RANGER-1044: Removed Keystore/Truststore SSL password

 - Thanks to Jan Hentschel for the patch. Reviewed by coheigea.

agents-common/scripts/upgrade-plugin.py

@@ -115,10 +115,6 @@ def rewriteConfig(props,newProps):
 	#
 	# Fix for KNOX ssl (missing) configuration
 	#
-	if ('xasecure.policymgr.clientssl.keystore.password' not in props):
-		props['xasecure.policymgr.clientssl.keystore.password'] = 'none'
-	if ('xasecure.policymgr.clientssl.truststore.password' not in props):
-		props['xasecure.policymgr.clientssl.truststore.password'] =  'none'
 	if ('xasecure.policymgr.clientssl.keystore.credential.file' not in props):
 		props['xasecure.policymgr.clientssl.keystore.credential.file'] = 'jceks://file/tmp/keystore-' + serviceName + '-ssl.jceks'
 	if ( 'xasecure.policymgr.clientssl.truststore.credential.file' not in props):

agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java

@@ -65,15 +65,13 @@ public class RangerRESTClient {
 	public static final String RANGER_PROP_POLICYMGR_URL                         = "ranger.service.store.rest.url";
 	public static final String RANGER_PROP_POLICYMGR_SSLCONFIG_FILENAME          = "ranger.service.store.rest.ssl.config.file";
 
-	public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE                  = "xasecure.policymgr.clientssl.keystore";	
-	public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_PASSWORD         = "xasecure.policymgr.clientssl.keystore.password";	
+	public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE                  = "xasecure.policymgr.clientssl.keystore";
 	public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE             = "xasecure.policymgr.clientssl.keystore.type";
 	public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL       = "xasecure.policymgr.clientssl.keystore.credential.file";
 	public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL_ALIAS = "sslKeyStore";
 	public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE_DEFAULT     = "jks";	
 
-	public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE                  = "xasecure.policymgr.clientssl.truststore";	
-	public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_PASSWORD         = "xasecure.policymgr.clientssl.truststore.password";	
+	public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE                  = "xasecure.policymgr.clientssl.truststore";
 	public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE             = "xasecure.policymgr.clientssl.truststore.type";	
 	public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL       = "xasecure.policymgr.clientssl.truststore.credential.file";
 	public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL_ALIAS = "sslTrustStore";

hbase-agent/conf/ranger-policymgr-ssl-changes.cfg

@@ -16,8 +16,6 @@
 # SSL Params
 #
 xasecure.policymgr.clientssl.keystore					 %SSL_KEYSTORE_FILE_PATH%						mod create-if-not-exists
-xasecure.policymgr.clientssl.keystore.password			 %SSL_KEYSTORE_PASSWORD%						mod create-if-not-exists
 xasecure.policymgr.clientssl.keystore.credential.file	 jceks://file%CREDENTIAL_PROVIDER_FILE%			mod create-if-not-exists
 xasecure.policymgr.clientssl.truststore				     %SSL_TRUSTSTORE_FILE_PATH%						mod create-if-not-exists
-xasecure.policymgr.clientssl.truststore.password	     %SSL_TRUSTSTORE_PASSWORD%						mod create-if-not-exists
 xasecure.policymgr.clientssl.truststore.credential.file  jceks://file%CREDENTIAL_PROVIDER_FILE%         mod create-if-not-exists	

hbase-agent/conf/ranger-policymgr-ssl.xml

@@ -25,27 +25,13 @@
 			Java Keystore files 
 		</description>
 	</property>
-	<property>
-		<name>xasecure.policymgr.clientssl.keystore.password</name>
-		<value>none</value>
-		<description> 
-			password for keystore 
-		</description>
-	</property>
 	<property>
 		<name>xasecure.policymgr.clientssl.truststore</name>
 		<value>cacerts-xasecure.jks</value>
 		<description> 
 			java truststore file
 		</description>
 	</property>
-	<property>
-		<name>xasecure.policymgr.clientssl.truststore.password</name>
-		<value>none</value>
-		<description> 
-			java  truststore password
-		</description>
-	</property>
     <property>
 		<name>xasecure.policymgr.clientssl.keystore.credential.file</name>
 		<value>jceks://file/tmp/keystore-hadoopdev-ssl.jceks</value>

hdfs-agent/conf/ranger-policymgr-ssl-changes.cfg

@@ -16,8 +16,6 @@
 # SSL Params
 #
 xasecure.policymgr.clientssl.keystore					 %SSL_KEYSTORE_FILE_PATH%						mod create-if-not-exists
-xasecure.policymgr.clientssl.keystore.password			 %SSL_KEYSTORE_PASSWORD%						mod create-if-not-exists
 xasecure.policymgr.clientssl.keystore.credential.file	 jceks://file%CREDENTIAL_PROVIDER_FILE%			mod create-if-not-exists
 xasecure.policymgr.clientssl.truststore				     %SSL_TRUSTSTORE_FILE_PATH%						mod create-if-not-exists
-xasecure.policymgr.clientssl.truststore.password	     %SSL_TRUSTSTORE_PASSWORD%						mod create-if-not-exists
 xasecure.policymgr.clientssl.truststore.credential.file  jceks://file%CREDENTIAL_PROVIDER_FILE%         mod create-if-not-exists						

