From 55098a9469f0a81f115e572484899baf0e1c9aa0 Mon Sep 17 00:00:00 2001 From: Sanjeev Kulkarni Date: Thu, 10 Sep 2020 11:21:22 -0700 Subject: [PATCH] Fix log level for auth failure and not found paths (#8018) * Converted a bunch of error messages to warn * Simple fix Co-authored-by: Sanjeev Kulkarni --- .../pulsar/broker/service/ServerCnx.java | 4 +- .../pulsar/broker/web/PulsarWebResource.java | 5 ++- .../worker/rest/api/ComponentImpl.java | 42 +++++++++---------- .../functions/worker/rest/api/SinksImpl.java | 4 +- .../worker/rest/api/SourcesImpl.java | 4 +- 5 files changed, 31 insertions(+), 28 deletions(-) diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java index 5f8c6e16232d7..45a50af118135 100644 --- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java +++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java @@ -326,11 +326,11 @@ private CompletableFuture isTopicOperationAllowed(TopicName topicName, } return isProxyAuthorizedFuture.thenCombine(isAuthorizedFuture, (isProxyAuthorized, isAuthorized) -> { if (!isProxyAuthorized) { - log.error("OriginalRole {} is not authorized to perform operation {} on topic {}, subscription {}", + log.warn("OriginalRole {} is not authorized to perform operation {} on topic {}, subscription {}", originalPrincipal, operation, topicName, subscriptionName); } if (!isAuthorized) { - log.error("Role {} is not authorized to perform operation {} on topic {}, subscription {}", + log.warn("Role {} is not authorized to perform operation {} on topic {}, subscription {}", authRole, operation, topicName, subscriptionName); } return isProxyAuthorized && isAuthorized; diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/web/PulsarWebResource.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/web/PulsarWebResource.java index edbc93c41d73b..d3ce8391b1b42 100644 --- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/web/PulsarWebResource.java +++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/web/PulsarWebResource.java @@ -308,8 +308,11 @@ protected void validateClusterForTenant(String tenant, String cluster) { try { tenantInfo = pulsar().getConfigurationCache().propertiesCache().get(path(POLICIES, tenant)) .orElseThrow(() -> new RestException(Status.NOT_FOUND, "Tenant does not exist")); + } catch (RestException e) { + log.warn("Failed to get tenant admin data for tenant {}", tenant); + throw e; } catch (Exception e) { - log.error("Failed to get tenant admin data for tenant"); + log.error("Failed to get tenant admin data for tenant {}", tenant, e); throw new RestException(e); } diff --git a/pulsar-functions/worker/src/main/java/org/apache/pulsar/functions/worker/rest/api/ComponentImpl.java b/pulsar-functions/worker/src/main/java/org/apache/pulsar/functions/worker/rest/api/ComponentImpl.java index 11c7b20cc2396..1ec50765f8c9e 100644 --- a/pulsar-functions/worker/src/main/java/org/apache/pulsar/functions/worker/rest/api/ComponentImpl.java +++ b/pulsar-functions/worker/src/main/java/org/apache/pulsar/functions/worker/rest/api/ComponentImpl.java @@ -349,7 +349,7 @@ public void deregisterFunction(final String tenant, try { if (!isAuthorizedRole(tenant, namespace, clientRole, clientAuthenticationDataHttps)) { - log.error("{}/{}/{} Client [{}] is not authorized to deregister {}", tenant, namespace, + log.warn("{}/{}/{} Client [{}] is not authorized to deregister {}", tenant, namespace, componentName, clientRole, ComponentTypeUtils.toString(componentType)); throw new RestException(Status.UNAUTHORIZED, "client is not authorize to perform operation"); } @@ -422,7 +422,7 @@ public FunctionConfig getFunctionInfo(final String tenant, try { if (!isAuthorizedRole(tenant, namespace, clientRole, clientAuthenticationDataHttps)) { - log.error("{}/{}/{} Client [{}] is not authorized to get {}", tenant, namespace, + log.warn("{}/{}/{} Client [{}] is not authorized to get {}", tenant, namespace, componentName, clientRole, ComponentTypeUtils.toString(componentType)); throw new RestException(Status.UNAUTHORIZED, "client is not authorize to perform operation"); } @@ -488,7 +488,7 @@ public void changeFunctionInstanceStatus(final String tenant, try { if (!isAuthorizedRole(tenant, namespace, clientRole, clientAuthenticationDataHttps)) { - log.error("{}/{}/{} Client [{}] is not authorized to start/stop {}", tenant, namespace, + log.warn("{}/{}/{} Client [{}] is not authorized to start/stop {}", tenant, namespace, componentName, clientRole, ComponentTypeUtils.toString(componentType)); throw new RestException(Status.UNAUTHORIZED, "client is not authorize to perform operation"); } @@ -541,7 +541,7 @@ public void restartFunctionInstance(final String tenant, try { if (!isAuthorizedRole(tenant, namespace, clientRole, clientAuthenticationDataHttps)) { - log.error("{}/{}/{} Client [{}] is not authorized to restart {}", tenant, namespace, + log.warn("{}/{}/{} Client [{}] is not authorized to restart {}", tenant, namespace, componentName, clientRole, ComponentTypeUtils.toString(componentType)); throw new RestException(Status.UNAUTHORIZED, "client is not authorize to perform operation"); } @@ -611,7 +611,7 @@ public void changeFunctionStatusAllInstances(final String tenant, try { if (!isAuthorizedRole(tenant, namespace, clientRole, clientAuthenticationDataHttps)) { - log.error("{}/{}/{} Client [{}] is not authorized to start/stop {}", tenant, namespace, + log.warn("{}/{}/{} Client [{}] is not authorized to start/stop {}", tenant, namespace, componentName, clientRole, ComponentTypeUtils.toString(componentType)); throw new RestException(Status.UNAUTHORIZED, "client is not authorize to perform operation"); } @@ -630,7 +630,7 @@ public void changeFunctionStatusAllInstances(final String tenant, FunctionMetaDataManager functionMetaDataManager = worker().getFunctionMetaDataManager(); if (!functionMetaDataManager.containsFunction(tenant, namespace, componentName)) { - log.error("{} in stopFunctionInstances does not exist @ /{}/{}/{}", ComponentTypeUtils.toString(componentType), tenant, namespace, componentName); + log.warn("{} in stopFunctionInstances does not exist @ /{}/{}/{}", ComponentTypeUtils.toString(componentType), tenant, namespace, componentName); throw new RestException(Status.NOT_FOUND, String.format("%s %s doesn't exist", ComponentTypeUtils.toString(componentType), componentName)); } @@ -661,7 +661,7 @@ public void restartFunctionInstances(final String tenant, try { if (!isAuthorizedRole(tenant, namespace, clientRole, clientAuthenticationDataHttps)) { - log.error("{}/{}/{} Client [{}] is not authorized to restart {}", tenant, namespace, + log.warn("{}/{}/{} Client [{}] is not authorized to restart {}", tenant, namespace, componentName, clientRole, ComponentTypeUtils.toString(componentType)); throw new RestException(Status.UNAUTHORIZED, "client is not authorize to perform operation"); } @@ -680,7 +680,7 @@ public void restartFunctionInstances(final String tenant, FunctionMetaDataManager functionMetaDataManager = worker().getFunctionMetaDataManager(); if (!functionMetaDataManager.containsFunction(tenant, namespace, componentName)) { - log.error("{} in stopFunctionInstances does not exist @ /{}/{}/{}", ComponentTypeUtils.toString(componentType), tenant, namespace, componentName); + log.warn("{} in stopFunctionInstances does not exist @ /{}/{}/{}", ComponentTypeUtils.toString(componentType), tenant, namespace, componentName); throw new RestException(Status.NOT_FOUND, String.format("%s %s doesn't exist", ComponentTypeUtils.toString(componentType), componentName)); } @@ -713,7 +713,7 @@ public FunctionStats getFunctionStats(final String tenant, try { if (!isAuthorizedRole(tenant, namespace, clientRole, clientAuthenticationDataHttps)) { - log.error("{}/{}/{} Client [{}] is not authorized to get stats for {}", tenant, namespace, + log.warn("{}/{}/{} Client [{}] is not authorized to get stats for {}", tenant, namespace, componentName, clientRole, ComponentTypeUtils.toString(componentType)); throw new RestException(Status.UNAUTHORIZED, "client is not authorize to perform operation"); } @@ -732,7 +732,7 @@ public FunctionStats getFunctionStats(final String tenant, FunctionMetaDataManager functionMetaDataManager = worker().getFunctionMetaDataManager(); if (!functionMetaDataManager.containsFunction(tenant, namespace, componentName)) { - log.error("{} in get {} Stats does not exist @ /{}/{}/{}", ComponentTypeUtils.toString(componentType), componentType, tenant, namespace, componentName); + log.warn("{} in get {} Stats does not exist @ /{}/{}/{}", ComponentTypeUtils.toString(componentType), componentType, tenant, namespace, componentName); throw new RestException(Status.NOT_FOUND, String.format("%s %s doesn't