#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#   http://www.apache.org/licenses/LICENSE-2.0
#
#  Unless required by applicable law or agreed to in writing, software
#  distributed under the License is distributed on an "AS IS" BASIS,
#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#  See the License for the specific language governing permissions and
#  limitations under the License. See accompanying LICENSE file.
#

import os
import re
import sys
import shlex
import platform
import logging
import subprocess
from os.path import basename
import time
import socket
globalDict = {}

os_name = platform.system()
os_name = os_name.upper()
ranger_version=''
jisql_debug=True
retryPatchAfterSeconds=120
stalePatchEntryHoldTimeInMinutes=10
java_patch_regex="^Patch.*?J\d{5}.class$"
is_unix = os_name == "LINUX" or os_name == "DARWIN"

RANGER_ADMIN_HOME = os.getenv("RANGER_ADMIN_HOME")
if RANGER_ADMIN_HOME is None:
	RANGER_ADMIN_HOME = os.getcwd()

if socket.getfqdn().find('.')>=0:
	client_host=socket.getfqdn()
else:
	client_host=socket.gethostbyaddr(socket.gethostname())[0]

RANGER_ADMIN_CONF = os.getenv("RANGER_ADMIN_CONF")
if RANGER_ADMIN_CONF is None:
	if is_unix:
		RANGER_ADMIN_CONF = RANGER_ADMIN_HOME
	elif os_name == "WINDOWS":
		RANGER_ADMIN_CONF = os.path.join(RANGER_ADMIN_HOME,'bin')

def check_output(query):
	if is_unix:
		p = subprocess.Popen(shlex.split(query), stdout=subprocess.PIPE)
	elif os_name == "WINDOWS":
		p = subprocess.Popen(query, stdout=subprocess.PIPE, shell=True)
	output = p.communicate ()[0]
	return output

def log(msg,type):
	if type == 'info':
		logging.info(" %s",msg)
	if type == 'debug':
		logging.debug(" %s",msg)
	if type == 'warning':
		logging.warning(" %s",msg)
	if type == 'exception':
		logging.exception(" %s",msg)
	if type == 'error':
		logging.error(" %s",msg)

def populate_global_dict():
	global globalDict
	if is_unix:
		read_config_file = open(os.path.join(RANGER_ADMIN_CONF,'install.properties'))
	elif os_name == "WINDOWS":
		read_config_file = open(os.path.join(RANGER_ADMIN_CONF,'install_config.properties'))
	for each_line in read_config_file.read().split('\n') :
		each_line = each_line.strip();
		if len(each_line) == 0:
			continue
		elif each_line[0] == "#":
			continue
		if re.search('=', each_line):
			key , value = each_line.split("=",1)
			key = key.strip()
			if 'PASSWORD' in key:
				value = ''
			value = value.strip()
			globalDict[key] = value
		if 'ranger_admin_max_heap_size' not in globalDict:
			globalDict['ranger_admin_max_heap_size']='1g'

def jisql_log(query, db_password):
	if jisql_debug == True:
		if os_name == "WINDOWS":
			query = query.replace(' -p "'+db_password+'"' , ' -p "********"')
			log("[JISQL] "+query, "info")
		else:
			query = query.replace(" -p '"+db_password+"'" , " -p '********'")
			log("[JISQL] "+query, "info")

def password_validation(password):
	if password:
		if re.search("[\\\`'\"]",password):
			log("[E] password contains one of the unsupported special characters like \" ' \ `","error")
			sys.exit(1)

def subprocessCallWithRetry(query):
	retryCount=1
	returnCode = subprocess.call(query)
	while returnCode!=0:
		retryCount=retryCount+1
		time.sleep(1)
		log("[I] SQL statement execution Failed!! retrying attempt "+str(retryCount)+" of total 3" ,"info")
		returnCode = subprocess.call(query)
		if(returnCode!=0 and retryCount>=3):
			break
	return returnCode

def dbversionBasedOnUserName(userName):
	version = ""
	if userName == "admin" :
		version = 'DEFAULT_ADMIN_UPDATE'
	if userName == "rangerusersync" :
		version = 'DEFAULT_RANGER_USERSYNC_UPDATE'
	if userName == "rangertagsync" :
		version = 'DEFAULT_RANGER_TAGSYNC_UPDATE'
	if userName == "keyadmin" :
		version = 'DEFAULT_KEYADMIN_UPDATE'
	return version

class BaseDB(object):

	def check_connection(self, db_name, db_user, db_password):
		self.db_user=db_user
		self.db_name=db_name
		self.db_password=db_password
		log("[I] Checking connection..", "info")
		output = self.execute_query(self.get_db_server_status_query())
		if not output.strip('1 |'):
			log("[E] Can't establish connection!! Exiting.." ,"error")
			log("[I] Please run DB setup first or contact Administrator.." ,"info")
			sys.exit(1)
		else:
			log("[I] Checking connection passed.", "info")
			return True

	def apply_patches(self, db_name, db_user, db_password, PATCHES_PATH):
		#first get all patches and then apply each patch
		if not os.path.exists(PATCHES_PATH):
			log("[I] No patches to apply!","info")
		else:
			# files: coming from os.listdir() sorted alphabetically, thus not numerically
			files = os.listdir(PATCHES_PATH)
			if files:
				sorted_files = sorted(files, key=lambda x: str(x.split('.')[0]))
				for filename in sorted_files:
					currentPatch = os.path.join(PATCHES_PATH, filename)
					self.import_db_patches(db_name, db_user, db_password, currentPatch)
				self.update_applied_patches_status(db_name, db_user, db_password, "DB_PATCHES")
			else:
				log("[I] No patches to apply!","info")

	def execute_query(self, query):
		CT=self.commandTerminator
		get_cmd = self.get_jisql_cmd(self.db_user, self.db_password, self.db_name)
		if is_unix:
			full_command = get_cmd + CT + " -query \"" + query + "\""
		elif os_name == "WINDOWS":
			full_command = get_cmd + " -query \"" + query + "\" -c ;"
		else:
			raise Exception("This OS is not supported!")
		jisql_log(full_command, self.db_password)
		output = check_output(full_command)
		return output

	def execute_update(self, update):
		CT=self.commandTerminator
		get_cmd = self.get_jisql_cmd(self.db_user, self.db_password, self.db_name)
		if is_unix:
			full_command = get_cmd + CT + " -query \"" + update + "\""
			jisql_log(full_command, self.db_password)
			return subprocess.call(shlex.split(full_command))
		elif os_name == "WINDOWS":
			full_command = get_cmd + " -query \"" + update + "\" -c ;"
			jisql_log(full_command, self.db_password)
			ret = subprocess.call(full_command)
		raise Exception("This OS is not supported!")

	def execute_file(self, file_name):
		get_cmd = self.get_jisql_cmd(self.db_user, self.db_password, self.db_name)
		if is_unix:
			full_command = get_cmd + " -input %s " %file_name
			jisql_log(full_command, self.db_password)
			ret = subprocess.call(shlex.split(full_command))
		elif os_name == "WINDOWS":
			full_command = get_cmd + " -input %s " %file_name
			jisql_log(full_command, self.db_password)
			ret = subprocess.call(full_command)
		return ret

	def check_table(self, db_name, db_user, db_password, TABLE_NAME):
		if self.XA_DB_FLAVOR == "SQLA":
			self.set_options(db_name, db_user, db_password, TABLE_NAME)
		output = self.execute_query(self.get_check_table_query(TABLE_NAME))
		if output.strip(TABLE_NAME + " |"):
			log("[I] Table " + TABLE_NAME +" already exists in database '" + db_name + "'","info")
			return True
		else:
			log("[I] Table " + TABLE_NAME +" does not exist in database " + db_name + "","info")
			return False

	def create_version_history_table(self, db_name, db_user, db_password, file_name,table_name):
		name = basename(file_name)
		if os.path.isfile(file_name):
			isTableExist=self.check_table(db_name, db_user, db_password, table_name)
			if isTableExist==False:
				log("[I] Importing "+table_name+" table schema to database " + db_name + " from file: " + name,"info")
			while(isTableExist==False):
				ret=self.execute_file(file_name)
				if ret == 0:
					log("[I] "+name + " file imported successfully","info")
				else:
					log("[E] "+name + " file import failed!","error")
					time.sleep(30)
				isTableExist=self.check_table(db_name, db_user, db_password, table_name)
		else:
			log("[E] Schema file " + name+ " not found","error")
			sys.exit(1)

