Repository: incubator-hawq Updated Branches: refs/heads/master afac2dfe6 -> e46f06cc9
HAWQ-1276. The error message is not friendly when ranger plugin service is unavailable. Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-hawq/commit/e46f06cc Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq/tree/e46f06cc Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq/diff/e46f06cc Branch: refs/heads/master Commit: e46f06cc95d5bd8212cb1edf8331856461891dc6 Parents: afac2df Author: stanlyxiang <[email protected]> Authored: Fri Jan 13 11:33:40 2017 +0800 Committer: Wen Lin <[email protected]> Committed: Tue Jan 17 16:34:04 2017 +0800 ---------------------------------------------------------------------- src/backend/catalog/aclchk.c | 13 ++++++------- src/backend/libpq/rangerrest.c | 28 +++++++++++++--------------- src/backend/tcop/postgres.c | 5 +++-- 3 files changed, 22 insertions(+), 24 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/e46f06cc/src/backend/catalog/aclchk.c ---------------------------------------------------------------------- diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c index 200d9cb..ed36330 100644 --- a/src/backend/catalog/aclchk.c +++ b/src/backend/catalog/aclchk.c @@ -2739,7 +2739,7 @@ List *pg_rangercheck_batch(List *arg_list) List *aclresults = NIL; List *requestargs = NIL; ListCell *arg; - elog(LOG, "rangeracl batch check, acl list length:%d\n", arg_list->length); + elog(DEBUG3, "ranger acl batch check, acl list length: %d\n", arg_list->length); foreach(arg, arg_list) { RangerPrivilegeArgs *arg_ptr = (RangerPrivilegeArgs *) lfirst(arg); @@ -2753,7 +2753,7 @@ List *pg_rangercheck_batch(List *arg_list) RangerPrivilegeResults *aclresult = (RangerPrivilegeResults *) palloc(sizeof(RangerPrivilegeResults)); aclresult->result = RANGERCHECK_NO_PRIV; aclresult->relOid = object_oid; - // this two sign fields will be set in create_ranger_request_json() + /* this two sign fields will be set in function create_ranger_request_json */ aclresult->resource_sign = 0; aclresult->privilege_sign = 0; aclresults = lappend(aclresults, aclresult); @@ -2771,7 +2771,6 @@ List *pg_rangercheck_batch(List *arg_list) int ret = check_privilege_from_ranger(requestargs, aclresults); if (ret < 0) { - elog(WARNING, "ranger service unavailable or unexpected error\n"); ListCell *result; foreach(result, aclresults) { RangerPrivilegeResults *result_ptr = (RangerPrivilegeResults *) lfirst(result); @@ -2808,13 +2807,13 @@ pg_rangercheck(AclObjectKind objkind, Oid object_oid, Oid roleid, List* actions = getActionName(mask); bool isAll = (how == ACLMASK_ALL) ? true: false; - elog(LOG, "rangeraclcheck kind:%d,objectname:%s,role:%s,mask:%u\n",objkind,objectname,rolename,mask); + elog(DEBUG3, "ranger acl check kind: %d, object name: %s, role: %s, mask: %u\n", objkind, objectname, rolename, mask); List *resultargs = NIL; RangerPrivilegeResults *aclresult = (RangerPrivilegeResults *) palloc(sizeof(RangerPrivilegeResults)); aclresult->result = RANGERCHECK_NO_PRIV; aclresult->relOid = object_oid; - // this two sign fields will be set in create_ranger_request_json() + /* this two sign fields will be set in function create_ranger_request_json */ aclresult->resource_sign = 0; aclresult->privilege_sign = 0; resultargs = lappend(resultargs, aclresult); @@ -2834,7 +2833,7 @@ pg_rangercheck(AclObjectKind objkind, Oid object_oid, Oid roleid, { ListCell *arg; foreach(arg, resultargs) { - // only one element + /* only one element */ RangerPrivilegeResults *arg_ptr = (RangerPrivilegeResults *) lfirst(arg); if (arg_ptr->result == RANGERCHECK_OK) result = ACLCHECK_OK; @@ -2893,7 +2892,7 @@ pg_aclmask(AclObjectKind objkind, Oid table_oid, Oid roleid, case ACL_KIND_EXTPROTOCOL: return pg_extprotocol_aclmask(table_oid, roleid, mask, how); default: - elog(ERROR, "unrecognized objkind: %d", + elog(ERROR, "unrecognized object kind : %d", (int) objkind); /* not reached, but keep compiler quiet */ return ACL_NO_RIGHTS; http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/e46f06cc/src/backend/libpq/rangerrest.c ---------------------------------------------------------------------- diff --git a/src/backend/libpq/rangerrest.c b/src/backend/libpq/rangerrest.c index 74777dc..dc5d193 100644 --- a/src/backend/libpq/rangerrest.c +++ b/src/backend/libpq/rangerrest.c @@ -85,14 +85,14 @@ static int parse_ranger_response(char* buffer, List *result_list) struct json_object *response = json_tokener_parse(buffer); if (response == NULL) { - elog(WARNING, "json_tokener_parse failed"); + elog(WARNING, "failed to parse json tokener."); return -1; } struct json_object *accessObj = NULL; if (!json_object_object_get_ex(response, "access", &accessObj)) { - elog(WARNING, "get json access field failed"); + elog(WARNING, "failed to get json \"access\" field."); return -1; } @@ -120,7 +120,7 @@ static int parse_ranger_response(char* buffer, List *result_list) const char *privilege_str = json_object_get_string(jprivilege); uint32 resource_sign = string_hash(resource_str, strlen(resource_str)); uint32 privilege_sign = string_hash(privilege_str, strlen(privilege_str)); - elog(DEBUG3, "ranger