AMBARI-11426 Property enhancements and other fixes for Ranger (Gautam Borad via jluniya)

ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions.py

@@ -258,7 +258,7 @@ class Rangeradmin:
 
   def create_ambari_admin_user(self,ambari_admin_username, ambari_admin_password,usernamepassword):
     try:
-      url =  self.urlUsers + '?startIndex=0'
+      url =  self.urlUsers + '?name=' + str(ambari_admin_username)
       request = urllib2.Request(url)
       base64string = base64.encodestring(usernamepassword).replace('\n', '')
       request.add_header("Content-Type", "application/json")

ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions_v2.py

@@ -178,7 +178,7 @@ class RangeradminV2:
     :return: Returns user credentials if user exist otherwise rerutns credentials of  created user.
     """
     try:
-      url =  self.url_users + '?startIndex=0'
+      url =  self.url_users + '?name=' + str(ambari_admin_username)
       request = urllib2.Request(url)
       base_64_string = base64.encodestring(usernamepassword).replace('\n', '')
       request.add_header("Content-Type", "application/json")

ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/metainfo.xml

@@ -143,6 +143,9 @@
         <config-type>hbase-env</config-type>
         <config-type>hbase-log4j</config-type>
         <config-type>ranger-hbase-plugin-properties</config-type>
+        <config-type>ranger-hbase-audit</config-type>
+        <config-type>ranger-hbase-policymgr-ssl</config-type>
+        <config-type>ranger-hbase-security</config-type>
       </configuration-dependencies>
 
     </service>

ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/metainfo.xml

@@ -237,6 +237,9 @@
         <config-type>ranger-hdfs-plugin-properties</config-type>
         <config-type>ssl-client</config-type>
         <config-type>ssl-server</config-type>
+        <config-type>ranger-hdfs-audit</config-type>
+        <config-type>ranger-hdfs-policymgr-ssl</config-type>
+        <config-type>ranger-hdfs-security</config-type>
       </configuration-dependencies>
       <restartRequiredAfterRackChange>true</restartRequiredAfterRackChange>
     </service>

ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/metainfo.xml

@@ -295,6 +295,9 @@
         <config-type>webhcat-site</config-type>
         <config-type>webhcat-env</config-type>
         <config-type>ranger-hive-plugin-properties</config-type>
+        <config-type>ranger-hive-audit</config-type>
+        <config-type>ranger-hive-policymgr-ssl</config-type>
+        <config-type>ranger-hive-security</config-type>
       </configuration-dependencies>
     </service>
   </services>

ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/ranger-knox-plugin-properties.xml

@@ -28,7 +28,7 @@
 
   <property>
     <name>common.name.for.certificate</name>
-    <value>-</value>
+    <value></value>
     <description>Used for repository creation on ranger admin</description>
   </property>
 

ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/metainfo.xml

@@ -83,6 +83,9 @@
         <config-type>gateway-log4j</config-type>
         <config-type>topology</config-type>
         <config-type>ranger-knox-plugin-properties</config-type>
+        <config-type>ranger-knox-audit</config-type>
+        <config-type>ranger-knox-policymgr-ssl</config-type>
+        <config-type>ranger-knox-security</config-type>
       </configuration-dependencies>
     </service>
   </services>

ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/usersync-properties.xml

@@ -77,7 +77,7 @@
   </property>
   <property>
     <name>SYNC_LDAP_USER_SEARCH_FILTER</name>
-    <value>-</value>
+    <value></value>
     <description>default value is empty</description>
   </property>
   <property>

ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py

@@ -135,6 +135,11 @@ def do_keystore_setup():
 
     Execute(cred_setup, environment={'RANGER_ADMIN_HOME':params.ranger_home, 'JAVA_HOME': params.java_home}, logoutput=True)
 
