You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hawq.apache.org by es...@apache.org on 2017/02/03 09:00:30 UTC
[28/50] [abbrv] incubator-hawq git commit: HAWQ-1276. The error
message is not friendly when ranger plugin service is unavailable.
HAWQ-1276. The error message is not friendly when ranger plugin service is unavailable.
Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-hawq/commit/e46f06cc
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq/tree/e46f06cc
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq/diff/e46f06cc
Branch: refs/heads/2.1.0.0-incubating
Commit: e46f06cc95d5bd8212cb1edf8331856461891dc6
Parents: afac2df
Author: stanlyxiang <st...@gmail.com>
Authored: Fri Jan 13 11:33:40 2017 +0800
Committer: Wen Lin <wl...@pivotal.io>
Committed: Tue Jan 17 16:34:04 2017 +0800
----------------------------------------------------------------------
src/backend/catalog/aclchk.c | 13 ++++++-------
src/backend/libpq/rangerrest.c | 28 +++++++++++++---------------
src/backend/tcop/postgres.c | 5 +++--
3 files changed, 22 insertions(+), 24 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/e46f06cc/src/backend/catalog/aclchk.c
----------------------------------------------------------------------
diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c
index 200d9cb..ed36330 100644
--- a/src/backend/catalog/aclchk.c
+++ b/src/backend/catalog/aclchk.c
@@ -2739,7 +2739,7 @@ List *pg_rangercheck_batch(List *arg_list)
List *aclresults = NIL;
List *requestargs = NIL;
ListCell *arg;
- elog(LOG, "rangeracl batch check, acl list length:%d\n", arg_list->length);
+ elog(DEBUG3, "ranger acl batch check, acl list length: %d\n", arg_list->length);
foreach(arg, arg_list) {
RangerPrivilegeArgs *arg_ptr = (RangerPrivilegeArgs *) lfirst(arg);
@@ -2753,7 +2753,7 @@ List *pg_rangercheck_batch(List *arg_list)
RangerPrivilegeResults *aclresult = (RangerPrivilegeResults *) palloc(sizeof(RangerPrivilegeResults));
aclresult->result = RANGERCHECK_NO_PRIV;
aclresult->relOid = object_oid;
- // this two sign fields will be set in create_ranger_request_json()
+ /* this two sign fields will be set in function create_ranger_request_json */
aclresult->resource_sign = 0;
aclresult->privilege_sign = 0;
aclresults = lappend(aclresults, aclresult);
@@ -2771,7 +2771,6 @@ List *pg_rangercheck_batch(List *arg_list)
int ret = check_privilege_from_ranger(requestargs, aclresults);
if (ret < 0)
{
- elog(WARNING, "ranger service unavailable or unexpected error\n");
ListCell *result;
foreach(result, aclresults) {
RangerPrivilegeResults *result_ptr = (RangerPrivilegeResults *) lfirst(result);
@@ -2808,13 +2807,13 @@ pg_rangercheck(AclObjectKind objkind, Oid object_oid, Oid roleid,
List* actions = getActionName(mask);
bool isAll = (how == ACLMASK_ALL) ? true: false;
- elog(LOG, "rangeraclcheck kind:%d,objectname:%s,role:%s,mask:%u\n",objkind,objectname,rolename,mask);
+ elog(DEBUG3, "ranger acl check kind: %d, object name: %s, role: %s, mask: %u\n", objkind, objectname, rolename, mask);
List *resultargs = NIL;
RangerPrivilegeResults *aclresult = (RangerPrivilegeResults *) palloc(sizeof(RangerPrivilegeResults));
aclresult->result = RANGERCHECK_NO_PRIV;
aclresult->relOid = object_oid;
- // this two sign fields will be set in create_ranger_request_json()
+ /* this two sign fields will be set in function create_ranger_request_json */
aclresult->resource_sign = 0;
aclresult->privilege_sign = 0;
resultargs = lappend(resultargs, aclresult);
