ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From v..@apache.org
Subject [1/4] incubator-ranger git commit: (RANGER-247)Development of Ranger Key Storage Provider
Date Tue, 24 Mar 2015 17:27:40 GMT
Repository: incubator-ranger
Updated Branches:
  refs/heads/master ce139e013 -> bb0bdcede


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bb0bdced/kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAudit.java
----------------------------------------------------------------------
diff --git a/kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAudit.java b/kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAudit.java
new file mode 100644
index 0000000..04daeee
--- /dev/null
+++ b/kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAudit.java
@@ -0,0 +1,135 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.crypto.key.kms.server;
+
+import java.io.ByteArrayOutputStream;
+import java.io.FilterOutputStream;
+import java.io.OutputStream;
+import java.io.PrintStream;
+
+import org.apache.hadoop.crypto.key.kms.server.KMS.KMSOp;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.log4j.LogManager;
+import org.apache.log4j.PropertyConfigurator;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mockito;
+
+public class TestKMSAudit {
+
+  private PrintStream originalOut;
+  private ByteArrayOutputStream memOut;
+  private FilterOut filterOut;
+  private PrintStream capturedOut;
+
+  private KMSAudit kmsAudit;
+
+  private static class FilterOut extends FilterOutputStream {
+    public FilterOut(OutputStream out) {
+      super(out);
+    }
+
+    public void setOutputStream(OutputStream out) {
+      this.out = out;
+    }
+  }
+
+  @Before
+  public void setUp() {
+    originalOut = System.err;
+    memOut = new ByteArrayOutputStream();
+    filterOut = new FilterOut(memOut);
+    capturedOut = new PrintStream(filterOut);
+    System.setErr(capturedOut);
+    PropertyConfigurator.configure(Thread.currentThread().
+        getContextClassLoader()
+        .getResourceAsStream("log4j-kmsaudit.properties"));
+    this.kmsAudit = new KMSAudit(1000);
+  }
+
+  @After
+  public void cleanUp() {
+    System.setErr(originalOut);
+    LogManager.resetConfiguration();
+    kmsAudit.shutdown();
+  }
+
+  private String getAndResetLogOutput() {
+    capturedOut.flush();
+    String logOutput = new String(memOut.toByteArray());
+    memOut = new ByteArrayOutputStream();
+    filterOut.setOutputStream(memOut);
+    return logOutput;
+  }
+
+  @Test
+  public void testAggregation() throws Exception {
+    UserGroupInformation luser = Mockito.mock(UserGroupInformation.class);
+    Mockito.when(luser.getShortUserName()).thenReturn("luser");
+    kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg");
+    kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg");
+    kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg");
+    kmsAudit.ok(luser, KMSOp.DELETE_KEY, "k1", "testmsg");
+    kmsAudit.ok(luser, KMSOp.ROLL_NEW_VERSION, "k1", "testmsg");
+    kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg");
+    kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg");
+    kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg");
+    Thread.sleep(1500);
+    kmsAudit.ok(luser, KMSOp.DECRYPT_EEK, "k1", "testmsg");
+    Thread.sleep(1500);
+    String out = getAndResetLogOutput();
+    System.out.println(out);
+    Assert.assertTrue(
+        out.matches(
+            "OK\\[op=DECRYPT_EEK, key=k1, user=luser, accessCount=1, interval=[^m]{1,4}ms\\]
testmsg"
+            // Not aggregated !!
