Repository: incubator-ranger Updated Branches: refs/heads/master fa8b948ca -> 3122d55e2
RANGER-1073 : permission denied for rangeradmin.jceks.crc file Signed-off-by: Velmurugan Periasamy <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/3122d55e Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/3122d55e Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/3122d55e Branch: refs/heads/master Commit: 3122d55e223838efe126c71e887c591fdccdd5a4 Parents: fa8b948 Author: Mehul Parikh <[email protected]> Authored: Tue Jun 28 11:35:38 2016 +0530 Committer: Velmurugan Periasamy <[email protected]> Committed: Wed Jun 29 10:42:39 2016 -0700 ---------------------------------------------------------------------- .../ranger/credentialapi/CredentialReader.java | 9 +-- .../apache/ranger/credentialapi/buildks.java | 71 +++++++++++++++++--- pom.xml | 8 +-- 3 files changed, 70 insertions(+), 18 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/3122d55e/credentialbuilder/src/main/java/org/apache/ranger/credentialapi/CredentialReader.java ---------------------------------------------------------------------- diff --git a/credentialbuilder/src/main/java/org/apache/ranger/credentialapi/CredentialReader.java b/credentialbuilder/src/main/java/org/apache/ranger/credentialapi/CredentialReader.java index 0b4a71a..ecede34 100644 --- a/credentialbuilder/src/main/java/org/apache/ranger/credentialapi/CredentialReader.java +++ b/credentialbuilder/src/main/java/org/apache/ranger/credentialapi/CredentialReader.java @@ -36,11 +36,12 @@ public class CredentialReader { } char[] pass = null; Configuration conf = new Configuration(); - String crendentialProviderPrefix=JavaKeyStoreProvider.SCHEME_NAME + "://file"; - crendentialProviderPrefix=crendentialProviderPrefix.toLowerCase(); + String crendentialProviderPrefixJceks=JavaKeyStoreProvider.SCHEME_NAME + "://file"; + String crendentialProviderPrefixLocalJceks="localjceks://file"; + crendentialProviderPrefixJceks=crendentialProviderPrefixJceks.toLowerCase(); CrendentialProviderPath=CrendentialProviderPath.trim(); alias=alias.trim(); - if(CrendentialProviderPath.toLowerCase().startsWith(crendentialProviderPrefix)){ + if(CrendentialProviderPath.toLowerCase().startsWith(crendentialProviderPrefixJceks) || CrendentialProviderPath.toLowerCase().startsWith(crendentialProviderPrefixLocalJceks)){ conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, //UserProvider.SCHEME_NAME + ":///," + CrendentialProviderPath); @@ -52,7 +53,7 @@ public class CredentialReader { }else{ conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, //UserProvider.SCHEME_NAME + ":///," + - JavaKeyStoreProvider.SCHEME_NAME + "://file/" + CrendentialProviderPath); + JavaKeyStoreProvider.SCHEME_NAME + "://file/" + CrendentialProviderPath); } } List<CredentialProvider> providers = CredentialProviderFactory.getProviders(conf); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/3122d55e/credentialbuilder/src/main/java/org/apache/ranger/credentialapi/buildks.java ---------------------------------------------------------------------- diff --git a/credentialbuilder/src/main/java/org/apache/ranger/credentialapi/buildks.java b/credentialbuilder/src/main/java/org/apache/ranger/credentialapi/buildks.java index 499c1c4..15b5a7e 100644 --- a/credentialbuilder/src/main/java/org/apache/ranger/credentialapi/buildks.java +++ b/credentialbuilder/src/main/java/org/apache/ranger/credentialapi/buildks.java @@ -180,13 +180,13 @@ public class buildks { credential = bufferRead.readLine(); System.out.println("Enter .jceks output file name with path:"); providerPath = bufferRead.readLine(); - if(providerPath!=null && !providerPath.trim().isEmpty() && !providerPath.startsWith("jceks://file")) - { + if(providerPath!=null && !providerPath.trim().isEmpty() && !providerPath.startsWith("localjceks://file")&&!providerPath.startsWith("jceks://file")) + { if(providerPath.startsWith("/")){ - providerPath="jceks://file"+providerPath; - }else{ - providerPath="jceks://file/"+providerPath; - } + providerPath="localjceks://file"+providerPath; + }else{ + providerPath="localjceks://file/"+providerPath; + } } command="create"; valueOption="-value"; @@ -223,9 +223,18 @@ public class buildks { public int listCredential(String args[]){ int returnCode=-1; + String command=null; + String providerOption=null; + String providerPath=null; try{ if(args!