[jira] [Work logged] (GOBBLIN-1977) `PasswordManager` should log when configured master password file does not exist

Fri, 15 Dec 2023 10:13:05 -0800 


     [ 
https://issues.apache.org/jira/browse/GOBBLIN-1977?focusedWorklogId=895891&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-895891
 ]

ASF GitHub Bot logged work on GOBBLIN-1977:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 15/Dec/23 18:12
            Start Date: 15/Dec/23 18:12
    Worklog Time Spent: 10m 
      Work Description: phet commented on code in PR #3849:
URL: https://github.com/apache/gobblin/pull/3849#discussion_r1428325135


##########
gobblin-api/src/main/java/org/apache/gobblin/password/PasswordManager.java:
##########
@@ -124,18 +125,23 @@ private List<TextEncryptor> 
getEncryptors(CachedInstanceKey cacheKey) {
         suffix = "." + String.valueOf(i);
       } catch (FileNotFoundException fnf) {
         // It is ok for password files not being present
-        LOG.warn("Master password file " + currentMasterPasswordFile + " not 
found.");
+        LOG.warn("Master password file '" + currentMasterPasswordFile + "' not 
found.");
       } catch (IOException ioe) {
         exception = ioe;
-        LOG.warn("Master password could not be read from file " + 
currentMasterPasswordFile);
+        LOG.warn("Master password file could not be read from '" + 
currentMasterPasswordFile + "'");
       } catch (Exception e) {
-        LOG.warn("Encryptor could not be instantiated.");
+        LOG.warn("Encryptor could not be instantiated using file '" + 
currentMasterPasswordFile + "'.", e);
       }
     } while (i++ < numOfEncryptionKeys);
 
     // Throw exception if could not read any existing password file
-    if (encryptors.size() < 1 && exception != null) {
-      throw new RuntimeException("Master Password could not be read from any 
master password file.", exception);
+    if (encryptors.size() < 1) {
+      if (exception != null) {
+        throw new RuntimeException("Master password could not be read from any 
master password file.", exception);
+      } else {
+        // TODO: determine whether to always throw whenever no encryptors, 
despite `exception == null`!  (for now, at least give notice by logging)

Review Comment:
   I wavered on this, but ultimately decided not to pursue, as it would NOT be 
backwards-compatible semantics and I'm unsure whether any of these situations 
are essentially harmless with users happy to continue w/o disruption





Issue Time Tracking
-------------------

    Worklog Id:     (was: 895891)
    Time Spent: 0.5h  (was: 20m)

> `PasswordManager` should log when configured master password file does not 
> exist
> --------------------------------------------------------------------------------
>
>                 Key: GOBBLIN-1977
>                 URL: https://issues.apache.org/jira/browse/GOBBLIN-1977
>             Project: Apache Gobblin
>          Issue Type: Bug
>          Components: gobblin-core
>            Reporter: Kip Kohn
>            Assignee: Abhishek Tiwari
>            Priority: Major
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> Despite not changing our job's properties, we found it failing to connect to 
> the DB:
> {code}
> 2023-12-07 11:21:41 PST INFO  [TaskStateModelFactory-task_thread-0] 
> com.zaxxer.hikari.HikariDataSource  - 
> HikariPool-1-MysqlStateStore-redacted_db_name - Starting...
> 2023-12-07 11:21:42 PST ERROR [TaskStateModelFactory-task_thread-0] 
> com.zaxxer.hikari.pool.HikariPool  - 
> HikariPool-1-MysqlStateStore-redacted_db_name - Exception during pool 
> initialization.
> java.sql.SQLException: Access denied for user 'redacted_db_name'@'10.1.2.3' 
> (using password: YES)
>     at 
> com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:129)
>     at 
> com.mysql.cj.jdbc.exceptions.SQLExceptionsMapping.translateException(SQLExceptionsMapping.java:122)
> ...
> {code}
> on previously successful runs, logging showed:
> {code}
> 2023-12-07 15:24:55 PST INFO  [TaskStateModelFactory-task_thread-0] 
> com.zaxxer.hikari.HikariDataSource  - 
> HikariPool-1-MysqlStateStore-redacted_db_name - Starting...
> 2023-12-07 15:24:56 PST INFO  [TaskStateModelFactory-task_thread-0] 
> com.zaxxer.hikari.HikariDataSource  - 
> HikariPool-1-MysqlStateStore-redacted_db_name - Start completed.
> ...
> {code}
> throughout we were supplied our DB password as:
> {code}
> state.store.db.password=ENC(rEdActeD=)
> ...
> encrypt.key.loc=/path/to/master/key
> ...
> {code}
> the issue wound up being that the master password path was removed from the 
> FS.  this would have been significantly easier to diagnose if the 
> `PasswordManager` had logged this discovery upon detection, rather than 
> silently skipping the configured path, after finding the file not to exist.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to