ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mad...@apache.org
Subject [04/10] incubator-ranger git commit: RANGER-566: modified to use private synonym for ranger-admin installation on oracle
Date Sat, 27 Jun 2015 07:17:18 GMT
RANGER-566: modified to use private synonym for ranger-admin installation on oracle


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/088f3cf6
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/088f3cf6
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/088f3cf6

Branch: refs/heads/tag-policy
Commit: 088f3cf6aea19e4b46d5296fd2c17bdd87111fc5
Parents: 0614046
Author: sneethiraj <sneethir@apache.org>
Authored: Tue Jun 23 21:54:27 2015 -0700
Committer: sneethiraj <sneethir@apache.org>
Committed: Tue Jun 23 21:54:27 2015 -0700

----------------------------------------------------------------------
 security-admin/db/oracle/xa_core_db_oracle.sql |  3 ---
 security-admin/scripts/db_setup.py             | 27 ++++++++++++++++++++
 security-admin/scripts/dba_script.py           | 28 ++++++++++-----------
 security-admin/scripts/setup.sh                |  4 +--
 4 files changed, 43 insertions(+), 19 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/088f3cf6/security-admin/db/oracle/xa_core_db_oracle.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/oracle/xa_core_db_oracle.sql b/security-admin/db/oracle/xa_core_db_oracle.sql
index 9cc22ff..2ede810 100644
--- a/security-admin/db/oracle/xa_core_db_oracle.sql
+++ b/security-admin/db/oracle/xa_core_db_oracle.sql
@@ -429,9 +429,6 @@ CREATE INDEX x_user_FK_upd_by_id ON x_user (upd_by_id);
 CREATE INDEX x_user_FK_cred_store_id ON x_user (cred_store_id);
 CREATE INDEX x_user_cr_time ON x_user (create_time);
 CREATE INDEX x_user_up_time ON  x_user(update_time);
-
-CREATE OR REPLACE PUBLIC SYNONYM xa_access_audit FOR xa_access_audit;
-CREATE OR REPLACE PUBLIC SYNONYM XA_ACCESS_AUDIT_SEQ FOR XA_ACCESS_AUDIT_SEQ;
 commit;
 insert into x_portal_user (
        id,CREATE_TIME, UPDATE_TIME,

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/088f3cf6/security-admin/scripts/db_setup.py
----------------------------------------------------------------------
diff --git a/security-admin/scripts/db_setup.py b/security-admin/scripts/db_setup.py
index 90d7d4e..0d6c49b 100644
--- a/security-admin/scripts/db_setup.py
+++ b/security-admin/scripts/db_setup.py
@@ -147,6 +147,9 @@ class BaseDB(object):
 	def execute_java_patches(xa_db_host, db_user, db_password, db_name):
 		log("[I] ----------------- Executing java patches ------------", "info")
 
+	def create_synonym(db_name, db_user, db_password,audit_db_user):
+		log("[I] ----------------- Creating Synonym ------------", "info")
+
 class MysqlConf(BaseDB):
 	# Constructor
 	def __init__(self, host,SQL_CONNECTOR_JAR,JAVA_BIN):
@@ -465,6 +468,26 @@ class OracleConf(BaseDB):
 				log("[E] "+name + " import failed!","error")
 				sys.exit(1)
 
