Return-Path: 
 <commits-return-1680-apmail-ranger-commits-archive=ranger.apache.org@ranger.incubator.apache.org>
X-Original-To: apmail-ranger-commits-archive@www.apache.org
Delivered-To: apmail-ranger-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 68BBA18A89
	for <apmail-ranger-commits-archive@www.apache.org>;
 Sat, 27 Jun 2015 07:18:58 +0000 (UTC)
Received: (qmail 71408 invoked by uid 500); 27 Jun 2015 07:18:58 -0000
Delivered-To: apmail-ranger-commits-archive@ranger.apache.org
Received: (qmail 71381 invoked by uid 500); 27 Jun 2015 07:18:58 -0000
Mailing-List: contact commits-help@ranger.incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@ranger.incubator.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@ranger.incubator.apache.org>
List-Post: <mailto:commits@ranger.incubator.apache.org>
List-Id: <commits.ranger.incubator.apache.org>
Reply-To: dev@ranger.incubator.apache.org
Delivered-To: mailing list commits@ranger.incubator.apache.org
Received: (qmail 71372 invoked by uid 99); 27 Jun 2015 07:18:58 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 27 Jun 2015 07:18:58 +0000
X-ASF-Spam-Status: No, hits=-2001.4 required=5.0
	tests=ALL_TRUSTED,RP_MATCHES_RCVD
X-Spam-Check-By: apache.org
Received: from [140.211.11.3] (HELO mail.apache.org) (140.211.11.3)
    by apache.org (qpsmtpd/0.29) with SMTP; Sat, 27 Jun 2015 07:16:44 +0000
Received: (qmail 66795 invoked by uid 99); 27 Jun 2015 07:17:16 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org)
 (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 27 Jun 2015 07:17:16 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at
 git1-us-west.apache.org, from userid 33)
	id 259A1DFC90; Sat, 27 Jun 2015 07:17:16 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: madhan@apache.org
To: commits@ranger.incubator.apache.org
Date: Sat, 27 Jun 2015 07:17:18 -0000
Message-Id: <a5854aa120d04ebd837a59f04f7dce2c@git.apache.org>
In-Reply-To: <09c189a1043b48579b303e7aaf0c578a@git.apache.org>
References: <09c189a1043b48579b303e7aaf0c578a@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: [04/10] incubator-ranger git commit: RANGER-566: modified to use
 private synonym for ranger-admin installation on oracle
X-Virus-Checked: Checked by ClamAV on apache.org

RANGER-566: modified to use private synonym for ranger-admin installation on oracle


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/088f3cf6
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/088f3cf6
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/088f3cf6

Branch: refs/heads/tag-policy
Commit: 088f3cf6aea19e4b46d5296fd2c17bdd87111fc5
Parents: 0614046
Author: sneethiraj <sneethir@apache.org>
Authored: Tue Jun 23 21:54:27 2015 -0700
Committer: sneethiraj <sneethir@apache.org>
Committed: Tue Jun 23 21:54:27 2015 -0700

----------------------------------------------------------------------
 security-admin/db/oracle/xa_core_db_oracle.sql |  3 ---
 security-admin/scripts/db_setup.py             | 27 ++++++++++++++++++++
 security-admin/scripts/dba_script.py           | 28 ++++++++++-----------
 security-admin/scripts/setup.sh                |  4 +--
 4 files changed, 43 insertions(+), 19 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/088f3cf6/security-admin/db/oracle/xa_core_db_oracle.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/oracle/xa_core_db_oracle.sql b/security-admin/db/oracle/xa_core_db_oracle.sql
index 9cc22ff..2ede810 100644
--- a/security-admin/db/oracle/xa_core_db_oracle.sql
+++ b/security-admin/db/oracle/xa_core_db_oracle.sql
@@ -429,9 +429,6 @@ CREATE INDEX x_user_FK_upd_by_id ON x_user (upd_by_id);
 CREATE INDEX x_user_FK_cred_store_id ON x_user (cred_store_id);
 CREATE INDEX x_user_cr_time ON x_user (create_time);
 CREATE INDEX x_user_up_time ON  x_user(update_time);
-
-CREATE OR REPLACE PUBLIC SYNONYM xa_access_audit FOR xa_access_audit;
-CREATE OR REPLACE PUBLIC SYNONYM XA_ACCESS_AUDIT_SEQ FOR XA_ACCESS_AUDIT_SEQ;
 commit;
 insert into x_portal_user (
        id,CREATE_TIME, UPDATE_TIME,

