Exemple #1
0
def check_ranger_service_support_kerberos():
    import params

    ranger_adm_obj = RangeradminV2(url=params.policymgr_mgr_url)
    response_code = ranger_adm_obj.check_ranger_login_curl(
        params.kms_user, params.rangerkms_keytab, params.rangerkms_principal,
        params.policymgr_mgr_url, True)

    if response_code is not None and response_code[0] == 200:
        get_repo_name_response = ranger_adm_obj.get_repository_by_name_curl(
            params.kms_user, params.rangerkms_keytab,
            params.rangerkms_principal, params.repo_name, 'kms', 'true')
        if get_repo_name_response is not None:
            Logger.info('KMS repository {0} exist'.format(
                get_repo_name_response['name']))
            return True
        else:
            create_repo_response = ranger_adm_obj.create_repository_curl(
                params.kms_user, params.rangerkms_keytab,
                params.rangerkms_principal, params.repo_name,
                json.dumps(params.kms_ranger_plugin_repo), None)
            if create_repo_response is not None and len(
                    create_repo_response) > 0:
                return True
            else:
                return False
    else:
        Logger.error('Ranger service is not reachable')
        return False
Exemple #2
0
def setup_ranger_plugin(component_select_name, service_name,
                        downloaded_custom_connector, driver_curl_source,
                        driver_curl_target, java_home,
                        repo_name, plugin_repo_dict, 
                        ranger_env_properties, plugin_properties,
                        policy_user, policymgr_mgr_url,
                        plugin_enabled, component_user, component_group, api_version=None, skip_if_rangeradmin_down = True, **kwargs):
  File(downloaded_custom_connector,
      content = DownloadSource(driver_curl_source),
      mode = 0644
  )

  Execute(('cp', '--remove-destination', downloaded_custom_connector, driver_curl_target),
          path=["/bin", "/usr/bin/"],
          sudo=True
  )

  File(driver_curl_target, mode=0644)

  hdp_version = get_hdp_version(component_select_name)
  file_path = format('/usr/hdp/{hdp_version}/ranger-{service_name}-plugin/install.properties')
  
  if not os.path.isfile(file_path):
    raise Fail(format('Ranger {service_name} plugin install.properties file does not exist at {file_path}'))
  
  ModifyPropertiesFile(file_path,
    properties = plugin_properties
  )

  custom_plugin_properties = dict()
  custom_plugin_properties['CUSTOM_USER'] = component_user
  custom_plugin_properties['CUSTOM_GROUP'] = component_group
  ModifyPropertiesFile(file_path,properties = custom_plugin_properties)

  if plugin_enabled:
    cmd = (format('enable-{service_name}-plugin.sh'),)
    if api_version == 'v2' and api_version is not None:
      ranger_adm_obj = RangeradminV2(url=policymgr_mgr_url, skip_if_rangeradmin_down = skip_if_rangeradmin_down)
    else:
      ranger_adm_obj = Rangeradmin(url=policymgr_mgr_url, skip_if_rangeradmin_down = skip_if_rangeradmin_down)

    ranger_adm_obj.create_ranger_repository(service_name, repo_name, plugin_repo_dict,
                                            ranger_env_properties['ranger_admin_username'], ranger_env_properties['ranger_admin_password'], 
                                            ranger_env_properties['admin_username'], ranger_env_properties['admin_password'], 
                                            policy_user)
  else:
    cmd = (format('disable-{service_name}-plugin.sh'),)
    
  cmd_env = {'JAVA_HOME': java_home, 'PWD': format('/usr/hdp/{hdp_version}/ranger-{service_name}-plugin'), 'PATH': format('/usr/hdp/{hdp_version}/ranger-{service_name}-plugin')}
  
  Execute(cmd, 
        environment=cmd_env, 
        logoutput=True,
        sudo=True,
  )
Exemple #3
0
def setup_ranger_plugin(component_select_name,
                        service_name,
                        previous_jdbc_jar,
                        component_downloaded_custom_connector,
                        component_driver_curl_source,
                        component_driver_curl_target,
                        java_home,
                        repo_name,
                        plugin_repo_dict,
                        ranger_env_properties,
                        plugin_properties,
                        policy_user,
                        policymgr_mgr_url,
                        plugin_enabled,
                        conf_dict,
                        component_user,
                        component_group,
                        cache_service_list,
                        plugin_audit_properties,
                        plugin_audit_attributes,
                        plugin_security_properties,
                        plugin_security_attributes,
                        plugin_policymgr_ssl_properties,
                        plugin_policymgr_ssl_attributes,
                        component_list,
                        audit_db_is_enabled,
                        credential_file,
                        xa_audit_db_password,
                        ssl_truststore_password,
                        ssl_keystore_password,
                        api_version=None,
                        stack_version_override=None,
                        skip_if_rangeradmin_down=True,
                        is_security_enabled=False,
                        is_stack_supports_ranger_kerberos=False,
                        component_user_principal=None,
                        component_user_keytab=None,
                        cred_lib_path_override=None,
                        cred_setup_prefix_override=None):

