search

prestodb / presto

The official home of the Presto distributed SQL query engine for big data
http://prestodb.io
Apache License 2.0
16.06k stars 5.38k forks source link

catalog returns null resulting in a system error #18357

Open chufa opened 2 years ago

chufa commented 2 years ago

When "show catalogs" is executed by a user who does not have access to the catalog after integrating the ranger, it returns "catalog returns null resulting in a system error ". The details of the error are as follows. { "type": "java.lang.IllegalStateException", "suppressed": [], "stack": [ "com.google.common.base.Preconditions.checkState(Preconditions.java:491)", "com.facebook.presto.sql.analyzer.StatementAnalyzer$Visitor.visitValues(StatementAnalyzer.java:1895)", "com.facebook.presto.sql.analyzer.StatementAnalyzer$Visitor.visitValues(StatementAnalyzer.java:321)", "com.facebook.presto.sql.tree.Values.accept(Values.java:55)", "com.facebook.presto.sql.tree.AstVisitor.process(AstVisitor.java:27)", "com.facebook.presto.sql.analyzer.StatementAnalyzer$Visitor.process(StatementAnalyzer.java:335)", "com.facebook.presto.sql.analyzer.StatementAnalyzer$Visitor.visitAliasedRelation(StatementAnalyzer.java:1430)", "com.facebook.presto.sql.analyzer.StatementAnalyzer$Visitor.visitAliasedRelation(StatementAnalyzer.java:321)", "com.facebook.presto.sql.tree.AliasedRelation.accept(AliasedRelation.java:71)", "com.facebook.presto.sql.tree.AstVisitor.process(AstVisitor.java:27)", "com.facebook.presto.sql.analyzer.StatementAnalyzer$Visitor.process(StatementAnalyzer.java:335)", "com.facebook.presto.sql.analyzer.StatementAnalyzer$Visitor.analyzeFrom(StatementAnalyzer.java:2495)", "com.facebook.presto.sql.analyzer.StatementAnalyzer$Visitor.visitQuerySpecification(StatementAnalyzer.java:1507)", "com.facebook.presto.sql.analyzer.StatementAnalyzer$Visitor.visitQuerySpecification(StatementAnalyzer.java:321)", "com.facebook.presto.sql.tree.QuerySpecification.accept(QuerySpecification.java:138)", "com.facebook.presto.sql.tree.AstVisitor.process(AstVisitor.java:27)", "com.facebook.presto.sql.analyzer.StatementAnalyzer$Visitor.process(StatementAnalyzer.java:335)", "com.facebook.presto.sql.analyzer.StatementAnalyzer$Visitor.process(StatementAnalyzer.java:343)", "com.facebook.presto.sql.analyzer.StatementAnalyzer$Visitor.visitQuery(StatementAnalyzer.java:1089)", "com.facebook.presto.sql.analyzer.StatementAnalyzer$Visitor.visitQuery(StatementAnalyzer.java:321)", "com.facebook.presto.sql.tree.Query.accept(Query.java:105)", "com.facebook.presto.sql.tree.AstVisitor.process(AstVisitor.java:27)", "com.facebook.presto.sql.analyzer.StatementAnalyzer$Visitor.process(StatementAnalyzer.java:335)", "com.facebook.presto.sql.analyzer.StatementAnalyzer.analyze(StatementAnalyzer.java:313)", "com.facebook.presto.sql.analyzer.Analyzer.analyzeSemantic(Analyzer.java:93)", "com.facebook.presto.execution.SqlQueryExecution.<init>(SqlQueryExecution.java:196)", "com.facebook.presto.execution.SqlQueryExecution.<init>(SqlQueryExecution.java:100)", "com.facebook.presto.execution.SqlQueryExecution$SqlQueryExecutionFactory.createQueryExecution(SqlQueryExecution.java:828)", "com.facebook.presto.dispatcher.LocalDispatchQueryFactory.lambda$createDispatchQuery$0(LocalDispatchQueryFactory.java:127)", "com.google.common.util.concurrent.TrustedListenableFutureTask$TrustedFutureInterruptibleTask.runInterruptibly(TrustedListenableFutureTask.java:125)", "com.google.common.util.concurrent.InterruptibleTask.run(InterruptibleTask.java:57)", "com.google.common.util.concurrent.TrustedListenableFutureTask.run(TrustedListenableFutureTask.java:78)", "java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)", "java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)", "java.lang.Thread.run(Thread.java:750)" ], "errorCode": { "code": 65536, "name": "GENERIC_INTERNAL_ERROR", "type": "INTERNAL_ERROR", "retriable": false } }

The error is when checking the size of the node in the visitValues method of the StatementAnalyzer class: checkState(node.getRows().size() >= 1); where the node value is "()"

agrawalreetika commented 2 years ago

@chufa Could you please share your setup details?

chufa commented 2 years ago
  1. Prepare users who do not have access to catalog.
  2. Use this user account to execute show catalogs; 3, presto return catalog results, all filtered, here continue to execute sql will report an error.
agrawalreetika commented 2 years ago

Could you please let me know if you are using Ranger-Based Authorization for the Hive connector that is supported in prestodb? If yes, could you please verify your ranger configurations details in hive catalog - https://prestodb.io/docs/current/connector/hive-security.html#hive-ranger-based-authorization

chufa commented 2 years ago

I have integrated ranger permissions in presto to manage data source permissions such as mysql, hive, etc. The ranger configuration is all by default; the

It is just that there are two users, userA and userB, userA has one or more catalog permissions and userB does not have any catalog permissions. case1: userA executes 'show catalogs', which returns the list of catalogs with permissions as normal. case2: if userB executes 'show catalogs', an exception is thrown and the error stack is as shown above.

