You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hawq.apache.org by wl...@apache.org on 2017/09/21 02:46:03 UTC
incubator-hawq git commit: HAWQ-1518. Add a UDF for showing whether
the data directory is an encryption zone.
Repository: incubator-hawq
Updated Branches:
refs/heads/master 10f085f9a -> be4af7785
HAWQ-1518. Add a UDF for showing whether the data directory is an encryption zone.
Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-hawq/commit/be4af778
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq/tree/be4af778
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq/diff/be4af778
Branch: refs/heads/master
Commit: be4af7785b7b7aab848565d0d01c8ca34d4367f0
Parents: 10f085f
Author: amyrazz44 <ab...@pivotal.io>
Authored: Thu Sep 14 18:18:03 2017 +0800
Committer: Wen Lin <wl...@pivotal.io>
Committed: Thu Sep 21 10:45:24 2017 +0800
----------------------------------------------------------------------
src/backend/storage/file/fd.c | 98 ++++++++++++++++++++++-
src/include/catalog/pg_proc.h | 3 +
src/include/catalog/pg_proc.sql | 2 +
src/include/utils/builtins.h | 2 +
src/test/regress/data/upgrade20/pg_proc.data | 1 +
5 files changed, 105 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/be4af778/src/backend/storage/file/fd.c
----------------------------------------------------------------------
diff --git a/src/backend/storage/file/fd.c b/src/backend/storage/file/fd.c
index cceb645..9b5b6c6 100644
--- a/src/backend/storage/file/fd.c
+++ b/src/backend/storage/file/fd.c
@@ -76,13 +76,16 @@
#include "libpq/auth.h"
#include "libpq/pqformat.h"
#include "utils/workfile_mgr.h"
-
+#include "hdfs/hdfs.h"
/* Debug_filerep_print guc temporaly added for troubleshooting */
#include "utils/guc.h"
#include "utils/faultinjector.h"
#include "utils/memutils.h"
+#include "catalog/catalog.h"
+#include "catalog/catquery.h"
+
bool enable_secure_filesystem = 0;
extern bool filesystem_support_truncate;
@@ -3695,3 +3698,96 @@ HdfsGetFileBlockLocations(const char *path, int64 length, int *block_num)
{
return HdfsGetFileBlockLocations2(path, 0, length, block_num);
}
+
+/*
+ * TDE UDF
+ *
+ * User is able to check if HAWQ filespace is TDE encrypted.
+ */
+extern Datum gp_is_filespace_encrypted(PG_FUNCTION_ARGS) {
+ char * filespace_name = NULL;
+ hdfsFS fs = NULL;
+ hdfsEncryptionZoneInfo *enInfo = NULL;
+ bool encryptedTag = false;
+ int MAX_LENGTH = 1024;
+
+ HeapTuple tuple;
+ cqContext *pcqCtx;
+ Oid oid;
+ char * path = NULL;
+
+ char *host = NULL, *protocol = NULL;
+ int port = 0, pathLen = 0;
+
+ filespace_name = PG_GETARG_CSTRING(0);
+ if (filespace_name == NULL || strlen(filespace_name) > MAX_LENGTH)
+ elog(ERROR, "Input of filespace name is illegal.");
+ else if (strcmp(filespace_name, "") == 0)
+ elog(INFO, "Please input the filespace name you want to check.");
+
+ /* Scan the pg_filespace table to get the corresponding oid. */
+ pcqCtx = caql_beginscan(NULL,
+ cql("SELECT oid FROM pg_filespace WHERE fsname = :1 ",
+ CStringGetDatum(filespace_name)));
+ tuple = caql_getnext(pcqCtx);
+ if (!HeapTupleIsValid(tuple))
+ elog(ERROR, "cache look up failed for pg_filsespace %s", filespace_name);
+ oid = HeapTupleHeaderGetOid(tuple->t_data);
+ caql_endscan(pcqCtx);
+
+ /* Scan the pg_filespace_entry to get the filespace entry. */
+ path = caql_getcstring(NULL,
+ cql("SELECT fselocation FROM pg_filespace_entry WHERE fsefsoid = :1 ",
+ ObjectIdGetDatum(oid)));
+ if (path == NULL)
+ elog(ERROR, "cache look up failed for pg_filespace_entry");
+
+ /* Connect to hdfs and parse the filespace entry to get the correct path. */
+ fs = HdfsGetConnection(path, false);
+ if (fs == NULL)
+ elog(ERROR, "Connect to hdfs failed, the path is %s", path);
+ else {
+ if (HdfsParsePath(path, &protocol, &host, &port, NULL)
+ || protocol == NULL || host == NULL || port < 0) {
+ if (protocol)
+ pfree(protocol);
+ if (host)
+ pfree(host);
+ elog(ERROR, "Parse hdfs path of %s failed.", path);
+ }
+ else {
+
+ /* The normal path is like "<protocol>://<host>:<port>/<directory>".
+ * If port is not null, there will be 4 characters to be added which is "://:".
+ * If port is null, there will be 3 characters to be added which is "://".
