Repository: ranger Updated Branches: refs/heads/master 5d5a0cd71 -> e6fd8e4e8
RANGER-1453 : Ranger KMS failed to start with Exception: More than one Master Key exists Project: http://git-wip-us.apache.org/repos/asf/ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/e6fd8e4e Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/e6fd8e4e Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/e6fd8e4e Branch: refs/heads/master Commit: e6fd8e4e8e817c897f6ccbb4e666bd40c93d1aec Parents: 5d5a0cd Author: Ankita Sinha <ank...@apache.org> Authored: Tue Mar 14 12:14:00 2017 +0530 Committer: Ankita Sinha <asi...@hortonworks.com> Committed: Tue Mar 14 20:15:57 2017 +0530 ---------------------------------------------------------------------- kms/scripts/db/mysql/kms_core_db.sql | 4 ++-- kms/scripts/db/oracle/kms_core_db_oracle.sql | 4 +++- .../db/postgres/kms_core_db_postgres.sql | 4 +++- .../db/sqlanywhere/kms_core_db_sqlanywhere.sql | 4 +++- .../db/sqlserver/kms_core_db_sqlserver.sql | 8 +++++++ .../java/org/apache/ranger/kms/dao/BaseDao.java | 18 ++++++++-------- .../java/org/apache/ranger/biz/XUserMgr.java | 22 +++++++++++--------- .../apache/ranger/common/RangerProperties.java | 2 +- .../apache/ranger/service/XTrxLogService.java | 5 +++-- src/main/assembly/kms.xml | 1 + 10 files changed, 45 insertions(+), 27 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ranger/blob/e6fd8e4e/kms/scripts/db/mysql/kms_core_db.sql ---------------------------------------------------------------------- diff --git a/kms/scripts/db/mysql/kms_core_db.sql b/kms/scripts/db/mysql/kms_core_db.sql index f753f7e..9a8969b 100644 --- a/kms/scripts/db/mysql/kms_core_db.sql +++ b/kms/scripts/db/mysql/kms_core_db.sql @@ -20,8 +20,8 @@ CREATE TABLE `ranger_masterkey` ( `update_time` datetime DEFAULT NULL , `added_by_id` bigint( 20 ) DEFAULT NULL , `upd_by_id` bigint( 20 ) DEFAULT NULL , -`cipher` varchar( 255 ) DEFAULT NULL , -`bitlength` int DEFAULT NULL , +`cipher` varchar( 255 ) DEFAULT NULL UNIQUE, +`bitlength` int DEFAULT NULL UNIQUE, `masterkey` varchar(2048), PRIMARY KEY ( `id` ) )ROW_FORMAT=DYNAMIC; http://git-wip-us.apache.org/repos/asf/ranger/blob/e6fd8e4e/kms/scripts/db/oracle/kms_core_db_oracle.sql ---------------------------------------------------------------------- diff --git a/kms/scripts/db/oracle/kms_core_db_oracle.sql b/kms/scripts/db/oracle/kms_core_db_oracle.sql index fd8b0e4..92d1b7e 100644 --- a/kms/scripts/db/oracle/kms_core_db_oracle.sql +++ b/kms/scripts/db/oracle/kms_core_db_oracle.sql @@ -23,7 +23,9 @@ upd_by_id NUMBER(20) DEFAULT NULL NULL, cipher VARCHAR(255) DEFAULT NULL NULL, bitlength NUMBER(11) DEFAULT NULL NULL, masterkey VARCHAR(2048) DEFAULT NULL NULL, -PRIMARY KEY (id) +PRIMARY KEY (id), +CONSTRAINT ranger_masterkey_cipher UNIQUE (cipher), +CONSTRAINT ranger_masterkey_bitlength UNIQUE (bitlength) ); CREATE SEQUENCE RANGER_KEYSTORE_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE; http://git-wip-us.apache.org/repos/asf/ranger/blob/e6fd8e4e/kms/scripts/db/postgres/kms_core_db_postgres.sql ---------------------------------------------------------------------- diff --git