hdfs-agent/conf/ranger-policymgr-ssl.xml

@@ -25,27 +25,13 @@
 			Java Keystore files 
 		</description>
 	</property>
-	<property>
-		<name>xasecure.policymgr.clientssl.keystore.password</name>
-		<value>none</value>
-		<description> 
-			password for keystore 
-		</description>
-	</property>
 	<property>
 		<name>xasecure.policymgr.clientssl.truststore</name>
 		<value>cacerts-xasecure.jks</value>
 		<description> 
 			java truststore file
 		</description>
 	</property>
-	<property>
-		<name>xasecure.policymgr.clientssl.truststore.password</name>
-		<value>none</value>
-		<description> 
-			java  truststore password
-		</description>
-	</property>
 	<property>
 		<name>xasecure.policymgr.clientssl.keystore.credential.file</name>
 		<value>jceks://file/tmp/keystore-hadoopdev-ssl.jceks</value>

hive-agent/conf/ranger-policymgr-ssl-changes.cfg

@@ -16,8 +16,6 @@
 # SSL Params
 #
 xasecure.policymgr.clientssl.keystore					 %SSL_KEYSTORE_FILE_PATH%						mod create-if-not-exists
-xasecure.policymgr.clientssl.keystore.password			 %SSL_KEYSTORE_PASSWORD%						mod create-if-not-exists
 xasecure.policymgr.clientssl.keystore.credential.file	 jceks://file%CREDENTIAL_PROVIDER_FILE%			mod create-if-not-exists
 xasecure.policymgr.clientssl.truststore				     %SSL_TRUSTSTORE_FILE_PATH%						mod create-if-not-exists
-xasecure.policymgr.clientssl.truststore.password	     %SSL_TRUSTSTORE_PASSWORD%						mod create-if-not-exists
 xasecure.policymgr.clientssl.truststore.credential.file  jceks://file%CREDENTIAL_PROVIDER_FILE%         mod create-if-not-exists	

hive-agent/conf/ranger-policymgr-ssl.xml

@@ -25,27 +25,13 @@
 			Java Keystore files 
 		</description>
 	</property>
-	<property>
-		<name>xasecure.policymgr.clientssl.keystore.password</name>
-		<value>none</value>
-		<description> 
-			password for keystore 
-		</description>
-	</property>
 	<property>
 		<name>xasecure.policymgr.clientssl.truststore</name>
 		<value>cacerts-xasecure.jks</value>
 		<description> 
 			java truststore file
 		</description>
 	</property>
-	<property>
-		<name>xasecure.policymgr.clientssl.truststore.password</name>
-		<value>none</value>
-		<description> 
-			java  truststore password
-		</description>
-	</property>
     <property>
 		<name>xasecure.policymgr.clientssl.keystore.credential.file</name>
 		<value>jceks://file/tmp/keystore-hadoopdev-ssl.jceks</value>

knox-agent/conf/ranger-policymgr-ssl-changes.cfg

@@ -16,8 +16,6 @@
 # SSL Params
 #
 xasecure.policymgr.clientssl.keystore					 %SSL_KEYSTORE_FILE_PATH%						mod create-if-not-exists
-xasecure.policymgr.clientssl.keystore.password			 %SSL_KEYSTORE_PASSWORD%						mod create-if-not-exists
 xasecure.policymgr.clientssl.keystore.credential.file	 jceks://file%CREDENTIAL_PROVIDER_FILE%			mod create-if-not-exists
 xasecure.policymgr.clientssl.truststore				     %SSL_TRUSTSTORE_FILE_PATH%						mod create-if-not-exists
-xasecure.policymgr.clientssl.truststore.password	     %SSL_TRUSTSTORE_PASSWORD%						mod create-if-not-exists
 xasecure.policymgr.clientssl.truststore.credential.file  jceks://file%CREDENTIAL_PROVIDER_FILE%         mod create-if-not-exists						

knox-agent/conf/ranger-policymgr-ssl.xml

@@ -25,27 +25,13 @@
 			Java Keystore files 
 		</description>
 	</property>
-	<property>
-		<name>xasecure.policymgr.clientssl.keystore.password</name>
-		<value>none</value>
-		<description> 
-			password for keystore 
-		</description>
-	</property>
 	<property>
 		<name>xasecure.policymgr.clientssl.truststore</name>
 		<value>cacerts-xasecure.jks</value>
 		<description> 
 			java truststore file
 		</description>
 	</property>
-	<property>
-		<name>xasecure.policymgr.clientssl.truststore.password</name>
-		<value>none</value>
-		<description> 
-			java  truststore password
-		</description>
-	</property>
 	<property>
 		<name>xasecure.policymgr.clientssl.keystore.credential.file</name>
 		<value>jceks://file/tmp/keystore-knoxdev-ssl.jceks</value>