+            + "OK\\[op=DELETE_KEY, key=k1, user=luser\\] testmsg"
+            + "OK\\[op=ROLL_NEW_VERSION, key=k1, user=luser\\] testmsg"
+            // Aggregated
+            + "OK\\[op=DECRYPT_EEK, key=k1, user=luser, accessCount=6, interval=[^m]{1,4}ms\\]
testmsg"
+            + "OK\\[op=DECRYPT_EEK, key=k1, user=luser, accessCount=1, interval=[^m]{1,4}ms\\]
testmsg"));
+  }
+
+  @Test
+  public void testAggregationUnauth() throws Exception {
+    UserGroupInformation luser = Mockito.mock(UserGroupInformation.class);
+    Mockito.when(luser.getShortUserName()).thenReturn("luser");
+    kmsAudit.unauthorized(luser, KMSOp.GENERATE_EEK, "k2");
+    Thread.sleep(1000);
+    kmsAudit.ok(luser, KMSOp.GENERATE_EEK, "k3", "testmsg");
+    kmsAudit.ok(luser, KMSOp.GENERATE_EEK, "k3", "testmsg");
+    kmsAudit.ok(luser, KMSOp.GENERATE_EEK, "k3", "testmsg");
+    kmsAudit.ok(luser, KMSOp.GENERATE_EEK, "k3", "testmsg");
+    kmsAudit.ok(luser, KMSOp.GENERATE_EEK, "k3", "testmsg");
+    kmsAudit.unauthorized(luser, KMSOp.GENERATE_EEK, "k3");
+    kmsAudit.ok(luser, KMSOp.GENERATE_EEK, "k3", "testmsg");
+    Thread.sleep(2000);
+    String out = getAndResetLogOutput();
+    System.out.println(out);
+    Assert.assertTrue(
+        out.matches(
+            "UNAUTHORIZED\\[op=GENERATE_EEK, key=k2, user=luser\\] "
+            + "OK\\[op=GENERATE_EEK, key=k3, user=luser, accessCount=1, interval=[^m]{1,4}ms\\]
testmsg"
+            + "OK\\[op=GENERATE_EEK, key=k3, user=luser, accessCount=5, interval=[^m]{1,4}ms\\]
testmsg"
+            + "UNAUTHORIZED\\[op=GENERATE_EEK, key=k3, user=luser\\] "
+            + "OK\\[op=GENERATE_EEK, key=k3, user=luser, accessCount=1, interval=[^m]{1,4}ms\\]
testmsg"));
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bb0bdced/kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKeyAuthorizationKeyProvider.java
----------------------------------------------------------------------
diff --git a/kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKeyAuthorizationKeyProvider.java
b/kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKeyAuthorizationKeyProvider.java
new file mode 100644
index 0000000..1db3d70
--- /dev/null
+++ b/kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKeyAuthorizationKeyProvider.java
@@ -0,0 +1,271 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.crypto.key.kms.server;
+
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import java.io.IOException;
+import java.net.URI;
+import java.security.PrivilegedExceptionAction;
+import java.security.SecureRandom;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.crypto.key.KeyProvider;
+import org.apache.hadoop.crypto.key.KeyProvider.KeyVersion;
+import org.apache.hadoop.crypto.key.KeyProvider.Options;
+import org.apache.hadoop.crypto.key.KeyProviderCryptoExtension;
+import org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion;
+import org.apache.hadoop.crypto.key.UserProvider;
+import org.apache.hadoop.crypto.key.kms.server.KeyAuthorizationKeyProvider.KeyACLs;
+import org.apache.hadoop.crypto.key.kms.server.KeyAuthorizationKeyProvider.KeyOpType;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.junit.Assert;
+import org.junit.Test;
+
+public class TestKeyAuthorizationKeyProvider {
+
+  private static final String CIPHER = "AES";
+
+  @Test
+  public void testCreateKey() throws Exception {
+    final Configuration conf = new Configuration();
+    KeyProvider kp = 
+        new UserProvider.Factory().createProvider(new URI("user:///"), conf);
+    KeyACLs mock = mock(KeyACLs.class);
+    when(mock.isACLPresent("foo", KeyOpType.MANAGEMENT)).thenReturn(true);
+    UserGroupInformation u1 = UserGroupInformation.createRemoteUser("u1");
+    when(mock.hasAccessToKey("foo", u1, KeyOpType.MANAGEMENT)).thenReturn(true);