	def hasDBnJavaPatchesEntries(self, db_name, db_user, db_password, version):
		output = self.execute_query(self.get_version_query(version,'Y'))
		if output.strip(version + " |"):
			return True
		else:
			return False

	def import_db_file(self, db_name, db_user, db_password, file_name):
		isImported=False
		name = basename(file_name)
		if os.path.isfile(file_name):
			log("[I] Importing DB schema to database " + db_name + " from file: " + name,"info")
			ret=self.execute_file(file_name)
			if ret == 0:
				log("[I] "+name + " file imported successfully","info")
				isImported=True
			else:
				log("[E] "+name + " file import failed!","error")
		else:
			log("[E] DB schema file " + name+ " not found","error")
			sys.exit(1)
		return isImported

	def import_core_db_schema(self, db_name, db_user, db_password, file_name,first_table,last_table):
		version = 'CORE_DB_SCHEMA'
		if os.path.isfile(file_name):
			output = self.execute_query(self.get_version_query(version,'Y'))
			if output.strip(version + " |"):
				log("[I] "+version+" is already imported" ,"info")
			else:
				#before executing the patch first check whether its in progress from any host.
				executePatch=False
				output = self.execute_query(self.get_version_query(version,'N'))
				if output.strip(version + " |"):
					#check whether process is in progress from different host if yes then wait until it finishes.
					output = self.execute_query(self.get_version_notupdatedby_query(version,'N',client_host))
					while(output.strip(version + " |")):
						log("[I] "+ version  +" is being applied by some other Host" ,"info")
						time.sleep(retryPatchAfterSeconds)
						output = self.execute_query(self.get_version_notupdatedby_query(version,'N',client_host))
					#check whether process is in progress from same host
					output = self.execute_query(self.get_unstale_patch_query(version,'N',client_host,stalePatchEntryHoldTimeInMinutes))
					while(output.strip(version + " |")):
						log("[I] "+ version  +" is being imported by some other process of the same host" ,"info")
						time.sleep(retryPatchAfterSeconds)
						output = self.execute_query(self.get_unstale_patch_query(version,'N',client_host,stalePatchEntryHoldTimeInMinutes))
					output = self.execute_query(self.get_stale_patch_query(version,'N',client_host,stalePatchEntryHoldTimeInMinutes))
					if(output.strip(version + " |")):
						ret = self.execute_update(self.delete_version_updatedby_query(version,'N',client_host))
						if ret == 0:
							log("[I] Deleted old entry of patch:"+version, "info")
						output = self.execute_query(self.get_version_notupdatedby_query(version,'N',client_host))
						while(output.strip(version + " |")):
							log("[I] "+ version  +" is being applied by some other process" ,"info")
							time.sleep(retryPatchAfterSeconds)
							output = self.execute_query(self.get_version_notupdatedby_query(version,'N',client_host))
						if not (output.strip(version + " |")):
							executePatch=True
				else:
					executePatch=True

				if executePatch:
					ret = self.execute_update(self.insert_patch_applied_query(version,ranger_version,'N',client_host))
					if ret != 0:
						log("[E] "+ version +" import failed", "error")
						sys.exit(1)
					isSchemaCreated=False
					countTries = 0
					while(isSchemaCreated==False or countTries<2):
						countTries=countTries+1
						isFirstTableExist = self.check_table(db_name, db_user, db_password, first_table)
						isLastTableExist = self.check_table(db_name, db_user, db_password, last_table)
						isDBPatchesApplied=self.hasDBnJavaPatchesEntries(db_name, db_user, db_password, "DB_PATCHES")
						isJavaPatchesApplied=self.hasDBnJavaPatchesEntries(db_name, db_user, db_password, "JAVA_PATCHES")
						if isFirstTableExist == True and isLastTableExist == True and isDBPatchesApplied ==True and isJavaPatchesApplied ==True:
							isSchemaCreated=True
						else:
							isImported=self.import_db_file(db_name, db_user, db_password, file_name)
							if (isImported):
								ret = self.execute_update(self.update_patch_applied_query(ranger_version,'Y','localhost'))
								if ret == 0:
									log("[I] Patches status entries updated from base ranger version to current installed ranger version:"+ranger_version, "info")
							else:
								log("[I] Unable to create DB schema, Please drop the database and try again" ,"info")
								break

					if isSchemaCreated == True:
						ret = self.execute_update(self.update_patch_status_query(version,'N',client_host))
						if ret == 0:
							log("[I] "+version +" import status has been updated", "info")
						else:
							ret = self.execute_update(self.delete_version_updatedby_query(version,'N',client_host))
							log("[E] Updating "+version +" import status failed", "error")
							sys.exit(1)
					else:
						ret = self.execute_update(self.delete_version_updatedby_query(version,'N',client_host))
						log("[E] "+version + " import failed!","error")
						sys.exit(1)

	def import_db_patches(self, db_name, db_user, db_password, file_name):
		if self.XA_DB_FLAVOR == "POSTGRES":
			self.create_language_plpgsql(db_user, db_password, db_name)
		name = basename(file_name)
		if os.path.isfile(file_name):
			version = name.split('-')[0]
			log("[I] Executing patch on  " + db_name + " from file: " + name,"info")
			output = self.execute_query(self.get_version_query(version,'Y'))
			if output.strip(version + " |"):
				log("[I] Patch "+ name  +" is already applied" ,"info")
			else:
				#before executing the patch first check whether its in progress from any host.
				executePatch=False
				output = self.execute_query(self.get_version_query(version,'N'))
				if output.strip(version + " |"):
					#check whether process is in progress from different host if yes then wait until it finishes.
					output = self.execute_query(self.get_version_notupdatedby_query(version,'N',client_host))
					while(output.strip(version + " |")):
						log("[I] Patch "+ name  +" is being applied by some other host" ,"info")
						time.sleep(retryPatchAfterSeconds)
						output = self.execute_query(self.get_version_notupdatedby_query(version,'N',client_host))
					#check whether process is in progress from same host and entry was created in less than $stalePatchEntryHoldTimeInMinutes minute from current time
					output = self.execute_query(self.get_unstale_patch_query(version,'N',client_host,stalePatchEntryHoldTimeInMinutes))
					while(output.strip(version + " |")):
						#wait for process to complete or $stalePatchEntryHoldTimeInMinutes minutes
						log("[I] Patch "+ name  +" is being applied by some other process of current host" ,"info")
						time.sleep(retryPatchAfterSeconds)
						output = self.execute_query(self.get_unstale_patch_query(version,'N',client_host,stalePatchEntryHoldTimeInMinutes))
					##check whether process is in progress from same host and entry was created before $stalePatchEntryHoldTimeInMinutes minute from current time
					output = self.execute_query(self.get_stale_patch_query(version,'N',client_host,stalePatchEntryHoldTimeInMinutes))
					if(output.strip(version + " |")):
						#delete the $stalePatchEntryHoldTimeInMinutes minute old entry and allow the same host to proceed with patch execution
						ret = self.execute_update(self.delete_version_updatedby_query(version,'N',client_host))
						if ret == 0:
							log("[I] deleted old entry of patch:"+name, "info")
						#if patch is still in progress from any host then wait for its completion or forever
						output = self.execute_query(self.get_version_query(version,'N'))
						while(output.strip(version + " |")):
							log("[I] Patch "+ name  +" is being applied by some other process" ,"info")
							time.sleep(retryPatchAfterSeconds)
							output = self.execute_query(self.get_version_query(version,'N'))
						#if patch entry does not exist then allow patch execution to the current host.
						if not (output.strip(version + " |")):
							executePatch=True
				else:
					executePatch=True
				##if patch entry does not exist in x_db_version_h table then insert the entry with active='N' and execute the patch.
				if executePatch:
					ret = self.execute_update(self.insert_patch_applied_query(version,ranger_version,'N',client_host))
					if ret == 0:
						log ("[I] Patch "+ name +" is being applied..","info")
					else:
						log("[E] Patch "+ name +" failed", "error")
						sys.exit(1)
					ret=self.execute_file(file_name)
					if ret!=0:
						output = self.execute_query(self.get_version_query(version,'Y'))
						if output.strip(version + " |"):
							ret=0
							log("[I] Patch "+ name  +" has been applied by some other process!" ,"info")
					if ret == 0:
						log("[I] "+name + " patch applied","info")
						ret = self.execute_update(self.update_patch_status_query(version,'N',client_host))
						if ret == 0:
							log("[I] Patch version updated", "info")
						else:
							ret = self.execute_update(self.delete_version_updatedby_query(version,'N',client_host))
							log("[E] Updating patch version failed", "error")
							sys.exit(1)
					else:
						ret = self.execute_update(self.delete_version_updatedby_query(version,'N',client_host))
						log("[E] "+name + " import failed!","error")
						sys.exit(1)