+	def create_synonym(self,db_name, db_user, db_password,audit_db_user):
+		log("[I] ----------------- Creating Synonym ------------", "info")
+		get_cmd = self.get_jisql_cmd(db_user, db_password)
+		if os_name == "LINUX":
+			query = get_cmd + " -c \; -query 'CREATE OR REPLACE SYNONYM %s.XA_ACCESS_AUDIT FOR %s.XA_ACCESS_AUDIT;'"
% (audit_db_user,db_user)
+			ret = subprocess.call(shlex.split(query))
+		elif os_name == "WINDOWS":
+			query = get_cmd + " -query \"CREATE OR REPLACE SYNONYM %s.XA_ACCESS_AUDIT FOR %s.XA_ACCESS_AUDIT;\"
-c ;" % (audit_db_user,db_user)
+			ret = subprocess.call(query)
+		if ret != 0:
+			sys.exit(1)
+		if os_name == "LINUX":
+			query = get_cmd + " -c \; -query 'CREATE OR REPLACE SYNONYM %s.XA_ACCESS_AUDIT_SEQ FOR
%s.XA_ACCESS_AUDIT_SEQ;'" % (audit_db_user,db_user)
+			ret = subprocess.call(shlex.split(query))
+		elif os_name == "WINDOWS":
+			query = get_cmd + " -query \"CREATE OR REPLACE SYNONYM %s.XA_ACCESS_AUDIT_SEQ FOR %s.XA_ACCESS_AUDIT_SEQ;\"
-c ;" % (audit_db_user,db_user)
+			ret = subprocess.call(query)
+		if ret != 0:
+			sys.exit(1)
+
 	def import_db_patches(self, db_name, db_user, db_password, file_name):
 		if os.path.isfile(file_name):
 			name = basename(file_name)
@@ -1285,6 +1308,10 @@ def main(argv):
 		else:
 			log("[I] --------- Importing Ranger Core DB Schema ---------","info")
 			xa_sqlObj.import_db_file(db_name, db_user, db_password, xa_db_core_file)
+			if XA_DB_FLAVOR == "ORACLE":
+				if xa_sqlObj.check_table(db_name, db_user, db_password, xa_access_audit):
+					if db_user != audit_db_user:
+						xa_sqlObj.create_synonym(db_name, db_user, db_password,audit_db_user)
 		log("[I] --------- Verifying upgrade history table ---------","info")
 		output = xa_sqlObj.check_table(db_name, db_user, db_password, x_db_version)
 		if output == False:

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/088f3cf6/security-admin/scripts/dba_script.py
----------------------------------------------------------------------
diff --git a/security-admin/scripts/dba_script.py b/security-admin/scripts/dba_script.py
index 133af15..045990d 100644
--- a/security-admin/scripts/dba_script.py
+++ b/security-admin/scripts/dba_script.py
@@ -391,10 +391,10 @@ class OracleConf(BaseDB):
 							log("[I] User " + db_user + " created", "info")
 							log("[I] Granting permission to " + db_user, "info")
 							if os_name == "LINUX":
-								query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE
VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH
ADMIN OPTION;'" % (db_user)
+								query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE
VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace
TO %s WITH ADMIN OPTION;'" % (db_user)
 								ret = subprocess.call(shlex.split(query))
 							elif os_name == "WINDOWS":
-								query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE
VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH
ADMIN OPTION;\" -c ;" % (db_user)
+								query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE
VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace
TO %s WITH ADMIN OPTION;\" -c ;" % (db_user)
 								ret = subprocess.call(query)
 							if ret == 0:
 								log("[I] Granting permissions to Oracle user '" + db_user + "' for %s done" %(self.host),
"info")
@@ -483,10 +483,10 @@ class OracleConf(BaseDB):
 			if ret == 0:
 				log("[I] Granting permission to " + db_user, "info")
 				if os_name == "LINUX":
-					query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE
VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH
ADMIN OPTION;'" % (db_user)
+					query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE
VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace
TO %s WITH ADMIN OPTION;'" % (db_user)
 					ret = subprocess.call(shlex.split(query))
 				elif os_name == "WINDOWS":
-					query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE
VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH
ADMIN OPTION;\" -c ;" % (db_user)
+					query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE
VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace
TO %s WITH ADMIN OPTION;\" -c ;" % (db_user)
 					ret = subprocess.call(query)
 				if ret == 0:
 					log("[I] Granting Oracle user '" + db_user + "' done", "info")
@@ -499,7 +499,7 @@ class OracleConf(BaseDB):
 				sys.exit(1)
 		else:
 			logFile("alter user %s identified by \"%s\" DEFAULT Tablespace %s;" %(db_user, db_password,
db_name))
-			logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE
PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user))
+			logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE
PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;"
% (db_user))
 
