[GitHub] incubator-hawq issue #1073: HAWQ-1248. Merge Dockerfiles for HAWQ Dev into H...
Github user guofengrichard commented on the issue: https://github.com/apache/incubator-hawq/pull/1073 Removed unnecessary configure files. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-hawq issue #1087: HAWQ-1275. Check build-in catalogs, tables and f...
Github user stanlyxiang commented on the issue: https://github.com/apache/incubator-hawq/pull/1087 +1 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-hawq issue #1088: HAWQ-1276. The error message is not friendly whe...
Github user stanlyxiang commented on the issue: https://github.com/apache/incubator-hawq/pull/1088 cc @interma @zhangh43 @linwen @ictmalili @wcl14 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-hawq pull request #1088: HAWQ-1276. The error message is not frien...
GitHub user stanlyxiang opened a pull request: https://github.com/apache/incubator-hawq/pull/1088 HAWQ-1276. The error message is not friendly when ranger plugin servi⦠â¦ce is unavailable. You can merge this pull request into a Git repository by running: $ git pull https://github.com/stanlyxiang/incubator-hawq HAWQ-1276 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-hawq/pull/1088.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #1088 commit 865968af5058b52033b3a420ab4fc4bd55f0b3a9 Author: stanlyxiang Date: 2017-01-13T03:33:40Z HAWQ-1276. The error message is not friendly when ranger plugin service is unavailable. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[jira] [Updated] (HAWQ-1276) The error message is not friendly when ranger plugin service is unavailable.
[ https://issues.apache.org/jira/browse/HAWQ-1276?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Xiang Sheng updated HAWQ-1276: -- Summary: The error message is not friendly when ranger plugin service is unavailable. (was: The error message is not friendly when ranger plugin service cannot be connected) > The error message is not friendly when ranger plugin service is unavailable. > > > Key: HAWQ-1276 > URL: https://issues.apache.org/jira/browse/HAWQ-1276 > Project: Apache HAWQ > Issue Type: Sub-task > Components: Security >Reporter: Xiang Sheng >Assignee: Xiang Sheng > Fix For: 2.2.0.0-incubating > > > The error message is not friendly when RPS cannot be connected. > We expect a more clear message printed out, for example, "cannot connect to > RPS service: host/port/service ". > What's more, there are many other error and log messages and log level should > be refined to more friendly. Some unused log should be removed. > {code} > MacBook-Pro:incubator-hawq malili$ psql -d postgres > psql (8.2.15) > Type "help" for help. > postgres=# \l > WARNING: curl_easy_perform() failed: Couldn't connect to server > LINE 5: FROM pg_catalog.pg_database d > ^ > ERROR: permission denied for schema pg_catalog > LINE 5: FROM pg_catalog.pg_database d > ^ > postgres=# > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HAWQ-1276) The error message is not friendly when ranger plugin service cannot be connected
[ https://issues.apache.org/jira/browse/HAWQ-1276?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Xiang Sheng updated HAWQ-1276: -- Description: The error message is not friendly when RPS cannot be connected. We expect a more clear message printed out, for example, "cannot connect to RPS service: host/port/service ". What's more, there are many other error and log messages and log level should be refined to more friendly. Some unused log should be removed. {code} MacBook-Pro:incubator-hawq malili$ psql -d postgres psql (8.2.15) Type "help" for help. postgres=# \l WARNING: curl_easy_perform() failed: Couldn't connect to server LINE 5: FROM pg_catalog.pg_database d ^ ERROR: permission denied for schema pg_catalog LINE 5: FROM pg_catalog.pg_database d ^ postgres=# {code} was: The error message is not friendly when RPS cannot be connected. We expect a more clear message printed out, for example, "cannot connect to RPS service: host/port/service ". What's more, there are many other error and log messages and log level should be refined to more