    if audit_db_is_enabled and component_driver_curl_source is not None and not component_driver_curl_source.endswith(
            "/None"):
        if previous_jdbc_jar and os.path.isfile(previous_jdbc_jar):
            File(previous_jdbc_jar, action='delete')

        File(component_downloaded_custom_connector,
             content=DownloadSource(component_driver_curl_source),
             mode=0644)

        Execute(('cp', '--remove-destination',
                 component_downloaded_custom_connector,
                 component_driver_curl_target),
                path=["/bin", "/usr/bin/"],
                sudo=True)

        File(component_driver_curl_target, mode=0644)

    if policymgr_mgr_url.endswith('/'):
        policymgr_mgr_url = policymgr_mgr_url.rstrip('/')

    if stack_version_override is None:
        stack_version = get_stack_version(component_select_name)
    else:
        stack_version = stack_version_override

    component_conf_dir = conf_dict

    if plugin_enabled:

        service_name_exist = False
        policycache_path = os.path.join('/etc', 'ranger', repo_name,
                                        'policycache')
        try:
            for cache_service in cache_service_list:
                policycache_json_file = format(
                    '{policycache_path}/{cache_service}_{repo_name}.json')
                if os.path.isfile(policycache_json_file) and os.path.getsize(
                        policycache_json_file) > 0:
                    with open(policycache_json_file) as json_file:
                        json_data = json.load(json_file)
                        if 'serviceName' in json_data and json_data[
                                'serviceName'] == repo_name:
                            service_name_exist = True
                            Logger.info(
                                "Skipping Ranger API calls, as policy cache file exists for {0}"
                                .format(service_name))
                            Logger.warning(
                                "If service name for {0} is not created on Ranger Admin UI, then to re-create it delete policy cache file: {1}"
                                .format(service_name, policycache_json_file))
                            break
        except Exception, err:
            Logger.error(
                "Error occurred while fetching service name from policy cache file.\nError: {0}"
                .format(err))

        if not service_name_exist:
            if api_version is not None and api_version == 'v2':
                ranger_adm_obj = RangeradminV2(
                    url=policymgr_mgr_url,
                    skip_if_rangeradmin_down=skip_if_rangeradmin_down)
                ranger_adm_obj.create_ranger_repository(
                    service_name, repo_name, plugin_repo_dict,
                    ranger_env_properties['ranger_admin_username'],
                    ranger_env_properties['ranger_admin_password'],
                    ranger_env_properties['admin_username'],
                    ranger_env_properties['admin_password'], policy_user,
                    is_security_enabled, is_stack_supports_ranger_kerberos,
                    component_user, component_user_principal,
                    component_user_keytab)
            else:
                ranger_adm_obj = Rangeradmin(
                    url=policymgr_mgr_url,
                    skip_if_rangeradmin_down=skip_if_rangeradmin_down)
                ranger_adm_obj.create_ranger_repository(
                    service_name, repo_name, plugin_repo_dict,
                    ranger_env_properties['ranger_admin_username'],
                    ranger_env_properties['ranger_admin_password'],
                    ranger_env_properties['admin_username'],
                    ranger_env_properties['admin_password'], policy_user)

        current_datetime = datetime.now()

        File(
            format('{component_conf_dir}/ranger-security.xml'),
            owner=component_user,
            group=component_group,
            mode=0644,
            content=InlineTemplate(
                format(
                    '<ranger>\n<enabled>{current_datetime}</enabled>\n</ranger>'
                )))

        Directory([
            os.path.join('/etc', 'ranger', repo_name),
            os.path.join('/etc', 'ranger', repo_name, 'policycache')
        ],
                  owner=component_user,
                  group=component_group,
                  mode=0775,
                  create_parents=True,
                  cd_access='a')

        for cache_service in cache_service_list:
            File(os.path.join('/etc', 'ranger', repo_name, 'policycache',
                              format('{cache_service}_{repo_name}.json')),
                 owner=component_user,
                 group=component_group,
                 mode=0644)