	def execute_java_patches(self, xa_db_host, db_user, db_password, db_name):
		global globalDict
		my_dict = {}
		version = ""
		className = ""
		app_home = os.path.join(RANGER_ADMIN_HOME,"ews","webapp")
		ranger_log = os.path.join(RANGER_ADMIN_HOME,"ews","logs")
		javaFiles = os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch")
		if not os.path.exists(javaFiles):
			log("[I] No java patches to apply!","info")
		else:
			files = os.listdir(javaFiles)
			if files:
				for filename in files:
					f = re.match(java_patch_regex,filename)
					if f:
						version = re.match("Patch.*?_(.*).class",filename)
						version = version.group(1)
						key3 = int(version.strip("J"))
						my_dict[key3] = filename

			keylist = my_dict.keys()
			keylist.sort()
			for key in keylist:
				#print "%s: %s" % (key, my_dict[key])
				version = str(key)
				className = my_dict[key]
				className = className.strip(".class")
				if version != "":
					output = self.execute_query(self.get_version_query('J'+version,'Y'))
					if output.strip(version + " |"):
						log("[I] Java patch "+ className  +" is already applied" ,"info")
					else:
						#before executing the patch first check whether its in progress from any host.
						executePatch=False
						output = self.execute_query(self.get_version_query('J'+version,'N'))
						if output.strip(version + " |"):
							#check whether process is in progress from different host if yes then wait until it finishes.
							output = self.execute_query(self.get_version_notupdatedby_query('J'+version,'Y',client_host))
							while(output.strip(version + " |")):
								log("[I] Java patch "+ className  +" is being applied by some other host" ,"info")
								time.sleep(retryPatchAfterSeconds)
								output = self.execute_query(self.get_version_notupdatedby_query('J'+version,'Y',client_host))
							#check whether process is in progress from same host
							output = self.execute_query(self.get_unstale_patch_query('J'+version,'N',client_host,stalePatchEntryHoldTimeInMinutes))
							while(output.strip(version + " |")):
								log("[I] Java patch "+ className  +" is being applied by some other process of current host" ,"info")
								time.sleep(retryPatchAfterSeconds)
								output = self.execute_query(self.get_unstale_patch_query('J'+version,'N',client_host,stalePatchEntryHoldTimeInMinutes))
							output = self.execute_query(self.get_stale_patch_query('J'+version,'N',client_host,stalePatchEntryHoldTimeInMinutes))
							if(output.strip(version + " |")):
								ret = self.execute_update(self.delete_version_updatedby_query(version,'N',client_host))
								if ret == 0:
									log("[I] deleted old entry of patch:"+className, "info")
								output = self.execute_query(self.get_version_notupdatedby_query('J'+version,'N',client_host))
								while(output.strip(version + " |")):
									log("[I] Java patch "+ className  +" is being applied by some other process" ,"info")
									time.sleep(retryPatchAfterSeconds)
									output = self.execute_query(self.get_version_notupdatedby_query('J'+version,'N',client_host))
								if not (output.strip(version + " |")):
									executePatch=True
						else:
							executePatch=True
						##if patch entry does not exist in x_db_version_h table then insert the entry with active='N' and execute the patch.
						if executePatch:
							ret = self.execute_update(self.insert_patch_applied_query('J'+version,ranger_version,'N',client_host))
							if ret == 0:
								log ("[I] java patch "+ className +" is being applied..","info")
							else:
								log("[E] java patch "+ className +" failed", "error")
								sys.exit(1)
							if is_unix:
								path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
							elif os_name == "WINDOWS":
								path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
							get_java_cmd = "%s -XX:MetaspaceSize=100m -XX:MaxMetaspaceSize=200m -Xmx%s -Xms1g -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.%s"%(self.JAVA_BIN,globalDict['ranger_admin_max_heap_size'],ranger_log,path,className)
							if is_unix:
								ret = subprocess.call(shlex.split(get_java_cmd))
							elif os_name == "WINDOWS":
								ret = subprocess.call(get_java_cmd)
							if ret == 0:
								ret = self.execute_update(self.update_patch_status_query('J'+version,'N',client_host))
								if ret == 0:
									log ("[I] java patch "+ className +" is applied..","info")
								else:
									ret = self.execute_update(self.delete_version_updatedby_query('J'+version,'N',client_host))
									log("[E] java patch "+ className +" failed", "error")
									sys.exit(1)
							else:
								ret = self.execute_update(self.delete_version_updatedby_query('J'+version,'N',client_host))
								log("[E] applying java patch "+ className +" failed", "error")
								sys.exit(1)

	def change_admin_default_password(self, xa_db_host, db_user, db_password, db_name,userName,oldPassword,newPassword):
		CT=self.commandTerminator
		version = ""
		className = "ChangePasswordUtil"
		version = dbversionBasedOnUserName(userName)
		app_home = os.path.join(RANGER_ADMIN_HOME,"ews","webapp")
		ranger_log = os.path.join(RANGER_ADMIN_HOME,"ews","logs")
		filePath = os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch","cliutil","ChangePasswordUtil.class")
		if os.path.exists(filePath):
			if version != "":
				output = self.execute_query(self.get_version_query(version,'Y'))
				if output.strip(version + " |"):
					log("[I] Ranger "+ userName +" default password has already been changed!!","info")
				else:
					#before executing the patch first check whether its in progress from any host.
					executePatch=False
					output = self.execute_query(self.get_version_query(version,'N'))
					if output.strip(version + " |"):
						#check whether process is in progress from different host if yes then wait until it finishes.
						output = self.execute_query(self.get_version_notupdatedby_query(version,'N',client_host))
						countTries = 0
						while(output.strip(version + " |")):
							if countTries < 3:
								log("[I] Ranger Password change utility is being executed by some other host" ,"info")
								time.sleep(retryPatchAfterSeconds)
								output = self.execute_query(self.get_version_notupdatedby_query(version,'N',client_host))
								countTries += 1
							else:
								log("[E] Tried updating the password "+ str(countTries) + " times","error")
								log("[E] If Ranger "+  userName +" user password is not being changed by some other host then manually delete the entry from ranger database table x_db_version_h table where version is " + version ,"error")
								sys.exit(1)
						#check whether process is in progress from same host
						output = self.execute_query(self.get_unstale_patch_query(version,'N',client_host,stalePatchEntryHoldTimeInMinutes))
						while(output.strip(version + " |")):
							log("[I] Ranger Password change utility for user "+ userName  +" is being executed by some other process of current host" ,"info")
							time.sleep(retryPatchAfterSeconds)
							output = self.execute_query(self.get_unstale_patch_query(version,'N',client_host,stalePatchEntryHoldTimeInMinutes))
						output = self.execute_query(self.get_stale_patch_query(version,'N',client_host,stalePatchEntryHoldTimeInMinutes))
						if(output.strip(version + " |")):
							ret = self.execute_update(self.delete_version_updatedby_query(version,'N',client_host))
							if ret == 0:
								log("[I] deleted old entry for user:"+userName, "info")
							output = self.execute_query(self.get_version_notupdatedby_query(version,'N',client_host))
							while(output.strip(version + " |")):
								log("[I] Ranger Password change utility for user "+ userName  +" is being applied by some other process" ,"info")
								time.sleep(retryPatchAfterSeconds)
								output = self.execute_query(self.get_version_notupdatedby_query(version,'N',client_host))
							if not (output.strip(version + " |")):
								executePatch=True
					else:
						executePatch=True