friendly. Some unused log should be removed. ``` malilis-MacBook-Pro:incubator-hawq malili$ psql -d postgres psql (8.2.15) Type "help" for help. postgres=# \l WARNING: curl_easy_perform() failed: Couldn't connect to server LINE 5: FROM pg_catalog.pg_database d ^ ERROR: permission denied for schema pg_catalog LINE 5: FROM pg_catalog.pg_database d ^ postgres=# ``` > The error message is not friendly when ranger plugin service cannot be > connected > - > > Key: HAWQ-1276 > URL: https://issues.apache.org/jira/browse/HAWQ-1276 > Project: Apache HAWQ > Issue Type: Sub-task > Components: Security >Reporter: Xiang Sheng >Assignee: Xiang Sheng > Fix For: 2.2.0.0-incubating > > > The error message is not friendly when RPS cannot be connected. > We expect a more clear message printed out, for example, "cannot connect to > RPS service: host/port/service ". > What's more, there are many other error and log messages and log level should > be refined to more friendly. Some unused log should be removed. > {code} > MacBook-Pro:incubator-hawq malili$ psql -d postgres > psql (8.2.15) > Type "help" for help. > postgres=# \l > WARNING: curl_easy_perform() failed: Couldn't connect to server > LINE 5: FROM pg_catalog.pg_database d > ^ > ERROR: permission denied for schema pg_catalog > LINE 5: FROM pg_catalog.pg_database d > ^ > postgres=# > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Assigned] (HAWQ-1276) The error message is not friendly when ranger plugin service cannot be connected
[ https://issues.apache.org/jira/browse/HAWQ-1276?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Xiang Sheng reassigned HAWQ-1276: - Assignee: Xiang Sheng (was: Ed Espino) > The error message is not friendly when ranger plugin service cannot be > connected > - > > Key: HAWQ-1276 > URL: https://issues.apache.org/jira/browse/HAWQ-1276 > Project: Apache HAWQ > Issue Type: Sub-task > Components: Security >Reporter: Xiang Sheng >Assignee: Xiang Sheng > Fix For: 2.2.0.0-incubating > > > The error message is not friendly when RPS cannot be connected. > We expect a more clear message printed out, for example, "cannot connect to > RPS service: host/port/service ". > What's more, there are many other error and log messages and log level should > be refined to more friendly. Some unused log should be removed. > ``` > malilis-MacBook-Pro:incubator-hawq malili$ psql -d postgres > psql (8.2.15) > Type "help" for help. > postgres=# \l > WARNING: curl_easy_perform() failed: Couldn't connect to server > LINE 5: FROM pg_catalog.pg_database d > ^ > ERROR: permission denied for schema pg_catalog > LINE 5: FROM pg_catalog.pg_database d > ^ > postgres=# > ``` -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (HAWQ-1276) The error message is not friendly when ranger plugin service cannot be connected
Xiang Sheng created HAWQ-1276: - Summary: The error message is not friendly when ranger plugin service cannot be connected Key: HAWQ-1276 URL: https://issues.apache.org/jira/browse/HAWQ-1276 Project: Apache HAWQ Issue Type: Sub-task Components: Security Reporter: Xiang Sheng Assignee: Ed Espino Fix For: 2.2.0.0-incubating The error message is not friendly when RPS cannot be connected. We expect a more clear message printed out, for example, "cannot connect to RPS service: host/port/service ". What's more, there are many other error and log messages and log level should be refined to more friendly. Some unused log should be removed. ``` malilis-MacBook-Pro:incubator-hawq malili$ psql -d postgres psql (8.2.15) Type "help" for help. postgres=# \l WARNING: curl_easy_perform() failed: Couldn't connect to server LINE 5: FROM pg_catalog.pg_database d ^ ERROR: permission denied for schema pg_catalog LINE 5: FROM pg_catalog.pg_database d ^ postgres=# ``` -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[GitHub] incubator-hawq issue #1087: HAWQ-1275. Check build-in catalogs, tables and f...
Github user interma commented on the issue: https://github.com/apache/incubator-hawq/pull/1087 +1 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-hawq pull request #1087: HAWQ-1275. Check build-in catalogs, table...