        # remove plain-text password from xml configs
        plugin_audit_password_property = 'xasecure.audit.destination.db.password'
        plugin_audit_properties_copy = {}
        plugin_audit_properties_copy.update(plugin_audit_properties)

        if plugin_audit_password_property in plugin_audit_properties_copy:
            plugin_audit_properties_copy[
                plugin_audit_password_property] = "crypted"

        XmlConfig(format('ranger-{service_name}-audit.xml'),
                  conf_dir=component_conf_dir,
                  configurations=plugin_audit_properties_copy,
                  configuration_attributes=plugin_audit_attributes,
                  owner=component_user,
                  group=component_group,
                  mode=0744)

        XmlConfig(format('ranger-{service_name}-security.xml'),
                  conf_dir=component_conf_dir,
                  configurations=plugin_security_properties,
                  configuration_attributes=plugin_security_attributes,
                  owner=component_user,
                  group=component_group,
                  mode=0744)

        # remove plain-text password from xml configs
        plugin_password_properties = [
            'xasecure.policymgr.clientssl.keystore.password',
            'xasecure.policymgr.clientssl.truststore.password'
        ]
        plugin_policymgr_ssl_properties_copy = {}
        plugin_policymgr_ssl_properties_copy.update(
            plugin_policymgr_ssl_properties)

        for prop in plugin_password_properties:
            if prop in plugin_policymgr_ssl_properties_copy:
                plugin_policymgr_ssl_properties_copy[prop] = "crypted"

        if str(service_name).lower() == 'yarn':
            XmlConfig("ranger-policymgr-ssl-yarn.xml",
                      conf_dir=component_conf_dir,
                      configurations=plugin_policymgr_ssl_properties_copy,
                      configuration_attributes=plugin_policymgr_ssl_attributes,
                      owner=component_user,
                      group=component_group,
                      mode=0744)
        else:
            XmlConfig("ranger-policymgr-ssl.xml",
                      conf_dir=component_conf_dir,
                      configurations=plugin_policymgr_ssl_properties_copy,
                      configuration_attributes=plugin_policymgr_ssl_attributes,
                      owner=component_user,
                      group=component_group,
                      mode=0744)

        # creating symblink should be done by rpm package
        # setup_ranger_plugin_jar_symblink(stack_version, service_name, component_list)

        setup_ranger_plugin_keystore(
            service_name, audit_db_is_enabled, stack_version, credential_file,
            xa_audit_db_password, ssl_truststore_password,
            ssl_keystore_password, component_user, component_group, java_home,
            cred_lib_path_override, cred_setup_prefix_override)
def setup_ranger_plugin(component_select_name,
                        service_name,
                        component_downloaded_custom_connector,
                        component_driver_curl_source,
                        component_driver_curl_target,
                        java_home,
                        repo_name,
                        plugin_repo_dict,
                        ranger_env_properties,
                        plugin_properties,
                        policy_user,
                        policymgr_mgr_url,
                        plugin_enabled,
                        conf_dict,
                        component_user,
                        component_group,
                        cache_service_list,
                        plugin_audit_properties,
                        plugin_audit_attributes,
                        plugin_security_properties,
                        plugin_security_attributes,
                        plugin_policymgr_ssl_properties,
                        plugin_policymgr_ssl_attributes,
                        component_list,
                        audit_db_is_enabled,
                        credential_file,
                        xa_audit_db_password,
                        ssl_truststore_password,
                        ssl_keystore_password,
                        api_version=None,
                        hdp_version_override=None,
                        skip_if_rangeradmin_down=True):

    if audit_db_is_enabled:
        File(component_downloaded_custom_connector,
             content=DownloadSource(component_driver_curl_source),
             mode=0644)

        Execute(('cp', '--remove-destination',
                 component_downloaded_custom_connector,
                 component_driver_curl_target),
                path=["/bin", "/usr/bin/"],
                sudo=True)