+ */
+ if (port > 0) {
+ char sPort[strlen(path)];
+ sprintf(sPort, "%d", port);
+ pathLen = strlen(protocol) + strlen(host) + strlen(sPort) + 4;
+ } else if (port == 0) {
+ pathLen = strlen(protocol) + strlen(host) + 3;
+ }
+ elog(DEBUG1, "The path of the hdfs is %s. The protocol is %s. The host is %s. The port is %d",
+ path, protocol, host, port);
+
+ pfree(protocol);
+ pfree(host);
+ }
+ }
+ if ((strlen(path) - pathLen) <= 0)
+ elog(ERROR, "Wrong length parsed from hdfs path %s.", path);
+ char enPath[strlen(path) - pathLen + 1];
+ strncpy(enPath, path + pathLen, strlen(path) - pathLen);
+ elog(DEBUG1, "The filespace entry to be check is %s", enPath);
+ pfree(path);
+ /* Check whether the path is encrypted or not. */
+ enInfo = hdfsGetEZForPath(fs, enPath);
+
+ if (enInfo != NULL) {
+ encryptedTag = true;
+ hdfsFreeEncryptionZoneInfo(enInfo, 1);
+ }
+
+ PG_RETURN_BOOL(encryptedTag);
+}
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/be4af778/src/include/catalog/pg_proc.h
----------------------------------------------------------------------
diff --git a/src/include/catalog/pg_proc.h b/src/include/catalog/pg_proc.h
index fdcc082..2db3116 100644
--- a/src/include/catalog/pg_proc.h
+++ b/src/include/catalog/pg_proc.h
@@ -10472,6 +10472,9 @@ DESCR("Check whether metadata cache key exists");
DATA(insert OID = 8083 ( gp_metadata_cache_info PGNSP PGUID 12 f f t f s 4 25 f "26 26 26 23" _null_ _null_ _null_ gp_metadata_cache_info - _null_ n ));
DESCR("Get metadata cache info for specific key");
+/* gp_is_filespace_encrypted => bool*/
+DATA(insert OID = 8086 ( gp_is_filespace_encrypted PGNSP PGUID 12 f f t f s 1 16 f "19" _null_ _null_ _null_ gp_is_filespace_encrypted - _null_ n ));
+DESCR("Check whether filespace is encrypted");
/* TIDYCAT_END_PG_PROC_GEN */
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/be4af778/src/include/catalog/pg_proc.sql
----------------------------------------------------------------------
diff --git a/src/include/catalog/pg_proc.sql b/src/include/catalog/pg_proc.sql
index 1d79f36..fed3906 100644
--- a/src/include/catalog/pg_proc.sql
+++ b/src/include/catalog/pg_proc.sql
@@ -5529,3 +5529,5 @@
CREATE FUNCTION gp_metadata_cache_put_entry_for_test(tablespace_oid, database_oid, relation_oid, segno) RETURNS text LANGUAGE internal STABLE STRICT AS 'gp_metadata_cache_put_entry_for_test' WITH (OID=8085, DESCRIPTION="Put entries into metadata cache for test");
CREATE FUNCTION dump_resource_manager_status(info_type) RETURNS text LANGUAGE internal STABLE STRICT AS 'dump_resource_manager_status' WITH (OID=6450, DESCRIPTION="Dump resource manager status for testing");
+
+ CREATE FUNCTION gp_is_filespace_encrypted(filespace_name) RETURNS bool LANGUAGE internal STABLE STRICT AS 'gp_is_filespace_encrypted' WITH (OID=8086, DESCRIPTION="Check whether filespace is encrypted");
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/be4af778/src/include/utils/builtins.h
----------------------------------------------------------------------
diff --git a/src/include/utils/builtins.h b/src/include/utils/builtins.h
index 64b251b..9bdf243 100644
--- a/src/include/utils/builtins.h
+++ b/src/include/utils/builtins.h
@@ -1225,4 +1225,6 @@ extern Datum gp_metadata_cache_put_entry_for_test(PG_FUNCTION_ARGS);
/* PXF functions */
extern Datum pxf_get_item_fields(PG_FUNCTION_ARGS);
+/* TDE UDF */
+extern Datum gp_is_filespace_encrypted(PG_FUNCTION_ARGS);
#endif /* BUILTINS_H */
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/be4af778/src/test/regress/data/upgrade20/pg_proc.data
----------------------------------------------------------------------
diff --git a/src/test/regress/data/upgrade20/pg_proc.data b/src/test/regress/data/upgrade20/pg_proc.data
index 4b12c93..c71163e 100644
--- a/src/test/regress/data/upgrade20/pg_proc.data
+++ b/src/test/regress/data/upgrade20/pg_proc.data
@@ -8,3 +8,4 @@
8083,gp_metadata_cache_info,11,10,12,f,f,t,f,s,4,25,f,"26 26 26 23",,,,gp_metadata_cache_info,-,,n
8084,gp_metadata_cache_current_block_num,11,10,12,f,f,t,f,s,0,20,f,"",,,,gp_metadata_cache_current_block_num,-,,n
8085,gp_metadata_cache_put_entry_for_test,11,10,12,f,f,t,f,s,5,25,f,"26 26 26 23 23",,,,gp_metadata_cache_put_entry_for_test,-,,n
+8086,gp_is_filespace_encrypted,11,10,12,f,f,t,f,s,1,16,f,"19",,,,gp_is_filespace_encrypted,-,,n