You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@sentry.apache.org by "Alexander Kolbasov (JIRA)" <ji...@apache.org> on 2016/11/28 17:35:58 UTC
[jira] [Created] (SENTRY-1546) Generic Policy provides bad error
messages for Sentry exceptions
Alexander Kolbasov created SENTRY-1546:
------------------------------------------
Summary: Generic Policy provides bad error messages for Sentry exceptions
Key: SENTRY-1546
URL: https://issues.apache.org/jira/browse/SENTRY-1546
Project: Sentry
Issue Type: Bug
Affects Versions: 1.8.0
Reporter: Alexander Kolbasov
Priority: Minor
I discovered that when you attempt to create a role that already exists the error message you get back from Thrift i just 'Role: foo' which is very confusing.
The reason is that the SentryStore throws
{code}SentryAlreadyExistsException("Role: " + trimmedRoleName);{code}
and the generic policy processor passes the message as is:
{code}
public TCreateSentryRoleResponse create_sentry_role(
final TCreateSentryRoleRequest request) throws TException {
Response<Void> respose = requestHandle(new RequestHandler<Void>() {
@Override
public Response<Void> handle() throws Exception {
validateClientVersion(request.getProtocol_version());
authorize(request.getRequestorUserName(),
getRequestorGroups(conf, request.getRequestorUserName()));
store.createRole(request.getComponent(), request.getRoleName(),
request.getRequestorUserName());
return new Response<Void>(Status.OK());
}
});
...
{code}
The similar thing is happening for other requests and other Sentry-specific exceptions.
The legacy policy processor does decorate the error a bit:
{code}
public TCreateSentryRoleResponse create_sentry_role(
TCreateSentryRoleRequest request) throws TException {
final Timer.Context timerContext = sentryMetrics.createRoleTimer.time();
TCreateSentryRoleResponse response = new TCreateSentryRoleResponse();
try {
validateClientVersion(request.getProtocol_version());
authorize(request.getRequestorUserName(),
getRequestorGroups(request.getRequestorUserName()));
sentryStore.createSentryRole(request.getRoleName());
response.setStatus(Status.OK());
notificationHandlerInvoker.create_sentry_role(request, response);
} catch (SentryAlreadyExistsException e) {
String msg = "Role: " + request + " already exists.";
LOGGER.error(msg, e);
response.setStatus(Status.AlreadyExists(msg, e));
} catch (SentryAccessDeniedException e) {
LOGGER.error(e.getMessage(), e);
response.setStatus(Status.AccessDenied(e.getMessage(), e));
} catch (SentryThriftAPIMismatchException e) {
LOGGER.error(e.getMessage(), e);
response.setStatus(Status.THRIFT_VERSION_MISMATCH(e.getMessage(), e));
} catch (Exception e) {
String msg = "Unknown error for request: " + request + ", message: " + e.getMessage();
LOGGER.error(msg, e);
response.setStatus(Status.RuntimeError(msg, e));
} finally {
...
{code}
I think that it is better to just put the right message in the exception itself and do not decorate it later.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)