        File(component_driver_curl_target, mode=0644)

    hdp_version = get_hdp_version(component_select_name)
    if hdp_version_override is not None:
        hdp_version = hdp_version_override

    component_conf_dir = conf_dict

    if plugin_enabled:

        if api_version == 'v2' and api_version is not None:
            ranger_adm_obj = RangeradminV2(
                url=policymgr_mgr_url,
                skip_if_rangeradmin_down=skip_if_rangeradmin_down)
        else:
            ranger_adm_obj = Rangeradmin(
                url=policymgr_mgr_url,
                skip_if_rangeradmin_down=skip_if_rangeradmin_down)

        ranger_adm_obj.create_ranger_repository(
            service_name, repo_name, plugin_repo_dict,
            ranger_env_properties['ranger_admin_username'],
            ranger_env_properties['ranger_admin_password'],
            ranger_env_properties['admin_username'],
            ranger_env_properties['admin_password'], policy_user)

        current_datetime = datetime.now()

        File(
            format('{component_conf_dir}/ranger-security.xml'),
            owner=component_user,
            group=component_group,
            mode=0644,
            content=InlineTemplate(
                format(
                    '<ranger>\n<enabled>{current_datetime}</enabled>\n</ranger>'
                )))

        Directory([
            os.path.join('/etc', 'ranger', repo_name),
            os.path.join('/etc', 'ranger', repo_name, 'policycache')
        ],
                  owner=component_user,
                  group=component_group,
                  mode=0775,
                  create_parents=True,
                  cd_access='a')

        for cache_service in cache_service_list:
            File(os.path.join('/etc', 'ranger', repo_name, 'policycache',
                              format('{cache_service}_{repo_name}.json')),
                 owner=component_user,
                 group=component_group,
                 mode=0644)

        XmlConfig(format('ranger-{service_name}-audit.xml'),
                  conf_dir=component_conf_dir,
                  configurations=plugin_audit_properties,
                  configuration_attributes=plugin_audit_attributes,
                  owner=component_user,
                  group=component_group,
                  mode=0744)

        XmlConfig(format('ranger-{service_name}-security.xml'),
                  conf_dir=component_conf_dir,
                  configurations=plugin_security_properties,
                  configuration_attributes=plugin_security_attributes,
                  owner=component_user,
                  group=component_group,
                  mode=0744)

        if str(service_name).lower() == 'yarn':
            XmlConfig("ranger-policymgr-ssl-yarn.xml",
                      conf_dir=component_conf_dir,
                      configurations=plugin_policymgr_ssl_properties,
                      configuration_attributes=plugin_policymgr_ssl_attributes,
                      owner=component_user,
                      group=component_group,
                      mode=0744)
        else:
            XmlConfig("ranger-policymgr-ssl.xml",
                      conf_dir=component_conf_dir,
                      configurations=plugin_policymgr_ssl_properties,
                      configuration_attributes=plugin_policymgr_ssl_attributes,
                      owner=component_user,
                      group=component_group,
                      mode=0744)

        #This should be done by rpm
        #setup_ranger_plugin_jar_symblink(hdp_version, service_name, component_list)

        setup_ranger_plugin_keystore(service_name, audit_db_is_enabled,
                                     hdp_version, credential_file,
                                     xa_audit_db_password,
                                     ssl_truststore_password,
                                     ssl_keystore_password, component_user,
                                     component_group, java_home)

    else:
        File(format('{component_conf_dir}/ranger-security.xml'),
             action="delete")
Exemple #5
0
def setup_ranger_plugin(component_select_name,
                        service_name,
                        previous_jdbc_jar,
                        component_downloaded_custom_connector,
                        component_driver_curl_source,
                        component_driver_curl_target,
                        java_home,
                        repo_name,
                        plugin_repo_dict,
                        ranger_env_properties,
                        plugin_properties,
                        policy_user,
                        policymgr_mgr_url,
                        plugin_enabled,
                        conf_dict,
                        component_user,
                        component_group,
                        cache_service_list,
                        plugin_audit_properties,
                        plugin_audit_attributes,
                        plugin_security_properties,
                        plugin_security_attributes,
                        plugin_policymgr_ssl_properties,
                        plugin_policymgr_ssl_attributes,
                        component_list,
                        audit_db_is_enabled,
                        credential_file,
                        xa_audit_db_password,
                        ssl_truststore_password,
                        ssl_keystore_password,
                        api_version=None,
                        stack_version_override=None,
                        skip_if_rangeradmin_down=True,
                        is_security_enabled=False,
                        is_stack_supports_ranger_kerberos=False,
                        component_user_principal=None,
                        component_user_keytab=None,
                        cred_lib_path_override=None,
                        cred_setup_prefix_override=None):

    if audit_db_is_enabled and component_driver_curl_source is not None and not component_driver_curl_source.endswith(
            "/None"):
        if previous_jdbc_jar and os.path.isfile(previous_jdbc_jar):
            File(previous_jdbc_jar, action='delete')

