You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hawq.apache.org by es...@apache.org on 2017/02/03 09:00:30 UTC

[28/50] [abbrv] incubator-hawq git commit: HAWQ-1276. The error message is not friendly when ranger plugin service is unavailable.

HAWQ-1276. The error message is not friendly when ranger plugin service is unavailable.


Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-hawq/commit/e46f06cc
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq/tree/e46f06cc
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq/diff/e46f06cc

Branch: refs/heads/2.1.0.0-incubating
Commit: e46f06cc95d5bd8212cb1edf8331856461891dc6
Parents: afac2df
Author: stanlyxiang <st...@gmail.com>
Authored: Fri Jan 13 11:33:40 2017 +0800
Committer: Wen Lin <wl...@pivotal.io>
Committed: Tue Jan 17 16:34:04 2017 +0800

----------------------------------------------------------------------
 src/backend/catalog/aclchk.c   | 13 ++++++-------
 src/backend/libpq/rangerrest.c | 28 +++++++++++++---------------
 src/backend/tcop/postgres.c    |  5 +++--
 3 files changed, 22 insertions(+), 24 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/e46f06cc/src/backend/catalog/aclchk.c
----------------------------------------------------------------------
diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c
index 200d9cb..ed36330 100644
--- a/src/backend/catalog/aclchk.c
+++ b/src/backend/catalog/aclchk.c
@@ -2739,7 +2739,7 @@ List *pg_rangercheck_batch(List *arg_list)
   List *aclresults = NIL;
   List *requestargs = NIL;
   ListCell *arg;
-  elog(LOG, "rangeracl batch check, acl list length:%d\n", arg_list->length);
+  elog(DEBUG3, "ranger acl batch check, acl list length: %d\n", arg_list->length);
   foreach(arg, arg_list) {
     RangerPrivilegeArgs *arg_ptr = (RangerPrivilegeArgs *) lfirst(arg);
 
@@ -2753,7 +2753,7 @@ List *pg_rangercheck_batch(List *arg_list)
     RangerPrivilegeResults *aclresult = (RangerPrivilegeResults *) palloc(sizeof(RangerPrivilegeResults));
     aclresult->result = RANGERCHECK_NO_PRIV;
     aclresult->relOid = object_oid;
-    // this two sign fields will be set in create_ranger_request_json()
+    /* this two sign fields will be set in function create_ranger_request_json */
     aclresult->resource_sign = 0;
     aclresult->privilege_sign = 0;
     aclresults = lappend(aclresults, aclresult);
@@ -2771,7 +2771,6 @@ List *pg_rangercheck_batch(List *arg_list)
   int ret = check_privilege_from_ranger(requestargs, aclresults);
   if (ret < 0)
   {
-	  elog(WARNING, "ranger service unavailable or unexpected error\n");
 	  ListCell *result;
 	  foreach(result, aclresults) {
 		  RangerPrivilegeResults *result_ptr = (RangerPrivilegeResults *) lfirst(result);
@@ -2808,13 +2807,13 @@ pg_rangercheck(AclObjectKind objkind, Oid object_oid, Oid roleid,
 	List* actions = getActionName(mask);
 	bool isAll = (how == ACLMASK_ALL) ? true: false;
 
-	elog(LOG, "rangeraclcheck kind:%d,objectname:%s,role:%s,mask:%u\n",objkind,objectname,rolename,mask);
+	elog(DEBUG3, "ranger acl check kind: %d, object name: %s, role: %s, mask: %u\n", objkind, objectname, rolename, mask);
 
