in security-admin/scripts/restrict_permissions.py [0:0]
def main(argv):
FORMAT = '%(asctime)-15s %(message)s'
logging.basicConfig(format=FORMAT, level=logging.DEBUG)
DBA_MODE = 'TRUE'
quiteMode = False
dryMode=False
is_revoke=True
if len(argv) > 1:
for i in range(len(argv)):
if str(argv[i]) == "-q":
quiteMode = True
populate_global_dict()
if str(argv[i]) == "-d":
index=i+1
try:
dba_sql_file=str(argv[index])
if dba_sql_file == "":
log("[E] Invalid input! Provide file path to write Grant/Revoke sql scripts:","error")
sys.exit(1)
except IndexError:
log("[E] Invalid input! Provide file path to write Grant/Revoke sql scripts:","error")
sys.exit(1)
if not dba_sql_file == "":
if not os.path.exists(dba_sql_file):
log("[I] Creating File:"+dba_sql_file,"info")
open(dba_sql_file, 'w').close()
else:
log("[I] File "+dba_sql_file+ " is available.","info")
if os.path.isfile(dba_sql_file):
dryMode=True
globalDict["dryMode"]=True
globalDict["dryModeOutputFile"]=dba_sql_file
else:
log("[E] Invalid file Name! Unable to find file:"+dba_sql_file,"error")
sys.exit(1)
log("[I] Running Grant/Revoke sql script. QuiteMode:" + str(quiteMode),"info")
if (quiteMode):
JAVA_BIN=globalDict['JAVA_BIN']
else:
if os.environ['JAVA_HOME'] == "":
log("[E] ---------- JAVA_HOME environment property not defined, aborting installation. ----------", "error")
sys.exit(1)
JAVA_BIN=os.path.join(os.environ['JAVA_HOME'],'bin','java')
if os_name == "WINDOWS" :
JAVA_BIN = JAVA_BIN+'.exe'
if os.path.isfile(JAVA_BIN):
pass
else :
while os.path.isfile(JAVA_BIN) == False:
log("Enter java executable path: :","info")
JAVA_BIN=input()
log("[I] Using Java:" + str(JAVA_BIN),"info")
if (quiteMode):
XA_DB_FLAVOR=globalDict['DB_FLAVOR']
AUDIT_DB_FLAVOR=globalDict['DB_FLAVOR']
else:
XA_DB_FLAVOR=''
while XA_DB_FLAVOR == "":
log("Enter db flavour{MYSQL} :","info")
XA_DB_FLAVOR=input()
AUDIT_DB_FLAVOR = XA_DB_FLAVOR
XA_DB_FLAVOR = XA_DB_FLAVOR.upper()
AUDIT_DB_FLAVOR = AUDIT_DB_FLAVOR.upper()
log("[I] DB FLAVOR:" + str(XA_DB_FLAVOR),"info")
if (quiteMode):
CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR']
else:
if XA_DB_FLAVOR == "MYSQL":
log("Enter JDBC connector file for :"+XA_DB_FLAVOR,"info")
CONNECTOR_JAR=input()
while os.path.isfile(CONNECTOR_JAR) == False:
log("JDBC connector file "+CONNECTOR_JAR+" does not exist, Please enter connector path :","error")
CONNECTOR_JAR=input()
else:
log("[E] ---------- NO SUCH SUPPORTED DB FLAVOUR.. ----------", "error")
sys.exit(1)
if (quiteMode):
xa_db_host = globalDict['db_host']
audit_db_host = globalDict['db_host']
else:
xa_db_host=''
while xa_db_host == "":
log("Enter DB Host :","info")
xa_db_host=input()
audit_db_host=xa_db_host
log("[I] DB Host:" + str(xa_db_host),"info")
if (quiteMode):
xa_db_root_user = globalDict['db_root_user']
xa_db_root_password = globalDict['db_root_password']
else:
xa_db_root_user=''
while xa_db_root_user == "":
log("Enter db root user:","info")
xa_db_root_user=input()
log("Enter db root password:","info")
xa_db_root_password = getpass.getpass("Enter db root password:")
if (quiteMode):
db_name = globalDict['db_name']
else:
db_name = ''
while db_name == "":
log("Enter DB Name :","info")
db_name=input()
if (quiteMode):
db_user = globalDict['db_user']
else:
db_user=''
while db_user == "":
log("Enter db user name:","info")
