ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sneet...@apache.org
Subject [4/4] incubator-ranger git commit: RANGER-431: modified to work with a consolidated configuration file
Date Wed, 29 Apr 2015 04:36:44 GMT
RANGER-431: modified to work with a consolidated configuration file


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/91d1e137
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/91d1e137
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/91d1e137

Branch: refs/heads/master
Commit: 91d1e137483a1c3739cf395f710ca5d37b20019d
Parents: 11bb55b
Author: sneethiraj <sneethir@apache.org>
Authored: Tue Apr 28 23:38:53 2015 -0400
Committer: sneethiraj <sneethir@apache.org>
Committed: Tue Apr 28 23:38:53 2015 -0400

----------------------------------------------------------------------
 .../conf/ranger_webserver.properties            |  44 -----
 security-admin/scripts/setup.sh                 |  16 --
 .../apache/ranger/common/RangerProperties.java  | 160 +++++++++++++++++++
 .../conf.dist/ranger-admin-default-site.xml     |   2 +-
 .../META-INF/contextXML/unix_bean_settings.xml  |  10 +-
 .../unixauth-config/unixauth.properties         |  25 ---
 src/main/assembly/admin-web.xml                 |   2 +-
 .../config/UserGroupSyncConfig.java             |   4 +
 .../unix/jaas/RemoteUnixLoginModule.java        |  15 +-
 unixauthservice/scripts/install.properties      |  15 +-
 unixauthservice/scripts/setup.py                |  16 +-
 .../UnixAuthenticationService.java              | 150 ++++++++++-------
 12 files changed, 295 insertions(+), 164 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/91d1e137/embeddedwebserver/conf/ranger_webserver.properties
----------------------------------------------------------------------
diff --git a/embeddedwebserver/conf/ranger_webserver.properties b/embeddedwebserver/conf/ranger_webserver.properties
deleted file mode 100644
index ca98dee..0000000
--- a/embeddedwebserver/conf/ranger_webserver.properties
+++ /dev/null
@@ -1,44 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements.  See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License.  You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#
-# Service Information
-#
-service.host=localhost
-http.service.port=6080
-service.shutdownPort=6085
-service.shutdownCommand=SHUTDOWN
-
-# Set ajp.enabled=true, if rnager-admin is behind an apache loadbalancer 
-# and loadbalacner is listening on https for requuests from clients
-# and  BalancerMember configuration in Apache is pointing to ajp protocol
-ajp.enabled=false
-
-#
-# SSL Connector Information
-# 
-https.service.port=6182
-https.attrib.SSLEnabled=false 
-https.attrib.sslProtocol=TLS
-https.attrib.clientAuth=false
-https.attrib.keyAlias=myKey
-https.attrib.keystorePass=xasecure
-https.attrib.keystoreFile=/etc/ranger/admin/keys/server.jks
-
-#
-# Access Log Information
-#
-accesslog.dateformat=yyyy-MM-dd
-accesslog.pattern=%h %l %u %t "%r" %s %b "%{Referer}i" "%{User-Agent}i"

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/91d1e137/security-admin/scripts/setup.sh
----------------------------------------------------------------------
diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh
index 3868ea2..14378cb 100755
--- a/security-admin/scripts/setup.sh
+++ b/security-admin/scripts/setup.sh
@@ -1163,10 +1163,6 @@ create_audit_db_user(){
 
 do_unixauth_setup() {
 
-	RANGER_JAAS_CONF_DIR="${INSTALL_DIR}/ews/webapp/WEB-INF/classes/conf/ranger_jaas"
-
-	cp ./unixauth-config/*  ${RANGER_JAAS_CONF_DIR}
-
     ldap_file=$app_home/WEB-INF/classes/conf/ranger-admin-site.xml
     if test -f $ldap_file; then
 	log "[I] $ldap_file file found"
@@ -1184,11 +1180,6 @@ do_unixauth_setup() {
 	else
 		log "[E] $ldap_file does not exists" ; exit 1;
 	fi
-
-	owner=ranger
-	group=ranger
-	chown -R ${owner}:${group} ${RANGER_JAAS_CONF_DIR}
-	chmod -R go-rwx ${RANGER_JAAS_CONF_DIR}
 }
 
 do_authentication_setup(){
@@ -1301,13 +1292,6 @@ setup_install_files(){
 		chown -R ${unix_user} ${WEBAPP_ROOT}/WEB-INF/classes/conf
 	fi
 
