hawq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From xunzh...@apache.org
Subject incubator-hawq git commit: HAWQ-1001. Bugfix and light refactor ranger logic.
Date Mon, 19 Dec 2016 10:29:55 GMT
Repository: incubator-hawq
Updated Branches:
  refs/heads/master b32e56c50 -> c5aee9b64


HAWQ-1001. Bugfix and light refactor ranger logic.


Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-hawq/commit/c5aee9b6
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq/tree/c5aee9b6
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq/diff/c5aee9b6

Branch: refs/heads/master
Commit: c5aee9b6408b9aa67f01ff75a6521a2e1d1ce03f
Parents: b32e56c
Author: xunzhang <xunzhangthu@gmail.com>
Authored: Mon Dec 19 13:08:23 2016 +0800
Committer: xunzhang <xunzhangthu@gmail.com>
Committed: Mon Dec 19 18:28:27 2016 +0800

----------------------------------------------------------------------
 src/backend/catalog/aclchk.c        |  3 +-
 src/backend/libpq/rangerrest.c      | 88 +++++++++++---------------------
 src/backend/parser/parse_relation.c |  2 +
 src/include/utils/acl.h             | 25 +--------
 src/include/utils/rangerrest.h      | 62 ++++++++++++++++++++--
 5 files changed, 94 insertions(+), 86 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c5aee9b6/src/backend/catalog/aclchk.c
----------------------------------------------------------------------
diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c
index f13502e..d3e4b64 100644
--- a/src/backend/catalog/aclchk.c
+++ b/src/backend/catalog/aclchk.c
@@ -56,6 +56,7 @@
 #include "utils/lsyscache.h"
 #include "utils/rel.h"
 #include "utils/syscache.h"
+#include "utils/rangerrest.h"
 #include "cdb/cdbvars.h"
 #include "cdb/cdbdisp.h"
 #include "cdb/dispatcher.h"
@@ -2726,7 +2727,7 @@ List *pg_rangercheck_batch(List *arg_list)
     requestarg->kind = objkind;
     requestarg->object = objectname;
     requestarg->actions = actions;
-    requestarg->how = isAll;
+    requestarg->isAll = isAll;
     requestargs = lappend(requestargs, requestarg);
 
   } // foreach

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c5aee9b6/src/backend/libpq/rangerrest.c
----------------------------------------------------------------------
diff --git a/src/backend/libpq/rangerrest.c b/src/backend/libpq/rangerrest.c
index 2d38449..b5260a1 100644
--- a/src/backend/libpq/rangerrest.c
+++ b/src/backend/libpq/rangerrest.c
@@ -24,34 +24,32 @@
  *
  *-------------------------------------------------------------------------
  */
-#include "postgres.h"
 
-#include <json-c/json.h>
-
-#include "utils/acl.h"
-#include "utils/guc.h"
 #include "utils/rangerrest.h"
 
 /*
- * Internal buffer for libcurl context
+ * A mapping from AclObjectKind to string
  */
-typedef struct curl_context_t
+char* AclObjectKindStr[] =
 {
-    CURL* curl_handle;
-
-    char curl_error_buffer[CURL_ERROR_SIZE];
-
-    int curl_still_running;
-
-    struct
-    {
-        char* buffer;
-        int size;
-    } response;
-
-    char* last_http_reponse;
-} curl_context_t;
-typedef curl_context_t* CURL_HANDLE;
+    "table",             /* pg_class */
+    "sequence",          /* pg_sequence */
+    "database",          /* pg_database */
+    "function",          /* pg_proc */
+    "operator",          /* pg_operator */
+    "type",              /* pg_type */
+    "language",          /* pg_language */
+    "namespace",         /* pg_namespace */
+    "oplass",            /* pg_opclass */
+    "conversion",        /* pg_conversion */
+    "tablespace",        /* pg_tablespace */
+    "filespace",         /* pg_filespace */
+    "filesystem",        /* pg_filesystem */
+    "fdw",               /* pg_foreign_data_wrapper */
+    "foreign_server",    /* pg_foreign_server */
+    "protocol",          /* pg_extprotocol */
+    "none"               /* MUST BE LAST */
+};
 
 RangerACLResult parse_ranger_response(char* buffer)
 {
@@ -84,30 +82,6 @@ RangerACLResult parse_ranger_response(char* buffer)
 }
 