+    final KeyProviderCryptoExtension kpExt =
+        new KeyAuthorizationKeyProvider(
+            KeyProviderCryptoExtension.createKeyProviderCryptoExtension(kp),
+            mock);
+
+    u1.doAs(
+        new PrivilegedExceptionAction<Void>() {
+          @Override
+          public Void run() throws Exception {
+            try {
+              kpExt.createKey("foo", SecureRandom.getSeed(16),
+                  newOptions(conf));
+            } catch (IOException ioe) {
+              Assert.fail("User should be Authorized !!");
+            }
+
+            // "bar" key not configured
+            try {
+              kpExt.createKey("bar", SecureRandom.getSeed(16),
+                  newOptions(conf));
+              Assert.fail("User should NOT be Authorized !!");
+            } catch (IOException ioe) {
+              // Ignore
+            }
+            return null;
+          }
+        }
+        );
+
+    // Unauthorized User
+    UserGroupInformation.createRemoteUser("badGuy").doAs(
+        new PrivilegedExceptionAction<Void>() {
+          @Override
+          public Void run() throws Exception {
+            try {
+              kpExt.createKey("foo", SecureRandom.getSeed(16),
+                  newOptions(conf));
+              Assert.fail("User should NOT be Authorized !!");
+            } catch (IOException ioe) {
+              // Ignore
+            }
+            return null;
+          }
+        }
+        );
+  }
+
+  @Test
+  public void testOpsWhenACLAttributeExists() throws Exception {
+    final Configuration conf = new Configuration();
+    KeyProvider kp = 
+        new UserProvider.Factory().createProvider(new URI("user:///"), conf);
+    KeyACLs mock = mock(KeyACLs.class);
+    when(mock.isACLPresent("testKey", KeyOpType.MANAGEMENT)).thenReturn(true);
+    when(mock.isACLPresent("testKey", KeyOpType.GENERATE_EEK)).thenReturn(true);
+    when(mock.isACLPresent("testKey", KeyOpType.DECRYPT_EEK)).thenReturn(true);
+    when(mock.isACLPresent("testKey", KeyOpType.ALL)).thenReturn(true);
+    UserGroupInformation u1 = UserGroupInformation.createRemoteUser("u1");
+    UserGroupInformation u2 = UserGroupInformation.createRemoteUser("u2");
+    UserGroupInformation u3 = UserGroupInformation.createRemoteUser("u3");
+    UserGroupInformation sudo = UserGroupInformation.createRemoteUser("sudo");
+    when(mock.hasAccessToKey("testKey", u1, KeyOpType.MANAGEMENT)).thenReturn(true);
+    when(mock.hasAccessToKey("testKey", u2, KeyOpType.GENERATE_EEK)).thenReturn(true);
+    when(mock.hasAccessToKey("testKey", u3, KeyOpType.DECRYPT_EEK)).thenReturn(true);
+    when(mock.hasAccessToKey("testKey", sudo, KeyOpType.ALL)).thenReturn(true);
+    final KeyProviderCryptoExtension kpExt =
+        new KeyAuthorizationKeyProvider(
+            KeyProviderCryptoExtension.createKeyProviderCryptoExtension(kp),
+            mock);
+
+    final KeyVersion barKv = u1.doAs(
+        new PrivilegedExceptionAction<KeyVersion>() {
+          @Override
+          public KeyVersion run() throws Exception {
+            Options opt = newOptions(conf);
+            Map<String, String> m = new HashMap<String, String>();
+            m.put("key.acl.name", "testKey");
+            opt.setAttributes(m);
+            try {
+              KeyVersion kv = 
+                  kpExt.createKey("foo", SecureRandom.getSeed(16), opt);
+              kpExt.rollNewVersion(kv.getName());
+              kpExt.rollNewVersion(kv.getName(), SecureRandom.getSeed(16));
+              kpExt.deleteKey(kv.getName());
+            } catch (IOException ioe) {
+              Assert.fail("User should be Authorized !!");
+            }
+
+            KeyVersion retkv = null;
+            try {
+              retkv = kpExt.createKey("bar", SecureRandom.getSeed(16), opt);