a/kms/scripts/db/postgres/kms_core_db_postgres.sql b/kms/scripts/db/postgres/kms_core_db_postgres.sql index 048cb0c..ff82cd3 100755 --- a/kms/scripts/db/postgres/kms_core_db_postgres.sql +++ b/kms/scripts/db/postgres/kms_core_db_postgres.sql @@ -25,7 +25,9 @@ upd_by_id BIGINT DEFAULT NULL NULL, cipher VARCHAR(255) DEFAULT NULL NULL , bitlength INT DEFAULT NULL NULL, masterkey VARCHAR(2048), -PRIMARY KEY (id) +PRIMARY KEY (id), +CONSTRAINT ranger_masterkey_cipher UNIQUE(cipher), +CONSTRAINT ranger_masterkey_bitlength UNIQUE(bitlength) ); DROP TABLE IF EXISTS ranger_keystore CASCADE; http://git-wip-us.apache.org/repos/asf/ranger/blob/e6fd8e4e/kms/scripts/db/sqlanywhere/kms_core_db_sqlanywhere.sql ---------------------------------------------------------------------- diff --git a/kms/scripts/db/sqlanywhere/kms_core_db_sqlanywhere.sql b/kms/scripts/db/sqlanywhere/kms_core_db_sqlanywhere.sql index fd7abdd..0f8f05f 100644 --- a/kms/scripts/db/sqlanywhere/kms_core_db_sqlanywhere.sql +++ b/kms/scripts/db/sqlanywhere/kms_core_db_sqlanywhere.sql @@ -21,7 +21,9 @@ CREATE TABLE ranger_masterkey( cipher varchar(255) DEFAULT NULL NULL, bitlength int DEFAULT NULL NULL, masterkey varchar(2048), - CONSTRAINT ranger_masterkey_PK_id PRIMARY KEY CLUSTERED(id) + CONSTRAINT ranger_masterkey_PK_id PRIMARY KEY CLUSTERED(id), + CONSTRAINT ranger_masterkey_cipher UNIQUE(cipher), + CONSTRAINT ranger_masterkey_bitlength UNIQUE(bitlength) ) GO CREATE TABLE ranger_keystore( http://git-wip-us.apache.org/repos/asf/ranger/blob/e6fd8e4e/kms/scripts/db/sqlserver/kms_core_db_sqlserver.sql ---------------------------------------------------------------------- diff --git a/kms/scripts/db/sqlserver/kms_core_db_sqlserver.sql b/kms/scripts/db/sqlserver/kms_core_db_sqlserver.sql index 6567d3b..db53148 100644 --- a/kms/scripts/db/sqlserver/kms_core_db_sqlserver.sql +++ b/kms/scripts/db/sqlserver/kms_core_db_sqlserver.sql @@ -30,6 +30,14 @@ CREATE TABLE [dbo].[ranger_masterkey]( PRIMARY KEY CLUSTERED ( [id] ASC +)WITH (PAD_INDEX = OFF,STATISTICS_NORECOMPUTE = OFF,IGNORE_DUP_KEY = OFF,ALLOW_ROW_LOCKS = ON,ALLOW_PAGE_LOCKS = ON) ON [PRIMARY], +CONSTRAINT [ranger_masterkey$ranger_masterkey_cipher] UNIQUE NONCLUSTERED +( + [cipher] ASC +)WITH (PAD_INDEX = OFF,STATISTICS_NORECOMPUTE = OFF,IGNORE_DUP_KEY = OFF,ALLOW_ROW_LOCKS = ON,ALLOW_PAGE_LOCKS = ON) ON [PRIMARY], + CONSTRAINT [ranger_masterkey$ranger_masterkey_bitlength] UNIQUE NONCLUSTERED +( + [bitlength] ASC )WITH (PAD_INDEX = OFF,STATISTICS_NORECOMPUTE = OFF,IGNORE_DUP_KEY = OFF,ALLOW_ROW_LOCKS = ON,ALLOW_PAGE_LOCKS = ON) ON [PRIMARY] ) ON [PRIMARY] GO http://git-wip-us.apache.org/repos/asf/ranger/blob/e6fd8e4e/kms/src/main/java/org/apache/ranger/kms/dao/BaseDao.java ---------------------------------------------------------------------- diff --git a/kms/src/main/java/org/apache/ranger/kms/dao/BaseDao.java b/kms/src/main/java/org/apache/ranger/kms/dao/BaseDao.java index f2dc633..b32d130 100644 --- a/kms/src/main/java/org/apache/ranger/kms/dao/BaseDao.java +++ b/kms/src/main/java/org/apache/ranger/kms/dao/BaseDao.java @@ -109,17 +109,17 @@ public abstract class BaseDao<T> { public T create(T obj) { T ret = null; - boolean trxBegan = beginTransaction(); - - getEntityManager().persist(obj); - - if(trxBegan) { - commitTransaction(); + try{ + getEntityManager().persist(obj); + if(trxBegan) { + commitTransaction(); + } + ret = obj; + }catch(Exception e){ + e.printStackTrace(); + rollbackTransaction(); } - - ret = obj; - return ret; } http://git-wip-us.apache.org/repos/asf/ranger/blob/e6fd8e4e/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java index c1cbfa0..cd1de9f 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java @@ -1477,40 +1477,41 @@ public class XUserMgr extends XUserMgrBase { vXUserListSort = xUserService.searchXUsers(searchCriteria); HashMap<String, Object> searchCriteriaParamList = searchCriteria.getParamList(); vXUserExactMatchwithSearchCriteria = 1; - for(String caseKey : searchCriteriaParamList.keySet()){ + for(Map.Entry<String, Object> entry:searchCriteriaParamList.entrySet()){ + String caseKey=entry.getKey(); switch (caseKey.toLowerCase()) { case "isvisible": Integer isVisible = vXUserExactMatch.getIsVisible(); - if(isVisible != null && !isVisible.equals(searchCriteriaParamList.get(caseKey))){ + if(isVisible != null && !isVisible.equals(entry.getValue())){ vXUserExactMatchwithSearchCriteria = -1; } break; case "status": Integer status = vXUserExactMatch.getStatus(); - if(status != null && !status.equals(searchCriteriaParamList.get(caseKey))){ + if(status != null && !status.equals(entry.getValue())){ vXUserExactMatchwithSearchCriteria = -1; } break; case "usersource": Integer userSource = vXUserExactMatch.getUserSource(); - if(userSource != null && !userSource.equals(searchCriteriaParamList.get(caseKey))){ + if(userSource != null && !userSource.equals(entry.getValue())){ vXUserExactMatchwithSearchCriteria = -1; } break; case "emailaddress": String email = vXUserExactMatch.getEmailAddress(); - if(email != null && !email.equals(searchCriteriaParamList.get(caseKey))){ + if(email != null && !email.equals(entry.getValue())){ vXUserExactMatchwithSearchCriteria = -1; } break; case "userrole": - if(vXUserExactMatch.getUserRoleList() != null && !vXUserExactMatch.getUserRoleList().contains(searchCriteriaParamList.get(caseKey))){ + if(vXUserExactMatch.getUserRoleList() != null && !vXUserExactMatch.getUserRoleList().contains(entry.getValue())){ vXUserExactMatchwithSearchCriteria = -1; } break; case "userrolelist": @SuppressWarnings("unchecked") - Collection<String> userrolelist = (Collection<String>) searchCriteriaParamList.get(caseKey); + Collection<String> userrolelist = (Collection<String>) entry.getValue(); if(!CollectionUtils.isEmpty(userrolelist)){ for(String role:userrolelist){ if(vXUserExactMatch.getUserRoleList() != null && vXUserExactMatch.getUserRoleList().contains(role)){ @@ -1598,17 +1599,18 @@ public class XUserMgr extends XUserMgrBase { if(vXGroupExactMatch != null){ HashMap<String, Object> searchCriteriaParamList = searchCriteria.getParamList(); vXGroupExactMatchwithSearchCriteria = 1; - for(String caseKey : searchCriteriaParamList.keySet()){ + for (Map.Entry<String, Object> entry: searchCriteriaParamList.entrySet()){ + String caseKey=entry.getKey(); switch (caseKey.toLowerCase()) { case "isvisible": Integer isVisible = vXGroupExactMatch.getIsVisible(); - if(isVisible != null && !isVisible.equals(searchCriteriaParamList.get(caseKey))){ + if(isVisible != null && !isVisible.equals(entry.getValue())){ vXGroupExactMatchwithSearchCriteria = -1; } break; case "groupsource": Integer groupsource = vXGroupExactMatch.getGroupSource(); - if(groupsource != null && !groupsource.equals(searchCriteriaParamList.get(caseKey))){ + if(groupsource != null && !groupsource.equals(entry.getValue())){ vXGroupExactMatchwithSearchCriteria = -1; } break; http://git-wip-us.apache.org/repos/asf/ranger/blob/e6fd8e4e/security-admin/src/main/java/org/apache/ranger/common/RangerProperties.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerProperties.java b/security-admin/src/main/java/org/apache/ranger/common/RangerProperties.java index 3a5d1c8..1787e19 100644 --- a/security-admin/src/main/java/org/apache/ranger/common/RangerProperties.java +++ b/security-admin/src/main/java/org/apache/ranger/common/RangerProperties.java @@ -27,7 +27,7 @@ public class RangerProperties extends HashMap<Object, Object> { private static final long serialVersionUID = -4094378755892810987L; - private final String XMLCONFIG_FILENAME_DELIMITOR = ","; + private static final String XMLCONFIG_FILENAME_DELIMITOR = ","; private String xmlConfigFileNames = null; http://git-wip-us.apache.org/repos/asf/ranger/blob/e6fd8e4e/security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java b/security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java index 6ca2d22..7618981 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java @@ -151,7 +151,8 @@ public class XTrxLogService extends XTrxLogServiceBase<XXTrxLog, VXTrxLog> { Metamodel entityMetaModel = em.getMetamodel(); EntityType<VXXTrxLog> entityType = entityMetaModel.entity(VXXTrxLog.class); - for (String key : paramList.keySet()) { + for (Map.Entry<String, Object> entry : paramList.entrySet()) { + String key=entry.getKey(); for (SearchField searchField : searchFields) { if (!key.equalsIgnoreCase(searchField.getClientFieldName())) { continue; @@ -162,7 +163,7 @@ public class XTrxLogService extends XTrxLogServiceBase<XXTrxLog, VXTrxLog> { fieldName = fieldName.contains(".") ? fieldName.substring(fieldName.indexOf(".") + 1) : fieldName; } - Object paramValue = paramList.get(key); + Object paramValue = entry.getValue(); boolean isListValue = false; if (paramValue != null && paramValue instanceof Collection) { isListValue = true; http://git-wip-us.apache.org/repos/asf/ranger/blob/e6fd8e4e/src/main/assembly/kms.xml ---------------------------------------------------------------------- diff --git a/src/main/assembly/kms.xml b/src/main/assembly/kms.xml index 5c65c77..e26dd33 100755 --- a/src/main/assembly/kms.xml +++ b/src/main/assembly/kms.xml @@ -142,6 +142,7 @@ <include>org.apache.hadoop:hadoop-hdfs:jar:${hadoop.version}</include> <include>org.apache.htrace:htrace-core:jar:${htrace-core.version}</include> <include>org.apache.solr:solr-solrj</include> + <include>org.apache.ranger:ranger-plugins-common</include> </includes> <unpack>false</unpack> </dependencySet>