From 7c188fd7c7a2ff24ccfed577d54de1ee045d6e94 Mon Sep 17 00:00:00 2001 From: jmq Date: Thu, 9 May 2019 13:58:08 -0500 Subject: [PATCH] Generate custom SQL inserts based on dynamic configuration - ranger-dbsync will now read the ranger.conf configuration and generate dynamic insert statements for customer_domain. - Added a new module db_custom.py that generates the statements i in a secure way Change-Id: Ia2bebbe55050687d635fcd3eff4ed7db65f26fb6 --- orm/services/db_setup.py | 34 ++++++++++++++++++++++++++++++---- 1 file changed, 30 insertions(+), 4 deletions(-) diff --git a/orm/services/db_setup.py b/orm/services/db_setup.py index 8763a068..42b3671f 100644 --- a/orm/services/db_setup.py +++ b/orm/services/db_setup.py @@ -14,13 +14,39 @@ # License for the specific language governing permissions and limitations # under the License. +from ConfigParser import ConfigParser from oslo_config import cfg +import re from sqlalchemy import * import sys CONF = cfg.CONF +def execute_app_custom_sql(CONF, conn): + """Execute custom SQL statements based on configuration. + + Generates custom SQL insert statements from configuration parameters + contained in ranger.conf The functions must use execute with + parameters to avoid sql injection. + + Parameters: + CONF (oslo_config): the global configuraiton for the app + conn (sqlalchemy.db): connection object for the SQL database + + """ + config = ConfigParser() + config.read(CONF.config_file) + + # Insert custom domain name into cms_domain. + if config.has_option("rds", "customer_domain"): + customer_domain = config.get("rds", "customer_domain") + customer_domain = re.sub(r'[\'\"]', '', customer_domain).strip() + + sql = 'insert ignore into cms_domain(name) values(%s)' + conn.execute(sql, (customer_domain, )) + + def main(argv=None): if argv is None: @@ -78,7 +104,7 @@ def main(argv=None): db_conn_url = db_conn_url and db_conn_url.replace("mysql+pymysql", "mysql") or '' engine = create_engine(db_conn_url, echo=False) - for exec_item in range(len(sql_queries)): - conn = engine.connect() - exec_script = conn.execute(sql_queries[exec_item]) - conn.close() + conn = engine.connect() + conn.execute('\n'.join(sql_queries)) + execute_app_custom_sql(CONF, conn) + conn.close()