-	if [ ! -d ${WEBAPP_ROOT}/WEB-INF/classes/conf/ranger_jaas ]; then
-	    log "[I] Creating ${WEBAPP_ROOT}/WEB-INF/classes/conf/ranger_jaas"
-	    mkdir -p ${WEBAPP_ROOT}/WEB-INF/classes/conf/ranger_jaas
-		chown -R ${unix_user} ${WEBAPP_ROOT}/WEB-INF/classes/conf/ranger_jaas
-		chmod 700 ${WEBAPP_ROOT}/WEB-INF/classes/conf/ranger_jaas
-	fi
-
 	if [ ! -d ${WEBAPP_ROOT}/WEB-INF/classes/lib ]; then
 	    log "[I] Creating ${WEBAPP_ROOT}/WEB-INF/classes/lib"
 	    mkdir -p ${WEBAPP_ROOT}/WEB-INF/classes/lib

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/91d1e137/security-admin/src/main/java/org/apache/ranger/common/RangerProperties.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerProperties.java b/security-admin/src/main/java/org/apache/ranger/common/RangerProperties.java
new file mode 100644
index 0000000..72fde46
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/common/RangerProperties.java
@@ -0,0 +1,160 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.common;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.HashMap;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.apache.log4j.Logger;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+public class RangerProperties extends  HashMap<String,String>  {
+	
+	private static final long serialVersionUID = -4094378755892810987L;
+
+	private final Logger LOG = Logger.getLogger(RangerProperties.class) ;
+
+	private final String XMLCONFIG_FILENAME_DELIMITOR = ",";
+	private final String XMLCONFIG_PROPERTY_TAGNAME = "property" ;
+	private final String XMLCONFIG_NAME_TAGNAME = "name" ;
+	private final String XMLCONFIG_VALUE_TAGNAME = "value" ;
+
+	private String xmlConfigFileNames = null;
+
+	public RangerProperties(String xmlConfigFileNames) {
+		this.xmlConfigFileNames = xmlConfigFileNames;
+		initProperties();
+	}
+
+	private void initProperties() {
+		
+		if (xmlConfigFileNames == null || xmlConfigFileNames.isEmpty())
+			return;
+
+		String[] fnList = xmlConfigFileNames
+				.split(XMLCONFIG_FILENAME_DELIMITOR);
+
+		for (String fn : fnList) {
+			try {
+				loadXMLConfig(fn) ;
+			}
+			catch(IOException ioe) {
+				LOG.error("Unable to load configuration from file: [" + fn + "]", ioe);
+			}
+		}
+
+	}
+
+	private void loadXMLConfig(String fileName) throws IOException {
+
+		try {
+			InputStream in = getFileInputStream(fileName);
+
+			if (in == null) {
+				return;
+			}
+
+			DocumentBuilderFactory xmlDocumentBuilderFactory = DocumentBuilderFactory
+					.newInstance();
+			xmlDocumentBuilderFactory.setIgnoringComments(true);
+			xmlDocumentBuilderFactory.setNamespaceAware(true);
+			DocumentBuilder xmlDocumentBuilder = xmlDocumentBuilderFactory
+					.newDocumentBuilder();
+			Document xmlDocument = xmlDocumentBuilder.parse(in);
+			xmlDocument.getDocumentElement().normalize();
+
+			NodeList nList = xmlDocument.getElementsByTagName(XMLCONFIG_PROPERTY_TAGNAME);
+
+			for (int temp = 0; temp < nList.getLength(); temp++) {
+
+				Node nNode = nList.item(temp);
+
+				if (nNode.getNodeType() == Node.ELEMENT_NODE) {
+
+					Element eElement = (Element) nNode;
+
+					String propertyName = "";
+					String propertyValue = "";
+					
+					if (eElement.getElementsByTagName(XMLCONFIG_NAME_TAGNAME).item(0) != null) {
+						propertyName = eElement.getElementsByTagName(XMLCONFIG_NAME_TAGNAME).item(0).getTextContent().trim();
+					}
+					
+					if (eElement.getElementsByTagName(XMLCONFIG_VALUE_TAGNAME).item(0) != null) {
+						propertyValue = eElement.getElementsByTagName(XMLCONFIG_VALUE_TAGNAME).item(0).getTextContent().trim();
+					}
+					
+					if (get(propertyName) != null) 
+						remove(propertyName) ;
+					
+					if (propertyValue != null)
+						put(propertyName, propertyValue);
+					
+				}
+			}
+		} catch (Throwable t) {
+			throw new IOException(t);
+		}
+	}
+
+	private InputStream getFileInputStream(String path)
+			throws FileNotFoundException {
+
+		InputStream ret = null;
+
+		File f = new File(path);
+
+		if (f.exists()) {
+			ret = new FileInputStream(f);
+		} else {
+			ret = getClass().getResourceAsStream(path);
+
+			if (ret == null) {
+				if (!path.startsWith("/")) {
+					ret = getClass().getResourceAsStream("/" + path);
+				}
+			}
+
+			if (ret == null) {
+				ret = ClassLoader.getSystemClassLoader().getResourceAsStream(
+						path);
+				if (ret == null) {
+					if (!path.startsWith("/")) {
+						ret = ClassLoader.getSystemResourceAsStream("/" + path);
+					}
+				}
+			}
+		}
+
+		return ret;
+	}
+	
+	
+}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/91d1e137/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml b/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
index 1cc2866..7587076 100644
--- a/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
+++ b/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
@@ -225,7 +225,7 @@
 	</property>
 	<property>
 		<name>ranger.unixauth.service.hostname</name>
-		<value>bigdata.xasecure.net</value>
+		<value>localhost</value>
 	</property>
 	<property>
 		<name>ranger.unixauth.service.port</name>

