AMBARI-11970: Handle special characters in passwords for Ranger (Gautam Borad via jluniya)

ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py

@@ -151,13 +151,13 @@ def setup_ranger_plugin_keystore(service_name, audit_db_is_enabled, hdp_version,
   cred_setup_prefix = format('python /usr/hdp/{hdp_version}/ranger-{service_name}-plugin/ranger_credential_helper.py -l "{cred_lib_path}"')
 
   if audit_db_is_enabled:
-    cred_setup = format('{cred_setup_prefix} -f {credential_file} -k "auditDBCred" -v "{xa_audit_db_password!p}" -c 1')
+    cred_setup = format('{cred_setup_prefix} -f {credential_file} -k "auditDBCred" -v {xa_audit_db_password!p} -c 1')
     Execute(cred_setup, environment={'JAVA_HOME': java_home}, logoutput=True)
 
-  cred_setup = format('{cred_setup_prefix} -f {credential_file} -k "sslKeyStore" -v "{ssl_keystore_password!p}" -c 1')
+  cred_setup = format('{cred_setup_prefix} -f {credential_file} -k "sslKeyStore" -v {ssl_keystore_password!p} -c 1')
   Execute(cred_setup, environment={'JAVA_HOME': java_home}, logoutput=True)
 
-  cred_setup = format('{cred_setup_prefix} -f {credential_file} -k "sslTrustStore" -v "{ssl_truststore_password!p}" -c 1')
+  cred_setup = format('{cred_setup_prefix} -f {credential_file} -k "sslTrustStore" -v {ssl_truststore_password!p} -c 1')
   Execute(cred_setup, environment={'JAVA_HOME': java_home}, logoutput=True)
 
   File(credential_file,

ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py

@@ -247,7 +247,7 @@ if has_ranger_admin:
     jdbc_symlink_name = "postgres-jdbc-driver.jar"
     audit_jdbc_url = format('jdbc:postgresql://{xa_db_host}/{xa_audit_db_name}')
     jdbc_driver = "org.postgresql.Driver"
-  elif xa_audit_db_flavor == 'sqlserver':
+  elif xa_audit_db_flavor == 'mssql':
     jdbc_jar_name = "sqljdbc4.jar"
     jdbc_symlink_name = "mssql-jdbc-driver.jar"
     audit_jdbc_url = format('jdbc:sqlserver://{xa_db_host};databaseName={xa_audit_db_name}')

ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py

@@ -410,7 +410,7 @@ if has_ranger_admin:
     jdbc_symlink_name = "postgres-jdbc-driver.jar"
     audit_jdbc_url = format('jdbc:postgresql://{xa_db_host}/{xa_audit_db_name}')
     jdbc_driver = "org.postgresql.Driver"
-  elif xa_audit_db_flavor == 'sqlserver':
+  elif xa_audit_db_flavor == 'mssql':
     jdbc_jar_name = "sqljdbc4.jar"
     jdbc_symlink_name = "mssql-jdbc-driver.jar"
     audit_jdbc_url = format('jdbc:sqlserver://{xa_db_host};databaseName={xa_audit_db_name}')

ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py

@@ -477,7 +477,7 @@ if has_ranger_admin:
     ranger_jdbc_symlink_name = "postgres-jdbc-driver.jar"
     audit_jdbc_url = format('jdbc:postgresql://{xa_db_host}/{xa_audit_db_name}')
     jdbc_driver = "org.postgresql.Driver"
-  elif xa_audit_db_flavor and xa_audit_db_flavor == 'sqlserver':
+  elif xa_audit_db_flavor and xa_audit_db_flavor == 'mssql':
     ranger_jdbc_jar_name = "sqljdbc4.jar"
     ranger_jdbc_symlink_name = "mssql-jdbc-driver.jar"
     audit_jdbc_url = format('jdbc:sqlserver://{xa_db_host};databaseName={xa_audit_db_name}')

ambari-server/src/main/resources/common-services/KAFKA/0.8.1.2.2/package/scripts/params.py