					if executePatch:
						ret = self.execute_update(self.insert_patch_applied_query(version,ranger_version,'N',client_host))
						if ret == 0:
							log ("[I] Ranger "+ userName +" default password change request is in process..","info")
						else:
							log("[E] Ranger "+ userName +" default password change request failed", "error")
							sys.exit(1)
						if is_unix:
							path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
						elif os_name == "WINDOWS":
							path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
						get_java_cmd = "%s -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.cliutil.%s %s %s %s -default"%(self.JAVA_BIN,ranger_log,path,className,'"'+userName+'"','"'+oldPassword+'"','"'+newPassword+'"')
						if is_unix:
							status = subprocess.call(shlex.split(get_java_cmd))
						elif os_name == "WINDOWS":
							status = subprocess.call(get_java_cmd)
						if status == 0 or status==2:
							ret = self.execute_update(self.update_patch_status_query(version,'N',client_host))
							if ret == 0 and status == 0:
								log ("[I] Ranger "+ userName +" default password change request processed successfully..","info")
							elif ret == 0 and status == 2:
								log ("[I] Ranger "+ userName +" default password change request process skipped!","info")
							else:
								ret = self.execute_update(self.delete_version_updatedby_query(version,'N',client_host))
								log("[E] Ranger "+ userName +" default password change request failed", "error")
								sys.exit(1)
						else:
							ret = self.execute_update(self.delete_version_updatedby_query(version,'N',client_host))
							log("[E] Ranger "+ userName +" default password change request failed", "error")
							sys.exit(1)

	def change_all_admin_default_password(self, xa_db_host, db_user, db_password, db_name,userPwdArray):
		CT=self.commandTerminator
		userPwdString =""
		if len(userPwdArray)>5:
			for j in range(len(userPwdArray)):
				if str(userPwdArray[j]) == "-pair":
					userPwdString= userPwdString + " \"" + userPwdArray[j+1] + "\" \"" + userPwdArray[j+2] + "\" \"" + userPwdArray[j+3] +"\""
		userName = "all admins"
		className = "ChangePasswordUtil"
		version = "DEFAULT_ALL_ADMIN_UPDATE"
		app_home = os.path.join(RANGER_ADMIN_HOME,"ews","webapp")
		ranger_log = os.path.join(RANGER_ADMIN_HOME,"ews","logs")
		filePath = os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch","cliutil","ChangePasswordUtil.class")
		if os.path.exists(filePath):
			if version != "":
				output = self.execute_query(self.get_version_query(version,'Y'))
				if output.strip(version + " |"):
					log("[I] Ranger "+ userName +" default password has already been changed!!","info")
				else:
					#before executing the patch first check whether its in progress from any host.
					executePatch=False
					output = self.execute_query(self.get_version_query(version,'N'))
					if output.strip(version + " |"):
						#check whether process is in progress from different host if yes then wait until it finishes.
						output = self.execute_query(self.get_version_notupdatedby_query(version,'N',client_host))
						countTries = 0
						while(output.strip(version + " |")):
							if countTries < 3:
								log("[I] Ranger Password change utility is being executed by some other host" ,"info")
								time.sleep(retryPatchAfterSeconds)
								output = self.execute_query(self.get_version_notupdatedby_query(version,'N',client_host))
								countTries += 1
							else:
								log("[E] Tried updating the password "+ str(countTries) + " times","error")
								log("[E] If Ranger "+  userName +" user password is not being changed by some other host then manually delete the entry from ranger database table x_db_version_h table where version is " + version ,"error")
								sys.exit(1)
						#check whether process is in progress from same host
						output = self.execute_query(self.get_unstale_patch_query(version,'N',client_host,stalePatchEntryHoldTimeInMinutes))
						while(output.strip(version + " |")):
							log("[I] Ranger Password change utility for "+ userName  +" is being executed by some other process of current host" ,"info")
							time.sleep(retryPatchAfterSeconds)
							output = self.execute_query(self.get_unstale_patch_query(version,'N',client_host,stalePatchEntryHoldTimeInMinutes))
						output = self.execute_query(self.get_stale_patch_query(version,'N',client_host,stalePatchEntryHoldTimeInMinutes))
						if(output.strip(version + " |")):
							ret = self.execute_update(self.delete_version_updatedby_query(version,'N',client_host))
							if ret == 0:
								log("[I] deleted old entry of patch for :"+userName, "info")
							output = self.execute_query(self.get_version_notupdatedby_query(version,'N',client_host))
							while(output.strip(version + " |")):
								log("[I] Ranger Password change utility "+ userName  +" is being applied by some other process" ,"info")
								time.sleep(retryPatchAfterSeconds)
								output = self.execute_query(self.get_version_notupdatedby_query(version,'N',client_host))
							if not (output.strip(version + " |")):
								executePatch=True
					else:
						executePatch=True

					if executePatch:
						ret = self.execute_update(self.insert_patch_applied_query(version,ranger_version,'N',client_host))
						if ret == 0:
							log ("[I] Ranger "+ userName +" default password change request is in process..","info")
						else:
							log("[E] Ranger "+ userName +" default password change request failed", "error")
							sys.exit(1)
						if is_unix:
							path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
						elif os_name == "WINDOWS":
							path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
						get_java_cmd = "%s -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.cliutil.%s %s -default"%(self.JAVA_BIN,ranger_log,path,className, userPwdString)
						if is_unix:
							status = subprocess.call(shlex.split(get_java_cmd))
						elif os_name == "WINDOWS":
							status = subprocess.call(get_java_cmd)
						if status == 0 or status==2:
							ret = self.execute_update(self.update_patch_status_query(version,'N',client_host))
							if ret == 0 and status == 0:
								log ("[I] Ranger "+ userName +" default password change request processed successfully..","info")
							elif ret == 0 and status == 2:
								log ("[I] Ranger "+ userName +" default password change request process skipped!","info")
							else:
								ret = self.execute_update(self.delete_version_updatedby_query(version,'N',client_host))
								log("[E] Ranger	"+ userName +" default password change request failed", "error")
								sys.exit(1)
						else:
							ret = self.execute_update(self.delete_version_updatedby_query(version,'N',client_host))
							log("[E] Ranger "+ userName +" default password change request failed", "error")
							sys.exit(1)

	def hasPendingPatches(self, db_name, db_user, db_password, version):
		output = self.execute_query(self.get_patch_status_in_current_version_query(version,ranger_version,'Y'))
		if output.strip(version + " |"):
			return False
		else:
			return True

	def update_applied_patches_status(self,db_name, db_user, db_password,version):
		if self.hasPendingPatches(db_name, db_user, db_password,version) == True:
			ret = self.execute_update(self.insert_patch_applied_query(version,ranger_version,'Y',client_host))
			if ret != 0:
				log("[E] "+ version +" status entry to x_db_version_h table failed", "error")
				sys.exit(1)
			else:
				log("[I] "+ version +" status entry to x_db_version_h table completed", "info")

	def is_new_install(self, xa_db_host, db_user, db_password, db_name):
		output = self.execute_query(self.get_db_server_status_query())
		if not output.strip('1 |'):
			sys.exit(0)
		version="J10001"
		output = self.execute_query(self.get_version_query(version,'Y'))
		if not output.strip(version + " |"):
			sys.exit(0)

	def get_version_query(self, version, isActive):
		return "select version from x_db_version_h where version = '%s' and active = '%s';" % (version,isActive)

	def get_version_updatedby_query(self, version, isActive, client_host):
		return "select version from x_db_version_h where version = '%s' and active = '%s' and updated_by='%s';" % (version,isActive,client_host)

	def get_version_notupdatedby_query(self, version, isActive, client_host):
		return "select version from x_db_version_h where version = '%s' and active = '%s' and updated_by!='%s';" % (version,isActive,client_host)