+              kpExt.generateEncryptedKey(retkv.getName());
+              Assert.fail("User should NOT be Authorized to generate EEK !!");
+            } catch (IOException ioe) {
+            }
+            Assert.assertNotNull(retkv);
+            return retkv;
+          }
+        }
+        );
+
+    final EncryptedKeyVersion barEKv =
+        u2.doAs(
+            new PrivilegedExceptionAction<EncryptedKeyVersion>() {
+              @Override
+              public EncryptedKeyVersion run() throws Exception {
+                try {
+                  kpExt.deleteKey(barKv.getName());
+                  Assert.fail("User should NOT be Authorized to "
+                      + "perform any other operation !!");
+                } catch (IOException ioe) {
+                }
+                return kpExt.generateEncryptedKey(barKv.getName());
+              }
+            });
+
+    u3.doAs(
+        new PrivilegedExceptionAction<KeyVersion>() {
+          @Override
+          public KeyVersion run() throws Exception {
+            try {
+              kpExt.deleteKey(barKv.getName());
+              Assert.fail("User should NOT be Authorized to "
+                  + "perform any other operation !!");
+            } catch (IOException ioe) {
+            }
+            return kpExt.decryptEncryptedKey(barEKv);
+          }
+        });
+
+    sudo.doAs(
+        new PrivilegedExceptionAction<Void>() {
+          @Override
+          public Void run() throws Exception {
+            Options opt = newOptions(conf);
+            Map<String, String> m = new HashMap<String, String>();
+            m.put("key.acl.name", "testKey");
+            opt.setAttributes(m);
+            try {
+              KeyVersion kv = 
+                  kpExt.createKey("foo", SecureRandom.getSeed(16), opt);
+              kpExt.rollNewVersion(kv.getName());
+              kpExt.rollNewVersion(kv.getName(), SecureRandom.getSeed(16));
+              EncryptedKeyVersion ekv = kpExt.generateEncryptedKey(kv.getName());
+              kpExt.decryptEncryptedKey(ekv);
+              kpExt.deleteKey(kv.getName());
+            } catch (IOException ioe) {
+              Assert.fail("User should be Allowed to do everything !!");
+            }
+            return null;
+          }
+        }
+        );
+  }
+
+  private static KeyProvider.Options newOptions(Configuration conf) {
+    KeyProvider.Options options = new KeyProvider.Options(conf);
+    options.setCipher(CIPHER);
+    options.setBitLength(128);
+    return options;
+  }
+
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testDecryptWithKeyVersionNameKeyMismatch() throws Exception {
+    final Configuration conf = new Configuration();
+    KeyProvider kp =
+        new UserProvider.Factory().createProvider(new URI("user:///"), conf);
+    KeyACLs mock = mock(KeyACLs.class);
+    when(mock.isACLPresent("testKey", KeyOpType.MANAGEMENT)).thenReturn(true);
+    when(mock.isACLPresent("testKey", KeyOpType.GENERATE_EEK)).thenReturn(true);
+    when(mock.isACLPresent("testKey", KeyOpType.DECRYPT_EEK)).thenReturn(true);
+    when(mock.isACLPresent("testKey", KeyOpType.ALL)).thenReturn(true);
+    UserGroupInformation u1 = UserGroupInformation.createRemoteUser("u1");
+    UserGroupInformation u2 = UserGroupInformation.createRemoteUser("u2");
+    UserGroupInformation u3 = UserGroupInformation.createRemoteUser("u3");
+    UserGroupInformation sudo = UserGroupInformation.createRemoteUser("sudo");
+    when(mock.hasAccessToKey("testKey", u1,
+        KeyOpType.MANAGEMENT)).thenReturn(true);
+    when(mock.hasAccessToKey("testKey", u2,
+        KeyOpType.GENERATE_EEK)).thenReturn(true);
+    when(mock.hasAccessToKey("testKey", u3,
+        KeyOpType.DECRYPT_EEK)).thenReturn(true);