Github user zhangh43 commented on a diff in the pull request: https://github.com/apache/incubator-hawq/pull/1087#discussion_r96174690 --- Diff: src/include/catalog/pg_namespace.h --- @@ -123,7 +123,7 @@ DESCR("Standard public schema"); DATA(insert OID = 6104 ( "pg_aoseg" PGUID _null_ 0)); DESCR("Reserved schema for Append Only segment list and eof tables"); #define PG_AOSEGMENT_NAMESPACE 6104 - +#define PG_INFORMATION_SCHEMA_NAMESPACE 10671 --- End diff -- I use caql to get the latest information_schema_namespace oid instead --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-hawq pull request #1087: HAWQ-1275. Check build-in catalogs, table...
Github user zhangh43 commented on a diff in the pull request: https://github.com/apache/incubator-hawq/pull/1087#discussion_r96174643 --- Diff: src/backend/catalog/aclchk.c --- @@ -2670,28 +2670,50 @@ List *getActionName(AclMode mask) bool fallBackToNativeCheck(AclObjectKind objkind, Oid obj_oid, Oid roleid) { //for heap table, we fall back to native check. - if(objkind == ACL_KIND_CLASS) + if (objkind == ACL_KIND_CLASS) { char relstorage = get_rel_relstorage(obj_oid); -if(relstorage == 'h') +if (relstorage == 'h') { return true; } } + else if (objkind == ACL_KIND_NAMESPACE) + { + //native check build-in schemas. +if (obj_oid == PG_CATALOG_NAMESPACE || obj_oid == PG_INFORMATION_SCHEMA_NAMESPACE + || obj_oid == PG_AOSEGMENT_NAMESPACE || obj_oid == PG_TOAST_NAMESPACE + || obj_oid == PG_BITMAPINDEX_NAMESPACE) +{ + return true; +} + } + else if (objkind == ACL_KIND_PROC) + { + //native check functions under build-in schemas. +Oid namespaceid = get_func_namespace(obj_oid); +if (namespaceid == PG_CATALOG_NAMESPACE || namespaceid == PG_INFORMATION_SCHEMA_NAMESPACE + || namespaceid == PG_AOSEGMENT_NAMESPACE || namespaceid == PG_TOAST_NAMESPACE + || namespaceid == PG_BITMAPINDEX_NAMESPACE) +{ + return true; +} + } + return false; } bool fallBackToNativeChecks(AclObjectKind objkind, List* table_list, Oid roleid) { - //for heap table, we fall back to native check. - if(objkind == ACL_KIND_CLASS) + //we only have range table here --- End diff -- fixed --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-hawq issue #1087: HAWQ-1275. Check build-in catalogs, tables and f...
Github user linwen commented on the issue: https://github.com/apache/incubator-hawq/pull/1087 +1 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-hawq pull request #1087: HAWQ-1275. Check build-in catalogs, table...
Github user zhangh43 commented on a diff in the pull request: https://github.com/apache/incubator-hawq/pull/1087#discussion_r96174625 --- Diff: src/backend/catalog/aclchk.c --- @@ -2670,28 +2670,50 @@ List *getActionName(AclMode mask) bool fallBackToNativeCheck(AclObjectKind objkind, Oid obj_oid, Oid roleid) { //for heap table, we fall back to native check. - if(objkind == ACL_KIND_CLASS) + if (objkind == ACL_KIND_CLASS) { char relstorage = get_rel_relstorage(obj_oid); -if(relstorage == 'h') +if (relstorage == 'h') { return true; } } + else if (objkind == ACL_KIND_NAMESPACE) + { + //native check build-in schemas. +if (obj_oid == PG_CATALOG_NAMESPACE || obj_oid == PG_INFORMATION_SCHEMA_NAMESPACE --- End diff -- I think gp_toolkit should be managed by Ranger. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-hawq pull request #1087: HAWQ-1275. Check build-in catalogs, table...