 /*
- * A mapping from AclObjectKind to string
- */
-char* AclObjectKindStr[] =
-{
-    "table",             /* pg_class */
-    "sequence",          /* pg_sequence */
-    "database",          /* pg_database */
-    "function",          /* pg_proc */
-    "operator",          /* pg_operator */
-    "type",              /* pg_type */
-    "language",          /* pg_language */
-    "namespace",         /* pg_namespace */
-    "oplass",            /* pg_opclass */
-    "conversion",        /* pg_conversion */
-    "tablespace",        /* pg_tablespace */
-    "filespace",         /* pg_filespace */
-    "filesystem",        /* pg_filesystem */
-    "fdw",               /* pg_foreign_data_wrapper */
-    "foreign_server",    /* pg_foreign_server */
-    "protocol",          /* pg_extprotocol */
-    "none"               /* MUST BE LAST */
-};
-
-/*
  * args: List of RangerRequestJsonArgs
  */
 json_object *create_ranger_request_json_batch(List *args)
@@ -128,8 +102,7 @@ json_object *create_ranger_request_json_batch(List *args)
     }
     AclObjectKind kind = arg_ptr->kind;
     char* object = arg_ptr->object;
-    char* how = arg_ptr->how;
-    Assert(user != NULL && object != NULL && privilege != NULL &&
how != NULL);
+    Assert(user != NULL && object != NULL && privilege != NULL &&
arg_ptr->isAll);
     elog(LOG, "build json for ranger request, user:%s, kind:%s, object:%s",
          user, AclObjectKindStr[kind], object);
     
@@ -182,7 +155,6 @@ json_object *create_ranger_request_json_batch(List *args)
             if (third != NULL)
             {
                 json_object *jthird = json_object_new_string(third);
-                elog(LOG, "JTHIRD %s\n", jthird);
                 json_object_object_add(jresource,
                          (kind == ACL_KIND_CLASS) ? "table" :
                          (kind == ACL_KIND_SEQUENCE) ? "sequence" : "function", jthird);
@@ -273,10 +245,10 @@ json_object *create_ranger_request_json_batch(List *args)
  *   }
  */
 json_object* create_ranger_request_json(char* user, AclObjectKind kind, char* object,
-        List* actions, char* how)
+        List* actions, bool isAll)
 {
     Assert(user != NULL && object != NULL && privilege != NULL
-                    && how != NULL);
+                    && isAll);
     ListCell *cell;
 
     elog(LOG, "build json for ranger request, user:%s, kind:%s, object:%s",
@@ -391,7 +363,7 @@ static size_t write_callback(char *contents, size_t size, size_t nitems,
         void *userp)
 {
     size_t realsize = size * nitems;
-    CURL_HANDLE curl = (struct curl_context *) userp;
+    CURL_HANDLE curl = (curl_context_t *) userp;
 
     curl->response.buffer = palloc0(realsize + 1);
     memset(curl->response.buffer, 0, realsize + 1);
@@ -409,7 +381,7 @@ static size_t write_callback(char *contents, size_t size, size_t nitems,
     return realsize;
 }
 
-void call_ranger_rest(CURL_HANDLE curl_handle, char* request)
+void call_ranger_rest(CURL_HANDLE curl_handle, const char* request)
 {
     CURLcode res;
     Assert(request != NULL);
@@ -468,7 +440,7 @@ void call_ranger_rest(CURL_HANDLE curl_handle, char* request)
     }
     else
     {
-        elog(LOG, "%lu bytes retrieved from Ranger Restful API.",
+        elog(LOG, "%d bytes retrieved from Ranger Restful API.",
                 curl_handle->response.size);
     }
 
@@ -490,7 +462,7 @@ int check_privilege_from_ranger_batch(List *arg_list)
 {
   json_object* jrequest = create_ranger_request_json_batch(arg_list);
   Assert(jrequest != NULL);
-  char *request = json_object_to_json_string(jrequest);
+  const char *request = json_object_to_json_string(jrequest);
   elog(LOG, "Send JSON request to Ranger: %s", request);
   Assert(request != NULL);
   struct curl_context_t curl_context;
@@ -518,13 +490,13 @@ int check_privilege_from_ranger_batch(List *arg_list)
  * Check the privilege from Ranger for one role
  */
 int check_privilege_from_ranger(char* user, AclObjectKind kind, char* object,
-        List* actions, char* how)
+        List* actions, bool isAll)
 {
     json_object* jrequest = create_ranger_request_json(user, kind, object,
-                                                       actions, how);
+                                                       actions, isAll);
 
     Assert(jrequest != NULL);
-    char* request = json_object_to_json_string(jrequest);
+    const char* request = json_object_to_json_string(jrequest);
     elog(LOG, "send JSON request to Ranger: %s", request);
     Assert(request != NULL);
 