 
 	def create_auditdb(self, audit_db_root_user, db_name ,audit_db_name, db_user, audit_db_user,
db_password, audit_db_password, audit_db_root_password,dryMode):
@@ -576,10 +576,10 @@ class OracleConf(BaseDB):
 				if (ret1 == 0 and ret2 == 0):
 					log("[I] Granting permission to " + db_user, "info")
 					if os_name == "LINUX":
-						query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE
VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH
ADMIN OPTION;'" % (db_user)
+						query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE
VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace
TO %s WITH ADMIN OPTION;'" % (db_user)
 						ret = subprocess.call(shlex.split(query))
 					elif os_name == "WINDOWS":
-						query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE
VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH
ADMIN OPTION;\" -c ;" % (db_user)
+						query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE
VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace
TO %s WITH ADMIN OPTION;\" -c ;" % (db_user)
 						ret = subprocess.call(query)
 					if ret == 0:
 						return True
@@ -591,16 +591,16 @@ class OracleConf(BaseDB):
 			else:
 				logFile("alter user %s identified by \"%s\" DEFAULT Tablespace %s;" %(audit_db_user,
audit_db_password, db_name))
 				logFile("alter user %s identified by \"%s\" DEFAULT Tablespace %s;" %(audit_db_user,
audit_db_password, audit_db_name))
-				logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE
PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user))
+				logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE
PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;"
% (db_user))
 
 	def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, invoke,dryMode):
 		if dryMode == False:
 			get_cmd = self.get_jisql_cmd(root_user ,db_root_password)
 			if os_name == "LINUX":
-				query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE
VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH
ADMIN OPTION;'" % (db_user)
+				query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE
VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace
TO %s WITH ADMIN OPTION;'" % (db_user)
 				ret = subprocess.call(shlex.split(query))
 			elif os_name == "WINDOWS":
-				query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE
VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH
ADMIN OPTION;\" -c ;" % (db_user)
+				query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE
VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace
TO %s WITH ADMIN OPTION;\" -c ;" % (db_user)
 				ret = subprocess.call(query)
 			if ret == 0:
 				log("[I] Granted permission to " + db_user, "info")
@@ -609,7 +609,7 @@ class OracleConf(BaseDB):
 				log("[E] Granting Oracle user '" + db_user + "' failed..", "error")
 				sys.exit(1)
 		else:
-			logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE
PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user))
+			logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE
PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;"
% (db_user))
 
 	def create_auditdb_user(self, xa_db_host , audit_db_host , db_name ,audit_db_name, xa_db_root_user,
audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password,
audit_db_password, DBA_MODE,dryMode):
 		if DBA_MODE == "TRUE":
@@ -634,10 +634,10 @@ class OracleConf(BaseDB):
 							log("[I] User " + db_user + " created", "info")
 							log("[I] Granting permission to " + db_user, "info")
 							if os_name == "LINUX":
-								query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE
VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH
ADMIN OPTION;'" % (db_user)
+								query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE
VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace
TO %s WITH ADMIN OPTION;'" % (db_user)
 								ret = subprocess.call(shlex.split(query))
 							elif os_name == "WINDOWS":
-								query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE
VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH
ADMIN OPTION;\" -c ;" % (db_user)
+								query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE
VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace
TO %s WITH ADMIN OPTION;\" -c ;" % (db_user)
 								ret = subprocess.call(query)
 							if ret == 0:
 								log("[I] Granting permissions to Oracle user '" + db_user + "' for %s Done" %(self.host),
"info")
@@ -652,7 +652,7 @@ class OracleConf(BaseDB):
 						sys.exit(1)
 				else:
 					logFile("create user %s identified by \"%s\";" %(db_user, db_password))
-					logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE
PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user))
+					logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE
PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;"
% (db_user))
 
 			if self.verify_user(audit_db_root_user, audit_db_user, audit_db_root_password,dryMode):
 				if dryMode == False:

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/088f3cf6/security-admin/scripts/setup.sh
----------------------------------------------------------------------
diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh
index 12224c4..b79cba4 100755
--- a/security-admin/scripts/setup.sh
+++ b/security-admin/scripts/setup.sh
@@ -797,11 +797,11 @@ update_properties() {
 	if [ "${DB_FLAVOR}" == "ORACLE" ]
 	then
 		propertyName=ranger.jpa.jdbc.url
-		newPropertyValue="jdbc:oracle:thin:\@//${DB_HOST}"
+		newPropertyValue="jdbc:oracle:thin:@${DB_HOST}"
 		updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
 
 		propertyName=ranger.jpa.audit.jdbc.url
-		newPropertyValue="jdbc:oracle:thin:\@//${DB_HOST}"
+		newPropertyValue="jdbc:oracle:thin:@${DB_HOST}"
 		updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
 
 		propertyName=ranger.jpa.jdbc.dialect


Mime
View raw message