Repository: incubator-hawq Updated Branches: refs/heads/master b32e56c50 -> c5aee9b64
HAWQ-1001. Bugfix and light refactor ranger logic. Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-hawq/commit/c5aee9b6 Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq/tree/c5aee9b6 Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq/diff/c5aee9b6 Branch: refs/heads/master Commit: c5aee9b6408b9aa67f01ff75a6521a2e1d1ce03f Parents: b32e56c Author: xunzhang <[email protected]> Authored: Mon Dec 19 13:08:23 2016 +0800 Committer: xunzhang <[email protected]> Committed: Mon Dec 19 18:28:27 2016 +0800 ---------------------------------------------------------------------- src/backend/catalog/aclchk.c | 3 +- src/backend/libpq/rangerrest.c | 88 +++++++++++--------------------- src/backend/parser/parse_relation.c | 2 + src/include/utils/acl.h | 25 +-------- src/include/utils/rangerrest.h | 62 ++++++++++++++++++++-- 5 files changed, 94 insertions(+), 86 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c5aee9b6/src/backend/catalog/aclchk.c ---------------------------------------------------------------------- diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c index f13502e..d3e4b64 100644 --- a/src/backend/catalog/aclchk.c +++ b/src/backend/catalog/aclchk.c @@ -56,6 +56,7 @@ #include "utils/lsyscache.h" #include "utils/rel.h" #include "utils/syscache.h" +#include "utils/rangerrest.h" #include "cdb/cdbvars.h" #include "cdb/cdbdisp.h" #include "cdb/dispatcher.h" @@ -2726,7 +2727,7 @@ List *pg_rangercheck_batch(List *arg_list) requestarg->kind = objkind; requestarg->object = objectname; requestarg->actions = actions; - requestarg->how = isAll; + requestarg->isAll = isAll; requestargs = lappend(requestargs, requestarg); } // foreach http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c5aee9b6/src/backend/libpq/rangerrest.c ---------------------------------------------------------------------- diff --git a/src/backend/libpq/rangerrest.c b/src/backend/libpq/rangerrest.c index 2d38449..b5260a1 100644 --- a/src/backend/libpq/rangerrest.c +++ b/src/backend/libpq/rangerrest.c @@ -24,34 +24,32 @@ * *------------------------------------------------------------------------- */ -#include "postgres.h" -#include <json-c/json.h> - -#include "utils/acl.h" -#include "utils/guc.h" #include "utils/rangerrest.h" /* - * Internal buffer for libcurl context + * A mapping from AclObjectKind to string */ -typedef struct curl_context_t +char* AclObjectKindStr[] = { - CURL* curl_handle; - - char curl_error_buffer[CURL_ERROR_SIZE]; - - int curl_still_running; - - struct - { - char* buffer; - int size; - } response; - - char* last_http_reponse; -} curl_context_t; -typedef curl_context_t* CURL_HANDLE; + "table", /* pg_class */ + "sequence", /* pg_sequence */ + "database", /* pg_database */ + "function", /* pg_proc */ + "operator", /* pg_operator */ + "type", /* pg_type */ + "language", /* pg_language */ + "namespace", /* pg_namespace */ + "oplass", /* pg_opclass */ + "conversion", /* pg_conversion */ + "tablespace", /* pg_tablespace */ + "filespace", /* pg_filespace */ + "filesystem", /* pg_filesystem */ + "fdw", /* pg_foreign_data_wrapper */ + "foreign_server", /* pg_foreign_server */ + "protocol", /* pg_extprotocol */ + "none" /* MUST BE LAST */ +}; RangerACLResult parse_ranger_response(char* buffer) { @@ -84,30 +82,6 @@ RangerACLResult parse_ranger_response(char* buffer) } /* - * A mapping from AclObjectKind to string - */ -char* AclObjectKindStr[] = -{ - "table", /* pg_class */ - "sequence", /* pg_sequence */ - "database", /* pg_database */ - "function", /* pg_proc */ - "operator", /* pg_operator */ - "type", /* pg_type */ - "language", /* pg_language */ - "namespace", /* pg_namespace */ - "oplass", /* pg_opclass */ - "conversion", /* pg_conversion */ - "tablespace", /* pg_tablespace */ - "filespace", /* pg_filespace */ - "filesystem", /* pg_filesystem */ - "fdw", /* pg_foreign_data_wrapper */ - "foreign_server", /* pg_foreign_server */ - "protocol", /* pg_extprotocol */ - "none" /* MUST BE LAST */ -}; - -/* * args: List of RangerRequestJsonArgs */ json_object *create_ranger_request_json_batch(List *args) @@ -128,8 +102,7 @@ json_object *create_ranger_request_json_batch(List *args) } AclObjectKind kind = arg_ptr->kind; char* object = arg_ptr->object; - char* how = arg_ptr->how; - Assert(user != NULL && object != NULL && privilege != NULL && how != NULL); + Assert(user != NULL && object != NULL && privilege != NULL && arg_ptr->isAll); elog(LOG, "build json for ranger request, user:%s, kind:%s, object:%s", user, AclObjectKindStr[kind], object); @@ -182,7 +155,6 @@ json_object *create_ranger_request_json_batch(List *args) if (third != NULL) { json_object *jthird = json_object_new_string(third); - elog(LOG, "JTHIRD %s\n", jthird); json_object_object_add(jresource, (kind == ACL_KIND_CLASS) ? "table" : (kind == ACL_KIND_SEQUENCE) ? "sequence" : "function", jthird); @@ -273,10 +245,10 @@ json_object *create_ranger_request_json_batch(List *args) * } */ json_object* create_ranger_request_json(char* user, AclObjectKind kind, char* object, - List* actions, char* how) + List* actions, bool isAll) { Assert(user != NULL && object != NULL && privilege != NULL - && how != NULL); + && isAll); ListCell *cell; elog(LOG, "build json for ranger request, user:%s, kind:%s, object:%s", @@ -391,7 +363,7 @@ static size_t write_callback(char *contents, size_t size, size_t nitems, void *userp) { size_t realsize = size * nitems; - CURL_HANDLE curl = (struct curl_context *) userp; + CURL_HANDLE curl = (curl_context_t *) userp; curl->response.buffer = palloc0(realsize + 1); memset(curl->response.buffer, 0, realsize + 1); @@ -409,7 +381,7 @@ static size_t write_callback(char *contents, size_t size, size_t nitems, return realsize; } -void call_ranger_rest(CURL_HANDLE curl_handle, char* request) +void call_ranger_rest(CURL_HANDLE curl_handle, const char* request) { CURLcode res; Assert(request != NULL); @@ -468,7 +440,7 @@ void call_ranger_rest(CURL_HANDLE curl_handle, char* request) } else { - elog(LOG, "%lu bytes retrieved from Ranger Restful API.", + elog(LOG, "%d bytes retrieved from Ranger Restful API.", curl_handle->response.size); } @@ -490,7 +462,7 @@ int check_privilege_from_ranger_batch(List *arg_list) { json_object* jrequest = create_ranger_request_json_batch(arg_list); Assert(jrequest != NULL); - char *request = json_object_to_json_string(jrequest); + const char *request = json_object_to_json_string(jrequest); elog(LOG, "Send JSON request to Ranger: %s", request); Assert(request != NULL); struct curl_context_t curl_context; @@ -518,13 +490,13 @@ int check_privilege_from_ranger_batch(List *arg_list) * Check the privilege from Ranger for one role */ int check_privilege_from_ranger(char* user, AclObjectKind kind, char* object, - List* actions, char* how) + List* actions, bool isAll) { json_object* jrequest = create_ranger_request_json(user, kind, object, - actions, how); + actions, isAll); Assert(jrequest != NULL); - char* request = json_object_to_json_string(jrequest); + const char* request = json_object_to_json_string(jrequest); elog(LOG, "send JSON request