You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hawq.apache.org by wl...@apache.org on 2017/09/21 02:46:03 UTC
incubator-hawq git commit: HAWQ-1518. Add a UDF for showing whether the data directory is an encryption zone.

Repository: incubator-hawq
Updated Branches:
  refs/heads/master 10f085f9a -> be4af7785


HAWQ-1518. Add a UDF for showing whether the data directory is an encryption zone.


Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-hawq/commit/be4af778
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq/tree/be4af778
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq/diff/be4af778

Branch: refs/heads/master
Commit: be4af7785b7b7aab848565d0d01c8ca34d4367f0
Parents: 10f085f
Author: amyrazz44 <ab...@pivotal.io>
Authored: Thu Sep 14 18:18:03 2017 +0800
Committer: Wen Lin <wl...@pivotal.io>
Committed: Thu Sep 21 10:45:24 2017 +0800

----------------------------------------------------------------------
 src/backend/storage/file/fd.c                | 98 ++++++++++++++++++++++-
 src/include/catalog/pg_proc.h                |  3 +
 src/include/catalog/pg_proc.sql              |  2 +
 src/include/utils/builtins.h                 |  2 +
 src/test/regress/data/upgrade20/pg_proc.data |  1 +
 5 files changed, 105 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/be4af778/src/backend/storage/file/fd.c
----------------------------------------------------------------------
diff --git a/src/backend/storage/file/fd.c b/src/backend/storage/file/fd.c
index cceb645..9b5b6c6 100644
--- a/src/backend/storage/file/fd.c
+++ b/src/backend/storage/file/fd.c
@@ -76,13 +76,16 @@
 #include "libpq/auth.h"
 #include "libpq/pqformat.h"
 #include "utils/workfile_mgr.h"
-
+#include "hdfs/hdfs.h"
 /* Debug_filerep_print guc temporaly added for troubleshooting */
 #include "utils/guc.h"
 #include "utils/faultinjector.h"
 
 #include "utils/memutils.h"
 
+#include "catalog/catalog.h"
+#include "catalog/catquery.h"
+
 bool	enable_secure_filesystem = 0;
 extern bool		filesystem_support_truncate;
 
@@ -3695,3 +3698,96 @@ HdfsGetFileBlockLocations(const char *path, int64 length, int *block_num)
 {
     return HdfsGetFileBlockLocations2(path, 0, length, block_num);
 }
+
+/*
+ *  TDE UDF
+ *
+ *  User is able to check if HAWQ filespace is TDE encrypted.
+ */
+extern Datum gp_is_filespace_encrypted(PG_FUNCTION_ARGS) {
+    char * filespace_name = NULL;
+    hdfsFS fs = NULL;
+    hdfsEncryptionZoneInfo *enInfo = NULL;
+    bool encryptedTag = false;
+    int MAX_LENGTH = 1024;
+
+    HeapTuple tuple;
+    cqContext *pcqCtx;
+    Oid oid;
+    char * path = NULL;
+
+    char *host = NULL, *protocol = NULL;
+    int port = 0, pathLen = 0;
+
+    filespace_name = PG_GETARG_CSTRING(0);
+    if (filespace_name == NULL || strlen(filespace_name) > MAX_LENGTH)
+        elog(ERROR, "Input of filespace name is illegal.");
+    else if (strcmp(filespace_name, "") == 0)
+        elog(INFO, "Please input the filespace name you want to check.");
+
+    /* Scan the pg_filespace table to get the corresponding oid. */
+    pcqCtx = caql_beginscan(NULL,
+            cql("SELECT oid FROM pg_filespace WHERE fsname = :1 ",
+            CStringGetDatum(filespace_name)));
+    tuple = caql_getnext(pcqCtx);
+    if (!HeapTupleIsValid(tuple))
+        elog(ERROR, "cache look up failed for pg_filsespace %s", filespace_name);
+    oid = HeapTupleHeaderGetOid(tuple->t_data);
+    caql_endscan(pcqCtx);
+
+    /* Scan the pg_filespace_entry to get the filespace entry. */
+    path = caql_getcstring(NULL,
+                    cql("SELECT fselocation FROM pg_filespace_entry WHERE fsefsoid = :1 ",
+                    ObjectIdGetDatum(oid)));
+    if (path == NULL)
+        elog(ERROR, "cache look up failed for pg_filespace_entry");
+
+    /* Connect to hdfs and parse the filespace entry to get the correct path. */
+    fs = HdfsGetConnection(path, false);
+    if (fs == NULL)
+        elog(ERROR, "Connect to hdfs failed, the path is %s", path);
+    else {
+        if (HdfsParsePath(path, &protocol, &host, &port, NULL)
+                || protocol == NULL || host == NULL || port < 0) {
+            if (protocol)
+                pfree(protocol);
+            if (host)
+                pfree(host);
+            elog(ERROR, "Parse hdfs path of %s failed.", path);
+        }
+        else {
+
+            /* The normal path is like "<protocol>://<host>:<port>/<directory>".
+             * If port is not null, there will be 4 characters to be added which is "://:".
+             * If port is null, there will be 3 characters to be added which is "://".
+             */
+            if (port > 0) {
+                char sPort[strlen(path)];
+                sprintf(sPort, "%d", port);
+                pathLen = strlen(protocol) + strlen(host) + strlen(sPort) + 4;
+            } else if (port == 0) {
+                pathLen = strlen(protocol) + strlen(host) + 3;
+            }
+            elog(DEBUG1, "The path of the hdfs is %s. The protocol is %s. The host is %s. The port is %d",
+                    path, protocol, host, port);
+            
+            pfree(protocol);
+            pfree(host);
+        }
+    }
+    if ((strlen(path) - pathLen) <= 0)
+        elog(ERROR, "Wrong length parsed from hdfs path %s.", path);
+    char enPath[strlen(path) - pathLen + 1];
+    strncpy(enPath, path + pathLen, strlen(path) - pathLen);
+    elog(DEBUG1, "The filespace entry to be check is %s", enPath);
+    pfree(path);
+    /* Check whether the path is encrypted or not. */
+    enInfo = hdfsGetEZForPath(fs, enPath);
+
+    if (enInfo != NULL) {
+        encryptedTag = true;
+        hdfsFreeEncryptionZoneInfo(enInfo, 1);
+    }
+
+    PG_RETURN_BOOL(encryptedTag);
+}