 	List *resultargs = NIL;
     RangerPrivilegeResults *aclresult = (RangerPrivilegeResults *) palloc(sizeof(RangerPrivilegeResults));
     aclresult->result = RANGERCHECK_NO_PRIV;
     aclresult->relOid = object_oid;
-	// this two sign fields will be set in create_ranger_request_json()
+	/* this two sign fields will be set in function create_ranger_request_json */
 	aclresult->resource_sign = 0;
 	aclresult->privilege_sign = 0;
     resultargs = lappend(resultargs, aclresult);
@@ -2834,7 +2833,7 @@ pg_rangercheck(AclObjectKind objkind, Oid object_oid, Oid roleid,
 	{
 		ListCell *arg;
 		foreach(arg, resultargs) {
-			// only one element
+			/* only one element */
 			RangerPrivilegeResults *arg_ptr = (RangerPrivilegeResults *) lfirst(arg);
 			if (arg_ptr->result == RANGERCHECK_OK)
 				result = ACLCHECK_OK;
@@ -2893,7 +2892,7 @@ pg_aclmask(AclObjectKind objkind, Oid table_oid, Oid roleid,
 		case ACL_KIND_EXTPROTOCOL:
 			return pg_extprotocol_aclmask(table_oid, roleid, mask, how);
 		default:
-			elog(ERROR, "unrecognized objkind: %d",
+			elog(ERROR, "unrecognized object kind : %d",
 				 (int) objkind);
 			/* not reached, but keep compiler quiet */
 			return ACL_NO_RIGHTS;

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/e46f06cc/src/backend/libpq/rangerrest.c
----------------------------------------------------------------------
diff --git a/src/backend/libpq/rangerrest.c b/src/backend/libpq/rangerrest.c
index 74777dc..dc5d193 100644
--- a/src/backend/libpq/rangerrest.c
+++ b/src/backend/libpq/rangerrest.c
@@ -85,14 +85,14 @@ static int parse_ranger_response(char* buffer, List *result_list)
 	struct json_object *response = json_tokener_parse(buffer);
 	if (response == NULL) 
 	{
-		elog(WARNING, "json_tokener_parse failed");
+		elog(WARNING, "failed to parse json tokener.");
 		return -1;
 	}
 
 	struct json_object *accessObj = NULL;
 	if (!json_object_object_get_ex(response, "access", &accessObj))
 	{
-		elog(WARNING, "get json access field failed");
+		elog(WARNING, "failed to get json \"access\" field.");
 		return -1;
 	}
 
@@ -120,7 +120,7 @@ static int parse_ranger_response(char* buffer, List *result_list)
 		const char *privilege_str = json_object_get_string(jprivilege);
 		uint32 resource_sign = string_hash(resource_str, strlen(resource_str));
 		uint32 privilege_sign = string_hash(privilege_str, strlen(privilege_str));
-		elog(DEBUG3, "ranger response access sign, resource_str:%s, privilege_str:%s", 
+		elog(DEBUG3, "ranger response access sign, resource_str: %s, privilege_str: %s",
 			resource_str, privilege_str);
 
 		ListCell *result;
@@ -294,7 +294,7 @@ static json_object *create_ranger_request_json(List *request_list, List *result_
 				break;
 			}
 			default:
-				elog(ERROR, "unrecognized objkind: %d", (int) kind);
+				elog(ERROR, "unsupported object kind : %s", AclObjectKindStr[kind]);
 		} // switch
 		json_object_object_add(jelement, "resource", jresource);
 
@@ -320,7 +320,6 @@ static json_object *create_ranger_request_json(List *request_list, List *result_
 		result_ptr->privilege_sign = string_hash(privilege_str, strlen(privilege_str));
 		elog(DEBUG3, "request access sign, resource_str:%s, privilege_str:%s", 
 			resource_str, privilege_str);
-		
 		j++;
 	} // foreach
 	char str[32];
@@ -354,19 +353,19 @@ static size_t write_callback(char *contents, size_t size, size_t nitems,
 	int original_size = curl->response.buffer_size;
 	while(curl->response.response_size + realsize >= curl->response.buffer_size)
 	{
-		/*double the buffer size if the buffer is not enough.*/
+		/* double the buffer size if the buffer is not enough.*/
 		curl->response.buffer_size = curl->response.buffer_size * 2;
 	}
 	if(original_size < curl->response.buffer_size)
 	{
-		/* our repalloc is not same as realloc, repalloc's first param(buffer) can not be NULL */
+		/* repalloc is not same as realloc, repalloc's first parameter cannot be NULL */
 		curl->response.buffer = repalloc(curl->response.buffer, curl->response.buffer_size);
 	}
 	elog(DEBUG3, "ranger restful response size is %d. response buffer size is %d.", curl->response.response_size, curl->response.buffer_size);
 	if (curl->response.buffer == NULL)
 	{
-		/* out of memory! */
-		elog(WARNING, "not enough memory for Ranger response");
+		/* allocate memory failed. probably out of memory */
+		elog(WARNING, "cannot allocate memory for ranger response");
 		return 0;
 	}
 	memcpy(curl->response.buffer + curl->response.response_size, contents, realsize);
@@ -413,7 +412,6 @@ static int call_ranger_rest(CURL_HANDLE curl_handle, const char* request)
 	curl_easy_setopt(curl_handle->curl_handle, CURLOPT_HTTPHEADER, headers);
 