	def delete_version_notupdatedby_query(self, version, isActive, client_host):
		return "delete from x_db_version_h where version = '%s' and active = '%s' and updated_by!='%s';" % (version,isActive,client_host)

	def delete_version_updatedby_query(self, version, isActive, client_host):
		return "delete from x_db_version_h where version = '%s' and active = '%s' and updated_by='%s';" % (version,isActive,client_host)

	def update_patch_applied_query(self, ranger_version, isActive, client_host):
		return "update x_db_version_h set inst_by='%s' where active='%s' and updated_by='%s';" %(ranger_version,isActive,client_host)

	def update_patch_status_query(self, version, isActive, client_host):
		return "update x_db_version_h set active='Y' where version='%s' and active='%s' and updated_by='%s';" %(version,isActive,client_host)

	def get_patch_status_in_current_version_query(self, version,ranger_version, isActive):
		return "select version from x_db_version_h where version = '%s' and inst_by = '%s' and active = '%s';" % (version,ranger_version,isActive)

class MysqlConf(BaseDB):
	# Constructor
	def __init__(self, host,SQL_CONNECTOR_JAR,JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type):
		self.host = host
		self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR
		self.JAVA_BIN = JAVA_BIN
		self.db_ssl_enabled=db_ssl_enabled.lower()
		self.db_ssl_required=db_ssl_required.lower()
		self.db_ssl_verifyServerCertificate=db_ssl_verifyServerCertificate.lower()
		self.db_ssl_auth_type=db_ssl_auth_type.lower()
		self.javax_net_ssl_keyStore=javax_net_ssl_keyStore
		self.javax_net_ssl_keyStorePassword=javax_net_ssl_keyStorePassword
		self.javax_net_ssl_trustStore=javax_net_ssl_trustStore
		self.javax_net_ssl_trustStorePassword=javax_net_ssl_trustStorePassword
		self.commandTerminator=" "
		self.XA_DB_FLAVOR = "MYSQL"

	def get_jisql_cmd(self, user, password ,db_name):
		path = RANGER_ADMIN_HOME
		db_ssl_param=''
		db_ssl_cert_param=''
		if self.db_ssl_enabled == 'true':
			db_ssl_param="?useSSL=%s&requireSSL=%s&verifyServerCertificate=%s" %(self.db_ssl_enabled,self.db_ssl_required,self.db_ssl_verifyServerCertificate)
			if self.db_ssl_verifyServerCertificate == 'true':
				if self.db_ssl_auth_type == '1-way':
					db_ssl_cert_param=" -Djavax.net.ssl.trustStore=%s -Djavax.net.ssl.trustStorePassword=%s " %(self.javax_net_ssl_trustStore,self.javax_net_ssl_trustStorePassword)
				else:
					db_ssl_cert_param=" -Djavax.net.ssl.keyStore=%s -Djavax.net.ssl.keyStorePassword=%s -Djavax.net.ssl.trustStore=%s -Djavax.net.ssl.trustStorePassword=%s " %(self.javax_net_ssl_keyStore,self.javax_net_ssl_keyStorePassword,self.javax_net_ssl_trustStore,self.javax_net_ssl_trustStorePassword)
		self.JAVA_BIN = self.JAVA_BIN.strip("'")
		if is_unix:
			jisql_cmd = "%s %s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s%s -u '%s' -p '%s' -noheader -trim -c \;" %(self.JAVA_BIN,db_ssl_cert_param,self.SQL_CONNECTOR_JAR,path,self.host,db_name,db_ssl_param,user,password)
		elif os_name == "WINDOWS":
			jisql_cmd = "%s %s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s%s -u \"%s\" -p \"%s\" -noheader -trim" %(self.JAVA_BIN,db_ssl_cert_param,self.SQL_CONNECTOR_JAR, path, self.host, db_name, db_ssl_param,user, password)
		return jisql_cmd

	def get_check_table_query(self, TABLE_NAME):
		return "show tables like '%s';" % (TABLE_NAME)

	def get_unstale_patch_query(self, version, isActive, client_host,stalePatchEntryHoldTimeInMinutes):
		return "select version from x_db_version_h where version = '%s' and active = '%s' and updated_by='%s' and TIMESTAMPDIFF(MINUTE,inst_at,CURRENT_TIMESTAMP)<%s;" % (version,isActive,client_host,stalePatchEntryHoldTimeInMinutes)

	def get_stale_patch_query(self, version, isActive, client_host,stalePatchEntryHoldTimeInMinutes):
		return "select version from x_db_version_h where version = '%s' and active = '%s' and updated_by='%s' and TIMESTAMPDIFF(MINUTE,inst_at,CURRENT_TIMESTAMP)>=%s;" % (version,isActive,client_host,stalePatchEntryHoldTimeInMinutes)

	def insert_patch_applied_query(self, version, ranger_version,isActive, client_host):
		return "insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', current_timestamp, '%s', current_timestamp, '%s','%s') ;" %(version,ranger_version,client_host,isActive)

	def get_db_server_status_query(self):
		return "select 1;"

class OracleConf(BaseDB):
	# Constructor
	def __init__(self, host, SQL_CONNECTOR_JAR, JAVA_BIN):
		self.host = host 
		self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR
		self.JAVA_BIN = JAVA_BIN
		self.commandTerminator=" -c \\; "
		self.XA_DB_FLAVOR = "ORACLE"

	def get_jisql_cmd(self, user, password ,db_name):
		path = RANGER_ADMIN_HOME
		self.JAVA_BIN = self.JAVA_BIN.strip("'")
		if not re.search('-Djava.security.egd=file:///dev/urandom', self.JAVA_BIN):
			self.JAVA_BIN = self.JAVA_BIN + " -Djava.security.egd=file:///dev/urandom "

		#if self.host.count(":") == 2:
		if self.host.count(":") == 2 or self.host.count(":") == 0:
			#jdbc:oracle:thin:@[HOST][:PORT]:SID or #jdbc:oracle:thin:@GL
			cstring="jdbc:oracle:thin:@%s" %(self.host)
		else:
			#jdbc:oracle:thin:@//[HOST][:PORT]/SERVICE
			cstring="jdbc:oracle:thin:@//%s" %(self.host)

		if is_unix:
			jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring %s -u '%s' -p '%s' -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, cstring, user, password)
		elif os_name == "WINDOWS":
			jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver oraclethin -cstring %s -u \"%s\" -p \"%s\" -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, cstring, user, password)
		return jisql_cmd

	def execute_file(self, file_name):
		CT=self.commandTerminator
		get_cmd = self.get_jisql_cmd(self.db_user, self.db_password, self.db_name)
		if is_unix:
			full_command = get_cmd + " -input %s " %file_name + CT
			jisql_log(full_command, self.db_password)
			ret = subprocess.call(shlex.split(full_command))
		elif os_name == "WINDOWS":
			full_command = get_cmd + " -input %s " %file_name
			jisql_log(full_command, self.db_password)
			ret = subprocess.call(full_command)
		return ret

	def get_check_table_query(self, TABLE_NAME):
		db_name=self.db_name.upper()
		return "select UPPER(table_name) from all_tables where UPPER(tablespace_name)=UPPER('%s') and UPPER(table_name)=UPPER('%s');" %(db_name ,TABLE_NAME)

	def get_unstale_patch_query(self, version, isActive, client_host,stalePatchEntryHoldTimeInMinutes):
		return "select version from x_db_version_h where version = '%s' and active = '%s' and updated_by='%s' and ((sysdate-INST_AT)*1440)<%s;" % (version,isActive,client_host,stalePatchEntryHoldTimeInMinutes)

	def get_stale_patch_query(self, version, isActive, client_host,stalePatchEntryHoldTimeInMinutes):
		return "select version from x_db_version_h where version = '%s' and active = '%s' and updated_by='%s' and ((sysdate-INST_AT)*1440)>=%s;" % (version,isActive,client_host,stalePatchEntryHoldTimeInMinutes)