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/088f3cf6/security-admin/scripts/db_setup.py
----------------------------------------------------------------------
diff --git a/security-admin/scripts/db_setup.py b/security-admin/scripts/db_setup.py
index 90d7d4e..0d6c49b 100644
--- a/security-admin/scripts/db_setup.py
+++ b/security-admin/scripts/db_setup.py
@@ -147,6 +147,9 @@ class BaseDB(object):
 	def execute_java_patches(xa_db_host, db_user, db_password, db_name):
 		log("[I] ----------------- Executing java patches ------------", "info")
 
+	def create_synonym(db_name, db_user, db_password,audit_db_user):
+		log("[I] ----------------- Creating Synonym ------------", "info")
+
 class MysqlConf(BaseDB):
 	# Constructor
 	def __init__(self, host,SQL_CONNECTOR_JAR,JAVA_BIN):
@@ -465,6 +468,26 @@ class OracleConf(BaseDB):
 				log("[E] "+name + " import failed!","error")
 				sys.exit(1)
 
+	def create_synonym(self,db_name, db_user, db_password,audit_db_user):
+		log("[I] ----------------- Creating Synonym ------------", "info")
+		get_cmd = self.get_jisql_cmd(db_user, db_password)
+		if os_name == "LINUX":
+			query = get_cmd + " -c \; -query 'CREATE OR REPLACE SYNONYM %s.XA_ACCESS_AUDIT FOR %s.XA_ACCESS_AUDIT;'" % (audit_db_user,db_user)
+			ret = subprocess.call(shlex.split(query))
+		elif os_name == "WINDOWS":
+			query = get_cmd + " -query \"CREATE OR REPLACE SYNONYM %s.XA_ACCESS_AUDIT FOR %s.XA_ACCESS_AUDIT;\" -c ;" % (audit_db_user,db_user)
+			ret = subprocess.call(query)
+		if ret != 0:
+			sys.exit(1)
+		if os_name == "LINUX":
+			query = get_cmd + " -c \; -query 'CREATE OR REPLACE SYNONYM %s.XA_ACCESS_AUDIT_SEQ FOR %s.XA_ACCESS_AUDIT_SEQ;'" % (audit_db_user,db_user)
+			ret = subprocess.call(shlex.split(query))
+		elif os_name == "WINDOWS":
+			query = get_cmd + " -query \"CREATE OR REPLACE SYNONYM %s.XA_ACCESS_AUDIT_SEQ FOR %s.XA_ACCESS_AUDIT_SEQ;\" -c ;" % (audit_db_user,db_user)
+			ret = subprocess.call(query)
+		if ret != 0:
+			sys.exit(1)
+
 	def import_db_patches(self, db_name, db_user, db_password, file_name):
 		if os.path.isfile(file_name):
 			name = basename(file_name)
@@ -1285,6 +1308,10 @@ def main(argv):
 		else:
 			log("[I] --------- Importing Ranger Core DB Schema ---------","info")
 			xa_sqlObj.import_db_file(db_name, db_user, db_password, xa_db_core_file)
+			if XA_DB_FLAVOR == "ORACLE":
+				if xa_sqlObj.check_table(db_name, db_user, db_password, xa_access_audit):
+					if db_user != audit_db_user:
+						xa_sqlObj.create_synonym(db_name, db_user, db_password,audit_db_user)
 		log("[I] --------- Verifying upgrade history table ---------","info")
 		output = xa_sqlObj.check_table(db_name, db_user, db_password, x_db_version)
 		if output == False:

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/088f3cf6/security-admin/scripts/dba_script.py
----------------------------------------------------------------------
diff --git a/security-admin/scripts/dba_script.py b/security-admin/scripts/dba_script.py
index 133af15..045990d 100644
--- a/security-admin/scripts/dba_script.py
+++ b/security-admin/scripts/dba_script.py
@@ -391,10 +391,10 @@ class OracleConf(BaseDB):
 							log("[I] User " + db_user + " created", "info")
 							log("[I] Granting permission to " + db_user, "info")
 							if os_name == "LINUX":
-								query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
+								query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
 								ret = subprocess.call(shlex.split(query))
 							elif os_name == "WINDOWS":
-								query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user)
+								query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user)
 								ret = subprocess.call(query)
 							if ret == 0:
 								log("[I] Granting permissions to Oracle user '" + db_user + "' for %s done" %(self.host), "info")
@@ -483,10 +483,10 @@ class OracleConf(BaseDB):
 			if ret == 0:
 				log("[I] Granting permission to " + db_user, "info")
 				if os_name == "LINUX":
-					query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
+					query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
 					ret = subprocess.call(shlex.split(query))
 				elif os_name == "WINDOWS":
-					query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user)
+					query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user)
 					ret = subprocess.call(query)
 				if ret == 0:
 					log("[I] Granting Oracle user '" + db_user + "' done", "info")
@@ -499,7 +499,7 @@ class OracleConf(BaseDB):
 				sys.exit(1)
 		else:
 			logFile("alter user %s identified by \"%s\" DEFAULT Tablespace %s;" %(db_user, db_password, db_name))
-			logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user))
+			logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user))
 
