Repository: incubator-ranger Updated Branches: refs/heads/master 95cd9e834 -> f33879b4f
RANGER-666 : Add support for Azure SQL Database Signed-off-by: Velmurugan Periasamy <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/f33879b4 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/f33879b4 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/f33879b4 Branch: refs/heads/master Commit: f33879b4f1d13cf0b08f74b90f2e4607c00d24d4 Parents: 95cd9e8 Author: Gautam Borad <[email protected]> Authored: Mon Sep 28 09:08:35 2015 +0530 Committer: Velmurugan Periasamy <[email protected]> Committed: Mon Sep 28 01:37:53 2015 -0400 ---------------------------------------------------------------------- kms/scripts/dba_script.py | 35 ++++++++-------------- security-admin/scripts/dba_script.py | 50 ++++++++++++------------------- security-admin/scripts/setup.sh | 4 +-- 3 files changed, 33 insertions(+), 56 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f33879b4/kms/scripts/dba_script.py ---------------------------------------------------------------------- diff --git a/kms/scripts/dba_script.py b/kms/scripts/dba_script.py index b2aa80a..950b8c3 100755 --- a/kms/scripts/dba_script.py +++ b/kms/scripts/dba_script.py @@ -708,11 +708,11 @@ class SqlServerConf(BaseDB): def verify_user(self, root_user, db_root_password, db_user,dryMode): if dryMode == False: log("[I] Verifying user " + db_user , "info") - get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb') + get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'master') if os_name == "LINUX": - query = get_cmd + " -c \; -query \"select loginname from master.dbo.syslogins where loginname = '%s';\"" %(db_user) + query = get_cmd + " -c \; -query \"select name from sys.sql_logins where name = '%s';\"" %(db_user) elif os_name == "WINDOWS": - query = get_cmd + " -query \"select loginname from master.dbo.syslogins where loginname = '%s';\" -c ;" %(db_user) + query = get_cmd + " -query \"select name from sys.sql_logins where name = '%s';\" -c ;" %(db_user) output = check_output(query) if output.strip(db_user + " |"): return True @@ -735,13 +735,13 @@ class SqlServerConf(BaseDB): sys.exit(1) def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password,dryMode): - if self.check_connection('msdb', root_user, db_root_password): + if self.check_connection('master', root_user, db_root_password): if self.verify_user(root_user, db_root_password, db_user,dryMode): if dryMode == False: log("[I] SQL Server user " + db_user + " already exists.", "info") else: if dryMode == False: - get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb') + get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'master') log("[I] User does not exists, Creating Login user " + db_user, "info") if os_name == "LINUX": query = get_cmd + " -c \; -query \"CREATE LOGIN %s WITH PASSWORD = '%s';\"" %(db_user,db_password) @@ -764,7 +764,7 @@ class SqlServerConf(BaseDB): def verify_db(self, root_user, db_root_password, db_name,dryMode): if dryMode == False: log("[I] Verifying database " + db_name, "info") - get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb') + get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'master') if os_name == "LINUX": query = get_cmd + " -c \; -query \"SELECT name from sys.databases where name='%s';\"" %(db_name) elif os_name == "WINDOWS": @@ -782,7 +782,7 @@ class SqlServerConf(BaseDB): else: if dryMode == False: log("[I] Database does not exist. Creating database : " + db_name,"info") - get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb') + get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'master') if os_name == "LINUX": query = get_cmd + " -c \; -query \"create database %s;\"" %(db_name) ret = subprocess.call(shlex.split(query)) @@ -805,7 +805,7 @@ class SqlServerConf(BaseDB): logFile("create database %s;" %(db_name)) def create_user(self, root_user, db_name ,db_user, db_password, db_root_password,dryMode): - get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb') + get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name) if os_name == "LINUX": query = get_cmd + " -c \; -query \"USE %s SELECT name FROM sys.database_principals WHERE name = N'%s';\"" %(db_name, db_user) elif os_name == "WINDOWS": @@ -842,28 +842,17 @@ class SqlServerConf(BaseDB): def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, is_revoke,dryMode): if dryMode == False: log("[I] Granting permission to admin user '" + db_user + "' on db '" + db_name + "'" , "info") - get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb') - if os_name == "LINUX": - query = get_cmd + " -c \; -query \"ALTER LOGIN [%s] WITH DEFAULT_DATABASE=[%s];\"" %(db_user, db_name) - ret = subprocess.call(shlex.split(query)) - elif os_name == "WINDOWS": - query = get_cmd + " -query \"ALTER LOGIN [%s] WITH DEFAULT_DATABASE=[%s];\" -c ;" %(db_user, db_name) - ret = subprocess.call(query) - if ret != 0: - sys.exit(1) + get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name) if os_name == "LINUX": - query = get_cmd + " -c \; -query \" USE %s EXEC sp_addrolemember N'db_owner', N'%s';\"" %(db_name, db_user) -# query = get_cmd + " -c \; -query \" USE %s GRANT ALL PRIVILEGES to %s;\"" %(db_name , db_user) + query = get_cmd + " -c \; -query \" EXEC sp_addrolemember N'db_owner', N'%s';\"" %(db_user) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": - query = get_cmd + " -query \" USE %s EXEC sp_addrolemember N'db_owner', N'%s';\" -c ;" %(db_name, db_user) -# query = get_cmd + " -c \; -query \" USE %s GRANT ALL PRIVILEGES to %s;\"" %(db_name , db_user) + query = get_cmd + " -query \" EXEC sp_addrolemember N'db_owner', N'%s';\" -c ;" %(db_user) ret = subprocess.call(query) if ret != 0: sys.exit(1) else: - logFile("ALTER LOGIN [%s] WITH DEFAULT_DATABASE=[%s];" %(db_user, db_name)) - logFile("USE %s EXEC sp_addrolemember N'db_owner', N'%s';" %(db_name, db_user)) + logFile("EXEC sp_addrolemember N'db_owner', N'%s';" %(db_user)) class SqlAnywhereConf(BaseDB): # Constructor http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f33879b4/security-admin/scripts/dba_script.py ---------------------------------------------------------------------- diff --git a/security-admin/scripts/dba_script.py b/security-admin/scripts/dba_script.py index 90ae561..4fd5593 100644 --- a/security-admin/scripts/dba_script.py +++ b/security-admin/scripts/dba_script.py @@ -917,11 +917,11 @@ class SqlServerConf(BaseDB): def verify_user(self, root_user, db_root_password, db_user,dryMode): if dryMode == False: log("[I] Verifying user " + db_user , "info") - get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb') + get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'master') if os_name == "LINUX": - query = get_cmd + " -c \; -query \"select loginname from master.dbo.syslogins where loginname = '%s';\"" %(db_user) + query = get_cmd + " -c \; -query \"select name from sys.sql_logins where name = '%s';\"" %(db_user) elif os_name == "WINDOWS": - query = get_cmd + " -query \"select loginname from master.dbo.syslogins where loginname = '%s';\" -c ;" %(db_user) + query = get_cmd + " -query \"select name from sys.sql_logins where name = '%s';\" -c ;" %(db_user) output = check_output(query) if output.strip(db_user + " |"): return True @@ -944,13 +944,13 @@ class SqlServerConf(BaseDB): sys.exit(1) def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password,dryMode): - if self.check_connection('msdb', root_user, db_root_password): + if self.check_connection('master', root_user, db_root_password): if self.verify_user(root_user, db_root_password, db_user,dryMode): if dryMode == False: log("[I] SQL Server user " + db_user + " already exists.", "info") else: if dryMode == False: - get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb') + get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'master') log("[I] User does not exists, Creating Login user " + db_user, "info") if os_name == "LINUX": query = get_cmd + " -c \; -query \"CREATE LOGIN %s WITH PASSWORD = '%s';\"" %(db_user,db_password) @@ -973,7 +973,7 @@ class SqlServerConf(BaseDB): def verify_db(self, root_user, db_root_password, db_name,dryMode): if dryMode == False: log("[I] Verifying database " + db_name, "info") - get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb') + get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'master') if os_name == "LINUX": query = get_cmd + " -c \; -query \"SELECT name from sys.databases where name='%s';\"" %(db_name) elif os_name == "WINDOWS": @@ -991,7 +991,7 @@ class SqlServerConf(BaseDB): else: if dryMode == False: log("[I] Database does not exist. Creating database : " + db_name,"info") - get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb') + get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'master') if os_name == "LINUX": query = get_cmd + " -c \; -query \"create database %s;\"" %(db_name) ret = subprocess.call(shlex.split(query)) @@ -1006,7 +1006,6 @@ class SqlServerConf(BaseDB): self.create_user(root_user, db_name ,db_user, db_password, db_root_password,dryMode) log("[I] Creating database " + db_name + " succeeded", "info") return True - # self.import_db_file(db_name, root_user, db_user, db_password, db_root_password, file_name) else: log("[E] Database creation failed..","error") sys.exit(1) @@ -1014,11 +1013,11 @@ class SqlServerConf(BaseDB): logFile("create database %s;" %(db_name)) def create_user(self, root_user, db_name ,db_user, db_password, db_root_password,dryMode): - get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb') + get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name) if os_name == "LINUX": - query = get_cmd + " -c \; -query \"USE %s SELECT name FROM sys.database_principals WHERE name = N'%s';\"" %(db_name, db_user) + query = get_cmd + " -c \; -query \"SELECT name FROM sys.database_principals WHERE name = N'%s';\"" %(db_user) elif os_name == "WINDOWS": - query = get_cmd + " -query \"USE %s SELECT name FROM sys.database_principals WHERE name = N'%s';\" -c ;" %(db_name, db_user) + query = get_cmd + " -query \"SELECT name FROM sys.database_principals WHERE name = N'%s';\" -c ;" %(db_user) output = check_output(query) if output.strip(db_user + " |"): if dryMode == False: @@ -1026,16 +1025,16 @@ class SqlServerConf(BaseDB): else: if dryMode == False: if os_name == "LINUX": - query = get_cmd + " -c \; -query \"USE %s CREATE USER %s for LOGIN %s;\"" %(db_name ,db_user, db_user) + query = get_cmd + " -c \; -query \"CREATE USER %s for LOGIN %s;\"" %(db_user, db_user) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": - query = get_cmd + " -query \"USE %s CREATE USER %s for LOGIN %s;\" -c ;" %(db_name ,db_user, db_user) + query = get_cmd + " -query \"CREATE USER %s for LOGIN %s;\" -c ;" %(db_user, db_user) ret = subprocess.call(query) if ret == 0: if os_name == "LINUX": - query = get_cmd + " -c \; -query \"USE %s SELECT name FROM sys.database_principals WHERE name = N'%s';\"" %(db_name ,db_user) + query = get_cmd + " -c \; -query \"SELECT name FROM sys.database_principals WHERE name = N'%s';\"" %(db_user) elif os_name == "WINDOWS": - query = get_cmd + " -query \"USE %s SELECT name FROM sys.database_principals WHERE name = N'%s';\" -c ;" %(db_name ,db_user) + query = get_cmd + " -query \"SELECT name FROM sys.database_principals WHERE name = N'%s';\" -c ;" %(db_user) output = check_output(query) if output.strip(db_user + " |"): log("[I] User "+db_user+" exist ","info") @@ -1046,33 +1045,22 @@ class SqlServerConf(BaseDB): log("[E] Database creation failed..","error") sys.exit(1) else: - logFile("USE %s CREATE USER %s for LOGIN %s;" %(db_name ,db_user, db_user)) + logFile("CREATE USER %s for LOGIN %s;" %(db_user, db_user)) def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, is_revoke,dryMode): if dryMode == False: log("[I] Granting permission to admin user '" + db_user + "' on db '" + db_name + "'" , "info") - get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb') - if os_name == "LINUX": - query = get_cmd + " -c \; -query \"ALTER LOGIN [%s] WITH DEFAULT_DATABASE=[%s];\"" %(db_user, db_name) - ret = subprocess.call(shlex.split(query)) - elif os_name == "WINDOWS": - query = get_cmd + " -query \"ALTER LOGIN [%s] WITH DEFAULT_DATABASE=[%s];\" -c ;" %(db_user, db_name) - ret = subprocess.call(query) - if ret != 0: - sys.exit(1) + get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name) if os_name == "LINUX": - query = get_cmd + " -c \; -query \" USE %s EXEC sp_addrolemember N'db_owner', N'%s';\"" %(db_name, db_user) -# query = get_cmd + " -c \; -query \" USE %s GRANT ALL PRIVILEGES to %s;\"" %(db_name , db_user) + query = get_cmd + " -c \; -query \" EXEC sp_addrolemember N'db_owner', N'%s';\"" %(db_user) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": - query = get_cmd + " -query \" USE %s EXEC sp_addrolemember N'db_owner', N'%s';\" -c ;" %(db_name, db_user) -# query = get_cmd + " -c \; -query \" USE %s GRANT ALL PRIVILEGES to %s;\"" %(db_name , db_user) + query = get_cmd + " -query \" EXEC sp_addrolemember N'db_owner', N'%s';\" -c ;" %(db_user) ret = subprocess.call(query) if ret != 0: sys.exit(1) else: - logFile("ALTER LOGIN [%s] WITH DEFAULT_DATABASE=[%s];" %(db_user, db_name)) - logFile("USE %s EXEC sp_addrolemember N'db_owner', N'%s';" %(db_name, db_user)) + logFile("EXEC sp_addrolemember N'db_owner', N'%s';" %(db_user)) def create_auditdb_user(self, xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE,dryMode): is_revoke=False http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f33879b4/security-admin/scripts/setup.sh ---------------------------------------------------------------------- diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh index bae6298..71c424c 100755 --- a/security-admin/scripts/setup.sh +++ b/security-admin/scripts/setup.sh @@ -874,7 +874,7 @@ update_properties() { newPropertyValue="org.eclipse.persistence.platform.database.SQLServerPlatform" updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default - propertyName=ranger.jpa.jdbc.dialect + propertyName=ranger.jpa.audit.jdbc.dialect newPropertyValue="org.eclipse.persistence.platform.database.SQLServerPlatform" updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default @@ -901,7 +901,7 @@ update_properties() { newPropertyValue="org.eclipse.persistence.platform.database.SQLAnywherePlatform" updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default - propertyName=ranger.jpa.jdbc.dialect + propertyName=ranger.jpa.audit.jdbc.dialect newPropertyValue="org.eclipse.persistence.platform.database.SQLAnywherePlatform" updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