	def insert_patch_applied_query(self, version, ranger_version,isActive, client_host):
		return "insert into x_db_version_h (id,version, inst_at, inst_by, updated_at, updated_by,active) values (X_DB_VERSION_H_SEQ.nextval,'%s', sysdate, '%s', sysdate, '%s','%s') ;" %(version,ranger_version,client_host,isActive)

	def get_db_server_status_query(self):
		return "select 1 from dual;"

class PostgresConf(BaseDB):
	# Constructor
	def __init__(self, host,SQL_CONNECTOR_JAR,JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type):
		self.host = host.lower()
		self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR
		self.JAVA_BIN = JAVA_BIN
		self.db_ssl_enabled=db_ssl_enabled.lower()
		self.db_ssl_required=db_ssl_required.lower()
		self.db_ssl_verifyServerCertificate=db_ssl_verifyServerCertificate.lower()
		self.db_ssl_auth_type=db_ssl_auth_type.lower()
		self.javax_net_ssl_keyStore=javax_net_ssl_keyStore
		self.javax_net_ssl_keyStorePassword=javax_net_ssl_keyStorePassword
		self.javax_net_ssl_trustStore=javax_net_ssl_trustStore
		self.javax_net_ssl_trustStorePassword=javax_net_ssl_trustStorePassword
		self.commandTerminator=" "
		self.XA_DB_FLAVOR = "POSTGRES"

	def get_jisql_cmd(self, user, password, db_name):
		path = RANGER_ADMIN_HOME
		self.JAVA_BIN = self.JAVA_BIN.strip("'")
		db_ssl_param=''
		db_ssl_cert_param=''
		if self.db_ssl_enabled == 'true':
			db_ssl_param="?ssl=%s" %(self.db_ssl_enabled)
			if self.db_ssl_verifyServerCertificate == 'true' or self.db_ssl_required == 'true':
				db_ssl_param="?ssl=%s" %(self.db_ssl_enabled)
				if self.db_ssl_auth_type == '1-way':
					db_ssl_cert_param=" -Djavax.net.ssl.trustStore=%s -Djavax.net.ssl.trustStorePassword=%s " %(self.javax_net_ssl_trustStore,self.javax_net_ssl_trustStorePassword)
				else:
					db_ssl_cert_param=" -Djavax.net.ssl.keyStore=%s -Djavax.net.ssl.keyStorePassword=%s -Djavax.net.ssl.trustStore=%s -Djavax.net.ssl.trustStorePassword=%s " %(self.javax_net_ssl_keyStore,self.javax_net_ssl_keyStorePassword,self.javax_net_ssl_trustStore,self.javax_net_ssl_trustStorePassword)
			else:
				db_ssl_param="?ssl=%s&sslfactory=org.postgresql.ssl.NonValidatingFactory" %(self.db_ssl_enabled)
		if is_unix:
			jisql_cmd = "%s %s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s%s -u %s -p '%s' -noheader -trim -c \;" %(self.JAVA_BIN, db_ssl_cert_param,self.SQL_CONNECTOR_JAR,path, self.host, db_name, db_ssl_param,user, password)
		elif os_name == "WINDOWS":
			jisql_cmd = "%s %s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s%s -u %s -p \"%s\" -noheader -trim" %(self.JAVA_BIN, db_ssl_cert_param,self.SQL_CONNECTOR_JAR, path, self.host, db_name, db_ssl_param,user, password)
		return jisql_cmd

	def create_language_plpgsql(self,db_user, db_password, db_name):
		CT=self.commandTerminator
		get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
		if is_unix:
			query = get_cmd + CT + " -query \"SELECT 1 FROM pg_catalog.pg_language WHERE lanname='plpgsql';\""
		elif os_name == "WINDOWS":
			query = get_cmd + " -query \"SELECT 1 FROM pg_catalog.pg_language WHERE lanname='plpgsql';\" -c ;"
		jisql_log(query, db_password)
		output = check_output(query)
		if not output.strip('1 |'):
			if is_unix:
				query = get_cmd + CT + " -query \"CREATE LANGUAGE plpgsql;\""
				jisql_log(query, db_password)
				ret = subprocessCallWithRetry(shlex.split(query))
			elif os_name == "WINDOWS":
				query = get_cmd + " -query \"CREATE LANGUAGE plpgsql;\" -c ;"
				jisql_log(query, db_password)
				ret = subprocessCallWithRetry(query)
			if ret == 0:
				log("[I] LANGUAGE plpgsql created successfully", "info")
			else:
				log("[E] LANGUAGE plpgsql creation failed", "error")
				sys.exit(1)

	def get_check_table_query(self, TABLE_NAME):
		return "select * from (select table_name from information_schema.tables where table_catalog='%s' and table_name = '%s') as temp;" % (self.db_name,TABLE_NAME)

	def get_unstale_patch_query(self, version, isActive, client_host,stalePatchEntryHoldTimeInMinutes):
		return "select version from x_db_version_h where version = '%s' and active = '%s' and updated_by='%s' and current_timestamp - interval '%s minutes' < inst_at;" % (version,isActive,client_host,stalePatchEntryHoldTimeInMinutes)

	def get_stale_patch_query(self, version, isActive, client_host,stalePatchEntryHoldTimeInMinutes):
		return "select version from x_db_version_h where version = '%s' and active = '%s' and updated_by='%s' and current_timestamp - interval '%s minutes' >= inst_at;" % (version,isActive,client_host,stalePatchEntryHoldTimeInMinutes)

	def insert_patch_applied_query(self, version, ranger_version,isActive, client_host):
		return "insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', current_timestamp, '%s', current_timestamp, '%s','%s') ;" %(version,ranger_version,client_host,isActive)

	def get_db_server_status_query(self):
		return "select 1;"

class SqlServerConf(BaseDB):
	# Constructor
	def __init__(self, host, SQL_CONNECTOR_JAR, JAVA_BIN):
		self.host = host
		self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR
		self.JAVA_BIN = JAVA_BIN
		self.commandTerminator=" -c \\; "
		self.XA_DB_FLAVOR = "MSSQL"

	def get_jisql_cmd(self, user, password, db_name):
		#TODO: User array for forming command
		path = RANGER_ADMIN_HOME
		self.JAVA_BIN = self.JAVA_BIN.strip("'")
		if is_unix:
			jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -p '%s' -driver mssql -cstring jdbc:sqlserver://%s\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name)
		elif os_name == "WINDOWS":
			jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -p \"%s\" -driver mssql -cstring jdbc:sqlserver://%s;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name)
		return jisql_cmd

	def get_check_table_query(self, TABLE_NAME):
		return "SELECT TABLE_NAME FROM information_schema.tables where table_name = '%s';" % (TABLE_NAME)

	def get_unstale_patch_query(self, version, isActive, client_host,stalePatchEntryHoldTimeInMinutes):
		return "select version from x_db_version_h where version = '%s' and active = '%s' and updated_by='%s' and DATEDIFF(MINUTE,inst_at,GETDATE())<%s;" % (version,isActive,client_host,stalePatchEntryHoldTimeInMinutes)

	def get_stale_patch_query(self, version, isActive, client_host,stalePatchEntryHoldTimeInMinutes):
		return "select version from x_db_version_h where version = '%s' and active = '%s' and updated_by='%s' and DATEDIFF(MINUTE,inst_at,GETDATE())>=%s;" % (version,isActive,client_host,stalePatchEntryHoldTimeInMinutes)

	def insert_patch_applied_query(self, version, ranger_version,isActive, client_host):
		return "insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', GETDATE(), '%s', GETDATE(), '%s','%s') ;" %(version,ranger_version,client_host,isActive)

	def get_db_server_status_query(self):
		return "select 1;"

class SqlAnywhereConf(BaseDB):
	# Constructor
	def __init__(self, host, SQL_CONNECTOR_JAR, JAVA_BIN):
		self.host = host
		self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR
		self.JAVA_BIN = JAVA_BIN
		self.commandTerminator=" -c \\; "
		self.XA_DB_FLAVOR = "SQLA"