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/91d1e137/security-admin/src/main/webapp/META-INF/contextXML/unix_bean_settings.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/META-INF/contextXML/unix_bean_settings.xml b/security-admin/src/main/webapp/META-INF/contextXML/unix_bean_settings.xml
index 0885aff..1aab7ba 100644
--- a/security-admin/src/main/webapp/META-INF/contextXML/unix_bean_settings.xml
+++ b/security-admin/src/main/webapp/META-INF/contextXML/unix_bean_settings.xml
@@ -14,6 +14,10 @@
   See the License for the specific language governing permissions and
   limitations under the License.
 -->
+<beans:bean id="rangerConfiguration"  class="org.apache.ranger.common.RangerProperties">
+    <beans:constructor-arg value="ranger-admin-default-site.xml,ranger-admin-site.xml"
/>
+</beans:bean>
+
 <beans:bean id="jaasAuthProvider" class="org.springframework.security.authentication.jaas.DefaultJaasAuthenticationProvider">
 		<beans:property name="configuration">
 			<beans:bean
@@ -28,11 +32,7 @@
 									<beans:constructor-arg>
 										<util:constant static-field="javax.security.auth.login.AppConfigurationEntry$LoginModuleControlFlag.REQUIRED"
/>
 									</beans:constructor-arg>
-									<beans:constructor-arg>
-										<beans:map>
-											<beans:entry key="configFile" value="unixauth.properties" />
-										</beans:map>
-									</beans:constructor-arg>
+									<beans:constructor-arg ref="rangerConfiguration" />
 								</beans:bean>
 							</beans:array>
 						</beans:entry>

