Repository: incubator-hawq Updated Branches: refs/heads/master 10f085f9a -> be4af7785
HAWQ-1518. Add a UDF for showing whether the data directory is an encryption zone. Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-hawq/commit/be4af778 Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq/tree/be4af778 Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq/diff/be4af778 Branch: refs/heads/master Commit: be4af7785b7b7aab848565d0d01c8ca34d4367f0 Parents: 10f085f Author: amyrazz44 <[email protected]> Authored: Thu Sep 14 18:18:03 2017 +0800 Committer: Wen Lin <[email protected]> Committed: Thu Sep 21 10:45:24 2017 +0800 ---------------------------------------------------------------------- src/backend/storage/file/fd.c | 98 ++++++++++++++++++++++- src/include/catalog/pg_proc.h | 3 + src/include/catalog/pg_proc.sql | 2 + src/include/utils/builtins.h | 2 + src/test/regress/data/upgrade20/pg_proc.data | 1 + 5 files changed, 105 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/be4af778/src/backend/storage/file/fd.c ---------------------------------------------------------------------- diff --git a/src/backend/storage/file/fd.c b/src/backend/storage/file/fd.c index cceb645..9b5b6c6 100644 --- a/src/backend/storage/file/fd.c +++ b/src/backend/storage/file/fd.c @@ -76,13 +76,16 @@ #include "libpq/auth.h" #include "libpq/pqformat.h" #include "utils/workfile_mgr.h" - +#include "hdfs/hdfs.h" /* Debug_filerep_print guc temporaly added for troubleshooting */ #include "utils/guc.h" #include "utils/faultinjector.h" #include "utils/memutils.h" +#include "catalog/catalog.h" +#include "catalog/catquery.h" + bool enable_secure_filesystem = 0; extern bool filesystem_support_truncate; @@ -3695,3 +3698,96 @@ HdfsGetFileBlockLocations(const char *path, int64 length, int *block_num) { return HdfsGetFileBlockLocations2(path, 0, length, block_num); } + +/* + * TDE UDF + * + * User is able to check if HAWQ filespace is TDE encrypted. + */ +extern Datum gp_is_filespace_encrypted(PG_FUNCTION_ARGS) { + char * filespace_name = NULL; + hdfsFS fs = NULL; + hdfsEncryptionZoneInfo *enInfo = NULL; + bool encryptedTag = false; + int MAX_LENGTH = 1024; + + HeapTuple tuple; + cqContext *pcqCtx; + Oid oid; + char * path = NULL; + + char *host = NULL, *protocol = NULL; + int port = 0, pathLen = 0; + + filespace_name = PG_GETARG_CSTRING(0); + if (filespace_name == NULL || strlen(filespace_name) > MAX_LENGTH) + elog(ERROR, "Input of filespace name is illegal."); + else if (strcmp(filespace_name, "") == 0) + elog(INFO, "Please input the filespace name you want to check."); + + /* Scan the pg_filespace table to get the corresponding oid. */ + pcqCtx = caql_beginscan(NULL, + cql("SELECT oid FROM pg_filespace WHERE fsname = :1 ", + CStringGetDatum(filespace_name))); + tuple = caql_getnext(pcqCtx); + if (!HeapTupleIsValid(tuple)) + elog(ERROR, "cache look up failed for pg_filsespace %s", filespace_name); + oid = HeapTupleHeaderGetOid(tuple->t_data); + caql_endscan(pcqCtx); + + /* Scan the pg_filespace_entry to get the filespace entry. */ + path = caql_getcstring(NULL, + cql("SELECT fselocation FROM pg_filespace_entry WHERE fsefsoid = :1 ", + ObjectIdGetDatum(oid))); + if (path == NULL) + elog(ERROR, "cache look up failed for pg_filespace_entry"); + + /* Connect to hdfs and parse the filespace entry to get the correct path. */ + fs = HdfsGetConnection(path, false); + if (fs == NULL) + elog(ERROR, "Connect to hdfs failed, the path is %s", path); + else { + if (HdfsParsePath(path, &protocol, &host, &port, NULL) + || protocol == NULL || host == NULL || port < 0) { + if (protocol) + pfree(protocol); + if (host) + pfree(host); + elog(ERROR, "Parse hdfs path of %s failed.", path); + } + else { + + /* The normal path is like "<protocol>://<host>:<port>/<directory>". + * If port is not null, there will be 4 characters to be added which is "://:". + * If port is null, there will be 3 characters to be added which is "://". + */ + if (port > 0) { + char sPort[strlen(path)]; + sprintf(sPort, "%d", port); + pathLen = strlen(protocol) + strlen(host) + strlen(sPort) + 4; + } else if (port == 0) { + pathLen = strlen(protocol) + strlen(host) + 3; + } + elog(DEBUG1, "The path of the hdfs is %s. The protocol is %s. The host is %s. The port is %d", + path, protocol, host, port); + + pfree(protocol); + pfree(host); + } + } + if ((strlen(path) - pathLen) <= 0) + elog(ERROR, "Wrong length parsed from hdfs path %s.", path); + char enPath[strlen(path) - pathLen + 1]; + strncpy(enPath, path + pathLen, strlen(path) - pathLen); + elog(DEBUG1, "The filespace entry to be check is %s", enPath); + pfree(path); + /* Check whether the path is encrypted or not. */ + enInfo = hdfsGetEZForPath(fs, enPath); + + if (enInfo != NULL) { + encryptedTag = true; + hdfsFreeEncryptionZoneInfo(enInfo, 1); + } + + PG_RETURN_BOOL(encryptedTag); +} http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/be4af778/src/include/catalog/pg_proc.h ---------------------------------------------------------------------- diff --git a/src/include/catalog/pg_proc.h b/src/include/catalog/pg_proc.h index fdcc082..2db3116 100644 --- a/src/include/catalog/pg_proc.h +++ b/src/include/catalog/pg_proc.h @@ -10472,6 +10472,9 @@ DESCR("Check whether metadata cache key exists"); DATA(insert OID = 8083 ( gp_metadata_cache_info PGNSP PGUID 12 f f t f s 4 25 f "26 26 26 23" _null_ _null_ _null_ gp_metadata_cache_info - _null_ n )); DESCR("Get metadata cache info for specific key"); +/* gp_is_filespace_encrypted => bool*/ +DATA(insert OID = 8086 ( gp_is_filespace_encrypted PGNSP PGUID 12 f f t f s 1 16 f "19" _null_ _null_ _null_ gp_is_filespace_encrypted - _null_ n )); +DESCR("Check whether filespace is encrypted"); /* TIDYCAT_END_PG_PROC_GEN */ http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/be4af778/src/include/catalog/pg_proc.sql ---------------------------------------------------------------------- diff --git a/src/include/catalog/pg_proc.sql b/src/include/catalog/pg_proc.sql index 1d79f36..fed3906 100644 --- a/src/include/catalog/pg_proc.sql +++ b/src/include/catalog/pg_proc.sql @@ -5529,3 +5529,5 @@ CREATE FUNCTION gp_metadata_cache_put_entry_for_test(tablespace_oid, database_oid, relation_oid, segno) RETURNS text LANGUAGE internal STABLE STRICT AS 'gp_metadata_cache_put_entry_for_test' WITH (OID=8085, DESCRIPTION="Put entries into metadata cache for test"); CREATE FUNCTION dump_resource_manager_status(info_type) RETURNS text LANGUAGE internal STABLE STRICT AS 'dump_resource_manager_status' WITH (OID=6450, DESCRIPTION="Dump resource manager status for testing"); + + CREATE FUNCTION gp_is_filespace_encrypted(filespace_name) RETURNS bool LANGUAGE internal STABLE STRICT AS 'gp_is_filespace_encrypted' WITH (OID=8086, DESCRIPTION="Check whether filespace is encrypted"); http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/be4af778/src/include/utils/builtins.h ---------------------------------------------------------------------- diff --git a/src/include/utils/builtins.h b/src/include/utils/builtins.h index 64b251b..9bdf243 100644 --- a/src/include/utils/builtins.h +++ b/src/include/utils/builtins.h @@ -1225,4 +1225,6 @@ extern Datum gp_metadata_cache_put_entry_for_test(PG_FUNCTION_ARGS); /* PXF functions */ extern Datum pxf_get_item_fields(PG_FUNCTION_ARGS); +/* TDE UDF */ +extern Datum gp_is_filespace_encrypted(PG_FUNCTION_ARGS); #endif /* BUILTINS_H */ http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/be4af778/src/test/regress/data/upgrade20/pg_proc.data ---------------------------------------------------------------------- diff --git a/src/test/regress/data/upgrade20/pg_proc.data b/src/test/regress/data/upgrade20/pg_proc.data index 4b12c93..c71163e 100644 --- a/src/test/regress/data/upgrade20/pg_proc.data +++ b/src/test/regress/data/upgrade20/pg_proc.data @@ -8,3 +8,4 @@ 8083,gp_metadata_cache_info,11,10,12,f,f,t,f,s,4,25,f,"26 26 26 23",,,,gp_metadata_cache_info,-,,n 8084,gp_metadata_cache_current_block_num,11,10,12,f,f,t,f,s,0,20,f,"",,,,gp_metadata_cache_current_block_num,-,,n 8085,gp_metadata_cache_put_entry_for_test,11,10,12,f,f,t,f,s,5,25,f,"26 26 26 23 23",,,,gp_metadata_cache_put_entry_for_test,-,,n +8086,gp_is_filespace_encrypted,11,10,12,f,f,t,f,s,1,16,f,"19",,,,gp_is_filespace_encrypted,-,,n
