RANGER-951 : Modify ranger-admin to put stackdef for specified components Signed-off-by: Gautam Borad <[email protected]>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/296de339 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/296de339 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/296de339 Branch: refs/heads/master Commit: 296de339ae174ff2c5c4a16c8f81a1bb38defbb3 Parents: 26f959f Author: Pradeep Agrawal <[email protected]> Authored: Thu Apr 28 15:26:36 2016 +0530 Committer: Gautam Borad <[email protected]> Committed: Fri Apr 29 15:03:36 2016 +0530 ---------------------------------------------------------------------- .../plugin/store/EmbeddedServiceDefsUtil.java | 37 ++++++++++++++++++-- security-admin/scripts/install.properties | 4 +++ security-admin/scripts/setup.sh | 5 +++ security-admin/scripts/update_property.py | 12 +++++-- .../conf.dist/ranger-admin-default-site.xml | 4 +++ .../resources/conf.dist/ranger-admin-site.xml | 4 +++ 6 files changed, 60 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/296de339/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java index b67c52d..7ec8d98 100755 --- a/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java @@ -21,7 +21,10 @@ package org.apache.ranger.plugin.store; import java.io.InputStream; import java.io.InputStreamReader; - +import java.util.HashSet; +import java.util.Set; +import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.ranger.authorization.hadoop.config.RangerConfiguration; @@ -43,6 +46,10 @@ public class EmbeddedServiceDefsUtil { private static final Log LOG = LogFactory.getLog(EmbeddedServiceDefsUtil.class); + // following servicedef list should be reviewed/updated whenever a new embedded service-def is added + private static final String DEFAULT_BOOTSTRAP_SERVICEDEF_LIST = "tag,hdfs,hbase,hive,kms,knox,storm,yarn,kafka,solr"; + private static final String PROPERTY_SUPPORTED_SERVICE_DEFS = "ranger.supportedcomponents"; + private Set<String> supportedServiceDefs; public static final String EMBEDDED_SERVICEDEF_TAG_NAME = "tag"; public static final String EMBEDDED_SERVICEDEF_HDFS_NAME = "hdfs"; public static final String EMBEDDED_SERVICEDEF_HBASE_NAME = "hbase"; @@ -99,6 +106,7 @@ public class EmbeddedServiceDefsUtil { gsonBuilder = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z").setPrettyPrinting().create(); + supportedServiceDefs =getSupportedServiceDef(); /* * Maintaining the following service-def create-order is critical for the * the legacy service-defs (HDFS/HBase/Hive/Knox/Storm) to be assigned IDs @@ -172,10 +180,10 @@ public class EmbeddedServiceDefsUtil { } RangerServiceDef ret = null; - + boolean createServiceDef = (CollectionUtils.isEmpty(supportedServiceDefs) || supportedServiceDefs.contains(serviceDefName)); try { ret = store.getServiceDefByName(serviceDefName); - if(ret == null && createEmbeddedServiceDefs) { + if(ret == null && createEmbeddedServiceDefs && createServiceDef) { ret = loadEmbeddedServiceDef(serviceDefName); LOG.info("creating embedded service-def " + serviceDefName); @@ -220,4 +228,27 @@ public class EmbeddedServiceDefsUtil { return ret; } + + private Set<String> getSupportedServiceDef(){ + Set<String> supportedServiceDef =new HashSet<String>(); + try{ + String ranger_supportedcomponents=RangerConfiguration.getInstance().get(PROPERTY_SUPPORTED_SERVICE_DEFS, DEFAULT_BOOTSTRAP_SERVICEDEF_LIST); + if(StringUtils.isBlank(ranger_supportedcomponents) || "all".equalsIgnoreCase(ranger_supportedcomponents)){ + ranger_supportedcomponents=DEFAULT_BOOTSTRAP_SERVICEDEF_LIST; + } + String[] supportedComponents=ranger_supportedcomponents.split(","); + if(supportedComponents!