=null && args.length==3) { + command=args[0]; + providerOption=args[1]; + providerPath=args[2]; + if(!isValidListCommand(command,providerOption,providerPath)){ + return returnCode; + } //display command which need to be executed or entered displayCommand(args); }else{ @@ -339,7 +348,7 @@ public class buildks { displaySyntax("create"); return false; } - if(providerPath==null || "".equalsIgnoreCase(providerPath.trim()) || !providerPath.startsWith("jceks://")) + if(providerPath==null || "".equalsIgnoreCase(providerPath.trim()) || (!providerPath.startsWith("localjceks://") && !providerPath.startsWith("jceks://"))) { System.out.println("Invalid provider option in credential creation command!!"); System.out.println("Found:'"+providerPath+"'"); @@ -355,6 +364,40 @@ public class buildks { } return isValid; } + + public static boolean isValidListCommand(String command,String providerOption,String providerPath){ + boolean isValid=true; + try{ + if(command==null || !"list".equalsIgnoreCase(command.trim())){ + System.out.println("Invalid list phrase in credential get command!!"); + System.out.println("Expected:'list' Found:'"+command+"'"); + displaySyntax("list"); + return false; + } + + if(providerOption==null || !"-provider".equalsIgnoreCase(providerOption.trim())) + { + System.out.println("Invalid provider option in credential get command!!"); + System.out.println("Expected:'-provider' Found:'"+providerOption+"'"); + displaySyntax("list"); + return false; + } + if(providerPath==null || "".equalsIgnoreCase(providerPath.trim()) || (!providerPath.startsWith("localjceks://") && !providerPath.startsWith("jceks://"))) + { + System.out.println("Invalid provider option in credential get command!!"); + System.out.println("Found:'"+providerPath+"'"); + displaySyntax("list"); + return false; + } + }catch(Exception ex){ + System.out.println("Invalid input or runtime error! Please try again."); + System.out.println("Input:"+command+" "+providerOption+" "+providerPath); + displaySyntax("list"); + ex.printStackTrace(); + return false; + } + return isValid; + } public static void displayCommand(String args[]) { @@ -372,8 +415,16 @@ public class buildks { public static void displaySyntax(String command){ if(command!=null && command.trim().equalsIgnoreCase("create")){ - System.out.println("Correct syntax is:create <aliasname> -value <password> -provider <jceks://file/filepath>"); - System.out.println("sample command is:create myalias -value password123 -provider jceks://file/tmp/ks/myks.jceks"); + System.out.println("Correct syntax is:create <aliasname> -value <password> -provider <localjceks://file/filepath>"); + System.out.println("sample command is:create myalias -value password123 -provider localjceks://file/tmp/ks/myks.jceks"); + } + if(command!=null && command.trim().equalsIgnoreCase("list")){ + System.out.println("Correct syntax is:list -provider <localjceks://file/filepath>"); + System.out.println("sample command is:list -provider localjceks://file/tmp/ks/myks.jceks"); + } + if(command!=null && command.trim().equalsIgnoreCase("get")){ + System.out.println("Correct syntax is:get <aliasname> -provider <localjceks://file/filepath>"); + System.out.println("sample command is:get myalias -provider localjceks://file/tmp/ks/myks.jceks"); } } public String getCredential(String args[]){ @@ -428,7 +479,7 @@ public class buildks { displaySyntax("get"); return false; } - if(providerPath==null || "".equalsIgnoreCase(providerPath.trim()) || !providerPath.startsWith("jceks://")) + if(providerPath==null || "".equalsIgnoreCase(providerPath.trim()) || (!providerPath.startsWith("localjceks://") && !providerPath.startsWith("jceks://"))) { System.out.println("Invalid provider option in credential get command!!"); System.out.println("Found:'"+providerPath+"'"); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/3122d55e/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index 6315230..3b22ccd 100644 --- a/pom.xml +++ b/pom.xml @@ -156,11 +156,11 @@ <gson.version>2.2.4</gson.version> <guava.version>11.0.2</guava.version> <guice.version>4.0</guice.version> - <hadoop-auth.version>2.7.0</hadoop-auth.version> - <hadoop-common-kms.version>2.7.0</hadoop-common-kms.version> - <hadoop-common.version>2.7.0</hadoop-common.version> + <hadoop-auth.version>2.7.1</hadoop-auth.version> + <hadoop-common-kms.version>2.7.1</hadoop-common-kms.version> + <hadoop-common.version>2.7.1</hadoop-common.version> <hadoop.minikdc.version>2.3.0</hadoop.minikdc.version> - <hadoop.version>2.7.0</hadoop.version> + <hadoop.version>2.7.1</hadoop.version> <hamcrest.all.version>1.3</hamcrest.all.version> <hbase.version>1.1.3</hbase.version> <hive.version>2.1.0</hive.version>