+    when(mock.hasAccessToKey("testKey", sudo,
+        KeyOpType.ALL)).thenReturn(true);
+    final KeyProviderCryptoExtension kpExt =
+        new KeyAuthorizationKeyProvider(
+            KeyProviderCryptoExtension.createKeyProviderCryptoExtension(kp),
+            mock);
+
+    sudo.doAs(
+        new PrivilegedExceptionAction<Void>() {
+          @Override
+          public Void run() throws Exception {
+            Options opt = newOptions(conf);
+            Map<String, String> m = new HashMap<String, String>();
+            m.put("key.acl.name", "testKey");
+            opt.setAttributes(m);
+            KeyVersion kv =
+                kpExt.createKey("foo", SecureRandom.getSeed(16), opt);
+            kpExt.rollNewVersion(kv.getName());
+            kpExt.rollNewVersion(kv.getName(), SecureRandom.getSeed(16));
+            EncryptedKeyVersion ekv = kpExt.generateEncryptedKey(kv.getName());
+            ekv = EncryptedKeyVersion.createForDecryption(
+                ekv.getEncryptionKeyName() + "x",
+                ekv.getEncryptionKeyVersionName(),
+                ekv.getEncryptedKeyIv(),
+                ekv.getEncryptedKeyVersion().getMaterial());
+            kpExt.decryptEncryptedKey(ekv);
+            return null;
+          }
+        }
+    );
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bb0bdced/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 94e0e3c..0f9ccfb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -175,6 +175,28 @@
 		<powermock.version>1.5.6</powermock.version>
 		<aspectj.version>1.8.2</aspectj.version>
 		<findbugs.plugin.version>3.0.0</findbugs.plugin.version>
+		<hadoop.minikdc.version>2.3.0</hadoop.minikdc.version>
+		<jersey-server.version>1.9</jersey-server.version> 		
+		<asm.all.version>3.2</asm.all.version>
+		<mortbay.jetty.version>6.1.26</mortbay.jetty.version>
+		<metrics.core.version>3.0.2</metrics.core.version>
+	      	<curator.test.version>2.7.0</curator.test.version>
+		<servlet.api.version>2.5</servlet.api.version>
+		<httpcomponents.httpclient.version>4.2.5</httpcomponents.httpclient.version>
+		<xz.version>1.0</xz.version>
+		<xmlenc.version>0.52</xmlenc.version>
+		<snappy-java.version>1.0.4.1</snappy-java.version>
+		<protobuf-java.version>2.5.0</protobuf-java.version>
+		<paranamer.version>2.3</paranamer.version>
+		<netty.version>3.6.2.Final</netty.version>
+		<jsr305.version>1.3.9</jsr305.version>
+		<jsch.version>0.1.42</jsch.version>
+		<jline.version>0.9.94</jline.version>
+		<jettison.version>1.1</jettison.version>
+		<jaxb-impl.version>2.2.3-1</jaxb-impl.version>
+		<jaxb-api.version>2.2.2</jaxb-api.version>
+		<jackson.version>1.9.13</jackson.version>
+		<sun-jersey-bundle.version>1.19</sun-jersey-bundle.version>
 		<distMgmtStagingId>apache.staging.https</distMgmtStagingId>
     	<distMgmtStagingName>Apache Release Distribution Repository</distMgmtStagingName>
     	<distMgmtStagingUrl>https://repository.apache.org/service/local/staging/deploy/maven2</distMgmtStagingUrl>

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bb0bdced/src/main/assembly/kms.xml
----------------------------------------------------------------------
diff --git a/src/main/assembly/kms.xml b/src/main/assembly/kms.xml
index 80f907c..0cd4673 100644
--- a/src/main/assembly/kms.xml
+++ b/src/main/assembly/kms.xml
@@ -23,27 +23,84 @@
   </formats>
   <baseDirectory>${project.name}-${project.version}-kms</baseDirectory>
   <includeBaseDirectory>true</includeBaseDirectory>
-  <moduleSets>
-
-    <moduleSet>
+  
+   <moduleSets>
+      <moduleSet>
      <binaries>
         <includeDependencies>false</includeDependencies>
         <unpack>false</unpack>
         <outputDirectory>/ews/webapp/lib</outputDirectory>
         <dependencySets>
             <dependencySet>
