Repository: incubator-ranger Updated Branches: refs/heads/master eb739e907 -> ae4ce8e08
RANGER-1003 : Handle Ranger upgrade scenario in Kerberized Cluster Signed-off-by: Velmurugan Periasamy <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/0f66b24f Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/0f66b24f Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/0f66b24f Branch: refs/heads/master Commit: 0f66b24f855df15f519c4851299cf1ee4748c2cf Parents: eb739e9 Author: Ankita Sinha <[email protected]> Authored: Fri Jun 10 10:45:00 2016 +0530 Committer: Velmurugan Periasamy <[email protected]> Committed: Fri Jun 10 11:29:33 2016 -0400 ---------------------------------------------------------------------- .../org/apache/ranger/biz/RangerBizUtil.java | 3 +- .../org/apache/ranger/biz/ServiceDBStore.java | 42 +++++++++++++++++++- .../org/apache/ranger/rest/ServiceREST.java | 4 +- .../java/org/apache/ranger/rest/TagREST.java | 2 +- 4 files changed, 45 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/0f66b24f/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java index 63c630e..c769ae4 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java @@ -1323,8 +1323,8 @@ public class RangerBizUtil { if (usb != null) { authSessionId = ContextUtil.getCurrentUserSession().getSessionId(); } + if(guidUtil != null){ Long trxId = guidUtil.genLong(); - for (XXTrxLog xTrxLog : trxLogList) { if (xTrxLog != null) { if ("Password".equalsIgnoreCase(StringUtil.trim(xTrxLog.getAttributeName()))) { @@ -1350,6 +1350,7 @@ public class RangerBizUtil { daoManager.getXXTrxLog().create(xTrxLog); } } + } } public static int getDBFlavor() { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/0f66b24f/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java index bf03e30..739ad05 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java @@ -144,6 +144,8 @@ import org.apache.ranger.plugin.store.PList; import org.apache.ranger.plugin.store.ServicePredicateUtil; import org.apache.ranger.plugin.util.SearchFilter; import org.apache.ranger.plugin.util.ServicePolicies; +import org.apache.ranger.rest.ServiceREST; +import org.apache.ranger.rest.TagREST; import org.apache.ranger.service.RangerAuditFields; import org.apache.ranger.service.RangerDataHistService; import org.apache.ranger.service.RangerPolicyService; @@ -282,7 +284,7 @@ public class ServiceDBStore extends AbstractServiceStore { @Override public Object doInTransaction(TransactionStatus status) { EmbeddedServiceDefsUtil.instance().init(dbStore); - + getServiceUpgraded(); return null; } }); @@ -2497,7 +2499,7 @@ public class ServiceDBStore extends AbstractServiceStore { private RangerPolicyItem createDefaultPolicyItem(XXService createdService, VXUser vXUser, List<XXAccessTypeDef> accessTypeDefs) throws Exception { String adminPrincipal = PropertiesUtil.getProperty(ADMIN_USER_PRINCIPAL); String adminKeytab = PropertiesUtil.getProperty(ADMIN_USER_KEYTAB); - String authType = PropertiesUtil.getProperty(RANGER_AUTH_TYPE); + String authType = PropertiesUtil.getProperty(RANGER_AUTH_TYPE,"simple"); String lookupPrincipal = PropertiesUtil.getProperty(LOOKUP_PRINCIPAL); String lookupKeytab = PropertiesUtil.getProperty(LOOKUP_KEYTAB); @@ -3715,4 +3717,40 @@ public class ServiceDBStore extends AbstractServiceStore { } catch (Exception e) { } } + public void getServiceUpgraded(){ + updateServiceWithCustomProperty(); + } + private void updateServiceWithCustomProperty() { + LOG.info("Adding custom properties to services"); + SearchFilter filter = new SearchFilter(); + try { + List<RangerService> lstRangerService = getServices(filter); + for(RangerService rangerService : lstRangerService){ + String serviceUser = PropertiesUtil.getProperty("ranger.plugins."+rangerService.getType()+".serviceuser"); + if(!StringUtils.isEmpty(serviceUser)){ + boolean chkServiceUpdate = false; + if(!rangerService.getConfigs().containsKey(ServiceREST.Allowed_User_List_For_Download)){ + rangerService.getConfigs().put(ServiceREST.Allowed_User_List_For_Download, serviceUser); + chkServiceUpdate = true; + } + if((!rangerService.getConfigs().containsKey(ServiceREST.Allowed_User_List_For_Grant_Revoke)) && (rangerService.getType().equalsIgnoreCase("hbase") || rangerService.getType().equalsIgnoreCase("hive"))){ + rangerService.getConfigs().put(ServiceREST.Allowed_User_List_For_Grant_Revoke, serviceUser); + chkServiceUpdate = true; + } + if(!rangerService.getConfigs().containsKey(TagREST.Allowed_User_List_For_Tag_Download)){ + rangerService.getConfigs().put(TagREST.Allowed_User_List_For_Tag_Download, serviceUser); + chkServiceUpdate = true; + } + if(chkServiceUpdate){ + updateService(rangerService); + if(LOG.isDebugEnabled()){ + LOG.debug("Updated service "+rangerService.getName()+" with custom properties in secure environment"); + } + } + } + } + } catch (Exception e) { + LOG.error("Error getting Services : "+e.getMessage()); + } + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/0f66b24f/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java index a8c7b52..646554e 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java @@ -114,8 +114,8 @@ public class ServiceREST { final static public String PARAM_SERVICE_NAME = "serviceName"; final static public String PARAM_POLICY_NAME = "policyName"; final static public String PARAM_UPDATE_IF_EXISTS = "updateIfExists"; - private static final String Allowed_User_List_For_Download = "policy.download.auth.users"; - private static final String Allowed_User_List_For_Grant_Revoke = "policy.grantrevoke.auth.users"; + public static final String Allowed_User_List_For_Download = "policy.download.auth.users"; + public static final String Allowed_User_List_For_Grant_Revoke = "policy.grantrevoke.auth.users"; public static final String isCSRF_ENABLED = "ranger.rest-csrf.enabled"; public static final String BROWSER_USER_AGENT_PARAM = "ranger.rest-csrf.browser-useragents-regex"; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/0f66b24f/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java index be70cfe..e69c5a1 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java @@ -60,7 +60,7 @@ import java.util.List; public class TagREST { private static final Log LOG = LogFactory.getLog(TagREST.class); - private static final String Allowed_User_List_For_Tag_Download = "tag.download.auth.users"; + public static final String Allowed_User_List_For_Tag_Download = "tag.download.auth.users"; @Autowired RESTErrorUtil restErrorUtil;