migration-util/ambari2.0-hdp2.2-ranger0.40/bin/import_ranger_to_ambari.py

@@ -542,9 +542,7 @@ def port_ranger_hdfs_plugin_to_ambari():
 			'xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds']
 		advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.max.file.count']
 		advanced_ranger_hdfs_plugin_properties['SSL_KEYSTORE_FILE_PATH'] = hdfs_plugin_install_properties['xasecure.policymgr.clientssl.keystore']
-		advanced_ranger_hdfs_plugin_properties['SSL_KEYSTORE_PASSWORD'] = hdfs_plugin_install_properties['xasecure.policymgr.clientssl.keystore.password']
 		advanced_ranger_hdfs_plugin_properties['SSL_TRUSTSTORE_FILE_PATH'] = hdfs_plugin_install_properties['xasecure.policymgr.clientssl.truststore']
-		advanced_ranger_hdfs_plugin_properties['SSL_TRUSTSTORE_PASSWORD'] = hdfs_plugin_install_properties['xasecure.policymgr.clientssl.truststore.password']
 
 		date_time_stamp = getDateTimeNow()
 		plugin_configuration_data = '[{"Clusters":{"desired_config":[{"type":"hdfs-site", "service_config_version_note": "Initial configuration for Ranger HDFS plugin" ,"tag":"' + str(date_time_stamp) + '","properties":' + str(
@@ -623,9 +621,7 @@ def port_ranger_hive_plugin_to_ambari():
 			'xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds']
 		advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.max.file.count']
 		advanced_ranger_hive_plugin_properties['SSL_KEYSTORE_FILE_PATH'] = hive_plugin_install_properties['xasecure.policymgr.clientssl.keystore']
-		advanced_ranger_hive_plugin_properties['SSL_KEYSTORE_PASSWORD'] = hive_plugin_install_properties['xasecure.policymgr.clientssl.keystore.password']
 		advanced_ranger_hive_plugin_properties['SSL_TRUSTSTORE_FILE_PATH'] = hive_plugin_install_properties['xasecure.policymgr.clientssl.truststore']
-		advanced_ranger_hive_plugin_properties['SSL_TRUSTSTORE_PASSWORD'] = hive_plugin_install_properties['xasecure.policymgr.clientssl.truststore.password']
 		advanced_ranger_hive_plugin_properties['UPDATE_XAPOLICIES_ON_GRANT_REVOKE'] = hive_plugin_install_properties['xasecure.hive.update.xapolicies.on.grant.revoke']
 
 		date_time_stamp = getDateTimeNow()
@@ -701,9 +697,7 @@ def port_ranger_hbase_plugin_to_ambari():
 			'xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds']
 		advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.max.file.count']
 		advanced_ranger_hbase_plugin_properties['SSL_KEYSTORE_FILE_PATH'] = hbase_plugin_install_properties['xasecure.policymgr.clientssl.keystore']
-		advanced_ranger_hbase_plugin_properties['SSL_KEYSTORE_PASSWORD'] = hbase_plugin_install_properties['xasecure.policymgr.clientssl.keystore.password']
 		advanced_ranger_hbase_plugin_properties['SSL_TRUSTSTORE_FILE_PATH'] = hbase_plugin_install_properties['xasecure.policymgr.clientssl.truststore']
-		advanced_ranger_hbase_plugin_properties['SSL_TRUSTSTORE_PASSWORD'] = hbase_plugin_install_properties['xasecure.policymgr.clientssl.truststore.password']
 		advanced_ranger_hbase_plugin_properties['UPDATE_XAPOLICIES_ON_GRANT_REVOKE'] = hbase_plugin_install_properties['xasecure.hbase.update.xapolicies.on.grant.revoke']
 
 		date_time_stamp = getDateTimeNow()
@@ -868,9 +862,7 @@ def port_ranger_storm_plugin_to_ambari():
 			'xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds']
 		advanced_ranger_storm_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = storm_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.max.file.count']
 		advanced_ranger_storm_plugin_properties['SSL_KEYSTORE_FILE_PATH'] = storm_plugin_install_properties['xasecure.policymgr.clientssl.keystore']
-		advanced_ranger_storm_plugin_properties['SSL_KEYSTORE_PASSWORD'] = storm_plugin_install_properties['xasecure.policymgr.clientssl.keystore.password']
 		advanced_ranger_storm_plugin_properties['SSL_TRUSTSTORE_FILE_PATH'] = storm_plugin_install_properties['xasecure.policymgr.clientssl.truststore']
-		advanced_ranger_storm_plugin_properties['SSL_TRUSTSTORE_PASSWORD'] = storm_plugin_install_properties['xasecure.policymgr.clientssl.truststore.password']
 
 		date_time_stamp = getDateTimeNow()
 		plugin_configuration_data = '[{"Clusters":{"desired_config":[{"type": "ranger-storm-plugin-properties", "service_config_version_note": "Initial configuration for Ranger STORM plugin" ,"tag":"' + str(date_time_stamp) + '", "properties":' + json.dumps(