-                <outputDirectory>/ews/webapp/root</outputDirectory>
-                <unpack>false</unpack>
-                <includes>
-                    <include>org.apache.hadoop:hadoop-kms:war:2.6.0</include>
-                </includes>
-            </dependencySet>
-            <dependencySet>
                 <outputDirectory>/ews/webapp/lib</outputDirectory>
                 <unpack>false</unpack>
                 <includes>
                     <include>org.apache.hadoop:hadoop-common:jar:${hadoop-common.version}</include>
-                </includes>
+                    <include>org.apache.hadoop:hadoop-auth:jar:${hadoop-auth.version}</include>
+                    <include>org.eclipse.persistence:eclipselink</include>
+                    <include>org.eclipse.persistence:javax.persistence</include>
+                    <include>com.googlecode.log4jdbc:log4jdbc</include>
+                    <include>log4j:log4j</include>
+                    <include>org.slf4j:slf4j-api</include>
+                    <include>org.slf4j:slf4j-log4j12</include>
+                    <include>com.codahale.metrics:metrics-core</include>
+                    <include>org.slf4j:jul-to-slf4j</include>
+                    <include>commons-logging:commons-logging</include>
+                    <include>com.google.guava:guava</include>
+                    <include>com.sun.jersey:jersey-core</include>
+                    <include>com.sun.jersey:jersey-server</include>
+                    <include>javax.servlet:servlet-api</include>
+                    <include>org.mortbay.jetty:jetty</include>
+                    <include>org.mortbay.jetty:jetty-util</include>
+                    <include>commons-collections:commons-collections</include>
+                    <include>commons-lang:commons-lang</include>
+                    <include>org.apache.zookeeper:zookeeper</include>
+                    <include>org.apache.curator:curator-framework</include> 
                  
+                    <include>org.apache.curator:curator-client</include>
+                    <include>org.apache.curator:curator-test</include>
+                    <include>asm:asm-all</include>
+		            <include>com.sun.jersey:jersey-bundle</include>
+		            <include>org.apache.httpcomponents:httpclient</include>
+		   			<include>javax.activation:activation</include>	
+					<include>org.apache.directory.server:apacheds-i18n</include>
+					<include>org.apache.directory.server:apacheds-kerberos-codec</include>
+					<include>org.apache.directory.api:api-asn1-api</include>
+					<include>org.apache.directory.api:api-i18n</include>
+					<include>org.apache.directory.api:api-util</include>
+					<include>org.apache.avro:avro</include>	
+					<include>commons-beanutils:commons-beanutils</include>
+					<include>commons-beanutils:commons-beanutils-core</include>
+					<include>commons-cli:commons-cli</include>
+					<include>commons-codec:commons-codec</include>
+					<include>org.apache.commons:commons-compress</include>
+					<include>commons-configuration:commons-configuration</include>
+					<include>commons-digester:commons-digester</include>
+					<include>commons-io:commons-io</include>
+					<include>org.apache.commons:commons-math3</include>
+					<include>commons-net:commons-net</include>
+					<include>org.apache.curator:curator-recipes</include>
+					<include>com.google.code.gson:gson</include>
+					<include>org.apache.hadoop:hadoop-annotations</include>
+    				<include>org.htrace:htrace-core</include>
+					<include>org.apache.httpcomponents:httpcore</include>
+					<include>org.codehaus.jackson:jackson-core-asl</include>
+					<include>org.codehaus.jackson:jackson-jaxrs</include>
+					<include>org.codehaus.jackson:jackson-mapper-asl</include>