=null && supportedComponents.length>0){ + for(String element:supportedComponents){ + if(!StringUtils.isBlank(element)){ + element=element.toLowerCase(); + if(!supportedServiceDef.contains(element)){ + supportedServiceDef.add(element); + } + } + } + } + }catch(Exception ex){ + } + return supportedServiceDef; + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/296de339/security-admin/scripts/install.properties ---------------------------------------------------------------------- diff --git a/security-admin/scripts/install.properties b/security-admin/scripts/install.properties index 3913254..d2cbf45 100644 --- a/security-admin/scripts/install.properties +++ b/security-admin/scripts/install.properties @@ -79,6 +79,10 @@ audit_solr_zookeepers= policymgr_external_url=http://localhost:6080 policymgr_http_enabled=true +#Add Supported Components list below separated by semi-colon, default value is empty string to support all components +#Example : policymgr_supportedcomponents=hive,hbase,hdfs +policymgr_supportedcomponents= + # # ------- PolicyManager CONFIG - END --------------- # http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/296de339/security-admin/scripts/setup.sh ---------------------------------------------------------------------- diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh index 51daf6d..9633363 100755 --- a/security-admin/scripts/setup.sh +++ b/security-admin/scripts/setup.sh @@ -68,6 +68,7 @@ audit_db_user='' audit_db_password='' policymgr_external_url=$(get_prop 'policymgr_external_url' $PROPFILE) policymgr_http_enabled=$(get_prop 'policymgr_http_enabled' $PROPFILE) +policymgr_supportedcomponents=$(get_prop 'policymgr_supportedcomponents' $PROPFILE) unix_user=$(get_prop 'unix_user' $PROPFILE) unix_group=$(get_prop 'unix_group' $PROPFILE) authentication_method=$(get_prop 'authentication_method' $PROPFILE) @@ -609,6 +610,10 @@ update_properties() { newPropertyValue="${policymgr_http_enabled}" updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + propertyName=ranger.supportedcomponents + newPropertyValue="${policymgr_supportedcomponents}" + updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + propertyName=ranger.jpa.jdbc.user newPropertyValue="${db_user}" updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/296de339/security-admin/scripts/update_property.py ---------------------------------------------------------------------- diff --git a/security-admin/scripts/update_property.py b/security-admin/scripts/update_property.py index ba2aec8..338fbf5 100644 --- a/security-admin/scripts/update_property.py +++ b/security-admin/scripts/update_property.py @@ -34,7 +34,13 @@ def write_properties_to_xml(xml_path, property_name='', property_value=''): if __name__ == '__main__': if(len(sys.argv) > 1): - parameter_name = sys.argv[1] if len(sys.argv) > 1 else None - parameter_value = sys.argv[2] if len(sys.argv) > 2 else None - ranger_admin_site_xml_path = sys.argv[3] if len(sys.argv) > 3 else None + if(len(sys.argv) > 3): + parameter_name = sys.argv[1] if len(sys.argv) > 1 else None + parameter_value = sys.argv[2] if len(sys.argv) > 2 else None + ranger_admin_site_xml_path = sys.argv[3] if len(sys.argv) > 3 else None + else: + if(len(sys.argv) > 2): + parameter_name = sys.argv[1] if len(sys.argv) > 1 else None + parameter_value = "" + ranger_admin_site_xml_path = sys.argv[2] if len(sys.argv) > 2 else None write_properties_to_xml(ranger_admin_site_xml_path,parameter_name,parameter_value) http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/296de339/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml ---------------------------------------------------------------------- diff --git a/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml b/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml index 8305f07..0d6679c 100644 --- a/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml +++ b/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml @@ -463,4 +463,8 @@ <value>rangerlogger</value> <description></description> </property> + <property> + <name>ranger.supportedcomponents</name> + <value></value> + </property> </configuration> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/296de339/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml ---------------------------------------------------------------------- diff --git a/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml b/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml index 7d748c5..e3f9f03 100644 --- a/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml +++ b/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml @@ -271,4 +271,8 @@ <value></value> </property> <!-- Kerberos Properties ENDs--> + <property> + <name>ranger.supportedcomponents</name> + <value></value> + </property> </configuration>
