soumitra-st opened a new pull request, #11136:
URL: https://github.com/apache/pinot/pull/11136
Currently, if SQL query execution has authorization issues, the return code
is 200 and the errorCode 180 is set in the response JSON. This happens for both
controller and broker endpoints.
SQL execution using Controller:
% curl -v -X POST -H "accept: application/json" -H "Content-Type:
application/json" -d '{"sql":"select * from transcript limit
10","trace":false,"queryOptions":""}' http://localhost:9000/sql ; echo
Note: Unnecessary use of -X or --request, POST is already inferred.
* Trying 127.0.0.1:9000...
* Connected to localhost (127.0.0.1) port 9000 (#0)
> POST /sql HTTP/1.1
> Host: localhost:9000
> User-Agent: curl/7.88.1
> accept: application/json
> Content-Type: application/json
> Content-Length: 75
>
< HTTP/1.1 200 OK
< Pinot-Controller-Host: soumitras-mbp.attlocal.net
< Pinot-Controller-Version: 1.0.0-sk-bf66c10b03399e8682ed69cf7c087127ca986c36
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS, DELETE
< Access-Control-Allow-Headers: *
< Content-Type: application/json
< Content-Length: 1023
<
* Connection #0 to host localhost left intact
{"requestId":"1262666501000000001","exceptions":[{"message":null,"errorCode":180}],"numServersQueried":0,"numServersResponded":0,"numSegmentsQueried":0,"numSegmentsProcessed":0,"numSegmentsMatched":0,"numConsumingSegmentsQueried":0,"numConsumingSegmentsProcessed":0,"numConsumingSegmentsMatched":0,"numDocsScanned":0,"numEntriesScannedInFilter":0,"numEntriesScannedPostFilter":0,"numGroupsLimitReached":false,"totalDocs":0,"timeUsedMs":0,"offlineThreadCpuTimeNs":0,"realtimeThreadCpuTimeNs":0,"offlineSystemActivitiesCpuTimeNs":0,"realtimeSystemActivitiesCpuTimeNs":0,"offlineResponseSerializationCpuTimeNs":0,"realtimeResponseSerializationCpuTimeNs":0,"offlineTotalCpuTimeNs":0,"realtimeTotalCpuTimeNs":0,"segmentStatistics":[],"traceInfo":{},"numRowsResultSet":0,"minConsumingFreshnessTimeMs":0,"numSegmentsPrunedByBroker":0,"numSegmentsPrunedByServer":0,"numSegmentsPrunedInvalid":0,"numSegmentsPrunedByLimit":0,"numSegmentsPrunedByValue":0,"explainPlanNumEmptyFilterSegments":0,"explainPlanN
umMatchAllFilterSegments":0}
SQL execution using Broker:
% curl -v -X POST -H "accept: application/json" -H "Content-Type:
application/json" -d '{"sql":"select * from transcript limit
10","trace":false,"queryOptions":""}' http://localhost:8000/query/sql ; echo
Note: Unnecessary use of -X or --request, POST is already inferred.
* Trying 127.0.0.1:8000...
* Connected to localhost (127.0.0.1) port 8000 (#0)
> POST /query/sql HTTP/1.1
> Host: localhost:8000
> User-Agent: curl/7.88.1
> accept: application/json
> Content-Type: application/json
> Content-Length: 75
>
< HTTP/1.1 200 OK
< Content-Type: application/json
< Content-Length: 1023
<
* Connection #0 to host localhost left intact
{"requestId":"1262666501000000000","exceptions":[{"message":null,"errorCode":180}],"numServersQueried":0,"numServersResponded":0,"numSegmentsQueried":0,"numSegmentsProcessed":0,"numSegmentsMatched":0,"numConsumingSegmentsQueried":0,"numConsumingSegmentsProcessed":0,"numConsumingSegmentsMatched":0,"numDocsScanned":0,"numEntriesScannedInFilter":0,"numEntriesScannedPostFilter":0,"numGroupsLimitReached":false,"totalDocs":0,"timeUsedMs":0,"offlineThreadCpuTimeNs":0,"realtimeThreadCpuTimeNs":0,"offlineSystemActivitiesCpuTimeNs":0,"realtimeSystemActivitiesCpuTimeNs":0,"offlineResponseSerializationCpuTimeNs":0,"realtimeResponseSerializationCpuTimeNs":0,"offlineTotalCpuTimeNs":0,"realtimeTotalCpuTimeNs":0,"segmentStatistics":[],"traceInfo":{},"numRowsResultSet":0,"minConsumingFreshnessTimeMs":0,"numSegmentsPrunedByBroker":0,"numSegmentsPrunedByServer":0,"numSegmentsPrunedInvalid":0,"numSegmentsPrunedByLimit":0,"numSegmentsPrunedByValue":0,"explainPlanNumEmptyFilterSegments":0,"explainPlanN
umMatchAllFilterSegments":0}
This PR changes the return code to 403, sample runs below:
% curl -v -X POST -H "accept: application/json" -H "Content-Type:
application/json" -d '{"sql":"select * from transcript limit
10","trace":false,"queryOptions":""}' http://localhost:9000/sql ; echo
Note: Unnecessary use of -X or --request, POST is already inferred.
* Trying 127.0.0.1:9000...
* Connected to localhost (127.0.0.1) port 9000 (#0)
> POST /sql HTTP/1.1
> Host: localhost:9000
> User-Agent: curl/7.88.1
> accept: application/json
> Content-Type: application/json
> Content-Length: 75
>
< HTTP/1.1 403 Forbidden
% curl -v -X POST -H "accept: application/json" -H "Content-Type:
application/json" -d '{"sql":"select * from transcript limit
10","trace":false,"queryOptions":""}' http://localhost:8000/query/sql ; echo
Note: Unnecessary use of -X or --request, POST is already inferred.
* Trying 127.0.0.1:8000...
* Connected to localhost (127.0.0.1) port 8000 (#0)
> POST /query/sql HTTP/1.1
> Host: localhost:8000
> User-Agent: curl/7.88.1
> accept: application/json
> Content-Type: application/json
> Content-Length: 75
>
< HTTP/1.1 403 Forbidden
label is 'bugfix'.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