	def get_jisql_cmd(self, user, password, db_name):
		path = RANGER_ADMIN_HOME
		self.JAVA_BIN = self.JAVA_BIN.strip("'")
		if is_unix:
			jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password '%s' -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,user, password,db_name,self.host)
		elif os_name == "WINDOWS":
			jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password '%s' -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password,db_name,self.host)
		return jisql_cmd

	def get_check_table_query(self, TABLE_NAME):
		return "SELECT name FROM sysobjects where name = '%s' and type='U';" % (TABLE_NAME)

	def get_unstale_patch_query(self, version, isActive, client_host,stalePatchEntryHoldTimeInMinutes):
		return "select version from x_db_version_h where version = '%s' and active = '%s' and updated_by='%s' and DATEDIFF(MINUTE,inst_at,GETDATE())<%s;" % (version,isActive,client_host,stalePatchEntryHoldTimeInMinutes)

	def get_stale_patch_query(self, version, isActive, client_host,stalePatchEntryHoldTimeInMinutes):
		return "select version from x_db_version_h where version = '%s' and active = '%s' and updated_by='%s' and DATEDIFF(MINUTE,inst_at,GETDATE())>=%s;" % (version,isActive,client_host,stalePatchEntryHoldTimeInMinutes)

	def insert_patch_applied_query(self, version, ranger_version,isActive, client_host):
		return "insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', GETDATE(), '%s', GETDATE(), '%s','%s') ;" %(version,ranger_version,client_host,isActive)

	def get_db_server_status_query(self):
		return "select 1;"

	def set_options(self, db_name, db_user, db_password, TABLE_NAME):
		CT=self.commandTerminator
		get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
		if is_unix:
			query = get_cmd + CT + " -query \"set option public.reserved_keywords='LIMIT';\""
		elif os_name == "WINDOWS":
			query = get_cmd + " -query \"set option public.reserved_keywords='LIMIT';\" -c ;"
		jisql_log(query, db_password)
		ret = subprocessCallWithRetry(shlex.split(query))
		if is_unix:
			query = get_cmd + CT + " -query \"set option public.max_statement_count=0;\""
		elif os_name == "WINDOWS":
			query = get_cmd + " -query \"set option public.max_statement_count=0;\" -c;"
		jisql_log(query, db_password)
		ret = subprocessCallWithRetry(shlex.split(query))
		if is_unix:
			query = get_cmd + CT + " -query \"set option public.max_cursor_count=0;\""
		elif os_name == "WINDOWS":
			query = get_cmd + " -query \"set option public.max_cursor_count=0;\" -c;"
		jisql_log(query, db_password)
		ret = subprocessCallWithRetry(shlex.split(query))

def main(argv):
	populate_global_dict()

	FORMAT = '%(asctime)-15s %(message)s'
	logging.basicConfig(format=FORMAT, level=logging.DEBUG)

	global retryPatchAfterSeconds
	global stalePatchEntryHoldTimeInMinutes
	retryPatchAfterSeconds=120
	stalePatchEntryHoldTimeInMinutes=10
	if 'PATCH_RETRY_INTERVAL' in globalDict:
		interval = globalDict['PATCH_RETRY_INTERVAL']
		try:
			retryPatchAfterSeconds=int(interval)
		except ValueError:
			retryPatchAfterSeconds=120

	if 'STALE_PATCH_ENTRY_HOLD_TIME' in globalDict:
		interval = globalDict['STALE_PATCH_ENTRY_HOLD_TIME']
		try:
			stalePatchEntryHoldTimeInMinutes=int(interval)
		except ValueError:
			stalePatchEntryHoldTimeInMinutes=10

	if (not 'JAVA_HOME' in os.environ) or (os.environ['JAVA_HOME'] == ""):
		log("[E] ---------- JAVA_HOME environment property not defined, aborting installation. ----------", "error")
		sys.exit(1)
	else:
		JAVA_BIN=os.path.join(os.environ['JAVA_HOME'],'bin','java')
	if os_name == "WINDOWS" :
		JAVA_BIN = JAVA_BIN+'.exe'
	if os.path.isfile(JAVA_BIN):
		pass
	else:
		JAVA_BIN=globalDict['JAVA_BIN']
		if os.path.isfile(JAVA_BIN):
			pass
		else:
			log("[E] ---------- JAVA Not Found, aborting installation. ----------", "error")
			sys.exit(1)
	#get ranger version
	global ranger_version
	try:
		lib_home = os.path.join(RANGER_ADMIN_HOME,"ews","webapp","WEB-INF","lib","*")
		get_ranger_version_cmd="%s -cp %s org.apache.ranger.common.RangerVersionInfo"%(JAVA_BIN,lib_home)
		ranger_version = check_output(get_ranger_version_cmd).split("\n")[1]
	except Exception, error:
		ranger_version=''

	try:
		if ranger_version=="" or ranger_version=="ranger-admin - None":
			script_path = os.path.join(RANGER_ADMIN_HOME,"ews","ranger-admin-services.sh")
			ranger_version=check_output(script_path +" version").split("\n")[1]
	except Exception, error:
		ranger_version=''

	try:
		if ranger_version=="" or ranger_version=="ranger-admin - None":
			ranger_version=check_output("ranger-admin version").split("\n")[1]
	except Exception, error:
		ranger_version=''

	if ranger_version=="" or ranger_version is None:
		log("[E] Unable to find ranger version details, Exiting..", "error")
		sys.exit(1)

	XA_DB_FLAVOR=globalDict['DB_FLAVOR']
	XA_DB_FLAVOR = XA_DB_FLAVOR.upper()

	log("[I] DB FLAVOR :" + XA_DB_FLAVOR ,"info")
	xa_db_host = globalDict['db_host']

	mysql_dbversion_catalog = os.path.join('db','mysql','create_dbversion_catalog.sql')
	mysql_core_file = globalDict['mysql_core_file']
	mysql_patches = os.path.join('db','mysql','patches')

	oracle_dbversion_catalog = os.path.join('db','oracle','create_dbversion_catalog.sql')
	oracle_core_file = globalDict['oracle_core_file']
	oracle_patches = os.path.join('db','oracle','patches')

	postgres_dbversion_catalog = os.path.join('db','postgres','create_dbversion_catalog.sql')
	postgres_core_file = globalDict['postgres_core_file']
	postgres_patches = os.path.join('db','postgres','patches')

	sqlserver_dbversion_catalog = os.path.join('db','sqlserver','create_dbversion_catalog.sql')
	sqlserver_core_file = globalDict['sqlserver_core_file']
	sqlserver_patches = os.path.join('db','sqlserver','patches')

	sqlanywhere_dbversion_catalog = os.path.join('db','sqlanywhere','create_dbversion_catalog.sql')
	sqlanywhere_core_file = globalDict['sqlanywhere_core_file']
	sqlanywhere_patches = os.path.join('db','sqlanywhere','patches')

	db_name = globalDict['db_name']
	db_user = globalDict['db_user']
	db_password = globalDict['db_password']

	x_db_version = 'x_db_version_h'
	xa_access_audit = 'xa_access_audit'

	audit_store = None
	if 'audit_store' in globalDict:
		audit_store = globalDict['audit_store']
		audit_store=audit_store.lower()

	db_ssl_enabled='false'
	db_ssl_required='false'
	db_ssl_verifyServerCertificate='false'
	db_ssl_auth_type='2-way'
	javax_net_ssl_keyStore=''
	javax_net_ssl_keyStorePassword=''
	javax_net_ssl_trustStore=''
	javax_net_ssl_trustStorePassword=''