        File(component_downloaded_custom_connector,
             content=DownloadSource(component_driver_curl_source),
             mode=0644)

        Execute(('cp', '--remove-destination',
                 component_downloaded_custom_connector,
                 component_driver_curl_target),
                path=["/bin", "/usr/bin/"],
                sudo=True)

        File(component_driver_curl_target, mode=0644)

    if policymgr_mgr_url.endswith('/'):
        policymgr_mgr_url = policymgr_mgr_url.rstrip('/')

    if stack_version_override is None:
        stack_version = get_stack_version(component_select_name)
    else:
        stack_version = stack_version_override

    component_conf_dir = conf_dict

    if plugin_enabled:

        service_name_exist = get_policycache_service_name(
            service_name, repo_name, cache_service_list)

        if not service_name_exist:
            if api_version is not None and api_version == 'v2':
                ranger_adm_obj = RangeradminV2(
                    url=policymgr_mgr_url,
                    skip_if_rangeradmin_down=skip_if_rangeradmin_down)
                ranger_adm_obj.create_ranger_repository(
                    service_name, repo_name, plugin_repo_dict,
                    ranger_env_properties['ranger_admin_username'],
                    ranger_env_properties['ranger_admin_password'],
                    ranger_env_properties['admin_username'],
                    ranger_env_properties['admin_password'], policy_user,
                    is_security_enabled, is_stack_supports_ranger_kerberos,
                    component_user, component_user_principal,
                    component_user_keytab)
            else:
                ranger_adm_obj = Rangeradmin(
                    url=policymgr_mgr_url,
                    skip_if_rangeradmin_down=skip_if_rangeradmin_down)
                ranger_adm_obj.create_ranger_repository(
                    service_name, repo_name, plugin_repo_dict,
                    ranger_env_properties['ranger_admin_username'],
                    ranger_env_properties['ranger_admin_password'],
                    ranger_env_properties['admin_username'],
                    ranger_env_properties['admin_password'], policy_user)

        current_datetime = datetime.now()

        File(
            format('{component_conf_dir}/ranger-security.xml'),
            owner=component_user,
            group=component_group,
            mode=0644,
            content=InlineTemplate(
                format(
                    '<ranger>\n<enabled>{current_datetime}</enabled>\n</ranger>'
                )))

        Directory([
            os.path.join('/etc', 'ranger', repo_name),
            os.path.join('/etc', 'ranger', repo_name, 'policycache')
        ],
                  owner=component_user,
                  group=component_group,
                  mode=0775,
                  create_parents=True,
                  cd_access='a')

        for cache_service in cache_service_list:
            File(os.path.join('/etc', 'ranger', repo_name, 'policycache',
                              format('{cache_service}_{repo_name}.json')),
                 owner=component_user,
                 group=component_group,
                 mode=0644)

        # remove plain-text password from xml configs
        plugin_audit_password_property = 'xasecure.audit.destination.db.password'
        plugin_audit_properties_copy = {}
        plugin_audit_properties_copy.update(plugin_audit_properties)

        if plugin_audit_password_property in plugin_audit_properties_copy:
            plugin_audit_properties_copy[
                plugin_audit_password_property] = "crypted"

        XmlConfig(format('ranger-{service_name}-audit.xml'),
                  conf_dir=component_conf_dir,
                  configurations=plugin_audit_properties_copy,
                  configuration_attributes=plugin_audit_attributes,
                  owner=component_user,
                  group=component_group,
                  mode=0744)

        XmlConfig(format('ranger-{service_name}-security.xml'),
                  conf_dir=component_conf_dir,
                  configurations=plugin_security_properties,
                  configuration_attributes=plugin_security_attributes,
                  owner=component_user,
                  group=component_group,
                  mode=0744)

