Description
We integrated Presto with Sentry authorization.
During the execution when the object does not exists we get SentryNoSuchObjectException, and the meantime the whole stack exception is logged into a log file. It looks like this logging is not needed as exception is raised to the client and client can decide if they like to log it on their own or not.
Also I noticed that it is a general practice in Sentry project log and just after to re-throw the exception. This mostly pollute the log files and does not bring much value because exception is already thrown and can be caught and handled by client code.
2018-09-20T16:27:09.719-0400 ERROR Query-20180920_202709_00011_t5wat-671 org.apache.sentry.core.common.transport.RetryClientInvocationHandler failed to execute listRolesByGroupName java.lang.reflect.InvocationTargetException at sun.reflect.GeneratedMethodAccessor548.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.sentry.core.common.transport.RetryClientInvocationHandler.invokeImpl(RetryClientInvocationHandler.java:95) at org.apache.sentry.core.common.transport.SentryClientInvocationHandler.invoke(SentryClientInvocationHandler.java:41) at com.sun.proxy.$Proxy167.listRolesByGroupName(Unknown Source) at com.facebook.presto.hive.security.sentry.NativeSentryEndpoint.lambda$listGroupRoles$2(NativeSentryEndpoint.java:107) at com.facebook.presto.hive.security.sentry.NativeSentryEndpoint.lambda$call$18(NativeSentryEndpoint.java:359) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:360) at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1726) at com.facebook.presto.hive.security.SentrySecurityModule$1.call(SentrySecurityModule.java:156) at com.facebook.presto.hive.security.sentry.NativeSentryEndpoint.call(NativeSentryEndpoint.java:357) at com.facebook.presto.hive.security.sentry.NativeSentryEndpoint.listGroupRoles(NativeSentryEndpoint.java:105) at com.facebook.presto.hive.security.sentry.StatsCollectingSentryEndpoint.lambda$listGroupRoles$1(StatsCollectingSentryEndpoint.java:66) at com.facebook.presto.hive.security.sentry.InvocationStats.call(InvocationStats.java:34) at com.facebook.presto.hive.security.sentry.StatsCollectingSentryEndpoint.listGroupRoles(StatsCollectingSentryEndpoint.java:66) at com.google.common.cache.CacheLoader$FunctionToCacheLoader.load(CacheLoader.java:165) at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3524) at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2273) at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2156) at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2046) at com.google.common.cache.LocalCache.get(LocalCache.java:3943) at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3967) at com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4952) at com.google.common.cache.LocalCache$LocalLoadingCache.getUnchecked(LocalCache.java:4958) at com.facebook.presto.hive.security.sentry.CachingSentryEndpoint.get(CachingSentryEndpoint.java:131) at com.facebook.presto.hive.security.sentry.CachingSentryEndpoint.listGroupRoles(CachingSentryEndpoint.java:97) at com.facebook.presto.hive.security.sentry.SentryClient.listGroupRoles(SentryClient.java:148) at java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:267) at java.util.HashMap$KeySpliterator.forEachRemaining(HashMap.java:1553) at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481) at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471) at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708) at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:499) at com.facebook.presto.hive.security.sentry.SentryClient.hasAccess(SentryClient.java:97) at com.facebook.presto.hive.security.sentry.SentryClient.lambda$hasAccess$0(SentryClient.java:86) at java.util.stream.MatchOps$1MatchSink.accept(MatchOps.java:90) at java.util.Spliterators$ArraySpliterator.tryAdvance(Spliterators.java:958) at java.util.stream.ReferencePipeline.forEachWithCancel(ReferencePipeline.java:126) at