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/91d1e137/security-admin/unixauth-config/unixauth.properties
----------------------------------------------------------------------
diff --git a/security-admin/unixauth-config/unixauth.properties b/security-admin/unixauth-config/unixauth.properties
deleted file mode 100644
index 7047e58..0000000
--- a/security-admin/unixauth-config/unixauth.properties
+++ /dev/null
@@ -1,25 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements.  See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License.  You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-remoteLoginEnabled=true
-authServiceHostName=bigdata.xasecure.net
-authServicePort=5151
-#keyStore=keystore.jks
-#keyStorePassword=password
-#trustStore=cacerts
-#trustStorePassword=changeit
-sslEnabled=true
-debug=false
-serverCertValidation=false

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/91d1e137/src/main/assembly/admin-web.xml
----------------------------------------------------------------------
diff --git a/src/main/assembly/admin-web.xml b/src/main/assembly/admin-web.xml
index 3fd1f53..5886679 100644
--- a/src/main/assembly/admin-web.xml
+++ b/src/main/assembly/admin-web.xml
@@ -284,12 +284,12 @@
 		<outputDirectory>/ews/lib</outputDirectory>
 		<directory>embeddedwebserver/lib</directory>
 	</fileSet>
--->
 	<fileSet>
 		<outputDirectory>/unixauth-config</outputDirectory>
 		<directory>security-admin/unixauth-config</directory>
 		<fileMode>544</fileMode>
 	</fileSet>
+-->
 
 	<fileSet>
 		<outputDirectory>/db</outputDirectory>

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/91d1e137/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
----------------------------------------------------------------------
diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
index dcfa515..e079939 100644
--- a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
+++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
@@ -232,6 +232,10 @@ public class UserGroupSyncConfig  {
 										.item(0).getTextContent().trim();
 							}
 
+							if (prop.get(propertyName) != null) {
+								prop.remove(propertyName) ;
+							}
+							
 							prop.put(propertyName, propertyValue);
 
 						}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/91d1e137/unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/RemoteUnixLoginModule.java
----------------------------------------------------------------------
diff --git a/unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/RemoteUnixLoginModule.java
b/unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/RemoteUnixLoginModule.java
index ece0a81..0dd549a 100644
--- a/unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/RemoteUnixLoginModule.java
+++ b/unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/RemoteUnixLoginModule.java
@@ -80,7 +80,7 @@ public class RemoteUnixLoginModule implements LoginModule {
 	private char[] password;
 	private Subject subject;
 	private CallbackHandler callbackHandler;
-	private boolean debug = false;
+	private boolean debug = true ;
 
 	private String remoteHostName;
 	private int remoteHostAuthServicePort;
@@ -142,6 +142,7 @@ public class RemoteUnixLoginModule implements LoginModule {
 			this.callbackHandler = new ConsolePromptCallbackHandler();
 		}
 
+		/*
 		Properties config = null ;
 
 		String val = (String) options.get(REMOTE_UNIX_AUTHENICATION_CONFIG_FILE_PARAM);
@@ -219,7 +220,11 @@ public class RemoteUnixLoginModule implements LoginModule {
 			config = new Properties() ;
 			config.putAll(options);
 		}
-
+		
+		*/
+		
+		Properties config = new Properties() ;
+		config.putAll(options) ;
 		initParams(config) ;
 		
 	}
@@ -245,6 +250,9 @@ public class RemoteUnixLoginModule implements LoginModule {
 		if (val != null && (!val.equalsIgnoreCase("false"))) {
 			debug = true;
 		}
+		else {
+			debug = false ;
+		}
 
 		remoteHostName = (String) options.get(REMOTE_LOGIN_HOST_PARAM);
 		log("RemoteHostName:" + remoteHostName);
@@ -483,8 +491,7 @@ public class RemoteUnixLoginModule implements LoginModule {
 				}
 			}
 		} catch (Throwable t) {
-			t.printStackTrace();
-			throw new LoginException("FAILED: unable to authenticate to AuthenticationService: " +
remoteHostName + ":" + remoteHostAuthServicePort + ", Exception: " + t);
+			throw new LoginException("FAILED: unable to authenticate to AuthenticationService: " +
remoteHostName + ":" + remoteHostAuthServicePort + ", Exception: [" + t + "]");
 		} finally {
 			log("Login of user String: {" + aUserName + "}, return from AuthServer: {" + ret + "}");
 		}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/91d1e137/unixauthservice/scripts/install.properties
----------------------------------------------------------------------
diff --git a/unixauthservice/scripts/install.properties b/unixauthservice/scripts/install.properties
index 846a6ac..5215620 100644
--- a/unixauthservice/scripts/install.properties
+++ b/unixauthservice/scripts/install.properties
@@ -19,18 +19,18 @@
 #
 #  POLICY_MGR_URL = http://policymanager.xasecure.net:6080
 #
-POLICY_MGR_URL = http://localhost:6080
+POLICY_MGR_URL = 
 