        # remove plain-text password from xml configs
        plugin_password_properties = [
            'xasecure.policymgr.clientssl.keystore.password',
            'xasecure.policymgr.clientssl.truststore.password'
        ]
        plugin_policymgr_ssl_properties_copy = {}
        plugin_policymgr_ssl_properties_copy.update(
            plugin_policymgr_ssl_properties)

        for prop in plugin_password_properties:
            if prop in plugin_policymgr_ssl_properties_copy:
                plugin_policymgr_ssl_properties_copy[prop] = "crypted"

        if str(service_name).lower() == 'yarn':
            XmlConfig("ranger-policymgr-ssl-yarn.xml",
                      conf_dir=component_conf_dir,
                      configurations=plugin_policymgr_ssl_properties_copy,
                      configuration_attributes=plugin_policymgr_ssl_attributes,
                      owner=component_user,
                      group=component_group,
                      mode=0744)
        else:
            XmlConfig("ranger-policymgr-ssl.xml",
                      conf_dir=component_conf_dir,
                      configurations=plugin_policymgr_ssl_properties_copy,
                      configuration_attributes=plugin_policymgr_ssl_attributes,
                      owner=component_user,
                      group=component_group,
                      mode=0744)

        setup_ranger_plugin_keystore(
            service_name, audit_db_is_enabled, stack_version, credential_file,
            xa_audit_db_password, ssl_truststore_password,
            ssl_keystore_password, component_user, component_group, java_home,
            cred_lib_path_override, cred_setup_prefix_override)

    else:
        File(format('{component_conf_dir}/ranger-security.xml'),
             action="delete")
Exemple #6
0
def setup_ranger_hive_metastore_service():
    """
  Creates ranger hive service in ranger admin installed in same cluster for cluster depolyed in cloud env.
  """
    import params

    if params.has_ranger_admin and params.ranger_hive_metastore_lookup:

        repo_name = str(params.config['clusterName']) + '_hive'
        repo_name_value = params.config['configurations'][
            'ranger-hive-security']['ranger.plugin.hive.service.name']
        if not is_empty(
                repo_name_value) and repo_name_value != "{{repo_name}}":
            repo_name = repo_name_value

        hive_ranger_plugin_config = {
            'username':
            params.config['configurations']['ranger-hive-plugin-properties']
            ['REPOSITORY_CONFIG_USERNAME'],
            'password':
            params.config['configurations']['ranger-hive-plugin-properties']
            ['REPOSITORY_CONFIG_PASSWORD'],
            'jdbc.driverClassName':
            params.config['configurations']['ranger-hive-plugin-properties']
            ['jdbc.driverClassName'],
            'jdbc.url':
            'none',
            'commonNameForCertificate':
            params.config['configurations']['ranger-hive-plugin-properties']
            ['common.name.for.certificate'],
            'ambari.service.check.user':
            params.config['configurations']['ranger-hive-plugin-properties']
            ['policy_user']
        }

        if params.security_enabled:
            hive_ranger_plugin_config[
                'policy.download.auth.users'] = params.hive_user
            hive_ranger_plugin_config[
                'tag.download.auth.users'] = params.hive_user
            hive_ranger_plugin_config[
                'policy.grantrevoke.auth.users'] = params.hive_user

        custom_ranger_service_config = generate_ranger_service_config(
            params.config['configurations']['ranger-hive-plugin-properties'])
        if len(custom_ranger_service_config) > 0:
            hive_ranger_plugin_config.update(custom_ranger_service_config)

        hive_ranger_plugin_repo = {
            'isEnabled': 'true',
            'configs': hive_ranger_plugin_config,
            'description': 'Hive service',
            'name': repo_name,
            'type': 'hive'
        }

        ranger_admin_obj = RangeradminV2(
            url=params.config['configurations']['ranger-hive-security']
            ['ranger.plugin.hive.policy.rest.url'],
            skip_if_rangeradmin_down=not params.retryAble)
        ranger_admin_obj.create_ranger_repository(
            component='hive',
            repo_name=repo_name,
            repo_properties=hive_ranger_plugin_repo,
            ambari_ranger_admin=params.config['configurations']['ranger-env']
            ['ranger_admin_username'],
            ambari_ranger_password=params.config['configurations']
            ['ranger-env']['ranger_admin_password'],
            admin_uname=params.config['configurations']['ranger-env']
            ['admin_username'],
            admin_password=params.config['configurations']['ranger-env']
            ['admin_password'],
            policy_user=params.config['configurations']
            ['ranger-hive-plugin-properties']['policy_user'],
            is_security_enabled=params.security_enabled,
            is_stack_supports_ranger_kerberos=params.
            stack_supports_ranger_kerberos,
            component_user=params.hive_user,
            component_user_principal=params.hive_metastore_principal_with_host
            if params.security_enabled else None,
            component_user_keytab=params.hive_metastore_keytab_path
            if params.security_enabled else None)