[jira] [Commented] (HAWQ-1469) Don't expose RPS warning messages to command line

Wed, 17 May 2017 08:45:16 -0700 

    [ 
https://issues.apache.org/jira/browse/HAWQ-1469?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16014269#comment-16014269
 ] 

Lisa Owen commented on HAWQ-1469:
---------------------------------

when rps is unavailable, looks like the following error message will be 
displayed:
    ERROR: ranger plugin service is unavailable : Couldn't connect to server. 
(rangerrest.c:463)

question - under what conditions will this error message be displayed - on 
every database object access by every user until hawq connects with a working 
rps?

this message is very relevant to the administrator - he/she would presumably 
know that ranger authentication for hawq was in use in the cluster.  the 
message may be less meaningful to end users.  they may have no knowledge of the 
underlying authentication configured for hawq.  i am wondering if it might make 
sense to include "authentication" or other info in the text to make the message 
more descriptive.

> Don't expose RPS warning messages to command line
> -------------------------------------------------
>
>                 Key: HAWQ-1469
>                 URL: https://issues.apache.org/jira/browse/HAWQ-1469
>             Project: Apache HAWQ
>          Issue Type: Sub-task
>          Components: Security
>            Reporter: Lin Wen
>            Assignee: Ed Espino
>             Fix For: backlog
>
>
> RPS service address exposing to end-user is not secure, and we should not 
> expose it out.
> **Case 1: When master RPS is down, changing to standby RPS**
> Current behavior
> ```
> postgres=# select * from a;
> WARNING:  ranger plugin service from http://test1:8432/rps is unavailable : 
> Couldn't connect to server, try another http://test5:8432/rps
> ERROR:  permission denied for relation(s): public.a
> ``` 
> Warning should be removed.
> Expected
> ```
> postgres=# select * from a;
> ERROR:  permission denied for relation(s): public.a
> ```
> **Case 2: When both RPS are down, should only print that RPS is unavailable.**
> Current Behavior:
> ```
> postgres=# select * from a;
> WARNING:  ranger plugin service from http://test5:8432/rps is unavailable : 
> Couldn't connect to server, try another http://test1:8432/rps
> ERROR:  ranger plugin service from http://test1:8432/rps is unavailable : 
> Couldn't connect to server. (rangerrest.c:463)
> ```
> Expected
> ```
> postgres=# select * from a;
> ERROR:  ranger plugin service is unavailable : Couldn't connect to server. 
> (rangerrest.c:463)
> ```
> The warning message should be printed in cvs log file.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to