 # sync source,  only unix and ldap are supported at present
 # defaults to unix
-SYNC_SOURCE = unix
+SYNC_SOURCE = 
 
 
 #
 # Minumum Unix User-id to start SYNC.
 # This should avoid creating UNIX system-level users in the Policy Manager
 #
-MIN_UNIX_USER_ID_TO_SYNC = 1000
+MIN_UNIX_USER_ID_TO_SYNC = 500
 
 # sync interval in minutes
 # user, groups would be synced again at the end of each sync interval
@@ -39,9 +39,13 @@ MIN_UNIX_USER_ID_TO_SYNC = 1000
 SYNC_INTERVAL = 
 
 #User and group for the usersync process
-unix_user=sneethiraj
-unix_group=staff
+unix_user=ranger
+unix_group=ranger
 
+#
+# The file where all credential is kept in cryptic format
+#
+CRED_KEYSTORE_FILENAME=/etc/ranger/usersync/conf/rangerusersync.jceks
 
 # ---------------------------------------------------------------
 # The following properties are relevant only if SYNC_SOURCE = ldap
@@ -62,7 +66,6 @@ SYNC_LDAP_BIND_DN =
 # Must specify a value if SYNC_SOURCE is ldap
 # unless anonymous search is allowed by the directory on users and group
 SYNC_LDAP_BIND_PASSWORD = 
-CRED_KEYSTORE_FILENAME=/usr/lib/xausersync/.jceks/xausersync.jceks
 
 # search base for users and groups
 # sample value would be dc=hadoop,dc=apache,dc=org

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/91d1e137/unixauthservice/scripts/setup.py
----------------------------------------------------------------------
diff --git a/unixauthservice/scripts/setup.py b/unixauthservice/scripts/setup.py
index 26078be..4cb79ff 100755
--- a/unixauthservice/scripts/setup.py
+++ b/unixauthservice/scripts/setup.py
@@ -38,7 +38,7 @@ pidFolderName = '/var/run/ranger'
 logFolderName = '/var/log/ranger'
 initdDirName = '/etc/init.d'
 
-rangerBaseDirName = os.getcwd() #'/etc/ranger'
+rangerBaseDirName = '/etc/ranger'
 usersyncBaseDirName = 'usersync'
 confBaseDirName = 'conf'
 confDistBaseDirName = 'conf.dist'
@@ -52,7 +52,7 @@ log4jFileName          = 'log4j.xml'
 install2xmlMapFileName = 'installprop2xml.properties'
 templateFileName = 'ranger-ugsync-template.xml'
 initdProgramName = 'ranger-usersync'
-PROP2ALIASMAP = { 'ranger.usersync.ldap.ldapbindpassword':'ldap.bind.password' ,
+PROP2ALIASMAP = { 'ranger.usersync.ldap.ldapbindpassword':'ranger.usersync.ldap.bindalias',

 				   'ranger.usersync.keystore.password':'usersync.ssl.key.password',
 				   'ranger.usersync.truststore.password':'usersync.ssl.truststore.password'}
 