+    File(params.ranger_credential_provider_path,
+      owner = params.unix_user,
+      group = params.unix_group
+    )
+
   if not is_empty(params.ranger_credential_provider_path) and (params.ranger_audit_source_type).lower() == 'db' and not is_empty(params.ranger_ambari_audit_db_password):
     jceks_path = params.ranger_credential_provider_path
     cred_setup = format('{cred_setup_prefix} -f {jceks_path} -k "{ranger_jpa_audit_jdbc_credential_alias}" -v "{ranger_ambari_audit_db_password}" -c 1')

ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/metainfo.xml

@@ -126,6 +126,9 @@
         <config-type>storm-site</config-type>
         <config-type>storm-env</config-type>
         <config-type>ranger-storm-plugin-properties</config-type>
+        <config-type>ranger-storm-audit</config-type>
+        <config-type>ranger-storm-policymgr-ssl</config-type>
+        <config-type>ranger-storm-security</config-type>
       </configuration-dependencies>
     </service>
   </services>

ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/metainfo.xml

@@ -244,6 +244,10 @@
         <config-type>mapred-env</config-type>
         <config-type>ssl-client</config-type>
         <config-type>ssl-server</config-type>
+        <config-type>ranger-yarn-plugin-properties</config-type>
+        <config-type>ranger-yarn-audit</config-type>
+        <config-type>ranger-yarn-policymgr-ssl</config-type>
+        <config-type>ranger-yarn-security</config-type>
       </configuration-dependencies>
       <restartRequiredAfterRackChange>true</restartRequiredAfterRackChange>
       <widgetsFileName>MAPREDUCE2_widgets.json</widgetsFileName>

ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/configuration/ranger-hbase-plugin-properties.xml

@@ -22,7 +22,7 @@
 
   <property>
     <name>common.name.for.certificate</name>
-    <value>-</value>
+    <value></value>
     <description>Used for repository creation on ranger admin</description>    
   </property>      
 

ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml

@@ -28,7 +28,7 @@
 
 	<property>
 		<name>common.name.for.certificate</name>
-		<value>-</value>
+		<value></value>
 		<description>Used for repository creation on ranger admin
 		</description>
 	</property>

ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/ranger-hive-plugin-properties.xml

@@ -34,7 +34,7 @@
 
   <property>
     <name>common.name.for.certificate</name>
-    <value>-</value>
+    <value></value>
     <description>Used for repository creation on ranger admin</description>
   </property>
 

ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/configuration/ranger-storm-plugin-properties.xml

@@ -28,7 +28,7 @@
 
   <property>
     <name>common.name.for.certificate</name>
-    <value>-</value>
+    <value></value>
     <description>Used for repository creation on ranger admin</description>
   </property>
   

ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml

@@ -82,7 +82,7 @@
 
   <property>
     <name>xasecure.audit.destination.solr</name>
-    <value>true</value>
+    <value>false</value>
     <description></description>
   </property>
 

ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml

@@ -82,7 +82,7 @@
 
   <property>
     <name>xasecure.audit.destination.solr</name>
-    <value>true</value>
+    <value>false</value>
     <description></description>
   </property>
 

ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml

@@ -82,7 +82,7 @@
 
   <property>
     <name>xasecure.audit.destination.solr</name>
-    <value>true</value>
+    <value>false</value>
     <description></description>
   </property>
 

ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml

@@ -82,7 +82,7 @@
 
   <property>
     <name>xasecure.audit.destination.solr</name>
-    <value>true</value>
+    <value>false</value>
     <description></description>
   </property>
 

ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-security.xml

@@ -28,7 +28,7 @@
 
   <property>
     <name>ranger.plugin.knox.policy.source.impl</name>
-    <value>org.apache.ranger.admin.client.RangerAdminRESTClient</value>
+    <value>org.apache.ranger.admin.client.RangerAdminJersey2RESTClient</value>
     <description>Class to retrieve policies from the source</description>
   </property>
 

ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml

@@ -148,7 +148,7 @@
 
   <property>
     <name>ranger.usersync.ldap.bindkeystore</name>
-    <value>-</value>
+    <value></value>
     <description></description>
   </property>
 

ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml

@@ -82,7 +82,7 @@
 
   <property>
     <name>xasecure.audit.destination.solr</name>
-    <value>true</value>
+    <value>false</value>
     <description></description>
   </property>
 

ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml

@@ -82,7 +82,7 @@
 
   <property>
     <name>xasecure.audit.destination.solr</name>
-    <value>true</value>
+    <value>false</value>
     <description></description>
   </property>
 

ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-plugin-properties.xml

@@ -34,7 +34,7 @@
 
   <property>
     <name>common.name.for.certificate</name>
-    <value>-</value>
+    <value></value>
     <description>Used for repository creation on ranger admin</description>
   </property>
 

ambari-web/app/data/HDP2.2/site_properties.js

@@ -776,6 +776,60 @@ hdp22properties.push(
     "filename": "admin-properties.xml",
     "category": "ADSettings"
   },
+  {
+    "id": "site property",
+    "name": "common.name.for.certificate",
+    "displayName": "common.name.for.certificate",
+    "category": "Advanced ranger-hdfs-plugin-properties",
+    "isRequired": false,
+    "serviceName": "HDFS",
+    "filename": "ranger-hdfs-plugin-properties.xml"
+  },
+  {
+    "id": "site property",
+    "name": "common.name.for.certificate",
+    "displayName": "common.name.for.certificate",
+    "category": "Advanced ranger-hive-plugin-properties",
+    "isRequired": false,
+    "serviceName": "HIVE",
+    "filename": "ranger-hive-plugin-properties.xml"
+  },
+  {
+    "id": "site property",
+    "name": "common.name.for.certificate",
+    "displayName": "common.name.for.certificate",
+    "category": "Advanced ranger-hbase-plugin-properties",
+    "isRequired": false,
+    "serviceName": "HBASE",
+    "filename": "ranger-hbase-plugin-properties.xml"
+  },
+  {
+    "id": "site property",
+    "name": "common.name.for.certificate",
+    "displayName": "common.name.for.certificate",
+    "category": "Advanced ranger-knox-plugin-properties",
+    "isRequired": false,
+    "serviceName": "KNOX",
+    "filename": "ranger-knox-plugin-properties.xml"
+  },
+  {
+    "id": "site property",
+    "name": "common.name.for.certificate",
+    "displayName": "common.name.for.certificate",
+    "category": "Advanced ranger-storm-plugin-properties",
+    "isRequired": false,
+    "serviceName": "STORM",
+    "filename": "ranger-storm-plugin-properties.xml"
+  },
+  {
+    "id": "site property",
+    "name": "SYNC_LDAP_USER_SEARCH_FILTER",
+    "displayName": "SYNC_LDAP_USER_SEARCH_FILTER",
+    "category": "Advanced usersync-properties",
+    "isRequired": false,
+    "serviceName": "RANGER",
+    "filename": "usersync-properties.xml"
+  },
   {
     "id": "site property",
     "name": "hbase.bucketcache.ioengine",

ambari-web/app/data/HDP2.3/site_properties.js

@@ -780,6 +780,24 @@ hdp23properties.push({
     "filename": "ranger-admin-site.xml",
     "category": "ADSettings"
   },
+  {
+    "id": "site property",
+    "name": "ranger.usersync.ldap.bindkeystore",
+    "displayName": "ranger.usersync.ldap.bindkeystore",
+    "category": "Advanced ranger-ugsync-site",
+    "isRequired": false,
+    "serviceName": "RANGER",
+    "filename": "ranger-ugsync-site.xml"
+  },
+  {
+    "id": "site property",
+    "name": "common.name.for.certificate",
+    "displayName": "common.name.for.certificate",
+    "category": "Advanced ranger-yarn-plugin-properties",
+    "isRequired": false,
+    "serviceName": "YARN",
+    "filename": "ranger-yarn-plugin-properties.xml"
+  },
 
   /*********RANGER FOR HBASE************/
   {