db_user=input()
if (quiteMode):
db_password = globalDict['db_password']
else:
db_password=''
while db_password == "":
log("Enter db user password:","info")
db_password = getpass.getpass("Enter db user password:")
if (quiteMode):
audit_db_name = globalDict['audit_db_name']
else:
audit_db_name=''
while audit_db_name == "":
log("Enter audit db name:","info")
audit_db_name = input()
if (quiteMode):
audit_db_user = globalDict['audit_db_user']
else:
audit_db_user=''
while audit_db_user == "":
log("Enter audit user name:","info")
audit_db_user = input()
if (quiteMode):
audit_db_password = globalDict['audit_db_password']
else:
audit_db_password=''
while audit_db_password == "":
log("Enter audit db user password:","info")
audit_db_password = getpass.getpass("Enter audit db user password:")
audit_db_root_user = xa_db_root_user
audit_db_root_password = xa_db_root_password
mysql_dbversion_catalog = os.path.join('db','mysql','create_dbversion_catalog.sql')
mysql_core_file = os.path.join('db','mysql','xa_core_db.sql')
mysql_audit_file = os.path.join('db','mysql','xa_audit_db.sql')
mysql_patches = os.path.join('db','mysql','patches')
x_db_version = 'x_db_version_h'
xa_access_audit = 'xa_access_audit'
x_user = 'x_portal_user'
if XA_DB_FLAVOR == "MYSQL":
MYSQL_CONNECTOR_JAR=CONNECTOR_JAR
xa_sqlObj = MysqlConf(xa_db_host, MYSQL_CONNECTOR_JAR, JAVA_BIN)
xa_db_version_file = os.path.join(os.getcwd(),mysql_dbversion_catalog)
xa_db_core_file = os.path.join(os.getcwd(),mysql_core_file)
xa_patch_file = os.path.join(os.getcwd(),mysql_patches)
else:
log("[E] ---------- NO SUCH SUPPORTED DB FLAVOUR.. ----------", "error")
sys.exit(1)
if AUDIT_DB_FLAVOR == "MYSQL":
MYSQL_CONNECTOR_JAR=CONNECTOR_JAR
audit_sqlObj = MysqlConf(audit_db_host,MYSQL_CONNECTOR_JAR,JAVA_BIN)
audit_db_file = os.path.join(os.getcwd(),mysql_audit_file)
else:
log("[E] ---------- NO SUCH SUPPORTED DB FLAVOUR.. ----------", "error")
sys.exit(1)
# Methods Begin
if DBA_MODE == "TRUE" :
if (dryMode==True):
log("[I] Dry run mode:"+str(dryMode),"info")
log("[I] Logging Grant/Revoke sql script in file:"+str(globalDict["dryModeOutputFile"]),"info")
now = datetime.now()
logFile("=========="+now.strftime('%Y-%m-%d %H:%M:%S')+"==========\n")
xa_sqlObj.revoke_permissions(xa_db_root_user, db_name, db_user, db_password, xa_db_root_password, is_revoke,dryMode)
xa_sqlObj.grant_xa_db_user(xa_db_root_user, db_name, db_user, db_password, xa_db_root_password, is_revoke,dryMode)
audit_sqlObj.auditdb_operation(xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE,dryMode)
logFile("========================================\n")
if (dryMode==False):
log("[I] ---------- Revoking permissions from Ranger Admin db user ----------","info")
xa_sqlObj.revoke_permissions(xa_db_root_user, db_name, db_user, db_password, xa_db_root_password, is_revoke,dryMode)
log("[I] ---------- Granting permissions to Ranger Admin db user ----------","info")
xa_sqlObj.grant_xa_db_user(xa_db_root_user, db_name, db_user, db_password, xa_db_root_password, is_revoke,dryMode)
log("[I] ---------- Starting Ranger Audit db user operations ---------- ","info")
audit_sqlObj.auditdb_operation(xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE,dryMode)
log("[I] ---------- Ranger Policy Manager DB and User Creation Process Completed.. ---------- ","info")