@@ -145,8 +145,8 @@ def writeXMLUsingProperties(xmlTemplateFileName,prop,xmlOutputFileName):
         name = config.find('name').text
         if (name in prop.keys()):
             config.find('value').text = prop[name]
-        else:
-            print "ERROR: key not found: %s" % (name)
+        #else:
+        #    print "ERROR: key not found: %s" % (name)
     if isfile(xmlOutputFileName):
         archiveFile(xmlOutputFileName)
     tree.write(xmlOutputFileName)
@@ -179,14 +179,18 @@ def convertInstallPropsToXML(props):
 		if (syncSource == SYNC_SOURCE_UNIX):
 			ret['ranger.usersync.source.impl.class'] = 'org.apache.ranger.unixusersync.process.UnixUserGroupBuilder'
 			if (SYNC_INTERVAL_NEW_KEY not in ret or len(str(ret[SYNC_INTERVAL_NEW_KEY])) == 0):
-				ret[SYNC_INTERVAL_NEW_KEY] = '5'
+				ret[SYNC_INTERVAL_NEW_KEY] = "300000"
+			else:
+				ret[SYNC_INTERVAL_NEW_KEY] = int(ret[SYNC_INTERVAL_NEW_KEY]) * 60000
 			#for key in ret.keys():
 			#	if (key.startswith("ranger.usersync.ldap") or key.startswith("ranger.usersync.group")
or key.startswith("ranger.usersync.paged")):
 			#		del ret[key]
 		elif (syncSource == SYNC_SOURCE_LDAP):
 			ret['ranger.usersync.source.impl.class'] = 'org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder'
 			if (SYNC_INTERVAL_NEW_KEY not in ret or len(str(ret[SYNC_INTERVAL_NEW_KEY])) == 0):
-				ret[SYNC_INTERVAL_NEW_KEY] = '60'
+				ret[SYNC_INTERVAL_NEW_KEY] = "3600000"
+			else:
+				ret[SYNC_INTERVAL_NEW_KEY] = int(ret[SYNC_INTERVAL_NEW_KEY]) * 60000
 		else:
 			print "ERROR: Invalid value (%s) defined for %s in install.properties. Only valid values
are %s" % (syncSource, SYNC_SOURCE_KEY,SYNC_SOURCE_LIST)
 			sys.exit(1)

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/91d1e137/unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java
----------------------------------------------------------------------
diff --git a/unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java
b/unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java
index e9e5272..ff2838f 100644
--- a/unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java
+++ b/unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java
@@ -44,7 +44,9 @@ import javax.net.ssl.TrustManagerFactory;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 
+import org.apache.hadoop.security.alias.CredentialProvider;
 import org.apache.log4j.Logger;
+import org.apache.ranger.credentialapi.CredentialReader;
 import org.apache.ranger.usergroupsync.UserGroupSync;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
@@ -59,15 +61,20 @@ public class UnixAuthenticationService {
 	
 	private static final String SSL_ALGORITHM = "TLS" ;
 	private static final String REMOTE_LOGIN_AUTH_SERVICE_PORT_PARAM = "ranger.usersync.port"
;
+	
 	private static final String SSL_KEYSTORE_PATH_PARAM = "ranger.usersync.keystore.file" ;
-	private static final String SSL_KEYSTORE_PATH_PASSWORD_PARAM = "ranger.usersync.keystore.password"
;
 	private static final String SSL_TRUSTSTORE_PATH_PARAM = "ranger.usersync.truststore.file"
;
-	private static final String SSL_TRUSTSTORE_PATH_PASSWORD_PARAM = "ranger.usersync.truststore.password"
;
+	
+	private static final String SSL_KEYSTORE_PATH_PASSWORD_ALIAS = "usersync.ssl.key.password"
;
+	private static final String SSL_TRUSTSTORE_PATH_PASSWORD_ALIAS = "usersync.ssl.truststore.password"
;
+
 	private static final String CRED_VALIDATOR_PROG = "ranger.usersync.passwordvalidator.path"
;
 	private static final String ADMIN_USER_LIST_PARAM = "admin.users" ;
 	private static final String ADMIN_ROLE_LIST_PARAM = "admin.roleNames" ;
 	private static final String SSL_ENABLED_PARAM = "ranger.usersync.ssl" ;
 	