Github user ictmalili commented on a diff in the pull request: https://github.com/apache/incubator-hawq/pull/1087#discussion_r96171369 --- Diff: src/backend/catalog/aclchk.c --- @@ -2670,28 +2670,50 @@ List *getActionName(AclMode mask) bool fallBackToNativeCheck(AclObjectKind objkind, Oid obj_oid, Oid roleid) { //for heap table, we fall back to native check. - if(objkind == ACL_KIND_CLASS) + if (objkind == ACL_KIND_CLASS) { char relstorage = get_rel_relstorage(obj_oid); -if(relstorage == 'h') +if (relstorage == 'h') { return true; } } + else if (objkind == ACL_KIND_NAMESPACE) + { + //native check build-in schemas. +if (obj_oid == PG_CATALOG_NAMESPACE || obj_oid == PG_INFORMATION_SCHEMA_NAMESPACE --- End diff -- Yes, I think so --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-hawq pull request #1087: HAWQ-1275. Check build-in catalogs, table...
Github user ictmalili commented on a diff in the pull request: https://github.com/apache/incubator-hawq/pull/1087#discussion_r96171295 --- Diff: src/include/catalog/pg_namespace.h --- @@ -123,7 +123,7 @@ DESCR("Standard public schema"); DATA(insert OID = 6104 ( "pg_aoseg" PGUID _null_ 0)); DESCR("Reserved schema for Append Only segment list and eof tables"); #define PG_AOSEGMENT_NAMESPACE 6104 - +#define PG_INFORMATION_SCHEMA_NAMESPACE 10671 --- End diff -- Is the oid for information_schema schema fixed? I thought it was created during hawq init procedure, so the oid might be not fixed at the value 10671. Can we get it firstly as a global variable by running "select oid from pg_namespace where nspname = 'information_schema'" ? --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-hawq pull request #1087: HAWQ-1275. Check build-in catalogs, table...
Github user linwen commented on a diff in the pull request: https://github.com/apache/incubator-hawq/pull/1087#discussion_r96171062 --- Diff: src/backend/catalog/aclchk.c --- @@ -2670,28 +2670,50 @@ List *getActionName(AclMode mask) bool fallBackToNativeCheck(AclObjectKind objkind, Oid obj_oid, Oid roleid) { //for heap table, we fall back to native check. - if(objkind == ACL_KIND_CLASS) + if (objkind == ACL_KIND_CLASS) { char relstorage = get_rel_relstorage(obj_oid); -if(relstorage == 'h') +if (relstorage == 'h') { return true; } } + else if (objkind == ACL_KIND_NAMESPACE) + { + //native check build-in schemas. +if (obj_oid == PG_CATALOG_NAMESPACE || obj_oid == PG_INFORMATION_SCHEMA_NAMESPACE + || obj_oid == PG_AOSEGMENT_NAMESPACE || obj_oid == PG_TOAST_NAMESPACE + || obj_oid == PG_BITMAPINDEX_NAMESPACE) +{ + return true; +} + } + else if (objkind == ACL_KIND_PROC) + { + //native check functions under build-in schemas. --- End diff -- should use this kind of comments: /* */ and fix indent. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-hawq pull request #1087: HAWQ-1275. Check build-in catalogs, table...