java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:498) at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:485) at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471) at java.util.stream.MatchOps$MatchOp.evaluateSequential(MatchOps.java:230) at java.util.stream.MatchOps$MatchOp.evaluateSequential(MatchOps.java:196) at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) at java.util.stream.ReferencePipeline.allMatch(ReferencePipeline.java:454) at com.facebook.presto.hive.security.sentry.SentryClient.hasAccess(SentryClient.java:86) at com.facebook.presto.hive.security.sentry.SentryAccessControl.checkCanSelectFromColumns(SentryAccessControl.java:166) at com.facebook.presto.hive.security.PartitionsAwareAccessControl.checkCanSelectFromColumns(PartitionsAwareAccessControl.java:124) at com.facebook.presto.security.AccessControlManager.lambda$checkCanSelectFromColumns$77(AccessControlManager.java:645) at com.facebook.presto.security.AccessControlManager.authorizationCheck(AccessControlManager.java:821) at com.facebook.presto.security.AccessControlManager.checkCanSelectFromColumns(AccessControlManager.java:645) at com.facebook.presto.sql.analyzer.Analyzer.lambda$analyze$0(Analyzer.java:78) at java.util.LinkedHashMap.forEach(LinkedHashMap.java:684) at com.facebook.presto.sql.analyzer.Analyzer.analyze(Analyzer.java:77) at com.facebook.presto.sql.analyzer.Analyzer.analyze(Analyzer.java:65) at com.facebook.presto.execution.SqlQueryExecution.<init>(SqlQueryExecution.java:169) at com.facebook.presto.execution.SqlQueryExecution$SqlQueryExecutionFactory.createQueryExecution(SqlQueryExecution.java:660) at com.facebook.presto.execution.SqlQueryExecution$SqlQueryExecutionFactory.createQueryExecution(SqlQueryExecution.java:582) at com.facebook.presto.execution.SqlQueryManager.createQueryInternal(SqlQueryManager.java:439) at com.facebook.presto.execution.SqlQueryManager.lambda$createQuery$3(SqlQueryManager.java:372) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) Caused by: org.apache.sentry.provider.db.SentryNoSuchObjectException: Role: TListSentryRolesRequest(protocol_version:2, requestorUserName:srcprestobthts, groupName:bdkfkadmt) couldn't be retrieved.. Server Stacktrace: org.apache.sentry.provider.db.SentryNoSuchObjectException: nonexistent group + bdkfkadmt at org.apache.sentry.provider.db.service.persistent.SentryStore.noSuchGroup(SentryStore.java:1961) at org.apache.sentry.provider.db.service.persistent.SentryStore.access$1400(SentryStore.java:89) at org.apache.sentry.provider.db.service.persistent.SentryStore$18.execute(SentryStore.java:1186) at org.apache.sentry.provider.db.service.persistent.SentryStore$18.execute(SentryStore.java:1175) at org.apache.sentry.provider.db.service.persistent.TransactionManager.executeTransaction(TransactionManager.java:111) at org.apache.sentry.provider.db.service.persistent.SentryStore.getMSentryRolesByGroupName(SentryStore.java:1174) at org.apache.sentry.provider.db.service.persistent.SentryStore.getTSentryRolesByGroupName(SentryStore.java:1210) at org.apache.sentry.provider.db.service.thrift.SentryPolicyStoreProcessor.list_sentry_roles_by_group(SentryPolicyStoreProcessor.java:555) at org.apache.sentry.provider.db.service.thrift.SentryPolicyService$Processor$list_sentry_roles_by_group.getResult(SentryPolicyService.java:1017) at org.apache.sentry.provider.db.service.thrift.SentryPolicyService$Processor$list_sentry_roles_by_group.getResult(SentryPolicyService.java:1002) at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39) at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39) at org.apache.sentry.provider.db.service.thrift.SentryProcessorWrapper.process(SentryProcessorWrapper.java:35) at org.apache.thrift.TMultiplexedProcessor.process(TMultiplexedProcessor.java:123) at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:286) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) at org.apache.sentry.service.thrift.Status.throwIfNotOk(Status.java:107) at org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClientDefaultImpl.listRolesByGroupName(SentryPolicyServiceClientDefaultImpl.java:161) ... 68 more