{ "type": "java.lang.IllegalStateException", "suppressed": [], "stack": [ "com.google.common.base.Preconditions.checkState(Preconditions.java:491)", "com.facebook.presto.sql.analyzer.StatementAnalyzer$Visitor.visitValues(StatementAnalyzer.java:1895)", "com.facebook.presto.sql.analyzer.StatementAnalyzer$Visitor.visitValues(StatementAnalyzer.java:321)", "com.facebook.presto.sql.tree.Values.accept(Values.java:55)", "com.facebook.presto.sql.tree.AstVisitor.process(AstVisitor.java:27)", "com.facebook.presto.sql.analyzer.StatementAnalyzer$Visitor.process(StatementAnalyzer.java:335)", "com.facebook.presto.sql.analyzer.StatementAnalyzer$Visitor.visitAliasedRelation(StatementAnalyzer.java:1430)", "com.facebook.presto.sql.analyzer.StatementAnalyzer$Visitor.visitAliasedRelation(StatementAnalyzer.java:321)", "com.facebook.presto.sql.tree.AliasedRelation.accept(AliasedRelation.java:71)", "com.facebook.presto.sql.tree.AstVisitor.process(AstVisitor.java:27)", "com.facebook.presto.sql.analyzer.StatementAnalyzer$Visitor.process(StatementAnalyzer.java:335)", "com.facebook.presto.sql.analyzer.StatementAnalyzer$Visitor.analyzeFrom(StatementAnalyzer.java:2495)", "com.facebook.presto.sql.analyzer.StatementAnalyzer$Visitor.visitQuerySpecification(StatementAnalyzer.java:1507)", "com.facebook.presto.sql.analyzer.StatementAnalyzer$Visitor.visitQuerySpecification(StatementAnalyzer.java:321)", "com.facebook.presto.sql.tree.QuerySpecification.accept(QuerySpecification.java:138)", "com.facebook.presto.sql.tree.AstVisitor.process(AstVisitor.java:27)", "com.facebook.presto.sql.analyzer.StatementAnalyzer$Visitor.process(StatementAnalyzer.java:335)", "com.facebook.presto.sql.analyzer.StatementAnalyzer$Visitor.process(StatementAnalyzer.java:343)", "com.facebook.presto.sql.analyzer.StatementAnalyzer$Visitor.visitQuery(StatementAnalyzer.java:1089)", "com.facebook.presto.sql.analyzer.StatementAnalyzer$Visitor.visitQuery(StatementAnalyzer.java:321)", "com.facebook.presto.sql.tree.Query.accept(Query.java:105)", "com.facebook.presto.sql.tree.AstVisitor.process(AstVisitor.java:27)", "com.facebook.presto.sql.analyzer.StatementAnalyzer$Visitor.process(StatementAnalyzer.java:335)", "com.facebook.presto.sql.analyzer.StatementAnalyzer.analyze(StatementAnalyzer.java:313)", "com.facebook.presto.sql.analyzer.Analyzer.analyzeSemantic(Analyzer.java:93)", "com.facebook.presto.execution.SqlQueryExecution.(SqlQueryExecution.java:196)", "com.facebook.presto.execution.SqlQueryExecution.(SqlQueryExecution.java:100)", "com.facebook.presto.execution.SqlQueryExecution$SqlQueryExecutionFactory.createQueryExecution(SqlQueryExecution.java:828)", "com.facebook.presto.dispatcher.LocalDispatchQueryFactory.lambda$createDispatchQuery$0(LocalDispatchQueryFactory.java:127)", "com.google.common.util.concurrent.TrustedListenableFutureTask$TrustedFutureInterruptibleTask.runInterruptibly(TrustedListenableFutureTask.java:125)", "com.google.common.util.concurrent.InterruptibleTask.run(InterruptibleTask.java:57)", "com.google.common.util.concurrent.TrustedListenableFutureTask.run(TrustedListenableFutureTask.java:78)", "java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)", "java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)", "java.lang.Thread.run(Thread.java:750)" ], "errorCode": { "code": 65536, "name": "GENERIC_INTERNAL_ERROR", "type": "INTERNAL_ERROR", "retriable": false } }

agrawalreetika commented 2 years ago

I was able to reproduce the error with file-based access control. I think this restriction is to make sure every user at least should have see some catalog with SHOW CATALOGS and then you can disable schema Access inside the catalog. By default, If no rule matches, access is denied.

chufa commented 2 years ago

So it's curious if it returns null if there are no permissions, or if it reports an error about not having permissions, but presto always reports it as an internal system error, which is ambiguous for the upper level system that interfaces with presto