to Ranger: %s", request); Assert(request != NULL); http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c5aee9b6/src/backend/parser/parse_relation.c ---------------------------------------------------------------------- diff --git a/src/backend/parser/parse_relation.c b/src/backend/parser/parse_relation.c index 176ed0b..6839207 100644 --- a/src/backend/parser/parse_relation.c +++ b/src/backend/parser/parse_relation.c @@ -63,6 +63,8 @@ #include "utils/guc.h" #include "utils/lsyscache.h" #include "utils/syscache.h" +#include "utils/rangerrest.h" + /* GUC parameter */ bool add_missing_from; http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c5aee9b6/src/include/utils/acl.h ---------------------------------------------------------------------- diff --git a/src/include/utils/acl.h b/src/include/utils/acl.h index a8c9e64..da6f512 100644 --- a/src/include/utils/acl.h +++ b/src/include/utils/acl.h @@ -26,7 +26,7 @@ #include "nodes/parsenodes.h" #include "utils/array.h" -#include "utils/rangerrest.h" +//#include "utils/rangerrest.h" /* @@ -343,27 +343,4 @@ extern bool pg_conversion_ownercheck(Oid conv_oid, Oid roleid); extern bool pg_foreign_server_ownercheck(Oid srv_oid, Oid roleid); extern bool pg_extprotocol_ownercheck(Oid ptc_oid, Oid roleid); -typedef struct RangerPrivilegeArgs -{ - AclObjectKind objkind; - Oid object_oid; - Oid roleid; - AclMode mask; - AclMaskHow how; -} RangerPrivilegeArgs; - -typedef struct RangerPrivilegeResults -{ - RangerACLResult result; - Oid relOid; -} RangerPrivilegeResults; - -typedef struct RangerRequestJsonArgs { - char* user; - AclObjectKind kind; - char* object; - List* actions; - char* how; -} RangerRequestJsonArgs; - #endif /* ACL_H */ http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c5aee9b6/src/include/utils/rangerrest.h ---------------------------------------------------------------------- diff --git a/src/include/utils/rangerrest.h b/src/include/utils/rangerrest.h index 4b73f46..4fc1a73 100644 --- a/src/include/utils/rangerrest.h +++ b/src/include/utils/rangerrest.h @@ -27,13 +27,69 @@ #ifndef RANGERREST_H #define RANGERREST_H +#include "postgres.h" #include <curl/curl.h> +#include <json-c/json.h> +#include "utils/acl.h" +#include "utils/guc.h" typedef enum { - RANGERCHECK_OK = 0, - RANGERCHECK_NO_PRIV, - RANGERCHECK_UNKNOWN + RANGERCHECK_OK = 0, + RANGERCHECK_NO_PRIV, + RANGERCHECK_UNKNOWN } RangerACLResult; +/* + * Internal buffer for libcurl context + */ +typedef struct curl_context_t +{ + CURL* curl_handle; + + char curl_error_buffer[CURL_ERROR_SIZE]; + + int curl_still_running; + + struct + { + char* buffer; + int size; + } response; + + char* last_http_reponse; +} curl_context_t; + +typedef curl_context_t* CURL_HANDLE; + +typedef struct RangerPrivilegeArgs +{ + AclObjectKind objkind; + Oid object_oid; + Oid roleid; + AclMode mask; + AclMaskHow how; +} RangerPrivilegeArgs; + +typedef struct RangerPrivilegeResults +{ + RangerACLResult result; + Oid relOid; +} RangerPrivilegeResults; + +typedef struct RangerRequestJsonArgs { + char* user; + AclObjectKind kind; + char* object; + List* actions; + bool isAll; +} RangerRequestJsonArgs; + +RangerACLResult parse_ranger_response(char *); +json_object *create_ranger_request_json_batch(List *); +json_object *create_ranger_request_json(char *, AclObjectKind kind, char *, List *, bool); +void call_ranger_rest(CURL_HANDLE curl_handle, const char *request); +extern int check_privilege_from_ranger_batch(List *); +extern int check_privilege_from_ranger(char *, AclObjectKind kind, char *, List *, bool); + #endif