	if XA_DB_FLAVOR == "MYSQL" or XA_DB_FLAVOR == "POSTGRES":
		if 'db_ssl_enabled' in globalDict:
			db_ssl_enabled=globalDict['db_ssl_enabled'].lower()
			if db_ssl_enabled == 'true':
				if 'db_ssl_required' in globalDict:
					db_ssl_required=globalDict['db_ssl_required'].lower()
				if 'db_ssl_verifyServerCertificate' in globalDict:
					db_ssl_verifyServerCertificate=globalDict['db_ssl_verifyServerCertificate'].lower()
				if 'db_ssl_auth_type' in globalDict:
					db_ssl_auth_type=globalDict['db_ssl_auth_type'].lower()
				if db_ssl_verifyServerCertificate == 'true':
					if 'javax_net_ssl_trustStore' in globalDict:
						javax_net_ssl_trustStore=globalDict['javax_net_ssl_trustStore']
					if 'javax_net_ssl_trustStorePassword' in globalDict:
						javax_net_ssl_trustStorePassword=globalDict['javax_net_ssl_trustStorePassword']
					if not os.path.exists(javax_net_ssl_trustStore):
						log("[E] Invalid file Name! Unable to find truststore file:"+javax_net_ssl_trustStore,"error")
						sys.exit(1)
					if javax_net_ssl_trustStorePassword is None or javax_net_ssl_trustStorePassword =="":
						log("[E] Invalid ssl truststore password!","error")
						sys.exit(1)
					if db_ssl_auth_type == '2-way':
						if 'javax_net_ssl_keyStore' in globalDict:
							javax_net_ssl_keyStore=globalDict['javax_net_ssl_keyStore']
						if 'javax_net_ssl_keyStorePassword' in globalDict:
							javax_net_ssl_keyStorePassword=globalDict['javax_net_ssl_keyStorePassword']
						if not os.path.exists(javax_net_ssl_keyStore):
							log("[E] Invalid file Name! Unable to find keystore file:"+javax_net_ssl_keyStore,"error")
							sys.exit(1)
						if javax_net_ssl_keyStorePassword is None or javax_net_ssl_keyStorePassword =="":
							log("[E] Invalid ssl keystore password!","error")
							sys.exit(1)

	if XA_DB_FLAVOR == "MYSQL":
		MYSQL_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR']
		xa_sqlObj = MysqlConf(xa_db_host, MYSQL_CONNECTOR_JAR, JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type)
		xa_db_version_file = os.path.join(RANGER_ADMIN_HOME , mysql_dbversion_catalog)
		xa_db_core_file = os.path.join(RANGER_ADMIN_HOME , mysql_core_file)
		xa_patch_file = os.path.join(RANGER_ADMIN_HOME ,mysql_patches)
		first_table='x_portal_user'
		last_table='x_policy_ref_group'
		
	elif XA_DB_FLAVOR == "ORACLE":
		ORACLE_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR']
		xa_sqlObj = OracleConf(xa_db_host, ORACLE_CONNECTOR_JAR, JAVA_BIN)
		xa_db_version_file = os.path.join(RANGER_ADMIN_HOME ,oracle_dbversion_catalog)
		xa_db_core_file = os.path.join(RANGER_ADMIN_HOME ,oracle_core_file)
		xa_patch_file = os.path.join(RANGER_ADMIN_HOME ,oracle_patches)
		first_table='X_PORTAL_USER'
		last_table='X_POLICY_REF_GROUP'

	elif XA_DB_FLAVOR == "POSTGRES":
		db_user=db_user.lower()
		db_name=db_name.lower()
		POSTGRES_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
		xa_sqlObj = PostgresConf(xa_db_host, POSTGRES_CONNECTOR_JAR, JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type)
		xa_db_version_file = os.path.join(RANGER_ADMIN_HOME , postgres_dbversion_catalog)
		xa_db_core_file = os.path.join(RANGER_ADMIN_HOME , postgres_core_file)
		xa_patch_file = os.path.join(RANGER_ADMIN_HOME , postgres_patches)
		first_table='x_portal_user'
		last_table='x_policy_ref_group'

	elif XA_DB_FLAVOR == "MSSQL":
		SQLSERVER_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
		xa_sqlObj = SqlServerConf(xa_db_host, SQLSERVER_CONNECTOR_JAR, JAVA_BIN)
		xa_db_version_file = os.path.join(RANGER_ADMIN_HOME ,sqlserver_dbversion_catalog)
		xa_db_core_file = os.path.join(RANGER_ADMIN_HOME , sqlserver_core_file)
		xa_patch_file = os.path.join(RANGER_ADMIN_HOME , sqlserver_patches)
		first_table='x_portal_user'
		last_table='x_policy_ref_group'

	elif XA_DB_FLAVOR == "SQLA":
		if not os_name == "WINDOWS" :
			if os.environ['LD_LIBRARY_PATH'] == "":
				log("[E] ---------- LD_LIBRARY_PATH environment property not defined, aborting installation. ----------", "error")
				sys.exit(1)
		SQLANYWHERE_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
		xa_sqlObj = SqlAnywhereConf(xa_db_host, SQLANYWHERE_CONNECTOR_JAR, JAVA_BIN)
		xa_db_version_file = os.path.join(RANGER_ADMIN_HOME ,sqlanywhere_dbversion_catalog)
		xa_db_core_file = os.path.join(RANGER_ADMIN_HOME , sqlanywhere_core_file)
		xa_patch_file = os.path.join(RANGER_ADMIN_HOME , sqlanywhere_patches)
		first_table='x_portal_user'
		last_table='x_policy_ref_group'

	else:
		log("[E] --------- NO SUCH SUPPORTED DB FLAVOUR!! ---------", "error")
		sys.exit(1)

	log("[I] --------- Verifying Ranger DB connection ---------","info")
	xa_sqlObj.check_connection(db_name, db_user, db_password)

	if len(argv)==1:
		log("[I] --------- Verifying version history table ---------","info")
		output = xa_sqlObj.check_table(db_name, db_user, db_password, x_db_version)
		if output == False:
			xa_sqlObj.create_version_history_table(db_name, db_user, db_password, xa_db_version_file,x_db_version)

		log("[I] --------- Importing Ranger Core DB Schema ---------","info")
		xa_sqlObj.import_core_db_schema(db_name, db_user, db_password, xa_db_core_file,first_table,last_table)

		applyDBPatches=xa_sqlObj.hasPendingPatches(db_name, db_user, db_password, "DB_PATCHES")
		if applyDBPatches == True:
			log("[I] --------- Applying Ranger DB patches ---------","info")
			xa_sqlObj.apply_patches(db_name, db_user, db_password, xa_patch_file)
		else:
			log("[I] DB_PATCHES have already been applied","info")

	if len(argv)>1:
		for i in range(len(argv)):
			if str(argv[i]) == "-javapatch":
				applyJavaPatches=xa_sqlObj.hasPendingPatches(db_name, db_user, db_password, "JAVA_PATCHES")
				if applyJavaPatches == True:
					log("[I] ----------------- Applying java patches ------------", "info")
					xa_sqlObj.execute_java_patches(xa_db_host, db_user, db_password, db_name)
					xa_sqlObj.update_applied_patches_status(db_name,db_user, db_password,"JAVA_PATCHES")
				else:
					log("[I] JAVA_PATCHES have already been applied","info")
					if str(argv[i]) == "-checkupgrade":
						xa_sqlObj.is_new_install(xa_db_host, db_user, db_password, db_name)

			if str(argv[i]) == "-changepassword":
				if len(argv)>5:
					isValidPassWord = False
					for j in range(len(argv)):
						if str(argv[j]) == "-pair":
							userName=argv[j+1]
							oldPassword=argv[j+2]
							newPassword=argv[j+3]
							if oldPassword==newPassword:
								log("[E] Old Password and New Password argument are same. Exiting!!", "error")
								sys.exit(1)
							if userName != "" and oldPassword != "" and newPassword != "":
								password_validation(newPassword)
								isValidPassWord=True
					if isValidPassWord == True:
						xa_sqlObj.change_all_admin_default_password(xa_db_host, db_user, db_password, db_name,argv)

				elif len(argv)==5:
					userName=argv[2]
					oldPassword=argv[3]
					newPassword=argv[4]
					if oldPassword==newPassword:
						log("[E] Old Password and New Password argument are same. Exiting!!", "error")
						sys.exit(1)
					if userName != "" and oldPassword != "" and newPassword != "":
						password_validation(newPassword)
						xa_sqlObj.change_admin_default_password(xa_db_host, db_user, db_password, db_name,userName,oldPassword,newPassword)
				else:
					log("[E] Invalid argument list.", "error")
					log("[I] Usage : python db_setup.py -changepassword <loginID> <currentPassword> <newPassword>","info")
					sys.exit(1)

main(sys.argv)