@@ -2834,7 +2833,7 @@ pg_rangercheck(AclObjectKind objkind, Oid object_oid, Oid roleid,
{
ListCell *arg;
foreach(arg, resultargs) {
- // only one element
+ /* only one element */
RangerPrivilegeResults *arg_ptr = (RangerPrivilegeResults *) lfirst(arg);
if (arg_ptr->result == RANGERCHECK_OK)
result = ACLCHECK_OK;
@@ -2893,7 +2892,7 @@ pg_aclmask(AclObjectKind objkind, Oid table_oid, Oid roleid,
case ACL_KIND_EXTPROTOCOL:
return pg_extprotocol_aclmask(table_oid, roleid, mask, how);
default:
- elog(ERROR, "unrecognized objkind: %d",
+ elog(ERROR, "unrecognized object kind : %d",
(int) objkind);
/* not reached, but keep compiler quiet */
return ACL_NO_RIGHTS;
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/e46f06cc/src/backend/libpq/rangerrest.c
----------------------------------------------------------------------
diff --git a/src/backend/libpq/rangerrest.c b/src/backend/libpq/rangerrest.c
index 74777dc..dc5d193 100644
--- a/src/backend/libpq/rangerrest.c
+++ b/src/backend/libpq/rangerrest.c
@@ -85,14 +85,14 @@ static int parse_ranger_response(char* buffer, List *result_list)
struct json_object *response = json_tokener_parse(buffer);
if (response == NULL)
{
- elog(WARNING, "json_tokener_parse failed");
+ elog(WARNING, "failed to parse json tokener.");
return -1;
}
struct json_object *accessObj = NULL;
if (!json_object_object_get_ex(response, "access", &accessObj))
{
- elog(WARNING, "get json access field failed");
+ elog(WARNING, "failed to get json \"access\" field.");
return -1;
}
@@ -120,7 +120,7 @@ static int parse_ranger_response(char* buffer, List *result_list)
const char *privilege_str = json_object_get_string(jprivilege);
uint32 resource_sign = string_hash(resource_str, strlen(resource_str));
uint32 privilege_sign = string_hash(privilege_str, strlen(privilege_str));
- elog(DEBUG3, "ranger response access sign, resource_str:%s, privilege_str:%s",
+ elog(DEBUG3, "ranger response access sign, resource_str: %s, privilege_str: %s",
resource_str, privilege_str);
ListCell *result;
@@ -294,7 +294,7 @@ static json_object *create_ranger_request_json(List *request_list, List *result_
break;
}
default:
- elog(ERROR, "unrecognized objkind: %d", (int) kind);
+ elog(ERROR, "unsupported object kind : %s", AclObjectKindStr[kind]);
} // switch
json_object_object_add(jelement, "resource", jresource);
@@ -320,7 +320,6 @@ static json_object *create_ranger_request_json(List *request_list, List *result_
result_ptr->privilege_sign = string_hash(privilege_str, strlen(privilege_str));
elog(DEBUG3, "request access sign, resource_str:%s, privilege_str:%s",
resource_str, privilege_str);
-
j++;
} // foreach
char str[32];
@@ -354,19 +353,19 @@ static size_t write_callback(char *contents, size_t size, size_t nitems,
int original_size = curl->response.buffer_size;
while(curl->response.response_size + realsize >= curl->response.buffer_size)
{
- /*double the buffer size if the buffer is not enough.*/
+ /* double the buffer size if the buffer is not enough.*/
curl->response.buffer_size = curl->response.buffer_size * 2;
}
if(original_size < curl->response.buffer_size)
{
- /* our repalloc is not same as realloc, repalloc's first param(buffer) can not be NULL */
+ /* repalloc is not same as realloc, repalloc's first parameter cannot be NULL */
curl->response.buffer = repalloc(curl->response.buffer, curl->response.buffer_size);
}
elog(DEBUG3, "ranger restful response size is %d. response buffer size is %d.", curl->response.response_size, curl->response.buffer_size);
