Schema ---------","info") xa_sqlObj.import_db_file(db_name, db_user, db_password, xa_db_core_file) + if XA_DB_FLAVOR == "ORACLE": + if xa_sqlObj.check_table(db_name, db_user, db_password, xa_access_audit): + if db_user != audit_db_user: + xa_sqlObj.create_synonym(db_name, db_user, db_password,audit_db_user) log("[I] --------- Verifying upgrade history table ---------","info") output = xa_sqlObj.check_table(db_name, db_user, db_password, x_db_version) if output == False: http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/088f3cf6/security-admin/scripts/dba_script.py ---------------------------------------------------------------------- diff --git a/security-admin/scripts/dba_script.py b/security-admin/scripts/dba_script.py index 133af15..045990d 100644 --- a/security-admin/scripts/dba_script.py +++ b/security-admin/scripts/dba_script.py @@ -391,10 +391,10 @@ class OracleConf(BaseDB): log("[I] User " + db_user + " created", "info") log("[I] Granting permission to " + db_user, "info") if os_name == "LINUX": - query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) + query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": - query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user) + query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user) ret = subprocess.call(query) if ret == 0: log("[I] Granting permissions to Oracle user '" + db_user + "' for %s done" %(self.host), "info") @@ -483,10 +483,10 @@ class OracleConf(BaseDB): if ret == 0: log("[I] Granting permission to " + db_user, "info") if os_name == "LINUX": - query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) + query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": - query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user) + query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user) ret = subprocess.call(query) if ret == 0: log("[I] Granting Oracle user '" + db_user + "' done", "info") @@ -499,7 +499,7 @@ class OracleConf(BaseDB): sys.exit(1) else: logFile("alter user %s identified by \"%s\" DEFAULT Tablespace %s;" %(db_user, db_password, db_name)) - logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user)) + logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user)) def create_auditdb(self, audit_db_root_user, db_name ,audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_db_root_password,dryMode): @@ -576,10 +576,10 @@ class OracleConf(BaseDB): if (ret1 == 0 and ret2 == 0): log("[I] Granting permission to " + db_user, "info") if os_name == "LINUX": - query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) + query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": - query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user) + query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user) ret = subprocess.call(query) if ret == 0: return True @@ -591,16 +591,16 @@ class OracleConf(BaseDB): else: logFile("alter user %s identified by \"%s\" DEFAULT Tablespace %s;" %(audit_db_user, audit_db_password, db_name)) logFile("alter user %s identified by \"%s\" DEFAULT Tablespace %s;" %(audit_db_user, audit_db_password, audit_db_name)) - logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user)) + logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user)) def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, invoke,dryMode): if dryMode == False: get_cmd = self.get_jisql_cmd(root_user ,db_root_password) if os_name == "LINUX": - query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) + query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": - query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user) + query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user) ret = subprocess.call(query) if ret == 0: log("[I] Granted permission to " + db_user, "info") @@ -609,7 +609,7 @@ class OracleConf(BaseDB): log("[E] Granting Oracle user '" + db_user + "' failed..", "error") sys.exit(1) else: - logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user)) + logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user)) def create_auditdb_user(self, xa_db_host , audit_db_host , db_name ,audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE,dryMode): if DBA_MODE == "TRUE": @@ -634,10 +634,10 @@ class OracleConf(BaseDB): log("[I] User " + db_user + " created", "info") log("[I] Granting permission to " + db_user, "info") if os_name == "LINUX": - query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) + query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": - query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user) + query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user) ret = subprocess.call(query) if ret == 0: log("[I] Granting permissions to Oracle user '" + db_user + "' for %s Done" %(self.host), "info") @@ -652,7 +652,7 @@ class OracleConf(BaseDB): sys.exit(1) else: logFile("create user %s identified by \"%s\";" %(db_user, db_password)) - logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user)) + logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user)) if self.verify_user(audit_db_root_user, audit_db_user, audit_db_root_password,dryMode): if dryMode == False: http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/088f3cf6/security-admin/scripts/setup.sh ---------------------------------------------------------------------- diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh index 12224c4..b79cba4 100755 --- a/security-admin/scripts/setup.sh +++ b/security-admin/scripts/setup.sh @@ -797,11 +797,11 @@ update_properties() { if [ "${DB_FLAVOR}" == "ORACLE" ] then propertyName=ranger.jpa.jdbc.url - newPropertyValue="jdbc:oracle:thin:\@//${DB_HOST}" + newPropertyValue="jdbc:oracle:thin:@${DB_HOST}" updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger propertyName=ranger.jpa.audit.jdbc.url - newPropertyValue="jdbc:oracle:thin:\@//${DB_HOST}" + newPropertyValue="jdbc:oracle:thin:@${DB_HOST}" updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger propertyName=ranger.jpa.jdbc.dialect