+					<include>org.codehaus.jackson:jackson-xc</include>
+					<include>javax.xml.bind:jaxb-api</include>
+					<include>com.sun.xml.bind:jaxb-impl</include>
+					<include>com.sun.jersey:jersey-json</include>
+		  			<include>org.codehaus.jettison:jettison</include>
+					<include>jline:jline</include>
+					<include>com.jcraft:jsch</include>
+					<include>com.google.code.findbugs:jsr305</include>
+					<include>io.netty:netty</include>
+					<include>com.thoughtworks.paranamer:paranamer</include>
+					<include>com.google.protobuf:protobuf-java</include>
+					<include>org.xerial.snappy:snappy-java</include>
+					<include>xmlenc:xmlenc</include>
+					<include>org.tukaani:xz</include>
+	            </includes>
             </dependencySet>
         </dependencySets>
      </binaries>
@@ -51,6 +108,17 @@
 		<include>org.apache.ranger:ranger-kms</include>
      </includes>
     </moduleSet>
+    
+    <moduleSet>
+     <binaries>
+        <includeDependencies>false</includeDependencies>
+        <unpack>true</unpack>
+        <outputDirectory>/ews/webapp</outputDirectory>
+     </binaries>
+     <includes>
+		<include>org.apache.ranger:ranger-kms</include>
+     </includes>
+    </moduleSet>
 
     <moduleSet>
      <binaries>
@@ -75,37 +143,68 @@
      </includes>
     </moduleSet>
 
+	<moduleSet>
+     <binaries>
+        <includeDependencies>false</includeDependencies>
+        <outputDirectory>/jisql/lib</outputDirectory>
+        <unpack>false</unpack>
+        <directoryMode>755</directoryMode>
+        <fileMode>644</fileMode>
+        <dependencySets>
+            <dependencySet>
+                <outputDirectory>/jisql/lib</outputDirectory>
+                <unpack>false</unpack>
+				<includes>
+                    <include>net.sourceforge.javacsv:javacsv</include>
+                    <include>net.sf.jopt-simple:jopt-simple</include>
+				</includes>
+            </dependencySet>
+        </dependencySets>
+     </binaries>
+     <includes>
+	    <include>org.apache.ranger:jisql</include>
+     </includes>
+    </moduleSet>
   </moduleSets>
-
+  
   <fileSets>
-
-  	<fileSet>
-		<outputDirectory>/ews/webapp/config</outputDirectory>
-		<directoryMode>755</directoryMode>
-		<directory>kms/config/kms-webapp</directory>
-		<fileMode>400</fileMode>
-  	</fileSet>
-	
-  	<fileSet>
-		<outputDirectory>/ews/conf</outputDirectory>
+	<fileSet>
+		<outputDirectory>/ews/webapp/WEB-INF/classes/conf.dist</outputDirectory>
+		<directory>embeddedwebserver/conf</directory>
+		<fileMode>700</fileMode>
+	</fileSet>
+	<fileSet>
+		<outputDirectory>/scripts/db/mysql</outputDirectory>
 		<directoryMode>755</directoryMode>
-		<directory>kms/config/webserver</directory>
-		<fileMode>400</fileMode>
-  	</fileSet>
-
-  	<fileSet>
+		<directory>kms/scripts/db/mysql</directory>
+		<includes>
+			<include>*</include>
+		</includes>
+		<fileMode>544</fileMode>
+	</fileSet>
+	<fileSet>
 		<outputDirectory>/scripts</outputDirectory>
-		<directoryMode>755</directoryMode>
 		<directory>kms/scripts</directory>
 		<includes>
-			<include>ranger-*</include>
+			<include>db_setup.py</include>
+			<include>ranger-kms</include>
+			<include>ranger-kms-services.sh</include>
+			<include>setup.sh</include>
+			<include>migrate-keystore-dbks.sh</include>
 		</includes>
 		<fileMode>544</fileMode>
+	</fileSet>
+	<fileSet>
+		<outputDirectory>/ews/webapp/config</outputDirectory>
+		<directoryMode>0500</directoryMode>
+		<directory>kms/config/kms-webapp</directory>
+		<fileMode>0400</fileMode>
+  	</fileSet>	
+  	<fileSet>
+		<outputDirectory>/ews/conf</outputDirectory>
+		<directoryMode>0500</directoryMode>
+		<directory>kms/config/webserver</directory>
+		<fileMode>0400</fileMode>
   	</fileSet>
-
-
   </fileSets>
-
-
-
 </assembly>


Mime
View raw message