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c5aee9b6/src/backend/parser/parse_relation.c
----------------------------------------------------------------------
diff --git a/src/backend/parser/parse_relation.c b/src/backend/parser/parse_relation.c
index 176ed0b..6839207 100644
--- a/src/backend/parser/parse_relation.c
+++ b/src/backend/parser/parse_relation.c
@@ -63,6 +63,8 @@
 #include "utils/guc.h"
 #include "utils/lsyscache.h"
 #include "utils/syscache.h"
+#include "utils/rangerrest.h"
+
 /* GUC parameter */
 bool		add_missing_from;
 

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c5aee9b6/src/include/utils/acl.h
----------------------------------------------------------------------
diff --git a/src/include/utils/acl.h b/src/include/utils/acl.h
index a8c9e64..da6f512 100644
--- a/src/include/utils/acl.h
+++ b/src/include/utils/acl.h
@@ -26,7 +26,7 @@
 
 #include "nodes/parsenodes.h"
 #include "utils/array.h"
-#include "utils/rangerrest.h"
+//#include "utils/rangerrest.h"
 
 
 /*
@@ -343,27 +343,4 @@ extern bool pg_conversion_ownercheck(Oid conv_oid, Oid roleid);
 extern bool pg_foreign_server_ownercheck(Oid srv_oid, Oid roleid);
 extern bool pg_extprotocol_ownercheck(Oid ptc_oid, Oid roleid);
 
-typedef struct RangerPrivilegeArgs
-{
-  AclObjectKind objkind;
-  Oid        object_oid;
-  Oid            roleid;
-  AclMode          mask;
-  AclMaskHow        how;
-} RangerPrivilegeArgs;
-
-typedef struct RangerPrivilegeResults
-{
-  RangerACLResult result;
-  Oid relOid;
-} RangerPrivilegeResults;
-
-typedef struct RangerRequestJsonArgs {
-  char* user;
-  AclObjectKind kind;
-  char* object;
-  List* actions;
-  char* how;
-} RangerRequestJsonArgs;
-
 #endif   /* ACL_H */

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/c5aee9b6/src/include/utils/rangerrest.h
----------------------------------------------------------------------
diff --git a/src/include/utils/rangerrest.h b/src/include/utils/rangerrest.h
index 4b73f46..4fc1a73 100644
--- a/src/include/utils/rangerrest.h
+++ b/src/include/utils/rangerrest.h
@@ -27,13 +27,69 @@
 #ifndef RANGERREST_H
 #define RANGERREST_H
 
+#include "postgres.h"
 #include <curl/curl.h>
+#include <json-c/json.h>
+#include "utils/acl.h"
+#include "utils/guc.h"
 
 typedef enum
 {
-    RANGERCHECK_OK = 0,
-    RANGERCHECK_NO_PRIV,
-    RANGERCHECK_UNKNOWN
+  RANGERCHECK_OK = 0,
+  RANGERCHECK_NO_PRIV,
+  RANGERCHECK_UNKNOWN
 } RangerACLResult;
 
+/*
+ * Internal buffer for libcurl context
+ */
+typedef struct curl_context_t
+{
+  CURL* curl_handle;
+
+  char curl_error_buffer[CURL_ERROR_SIZE];
+
+  int curl_still_running;
+
+  struct
+  {
+    char* buffer;
+    int size;
+  } response;
+
+  char* last_http_reponse;
+} curl_context_t;
+
+typedef curl_context_t* CURL_HANDLE;
+
+typedef struct RangerPrivilegeArgs
+{
+  AclObjectKind objkind;
+  Oid        object_oid;
+  Oid            roleid;
+  AclMode          mask;
+  AclMaskHow        how;
+} RangerPrivilegeArgs;
+
+typedef struct RangerPrivilegeResults
+{
+  RangerACLResult result;
+  Oid relOid;
+} RangerPrivilegeResults;
+
+typedef struct RangerRequestJsonArgs {
+  char* user;
+  AclObjectKind kind;
+  char* object;
+  List* actions;
+  bool isAll;
+} RangerRequestJsonArgs;
+
+RangerACLResult parse_ranger_response(char *);
+json_object *create_ranger_request_json_batch(List *);
+json_object *create_ranger_request_json(char *, AclObjectKind kind, char *, List *, bool);
+void call_ranger_rest(CURL_HANDLE curl_handle, const char *request);
+extern int check_privilege_from_ranger_batch(List *);
+extern int check_privilege_from_ranger(char *, AclObjectKind kind, char *, List *, bool);
+
 #endif


Mime
View raw message