+	private static final String CREDSTORE_FILENAME_PARAM = "ranger.usersync.credstore.filename"
;
+	
 	private String keyStorePath ;
 	private String keyStorePathPassword ;
 	private String trustStorePath ;
@@ -80,6 +87,11 @@ public class UnixAuthenticationService {
 	private boolean SSLEnabled = false ;
 	
 	static private boolean enableUnixAuth = false;
+	
+	private static final String[] UGSYNC_CONFIG_XML_FILES = { "ranger-ugsync-default.xml", 
"ranger-ugsync-site.xml" } ; 
+	private static final String    PROPERTY_ELEMENT_TAGNAME = "property" ;
+	private static final String    NAME_ELEMENT_TAGNAME = "name" ;
+	private static final String    VALUE_ELEMENT_TAGNAME = "value" ;
 
 	public static void main(String[] args) {
 		if (args.length > 0) {
@@ -133,65 +145,86 @@ public class UnixAuthenticationService {
 	//TODO: add more validation code
 	private void init() throws Throwable {
 		Properties prop = new Properties() ;
-		InputStream in = getFileInputStream("ranger-ugsync-site.xml") ;
-
-		if (in != null) {
-			try {
-//				prop.load(in);
-				DocumentBuilderFactory xmlDocumentBuilderFactory = DocumentBuilderFactory
-						.newInstance();
-				xmlDocumentBuilderFactory.setIgnoringComments(true);
-				xmlDocumentBuilderFactory.setNamespaceAware(true);
-				DocumentBuilder xmlDocumentBuilder = xmlDocumentBuilderFactory
-						.newDocumentBuilder();
-				Document xmlDocument = xmlDocumentBuilder.parse(in);
-				xmlDocument.getDocumentElement().normalize();
-
-				NodeList nList = xmlDocument
-						.getElementsByTagName("property");
-
-				for (int temp = 0; temp < nList.getLength(); temp++) {
-
-					Node nNode = nList.item(temp);
-
-					if (nNode.getNodeType() == Node.ELEMENT_NODE) {
-
-						Element eElement = (Element) nNode;
-
-						String propertyName = "";
-						String propertyValue = "";
-						if (eElement.getElementsByTagName("name").item(
-								0) != null) {
-							propertyName = eElement
-									.getElementsByTagName("name")
-									.item(0).getTextContent().trim();
-						}
-						if (eElement.getElementsByTagName("value")
-								.item(0) != null) {
-							propertyValue = eElement
-									.getElementsByTagName("value")
-									.item(0).getTextContent().trim();
+		
+		for (String fn : UGSYNC_CONFIG_XML_FILES ) {
+		
+			InputStream in = getFileInputStream(fn) ;
+	
+			if (in != null) {
+				try {
+					DocumentBuilderFactory xmlDocumentBuilderFactory = DocumentBuilderFactory.newInstance();
+					xmlDocumentBuilderFactory.setIgnoringComments(true);
+					xmlDocumentBuilderFactory.setNamespaceAware(true);
+					DocumentBuilder xmlDocumentBuilder = xmlDocumentBuilderFactory.newDocumentBuilder();
+					Document xmlDocument = xmlDocumentBuilder.parse(in);
+					xmlDocument.getDocumentElement().normalize();
+	
+					NodeList nList = xmlDocument.getElementsByTagName(PROPERTY_ELEMENT_TAGNAME);
+	
+					for (int temp = 0; temp < nList.getLength(); temp++) {
+	
+						Node nNode = nList.item(temp);
+	
+						if (nNode.getNodeType() == Node.ELEMENT_NODE) {
+	
+							Element eElement = (Element) nNode;
+	
+							String propertyName = "";
+							String propertyValue = "";
+							if (eElement.getElementsByTagName(NAME_ELEMENT_TAGNAME).item(
+									0) != null) {
+								propertyName = eElement
+										.getElementsByTagName(NAME_ELEMENT_TAGNAME)
+										.item(0).getTextContent().trim();
+							}
+							if (eElement.getElementsByTagName(VALUE_ELEMENT_TAGNAME)
+									.item(0) != null) {
+								propertyValue = eElement
+										.getElementsByTagName(VALUE_ELEMENT_TAGNAME)
+										.item(0).getTextContent().trim();
+							}
+	
+							LOG.info("Adding Property:[" + propertyName + "] Value:["+ propertyValue + "]");
+							if (prop.get(propertyName) != null ) {
+								prop.remove(propertyName) ;
+	 						}
+							prop.put(propertyName, propertyValue);
 						}
-
-						LOG.info("Adding Property:[" + propertyName + "] Value:"+ propertyValue);
-						prop.put(propertyName, propertyValue);
-
 					}
 				}
-			}
-			finally {
-				try {
-					in.close();
-				}
-				catch(IOException ioe) {
-					// Ignore IOE when closing streams
+				finally {
+					try {
+						in.close();
+					}
+					catch(IOException ioe) {
+						// Ignore IOE when closing streams
+					}
 				}
 			}
 		}
+		
+		String credStoreFileName = prop.getProperty(CREDSTORE_FILENAME_PARAM) ;
+		
 		keyStorePath = prop.getProperty(SSL_KEYSTORE_PATH_PARAM) ;
-		keyStorePathPassword = prop.getProperty(SSL_KEYSTORE_PATH_PASSWORD_PARAM) ;
+		
+		if (credStoreFileName == null) {
+			throw new RuntimeException("Credential file is not defined. param = [" + CREDSTORE_FILENAME_PARAM
+ "]") ;
+		}
+		
+		File credFile = new File(credStoreFileName) ;
+		
+		if (! credFile.exists()) {
+			throw new RuntimeException("Credential file [" + credStoreFileName + "]: does not exists."
);
+		}
+		
+		if ( ! credFile.canRead() ) {
+			throw new RuntimeException("Credential file [" + credStoreFileName + "]: can not be read."
);
+		}
+		
+		keyStorePathPassword = CredentialReader.getDecryptedString(credStoreFileName, SSL_KEYSTORE_PATH_PASSWORD_ALIAS)
;
+		trustStorePathPassword = CredentialReader.getDecryptedString(credStoreFileName,SSL_TRUSTSTORE_PATH_PASSWORD_ALIAS)
;
+		
 		trustStorePath  = prop.getProperty(SSL_TRUSTSTORE_PATH_PARAM) ;
-		trustStorePathPassword = prop.getProperty(SSL_TRUSTSTORE_PATH_PASSWORD_PARAM) ;
 		portNum = Integer.parseInt(prop.getProperty(REMOTE_LOGIN_AUTH_SERVICE_PORT_PARAM)) ;
 		String validatorProg = prop.getProperty(CRED_VALIDATOR_PROG) ;
 		if (validatorProg != null) {
@@ -236,7 +269,7 @@ public class UnixAuthenticationService {
 		