response access sign, resource_str:%s, privilege_str:%s", + elog(DEBUG3, "ranger response access sign, resource_str: %s, privilege_str: %s", resource_str, privilege_str); ListCell *result; @@ -294,7 +294,7 @@ static json_object *create_ranger_request_json(List *request_list, List *result_ break; } default: - elog(ERROR, "unrecognized objkind: %d", (int) kind); + elog(ERROR, "unsupported object kind : %s", AclObjectKindStr[kind]); } // switch json_object_object_add(jelement, "resource", jresource); @@ -320,7 +320,6 @@ static json_object *create_ranger_request_json(List *request_list, List *result_ result_ptr->privilege_sign = string_hash(privilege_str, strlen(privilege_str)); elog(DEBUG3, "request access sign, resource_str:%s, privilege_str:%s", resource_str, privilege_str); - j++; } // foreach char str[32]; @@ -354,19 +353,19 @@ static size_t write_callback(char *contents, size_t size, size_t nitems, int original_size = curl->response.buffer_size; while(curl->response.response_size + realsize >= curl->response.buffer_size) { - /*double the buffer size if the buffer is not enough.*/ + /* double the buffer size if the buffer is not enough.*/ curl->response.buffer_size = curl->response.buffer_size * 2; } if(original_size < curl->response.buffer_size) { - /* our repalloc is not same as realloc, repalloc's first param(buffer) can not be NULL */ + /* repalloc is not same as realloc, repalloc's first parameter cannot be NULL */ curl->response.buffer = repalloc(curl->response.buffer, curl->response.buffer_size); } elog(DEBUG3, "ranger restful response size is %d. response buffer size is %d.", curl->response.response_size, curl->response.buffer_size); if (curl->response.buffer == NULL) { - /* out of memory! */ - elog(WARNING, "not enough memory for Ranger response"); + /* allocate memory failed. probably out of memory */ + elog(WARNING, "cannot allocate memory for ranger response"); return 0; } memcpy(curl->response.buffer + curl->response.response_size, contents, realsize); @@ -413,7 +412,6 @@ static int call_ranger_rest(CURL_HANDLE curl_handle, const char* request) curl_easy_setopt(curl_handle->curl_handle, CURLOPT_HTTPHEADER, headers); curl_easy_setopt(curl_handle->curl_handle, CURLOPT_POSTFIELDS,request); - //"{\"requestId\": 1,\"user\": \"hubert\",\"clientIp\":\"123.0.0.21\",\"context\": \"SELECT * FROM sales\",\"access\":[{\"resource\":{\"database\":\"a-database\",\"schema\":\"a-schema\",\"table\":\"sales\"},\"privileges\": [\"select\"]}]}"); /* send all data to this function */ curl_easy_setopt(curl_handle->curl_handle, CURLOPT_WRITEFUNCTION, write_callback); curl_easy_setopt(curl_handle->curl_handle, CURLOPT_WRITEDATA, (void *)curl_handle); @@ -427,13 +425,13 @@ static int call_ranger_rest(CURL_HANDLE curl_handle, const char* request) /* check for errors */ if(res != CURLE_OK) { - elog(WARNING, "curl_easy_perform() failed: %s\n", - curl_easy_strerror(res)); + elog(WARNING, "ranger plugin service from http://%s:%d/%s is unavailable : %s.\n", + rps_addr_host, rps_addr_port, rps_addr_suffix, curl_easy_strerror(res)); } else { ret = 0; - elog(DEBUG3, "retrieved %d bytes from ranger restful response.", + elog(DEBUG3, "retrieved %d bytes data from ranger restful response.", curl_handle->response.response_size); } @@ -469,8 +467,8 @@ int check_privilege_from_ranger(List *request_list, List *result_list) int ret = parse_ranger_response(curl_context_ranger.response.buffer, result_list); if (ret < 0) { - elog(WARNING, "parse ranger response failed, response[%s]", - curl_context_ranger.response.buffer == NULL? "":curl_context_ranger.response.buffer); + elog(WARNING, "parse ranger response failed, ranger response content is %s", + curl_context_ranger.response.buffer == NULL? "empty.":curl_context_ranger.response.buffer); } if (curl_context_ranger.response.buffer != NULL) { http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/e46f06cc/src/backend/tcop/postgres.c ---------------------------------------------------------------------- diff --git a/src/backend/tcop/postgres.c b/src/backend/tcop/postgres.c index e1bfb1d..fc71eda 100644 --- a/src/backend/tcop/postgres.c +++ b/src/backend/tcop/postgres.c @@ -4392,7 +4392,7 @@ PostgresMain(int argc, char *argv[], const char *username) } /* for enable ranger*/ - if (enable_ranger && !curl_context_ranger.hasInited) + if (AmIMaster() && enable_ranger && !curl_context_ranger.hasInited) { memset(&curl_context_ranger, 0, sizeof(curl_context_t)); curl_global_init(CURL_GLOBAL_ALL); @@ -4402,11 +4402,12 @@ PostgresMain(int argc, char *argv[], const char *username) /* cleanup curl stuff */ /* no need to cleanup curl_handle since it's null. just cleanup curl global.*/ curl_global_cleanup(); + elog(ERROR, "initialize global curl context failed."); } curl_context_ranger.hasInited = true; curl_context_ranger.response.buffer = palloc0(CURL_RES_BUFFER_SIZE); curl_context_ranger.response.buffer_size = CURL_RES_BUFFER_SIZE; - elog(DEBUG3, "when enable ranger, init global struct for privileges check."); + elog(DEBUG3, "initialize global curl context for privileges check."); on_proc_exit(curl_finalize, 0); } /*