 	curl_easy_setopt(curl_handle->curl_handle, CURLOPT_POSTFIELDS,request);
-	//"{\"requestId\": 1,\"user\": \"hubert\",\"clientIp\":\"123.0.0.21\",\"context\": \"SELECT * FROM sales\",\"access\":[{\"resource\":{\"database\":\"a-database\",\"schema\":\"a-schema\",\"table\":\"sales\"},\"privileges\": [\"select\"]}]}");
 	/* send all data to this function  */
 	curl_easy_setopt(curl_handle->curl_handle, CURLOPT_WRITEFUNCTION, write_callback);
 	curl_easy_setopt(curl_handle->curl_handle, CURLOPT_WRITEDATA, (void *)curl_handle);
@@ -427,13 +425,13 @@ static int call_ranger_rest(CURL_HANDLE curl_handle, const char* request)
 	/* check for errors */
 	if(res != CURLE_OK)
 	{
-		elog(WARNING, "curl_easy_perform() failed: %s\n",
-			curl_easy_strerror(res));
+		elog(WARNING, "ranger plugin service from http://%s:%d/%s is unavailable : %s.\n",
+				rps_addr_host, rps_addr_port, rps_addr_suffix, curl_easy_strerror(res));
 	}
 	else
 	{
 		ret = 0;
-		elog(DEBUG3, "retrieved %d bytes from ranger restful response.",
+		elog(DEBUG3, "retrieved %d bytes data from ranger restful response.",
 			curl_handle->response.response_size);
 	}
 
@@ -469,8 +467,8 @@ int check_privilege_from_ranger(List *request_list, List *result_list)
 	int ret = parse_ranger_response(curl_context_ranger.response.buffer, result_list);
 	if (ret < 0)
 	{
-		elog(WARNING, "parse ranger response failed, response[%s]", 
-			curl_context_ranger.response.buffer == NULL? "":curl_context_ranger.response.buffer);
+		elog(WARNING, "parse ranger response failed, ranger response content is %s",
+			curl_context_ranger.response.buffer == NULL? "empty.":curl_context_ranger.response.buffer);
 	}
 	if (curl_context_ranger.response.buffer != NULL)
 	{

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/e46f06cc/src/backend/tcop/postgres.c
----------------------------------------------------------------------
diff --git a/src/backend/tcop/postgres.c b/src/backend/tcop/postgres.c
index e1bfb1d..fc71eda 100644
--- a/src/backend/tcop/postgres.c
+++ b/src/backend/tcop/postgres.c
@@ -4392,7 +4392,7 @@ PostgresMain(int argc, char *argv[], const char *username)
 	}
 
 	/* for enable ranger*/
-	if (enable_ranger && !curl_context_ranger.hasInited)
+	if (AmIMaster() && enable_ranger && !curl_context_ranger.hasInited)
 	{
 		memset(&curl_context_ranger, 0, sizeof(curl_context_t));
 		curl_global_init(CURL_GLOBAL_ALL);
@@ -4402,11 +4402,12 @@ PostgresMain(int argc, char *argv[], const char *username)
 			/* cleanup curl stuff */
 			/* no need to cleanup curl_handle since it's null. just cleanup curl global.*/
 			curl_global_cleanup();
+			elog(ERROR, "initialize global curl context failed.");
 		}
 		curl_context_ranger.hasInited = true;
 		curl_context_ranger.response.buffer = palloc0(CURL_RES_BUFFER_SIZE);
 		curl_context_ranger.response.buffer_size = CURL_RES_BUFFER_SIZE;
-		elog(DEBUG3, "when enable ranger, init global struct for privileges check.");
+		elog(DEBUG3, "initialize global curl context for privileges check.");
 		on_proc_exit(curl_finalize, 0);
 	}
 	/*