@@ -191,7 +191,7 @@ if has_ranger_admin and is_supported_kafka_ranger:
     jdbc_symlink_name = "postgres-jdbc-driver.jar"
     audit_jdbc_url = format('jdbc:postgresql://{xa_db_host}/{xa_audit_db_name}')
     jdbc_driver = "org.postgresql.Driver"
-  elif xa_audit_db_flavor and xa_audit_db_flavor == 'sqlserver':
+  elif xa_audit_db_flavor and xa_audit_db_flavor == 'mssql':
     jdbc_jar_name = "sqljdbc4.jar"
     jdbc_symlink_name = "mssql-jdbc-driver.jar"
     audit_jdbc_url = format('jdbc:sqlserver://{xa_db_host};databaseName={xa_audit_db_name}')

ambari-server/src/main/resources/common-services/KAFKA/0.8.1.2.2/package/scripts/setup_ranger_kafka.py

@@ -15,7 +15,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 """
 from resource_management.core.logger import Logger
-from resource_management.core.resources import Execute
+from resource_management.core.resources import File, Execute
 from resource_management.libraries.functions.format import format
 
 def setup_ranger_kafka():
@@ -45,5 +45,10 @@ def setup_ranger_kafka():
         not_if=format("test -f {setup_ranger_env_sh_target}"),
         sudo=True
       )
+      File(params.setup_ranger_env_sh_target,
+        owner = params.kafka_user,
+        group = params.user_group,
+        mode = 0755
+      )
   else:
     Logger.info('Ranger admin not installed')

ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py

@@ -201,7 +201,7 @@ if has_ranger_admin:
     jdbc_symlink_name = "postgres-jdbc-driver.jar"
     audit_jdbc_url = format('jdbc:postgresql://{xa_db_host}/{xa_audit_db_name}')
     jdbc_driver = "org.postgresql.Driver"
-  elif xa_audit_db_flavor == 'sqlserver':
+  elif xa_audit_db_flavor == 'mssql':
     jdbc_jar_name = "sqljdbc4.jar"
     jdbc_symlink_name = "mssql-jdbc-driver.jar"
     audit_jdbc_url = format('jdbc:sqlserver://{xa_db_host};databaseName={xa_audit_db_name}')

ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py

@@ -109,7 +109,7 @@ elif db_flavor.lower() == 'postgres':
   jdbc_symlink_name = "postgres-jdbc-driver.jar"
   audit_jdbc_url = format('jdbc:postgresql://{db_host}/{ranger_auditdb_name}')
   jdbc_dialect = "org.eclipse.persistence.platform.database.PostgreSQLPlatform"
-elif db_flavor.lower() == 'sqlserver':
+elif db_flavor.lower() == 'mssql':
   jdbc_jar_name = "sqljdbc4.jar"
   jdbc_symlink_name = "mssql-jdbc-driver.jar"
   audit_jdbc_url = format('jdbc:sqlserver://{db_host};databaseName={ranger_auditdb_name}')

ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger.py

@@ -98,7 +98,7 @@ def check_db_connnection():
     env_dict = {'ORACLE_HOME':params.oracle_home, 'LD_LIBRARY_PATH':params.oracle_home}
   elif params.db_flavor.lower() == 'postgres':
     cmd = 'true'
-  elif params.db_flavor.lower() == 'sqlserver':
+  elif params.db_flavor.lower() == 'mssql':
     cmd = 'true'
 
   try:

ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py

@@ -169,7 +169,7 @@ def do_keystore_setup(rolling_upgrade=False):
 
   if not is_empty(params.ranger_credential_provider_path):    
     jceks_path = params.ranger_credential_provider_path
-    cred_setup = format('{cred_setup_prefix} -f {jceks_path} -k "{ranger_jpa_jdbc_credential_alias}" -v "{ranger_ambari_db_password!p}" -c 1')
+    cred_setup = format('{cred_setup_prefix} -f {jceks_path} -k "{ranger_jpa_jdbc_credential_alias}" -v {ranger_ambari_db_password!p} -c 1')
 
     Execute(cred_setup, environment={'RANGER_ADMIN_HOME':ranger_home, 'JAVA_HOME': params.java_home}, logoutput=True)
 