Github user linwen commented on a diff in the pull request: https://github.com/apache/incubator-hawq/pull/1087#discussion_r96171072 --- Diff: src/backend/catalog/aclchk.c --- @@ -2670,28 +2670,50 @@ List *getActionName(AclMode mask) bool fallBackToNativeCheck(AclObjectKind objkind, Oid obj_oid, Oid roleid) { //for heap table, we fall back to native check. - if(objkind == ACL_KIND_CLASS) + if (objkind == ACL_KIND_CLASS) { char relstorage = get_rel_relstorage(obj_oid); -if(relstorage == 'h') +if (relstorage == 'h') { return true; } } + else if (objkind == ACL_KIND_NAMESPACE) + { + //native check build-in schemas. +if (obj_oid == PG_CATALOG_NAMESPACE || obj_oid == PG_INFORMATION_SCHEMA_NAMESPACE + || obj_oid == PG_AOSEGMENT_NAMESPACE || obj_oid == PG_TOAST_NAMESPACE + || obj_oid == PG_BITMAPINDEX_NAMESPACE) +{ + return true; +} + } + else if (objkind == ACL_KIND_PROC) + { + //native check functions under build-in schemas. +Oid namespaceid = get_func_namespace(obj_oid); +if (namespaceid == PG_CATALOG_NAMESPACE || namespaceid == PG_INFORMATION_SCHEMA_NAMESPACE + || namespaceid == PG_AOSEGMENT_NAMESPACE || namespaceid == PG_TOAST_NAMESPACE + || namespaceid == PG_BITMAPINDEX_NAMESPACE) +{ + return true; +} + } + return false; } bool fallBackToNativeChecks(AclObjectKind objkind, List* table_list, Oid roleid) { - //for heap table, we fall back to native check. - if(objkind == ACL_KIND_CLASS) + //we only have range table here --- End diff -- should use this kind of comments: /* */ --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-hawq pull request #1087: HAWQ-1275. Check build-in catalogs, table...
Github user linwen commented on a diff in the pull request: https://github.com/apache/incubator-hawq/pull/1087#discussion_r96171046 --- Diff: src/backend/catalog/aclchk.c --- @@ -2670,28 +2670,50 @@ List *getActionName(AclMode mask) bool fallBackToNativeCheck(AclObjectKind objkind, Oid obj_oid, Oid roleid) { //for heap table, we fall back to native check. - if(objkind == ACL_KIND_CLASS) + if (objkind == ACL_KIND_CLASS) { char relstorage = get_rel_relstorage(obj_oid); -if(relstorage == 'h') +if (relstorage == 'h') { return true; } } + else if (objkind == ACL_KIND_NAMESPACE) + { + //native check build-in schemas. --- End diff -- should use this kind of comments: /* */ --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-hawq issue #1085: HAWQ-1203. Ranger Plugin Service Implementation....
Github user denalex commented on the issue: https://github.com/apache/incubator-hawq/pull/1085 @ictmalili -- thanks for noticing, you're correct, the PR should not include those, not sure how they got in, I rebased from master before submission. I will resubmit tomorrow. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-hawq pull request #1087: HAWQ-1275. Check build-in catalogs, table...
Github user interma commented on a diff in the pull request: https://github.com/apache/incubator-hawq/pull/1087#discussion_r96161630 --- Diff: src/backend/catalog/aclchk.c --- @@ -2670,28 +2670,50 @@ List *getActionName(AclMode mask) bool fallBackToNativeCheck(AclObjectKind objkind, Oid obj_oid, Oid roleid) { //for heap table, we fall back to native check. - if(objkind == ACL_KIND_CLASS) + if (objkind == ACL_KIND_CLASS) { char relstorage = get_rel_relstorage(obj_oid); -if(relstorage == 'h') +if (relstorage == 'h') { return true; } } + else if (objkind == ACL_KIND_NAMESPACE) + { + //native check build-in schemas. +if (obj_oid == PG_CATALOG_NAMESPACE || obj_oid == PG_INFORMATION_SCHEMA_NAMESPACE --- End diff -- Is there need to add gp_toolkit schema? Seems need? _`gp_toolkit` is an administrative schema that contains external tables, views, and functions that you can access with SQL commands. All database users can access gp_toolkit to view and query the system log files and other system metrics._ refer: http://hdb.docs.pivotal.io/201/hawq/ddl/ddl-schema.html --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-hawq pull request #1087: HAWQ-1275. Check build-in catalogs, table...