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/be4af778/src/include/catalog/pg_proc.h
----------------------------------------------------------------------
diff --git a/src/include/catalog/pg_proc.h b/src/include/catalog/pg_proc.h
index fdcc082..2db3116 100644
--- a/src/include/catalog/pg_proc.h
+++ b/src/include/catalog/pg_proc.h
@@ -10472,6 +10472,9 @@ DESCR("Check whether metadata cache key exists");
 DATA(insert OID = 8083 ( gp_metadata_cache_info  PGNSP PGUID 12 f f t f s 4 25 f "26 26 26 23" _null_ _null_ _null_ gp_metadata_cache_info - _null_ n ));
 DESCR("Get metadata cache info for specific key");
 
+/* gp_is_filespace_encrypted =>  bool*/
+DATA(insert OID = 8086 ( gp_is_filespace_encrypted PGNSP PGUID 12 f f t f s 1 16 f "19" _null_ _null_ _null_ gp_is_filespace_encrypted - _null_ n ));
+DESCR("Check whether filespace is encrypted");
 
 /* TIDYCAT_END_PG_PROC_GEN */
 

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/be4af778/src/include/catalog/pg_proc.sql
----------------------------------------------------------------------
diff --git a/src/include/catalog/pg_proc.sql b/src/include/catalog/pg_proc.sql
index 1d79f36..fed3906 100644
--- a/src/include/catalog/pg_proc.sql
+++ b/src/include/catalog/pg_proc.sql
@@ -5529,3 +5529,5 @@
  CREATE FUNCTION gp_metadata_cache_put_entry_for_test(tablespace_oid, database_oid, relation_oid, segno) RETURNS text LANGUAGE internal STABLE STRICT AS 'gp_metadata_cache_put_entry_for_test' WITH (OID=8085, DESCRIPTION="Put entries into metadata cache for test");
  
  CREATE FUNCTION dump_resource_manager_status(info_type) RETURNS text LANGUAGE internal STABLE STRICT AS 'dump_resource_manager_status' WITH (OID=6450, DESCRIPTION="Dump resource manager status for testing");
+
+ CREATE FUNCTION gp_is_filespace_encrypted(filespace_name) RETURNS bool LANGUAGE internal STABLE STRICT AS 'gp_is_filespace_encrypted' WITH (OID=8086, DESCRIPTION="Check whether filespace is encrypted");

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/be4af778/src/include/utils/builtins.h
----------------------------------------------------------------------
diff --git a/src/include/utils/builtins.h b/src/include/utils/builtins.h
index 64b251b..9bdf243 100644
--- a/src/include/utils/builtins.h
+++ b/src/include/utils/builtins.h
@@ -1225,4 +1225,6 @@ extern Datum gp_metadata_cache_put_entry_for_test(PG_FUNCTION_ARGS);
 /* PXF functions */
 extern Datum pxf_get_item_fields(PG_FUNCTION_ARGS);
 
+/* TDE UDF */
+extern Datum gp_is_filespace_encrypted(PG_FUNCTION_ARGS);
 #endif   /* BUILTINS_H */

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/be4af778/src/test/regress/data/upgrade20/pg_proc.data
----------------------------------------------------------------------
diff --git a/src/test/regress/data/upgrade20/pg_proc.data b/src/test/regress/data/upgrade20/pg_proc.data
index 4b12c93..c71163e 100644
--- a/src/test/regress/data/upgrade20/pg_proc.data
+++ b/src/test/regress/data/upgrade20/pg_proc.data
@@ -8,3 +8,4 @@
 8083,gp_metadata_cache_info,11,10,12,f,f,t,f,s,4,25,f,"26 26 26 23",,,,gp_metadata_cache_info,-,,n
 8084,gp_metadata_cache_current_block_num,11,10,12,f,f,t,f,s,0,20,f,"",,,,gp_metadata_cache_current_block_num,-,,n
 8085,gp_metadata_cache_put_entry_for_test,11,10,12,f,f,t,f,s,5,25,f,"26 26 26 23 23",,,,gp_metadata_cache_put_entry_for_test,-,,n
+8086,gp_is_filespace_encrypted,11,10,12,f,f,t,f,s,1,16,f,"19",,,,gp_is_filespace_encrypted,-,,n