Generate custom SQL inserts based on dynamic configuration

- ranger-dbsync will now read the ranger.conf configuration and
  generate dynamic insert statements for customer_domain.
- Added a new module db_custom.py that generates the statements i
  in a secure way

Change-Id: Ia2bebbe55050687d635fcd3eff4ed7db65f26fb6

orm/services/db_setup.py

@@ -14,13 +14,39 @@
 #  License for the specific language governing permissions and limitations
 #  under the License.
 
+from ConfigParser import ConfigParser
 from oslo_config import cfg
+import re
 from sqlalchemy import *
 import sys
 
 CONF = cfg.CONF
 
 
+def execute_app_custom_sql(CONF, conn):
+    """Execute custom SQL statements based on configuration.
+
+    Generates custom SQL insert statements from configuration parameters
+    contained in ranger.conf  The functions must use execute with
+    parameters to avoid sql injection.
+
+    Parameters:
+    CONF (oslo_config): the global configuraiton for the app
+    conn (sqlalchemy.db): connection object for the SQL database
+
+    """
+    config = ConfigParser()
+    config.read(CONF.config_file)
+
+    # Insert custom domain name into cms_domain.
+    if config.has_option("rds", "customer_domain"):
+        customer_domain = config.get("rds", "customer_domain")
+        customer_domain = re.sub(r'[\'\"]', '', customer_domain).strip()
+
+        sql = 'insert ignore into cms_domain(name) values(%s)'
+        conn.execute(sql, (customer_domain, ))
+
+
 def main(argv=None):
 
     if argv is None:
@@ -78,7 +104,7 @@ def main(argv=None):
     db_conn_url = db_conn_url and db_conn_url.replace("mysql+pymysql", "mysql") or ''
     engine = create_engine(db_conn_url, echo=False)
 
-    for exec_item in range(len(sql_queries)):
+    conn = engine.connect()
-        conn = engine.connect()
+    conn.execute('\n'.join(sql_queries))
-        exec_script = conn.execute(sql_queries[exec_item])
+    execute_app_custom_sql(CONF, conn)
-        conn.close()
+    conn.close()