@@ -180,7 +180,7 @@ def do_keystore_setup(rolling_upgrade=False):
 
   if not is_empty(params.ranger_credential_provider_path) and (params.ranger_audit_source_type).lower() == 'db' and not is_empty(params.ranger_ambari_audit_db_password):
     jceks_path = params.ranger_credential_provider_path
-    cred_setup = format('{cred_setup_prefix} -f {jceks_path} -k "{ranger_jpa_audit_jdbc_credential_alias}" -v "{ranger_ambari_audit_db_password!p}" -c 1')
+    cred_setup = format('{cred_setup_prefix} -f {jceks_path} -k "{ranger_jpa_audit_jdbc_credential_alias}" -v {ranger_ambari_audit_db_password!p} -c 1')
 
     Execute(cred_setup, environment={'RANGER_ADMIN_HOME':ranger_home, 'JAVA_HOME': params.java_home}, logoutput=True)
 
@@ -214,13 +214,13 @@ def setup_usersync():
 
   cred_lib = os.path.join(params.usersync_home,"lib","*")
 
-  cred_setup = format('python {ranger_home}/ranger_credential_helper.py -l "{cred_lib}" -f {ugsync_jceks_path} -k "usersync.ssl.key.password" -v "{ranger_usersync_keystore_password!p}" -c 1')
+  cred_setup = format('python {ranger_home}/ranger_credential_helper.py -l "{cred_lib}" -f {ugsync_jceks_path} -k "usersync.ssl.key.password" -v {ranger_usersync_keystore_password!p} -c 1')
   Execute(cred_setup, environment={'RANGER_ADMIN_HOME':params.ranger_home, 'JAVA_HOME': params.java_home}, logoutput=True)
 
-  cred_setup = format('python {ranger_home}/ranger_credential_helper.py -l "{cred_lib}" -f {ugsync_jceks_path} -k "ranger.usersync.ldap.bindalias" -v "{ranger_usersync_ldap_ldapbindpassword!p}" -c 1')
+  cred_setup = format('python {ranger_home}/ranger_credential_helper.py -l "{cred_lib}" -f {ugsync_jceks_path} -k "ranger.usersync.ldap.bindalias" -v {ranger_usersync_ldap_ldapbindpassword!p} -c 1')
   Execute(cred_setup, environment={'RANGER_ADMIN_HOME':params.ranger_home, 'JAVA_HOME': params.java_home}, logoutput=True)
 
-  cred_setup = format('python {ranger_home}/ranger_credential_helper.py -l "{cred_lib}" -f {ugsync_jceks_path} -k "usersync.ssl.truststore.password" -v "{ranger_usersync_truststore_password!p}" -c 1')
+  cred_setup = format('python {ranger_home}/ranger_credential_helper.py -l "{cred_lib}" -f {ugsync_jceks_path} -k "usersync.ssl.truststore.password" -v {ranger_usersync_truststore_password!p} -c 1')
   Execute(cred_setup, environment={'RANGER_ADMIN_HOME':params.ranger_home, 'JAVA_HOME': params.java_home}, logoutput=True)
 
   File(params.ugsync_jceks_path,
@@ -243,7 +243,7 @@ def setup_usersync():
     sudo=True)
 
   if not os.path.isfile(params.ranger_usersync_keystore_file):
-    cmd = format("{java_home}/bin/keytool -genkeypair -keyalg RSA -alias selfsigned -keystore '{ranger_usersync_keystore_file}' -keypass '{ranger_usersync_keystore_password!p}' -storepass '{ranger_usersync_keystore_password!p}' -validity 3600 -keysize 2048 -dname '{default_dn_name}'")
+    cmd = format("{java_home}/bin/keytool -genkeypair -keyalg RSA -alias selfsigned -keystore '{ranger_usersync_keystore_file}' -keypass {ranger_usersync_keystore_password!p} -storepass {ranger_usersync_keystore_password!p} -validity 3600 -keysize 2048 -dname '{default_dn_name}'")
 
     Execute(cmd, logoutput=True)
 

ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py

@@ -99,7 +99,7 @@ def do_keystore_setup(cred_provider_path, credential_alias, credential_password)
   import params
 
   if cred_provider_path is not None:
-    cred_setup = format('{cred_setup_prefix} -f {cred_provider_path} -k "{credential_alias}" -v "{credential_password!p}" -c 1')
+    cred_setup = format('{cred_setup_prefix} -f {cred_provider_path} -k "{credential_alias}" -v {credential_password!p} -c 1')
 
     Execute(cred_setup, environment={'JAVA_HOME': params.java_home}, logoutput=True)
 