GitHub user zhangh43 opened a pull request: https://github.com/apache/incubator-hawq/pull/1087 HAWQ-1275. Check build-in catalogs, tables and functions in native aclcheck. We plan to do privilege check in hawq side for build-in catalogs, tables and functions. The reasons are two folds; 1 Ranger mainly manage the user data, but build-in catalogs and tables are not related to user data(note that some of them contain statistics information of user data such as catalog table pg_aoseg_*). 2 We haven't finish the code of merge of all the privilege check requests into one big request. Without it query such as "\d" and "analyze" will lead to hundreds of RPS request. You can merge this pull request into a Git repository by running: $ git pull https://github.com/zhangh43/incubator-hawq hawq1275 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-hawq/pull/1087.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #1087 commit 9efd765bfcc2d0d71415956d5e3339734334d112 Author: hubertzhang Date: 2017-01-16T02:53:35Z HAWQ-1275. Check build-in catalogs, tables and functions in native aclcheck. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-hawq issue #1085: HAWQ-1203. Ranger Plugin Service Implementation....
Github user ictmalili commented on the issue: https://github.com/apache/incubator-hawq/pull/1085 @denalex Why this PR includes a second commit for "Revert "HAWQ-1248. Merge Dockerfiles for HAWQ Dev into HAWQ code base." ⦠huor committed 3 days ago " In my opinion, this should not be included in PRS's implementation. Thanks --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[jira] [Assigned] (HAWQ-1275) Check build-in catalogs, tables and functions in native aclcheck.
[ https://issues.apache.org/jira/browse/HAWQ-1275?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Hubert Zhang reassigned HAWQ-1275: -- Assignee: Hubert Zhang (was: Ed Espino) > Check build-in catalogs, tables and functions in native aclcheck. > - > > Key: HAWQ-1275 > URL: https://issues.apache.org/jira/browse/HAWQ-1275 > Project: Apache HAWQ > Issue Type: Sub-task > Components: Security >Reporter: Hubert Zhang >Assignee: Hubert Zhang > Fix For: backlog > > > We plan to do privilege check in hawq side for build-in catalogs, tables and > functions. The reasons are two folds; > 1 Ranger mainly manage the user data, but build-in catalogs and tables are > not related to user data(note that some of them contain statistics > information of user data such as catalog table pg_aoseg_*). > 2 We haven't finish the code of merge of all the privilege check requests > into one big request. Without it query such as "\d" and "analyze" will lead > to hundreds of RPS request. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (HAWQ-1275) Check build-in catalogs, tables and functions in native aclcheck.
Hubert Zhang created HAWQ-1275: -- Summary: Check build-in catalogs, tables and functions in native aclcheck. Key: HAWQ-1275 URL: https://issues.apache.org/jira/browse/HAWQ-1275 Project: Apache HAWQ Issue Type: Sub-task Components: Security Reporter: Hubert Zhang Assignee: Ed Espino We plan to do privilege check in hawq side for build-in catalogs, tables and functions. The reasons are two folds; 1 Ranger mainly manage the user data, but build-in catalogs and tables are not related to user data(note that some of them contain statistics information of user data such as catalog table pg_aoseg_*). 2 We haven't finish the code of merge of all the privilege check requests into one big request. Without it query such as "\d" and "analyze" will lead to hundreds of RPS request. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HAWQ-1108) Add JDBC PXF Plugin
[ https://issues.apache.org/jira/browse/HAWQ-1108?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15823326#comment-15823326 ] Devin Jia commented on HAWQ-1108: - ok,i will rebase the PR branch. > Add JDBC PXF Plugin > --- > > Key: HAWQ-1108 > URL: https://issues.apache.org/jira/browse/HAWQ-1108 > Project: Apache HAWQ > Issue Type: New Feature > Components: PXF >Reporter: Michael Andre Pearce (IG) >Assignee: Devin Jia > > On the back of the work in : > https://issues.apache.org/jira/browse/HAWQ-779 > We would like to add to Hawq Plugins a JDBC implementation. > There are currently two noted implementations in the openly available in > GitHub. > 1) https://github.com/kojec/pxf-field/tree/master/jdbc-pxf-ext > 2) https://github.com/inspur-insight/pxf-plugin/tree/master/pxf-jdbc > The latter (2) is an improved version of the former (1) and also what > HAWQ-779 changes were to support. > [~jiadx] would you be happy to contribute the source as apache 2 license open > source? -- This message was sent by Atlassian JIRA (v6.3.4#6332)