if (curl->response.buffer == NULL)
{
- /* out of memory! */
- elog(WARNING, "not enough memory for Ranger response");
+ /* allocate memory failed. probably out of memory */
+ elog(WARNING, "cannot allocate memory for ranger response");
return 0;
}
memcpy(curl->response.buffer + curl->response.response_size, contents, realsize);
@@ -413,7 +412,6 @@ static int call_ranger_rest(CURL_HANDLE curl_handle, const char* request)
curl_easy_setopt(curl_handle->curl_handle, CURLOPT_HTTPHEADER, headers);
curl_easy_setopt(curl_handle->curl_handle, CURLOPT_POSTFIELDS,request);
- //"{\"requestId\": 1,\"user\": \"hubert\",\"clientIp\":\"123.0.0.21\",\"context\": \"SELECT * FROM sales\",\"access\":[{\"resource\":{\"database\":\"a-database\",\"schema\":\"a-schema\",\"table\":\"sales\"},\"privileges\": [\"select\"]}]}");
/* send all data to this function */
curl_easy_setopt(curl_handle->curl_handle, CURLOPT_WRITEFUNCTION, write_callback);
curl_easy_setopt(curl_handle->curl_handle, CURLOPT_WRITEDATA, (void *)curl_handle);
@@ -427,13 +425,13 @@ static int call_ranger_rest(CURL_HANDLE curl_handle, const char* request)
/* check for errors */
if(res != CURLE_OK)
{
- elog(WARNING, "curl_easy_perform() failed: %s\n",
- curl_easy_strerror(res));
+ elog(WARNING, "ranger plugin service from http://%s:%d/%s is unavailable : %s.\n",
+ rps_addr_host, rps_addr_port, rps_addr_suffix, curl_easy_strerror(res));
}
else
{
ret = 0;
- elog(DEBUG3, "retrieved %d bytes from ranger restful response.",
+ elog(DEBUG3, "retrieved %d bytes data from ranger restful response.",
curl_handle->response.response_size);
}
@@ -469,8 +467,8 @@ int check_privilege_from_ranger(List *request_list, List *result_list)
int ret = parse_ranger_response(curl_context_ranger.response.buffer, result_list);
if (ret < 0)
{
- elog(WARNING, "parse ranger response failed, response[%s]",
- curl_context_ranger.response.buffer == NULL? "":curl_context_ranger.response.buffer);
+ elog(WARNING, "parse ranger response failed, ranger response content is %s",
+ curl_context_ranger.response.buffer == NULL? "empty.":curl_context_ranger.response.buffer);
}
if (curl_context_ranger.response.buffer != NULL)
{
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/e46f06cc/src/backend/tcop/postgres.c
----------------------------------------------------------------------
diff --git a/src/backend/tcop/postgres.c b/src/backend/tcop/postgres.c
index e1bfb1d..fc71eda 100644
--- a/src/backend/tcop/postgres.c
+++ b/src/backend/tcop/postgres.c
@@ -4392,7 +4392,7 @@ PostgresMain(int argc, char *argv[], const char *username)
}
/* for enable ranger*/
- if (enable_ranger && !curl_context_ranger.hasInited)
+ if (AmIMaster() && enable_ranger && !curl_context_ranger.hasInited)
{
memset(&curl_context_ranger, 0, sizeof(curl_context_t));
curl_global_init(CURL_GLOBAL_ALL);
@@ -4402,11 +4402,12 @@ PostgresMain(int argc, char *argv[], const char *username)
/* cleanup curl stuff */
/* no need to cleanup curl_handle since it's null. just cleanup curl global.*/
curl_global_cleanup();
+ elog(ERROR, "initialize global curl context failed.");
}
curl_context_ranger.hasInited = true;
curl_context_ranger.response.buffer = palloc0(CURL_RES_BUFFER_SIZE);
curl_context_ranger.response.buffer_size = CURL_RES_BUFFER_SIZE;
- elog(DEBUG3, "when enable ranger, init global struct for privileges check.");
+ elog(DEBUG3, "initialize global curl context for privileges check.");
on_proc_exit(curl_finalize, 0);
}
/*