 
 	def create_auditdb(self, audit_db_root_user, db_name ,audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_db_root_password,dryMode):
@@ -576,10 +576,10 @@ class OracleConf(BaseDB):
 				if (ret1 == 0 and ret2 == 0):
 					log("[I] Granting permission to " + db_user, "info")
 					if os_name == "LINUX":
-						query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
+						query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
 						ret = subprocess.call(shlex.split(query))
 					elif os_name == "WINDOWS":
-						query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user)
+						query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user)
 						ret = subprocess.call(query)
 					if ret == 0:
 						return True
@@ -591,16 +591,16 @@ class OracleConf(BaseDB):
 			else:
 				logFile("alter user %s identified by \"%s\" DEFAULT Tablespace %s;" %(audit_db_user, audit_db_password, db_name))
 				logFile("alter user %s identified by \"%s\" DEFAULT Tablespace %s;" %(audit_db_user, audit_db_password, audit_db_name))
-				logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user))
+				logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user))
 
 	def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, invoke,dryMode):
 		if dryMode == False:
 			get_cmd = self.get_jisql_cmd(root_user ,db_root_password)
 			if os_name == "LINUX":
-				query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
+				query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
 				ret = subprocess.call(shlex.split(query))
 			elif os_name == "WINDOWS":
-				query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user)
+				query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user)
 				ret = subprocess.call(query)
 			if ret == 0:
 				log("[I] Granted permission to " + db_user, "info")
@@ -609,7 +609,7 @@ class OracleConf(BaseDB):
 				log("[E] Granting Oracle user '" + db_user + "' failed..", "error")
 				sys.exit(1)
 		else:
-			logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user))
+			logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user))
 
 	def create_auditdb_user(self, xa_db_host , audit_db_host , db_name ,audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE,dryMode):
 		if DBA_MODE == "TRUE":
@@ -634,10 +634,10 @@ class OracleConf(BaseDB):
 							log("[I] User " + db_user + " created", "info")
 							log("[I] Granting permission to " + db_user, "info")
 							if os_name == "LINUX":
-								query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
+								query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
 								ret = subprocess.call(shlex.split(query))
 							elif os_name == "WINDOWS":
-								query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user)
+								query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user)
 								ret = subprocess.call(query)
 							if ret == 0:
 								log("[I] Granting permissions to Oracle user '" + db_user + "' for %s Done" %(self.host), "info")
@@ -652,7 +652,7 @@ class OracleConf(BaseDB):
 						sys.exit(1)
 				else:
 					logFile("create user %s identified by \"%s\";" %(db_user, db_password))
-					logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user))
+					logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user))
 
 			if self.verify_user(audit_db_root_user, audit_db_user, audit_db_root_password,dryMode):
 				if dryMode == False:

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/088f3cf6/security-admin/scripts/setup.sh
----------------------------------------------------------------------
diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh
index 12224c4..b79cba4 100755
--- a/security-admin/scripts/setup.sh
+++ b/security-admin/scripts/setup.sh
@@ -797,11 +797,11 @@ update_properties() {
 	if [ "${DB_FLAVOR}" == "ORACLE" ]
 	then
 		propertyName=ranger.jpa.jdbc.url
-		newPropertyValue="jdbc:oracle:thin:\@//${DB_HOST}"
+		newPropertyValue="jdbc:oracle:thin:@${DB_HOST}"
 		updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
 
 		propertyName=ranger.jpa.audit.jdbc.url
-		newPropertyValue="jdbc:oracle:thin:\@//${DB_HOST}"
+		newPropertyValue="jdbc:oracle:thin:@${DB_HOST}"
 		updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
 
 		propertyName=ranger.jpa.jdbc.dialect