 		KeyManager[] km = null ;
 
-		if (keyStorePath != null) {
+		if (keyStorePath != null && ! keyStorePath.isEmpty()) {
 			KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()) ;
 			
 			InputStream in = null ;
@@ -244,6 +277,9 @@ public class UnixAuthenticationService {
 			in = getFileInputStream(keyStorePath) ;
 			
 			try {
+				if (keyStorePathPassword == null) {
+					keyStorePathPassword  = "" ;
+				}
 				ks.load(in, keyStorePathPassword.toCharArray());
 			}
 			finally {
@@ -262,7 +298,7 @@ public class UnixAuthenticationService {
 		
 		KeyStore trustStoreKeyStore = null ;
 		
-		if (trustStorePath != null) {
+		if (trustStorePath != null && ! trustStorePath.isEmpty()) {
 			trustStoreKeyStore = KeyStore.getInstance(KeyStore.getDefaultType()) ;
 			
 			InputStream in = null ;
@@ -270,6 +306,9 @@ public class UnixAuthenticationService {
 			in = getFileInputStream(trustStorePath) ;
 			
 			try {
+				if (trustStorePathPassword == null) {
+					trustStorePathPassword = "" ;
+				}
 				trustStoreKeyStore.load(in, trustStorePathPassword.toCharArray());
 			}
 			finally {
@@ -339,5 +378,4 @@ public class UnixAuthenticationService {
 		return ret ;
 	}
 
-
 }


Mime
View raw message