@@ -267,13 +267,13 @@ def enable_kms_plugin():
       mode=0744)
 
     if params.xa_audit_db_is_enabled:
-      cred_setup = format('{cred_setup_prefix} -f {credential_file} -k "auditDBCred" -v "{xa_audit_db_password!p}" -c 1')
+      cred_setup = format('{cred_setup_prefix} -f {credential_file} -k "auditDBCred" -v {xa_audit_db_password!p} -c 1')
       Execute(cred_setup, environment={'JAVA_HOME': params.java_home}, logoutput=True)
 
-    cred_setup = format('{cred_setup_prefix} -f {credential_file} -k "sslKeyStore" -v "{ssl_keystore_password!p}" -c 1')
+    cred_setup = format('{cred_setup_prefix} -f {credential_file} -k "sslKeyStore" -v {ssl_keystore_password!p} -c 1')
     Execute(cred_setup, environment={'JAVA_HOME': params.java_home}, logoutput=True)
 
-    cred_setup = format('{cred_setup_prefix} -f {credential_file} -k "sslTrustStore" -v "{ssl_truststore_password!p}" -c 1')
+    cred_setup = format('{cred_setup_prefix} -f {credential_file} -k "sslTrustStore" -v {ssl_truststore_password!p} -c 1')
     Execute(cred_setup, environment={'JAVA_HOME': params.java_home}, logoutput=True)
 
     File(params.credential_file,

ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py

@@ -102,7 +102,7 @@ elif db_flavor == 'postgres':
   db_jdbc_url = format('jdbc:postgresql://{db_host}/{db_name}')
   db_jdbc_driver = "org.postgresql.Driver"
   jdbc_dialect = "org.eclipse.persistence.platform.database.PostgreSQLPlatform"
-elif db_flavor == 'sqlserver':
+elif db_flavor == 'mssql':
   jdbc_jar_name = "sqljdbc4.jar"
   jdbc_symlink_name = "mssql-jdbc-driver.jar"
   db_jdbc_url = format('jdbc:sqlserver://{db_host};databaseName={db_name}')
@@ -130,7 +130,7 @@ if has_ranger_admin:
     jdbc_symlink = "postgres-jdbc-driver.jar"
     audit_jdbc_url = format('jdbc:postgresql://{xa_db_host}/{xa_audit_db_name}')
     jdbc_driver = "org.postgresql.Driver"
-  elif xa_audit_db_flavor == 'sqlserver':
+  elif xa_audit_db_flavor == 'mssql':
     jdbc_jar = "sqljdbc4.jar"
     jdbc_symlink = "mssql-jdbc-driver.jar"
     audit_jdbc_url = format('jdbc:sqlserver://{xa_db_host};databaseName={xa_audit_db_name}')

ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/params_linux.py

@@ -208,7 +208,7 @@ if has_ranger_admin:
     jdbc_symlink_name = "postgres-jdbc-driver.jar"
     audit_jdbc_url = format('jdbc:postgresql://{xa_db_host}/{xa_audit_db_name}')
     jdbc_driver = "org.postgresql.Driver"
-  elif xa_audit_db_flavor == 'sqlserver':
+  elif xa_audit_db_flavor == 'mssql':
     jdbc_jar_name = "sqljdbc4.jar"
     jdbc_symlink_name = "mssql-jdbc-driver.jar"
     audit_jdbc_url = format('jdbc:sqlserver://{xa_db_host};databaseName={xa_audit_db_name}')

ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py

@@ -340,7 +340,7 @@ if has_ranger_admin:
       jdbc_symlink_name = "postgres-jdbc-driver.jar"
       audit_jdbc_url = format('jdbc:postgresql://{xa_db_host}/{xa_audit_db_name}')
       jdbc_driver = "org.postgresql.Driver"
-    elif xa_audit_db_flavor and xa_audit_db_flavor == 'sqlserver':
+    elif xa_audit_db_flavor and xa_audit_db_flavor == 'mssql':
       jdbc_jar_name = "sqljdbc4.jar"
       jdbc_symlink_name = "mssql-jdbc-driver.jar"
       audit_jdbc_url = format('jdbc:sqlserver://{xa_db_host};databaseName={xa_audit_db_name}')