exist", ComponentTypeUtils.toString(componentType), componentName)); } @@ -769,7 +769,7 @@ public FunctionStats.FunctionInstanceStats.FunctionInstanceStatsData getFunction try { if (!isAuthorizedRole(tenant, namespace, clientRole, clientAuthenticationDataHttps)) { - log.error("{}/{}/{} Client [{}] is not authorized to get stats for {}", tenant, namespace, + log.warn("{}/{}/{} Client [{}] is not authorized to get stats for {}", tenant, namespace, componentName, clientRole, ComponentTypeUtils.toString(componentType)); throw new RestException(Status.UNAUTHORIZED, "client is not authorize to perform operation"); } @@ -789,7 +789,7 @@ public FunctionStats.FunctionInstanceStats.FunctionInstanceStatsData getFunction FunctionMetaDataManager functionMetaDataManager = worker().getFunctionMetaDataManager(); if (!functionMetaDataManager.containsFunction(tenant, namespace, componentName)) { - log.error("{} in get {} Stats does not exist @ /{}/{}/{}", ComponentTypeUtils.toString(componentType), componentType, tenant, namespace, componentName); + log.warn("{} in get {} Stats does not exist @ /{}/{}/{}", ComponentTypeUtils.toString(componentType), componentType, tenant, namespace, componentName); throw new RestException(Status.NOT_FOUND, String.format("%s %s doesn't exist", ComponentTypeUtils.toString(componentType), componentName)); } FunctionMetaData functionMetaData = functionMetaDataManager.getFunctionMetaData(tenant, namespace, componentName); @@ -830,7 +830,7 @@ public List listFunctions(final String tenant, try { if (!isAuthorizedRole(tenant, namespace, clientRole, clientAuthenticationDataHttps)) { - log.error("{}/{} Client [{}] is not authorized to list {}", tenant, namespace, clientRole, ComponentTypeUtils.toString(componentType)); + log.warn("{}/{} Client [{}] is not authorized to list {}", tenant, namespace, clientRole, ComponentTypeUtils.toString(componentType)); throw new RestException(Status.UNAUTHORIZED, "client is not authorize to perform operation"); } } catch (PulsarAdminException e) { @@ -906,7 +906,7 @@ public String triggerFunction(final String tenant, try { if (!isAuthorizedRole(tenant, namespace, clientRole, clientAuthenticationDataHttps)) { - log.error("{}/{}/{} Client [{}] is not authorized to trigger {}", tenant, namespace, + log.warn("{}/{}/{} Client [{}] is not authorized to trigger {}", tenant, namespace, functionName, clientRole, ComponentTypeUtils.toString(componentType)); throw new RestException(Status.UNAUTHORIZED, "client is not authorize to perform operation"); } @@ -925,7 +925,7 @@ public String triggerFunction(final String tenant, FunctionMetaDataManager functionMetaDataManager = worker().getFunctionMetaDataManager(); if (!functionMetaDataManager.containsFunction(tenant, namespace, functionName)) { - log.error("Function in trigger function does not exist @ /{}/{}/{}", tenant, namespace, functionName); + log.warn("Function in trigger function does not exist @ /{}/{}/{}", tenant, namespace, functionName); throw new RestException(Status.NOT_FOUND, String.format("Function %s doesn't exist", functionName)); } @@ -1028,7 +1028,7 @@ public FunctionState getFunctionState(final String tenant, try { if (!isAuthorizedRole(tenant, namespace, clientRole, clientAuthenticationDataHttps)) { - log.error("{}/{}/{} Client [{}] is not authorized to get state for {}", tenant, namespace, + log.warn("{}/{}/{} Client [{}] is not authorized to get state for {}", tenant, namespace, functionName, clientRole, ComponentTypeUtils.toString(componentType)); throw new RestException(Status.UNAUTHORIZED, "client is not authorize to perform operation"); } @@ -1114,7 +1114,7 @@ public void putFunctionState(final String tenant, try { if (!isAuthorizedRole(tenant, namespace, clientRole, clientAuthenticationDataHttps)) { - log.error("{}/{}/{} Client [{}] is not authorized to put state for {}", tenant, namespace, + log.warn("{}/{}/{} Client [{}] is not authorized to put state for {}", tenant, namespace, functionName, clientRole, ComponentTypeUtils.toString(componentType)); throw new RestException(Status.UNAUTHORIZED, "client is not authorize to perform operation"); } @@ -1212,7 +1212,7 @@ public StreamingOutput downloadFunction(String tenant, String namespace, String try { if (!isAuthorizedRole(tenant, namespace, clientRole, clientAuthenticationDataHttps)) { - log.error("{}/{}/{} Client [{}] is not admin and authorized to download package for {} ", tenant, namespace, + log.warn("{}/{}/{} Client [{}] is not admin and authorized to download package for {} ", tenant, namespace, componentName, clientRole, ComponentTypeUtils.toString(componentType)); throw new RestException(Status.UNAUTHORIZED, "client is not authorize to perform operation"); } @@ -1267,7 +1267,7 @@ public StreamingOutput downloadFunction(final String path, String clientRole, Au try { if (!isAuthorizedRole(tenant, namespace, clientRole, clientAuthenticationDataHttps)) { - log.error("{}/{}/{} Client [{}] is not admin and authorized to download package for {} ", tenant, namespace, + log.warn("{}/{}/{} Client [{}] is not admin and authorized to download package for {} ", tenant, namespace, componentName, clientRole, ComponentTypeUtils.toString(componentType)); throw new RestException(Status.UNAUTHORIZED, "client is not authorize to perform operation"); } @@ -1461,7 +1461,7 @@ protected void componentStatusRequestValidate (final String tenant, final String try { if (!isAuthorizedRole(tenant, namespace, clientRole, clientAuthenticationDataHttps)) { - log.error("{}/{}/{} Client [{}] is not authorized get status for {}", tenant, namespace, + log.warn("{}/{}/{} Client [{}] is not authorized get status for {}", tenant, namespace, componentName, clientRole, ComponentTypeUtils.toString(componentType)); throw new RestException(Status.UNAUTHORIZED, "client is not authorize to perform operation"); } @@ -1480,7 +1480,7 @@ protected void componentStatusRequestValidate (final String tenant, final String FunctionMetaDataManager functionMetaDataManager = worker().getFunctionMetaDataManager(); if (!functionMetaDataManager.containsFunction(tenant, namespace, componentName)) { - log.error("{} in get {} Status does not exist @ /{}/{}/{}", ComponentTypeUtils.toString(componentType), componentType, tenant, namespace, componentName); + log.warn("{} in get {} Status does not exist @ /{}/{}/{}", ComponentTypeUtils.toString(componentType), componentType, tenant, namespace, componentName); throw new RestException(Status.NOT_FOUND, String.format("%s %s doesn't exist", ComponentTypeUtils.toString(componentType), componentName)); } diff --git a/pulsar-functions/worker/src/main/java/org/apache/pulsar/functions/worker/rest/api/SinksImpl.java b/pulsar-functions/worker/src/main/java/org/apache/pulsar/functions/worker/rest/api/SinksImpl.java index a9bc573504508..d1b9895866afb 100644 --- a/pulsar-functions/worker/src/main/java/org/apache/pulsar/functions/worker/rest/api/SinksImpl.java +++ b/pulsar-functions/worker/src/main/java/org/apache/pulsar/functions/worker/rest/api/SinksImpl.java @@ -96,7 +96,7 @@ public void registerSink(final String tenant, try { if (!isAuthorizedRole(tenant, namespace, clientRole, clientAuthenticationDataHttps)) { - log.error("{}/{}/{} Client [{}] is not authorized to register {}", tenant, namespace, + log.warn("{}/{}/{} Client [{}] is not authorized to register {}", tenant, namespace, sinkName, clientRole, ComponentTypeUtils.toString(componentType)); throw new RestException(Response.Status.UNAUTHORIZED, "client is not authorize to perform operation"); } @@ -263,7 +263,7 @@ public void updateSink(final String tenant, try { if (!isAuthorizedRole(tenant, namespace, clientRole, clientAuthenticationDataHttps)) { - log.error("{}/{}/{} Client [{}] is not authorized to update {}", tenant, namespace, + log.warn("{}/{}/{} Client [{}] is not authorized to update {}", tenant, namespace, sinkName, clientRole, ComponentTypeUtils.toString(componentType)); throw new RestException(Response.Status.UNAUTHORIZED, "client is not authorize to perform operation"); diff --git a/pulsar-functions/worker/src/main/java/org/apache/pulsar/functions/worker/rest/api/SourcesImpl.java b/pulsar-functions/worker/src/main/java/org/apache/pulsar/functions/worker/rest/api/SourcesImpl.java index 187a7ae597ac2..f312370c350e6 100644 --- a/pulsar-functions/worker/src/main/java/org/apache/pulsar/functions/worker/rest/api/SourcesImpl.java +++ b/pulsar-functions/worker/src/main/java/org/apache/pulsar/functions/worker/rest/api/SourcesImpl.java @@ -96,7 +96,7 @@ public void registerSource(final String tenant, try { if (!isAuthorizedRole(tenant, namespace, clientRole, clientAuthenticationDataHttps)) { - log.error("{}/{}/{} Client [{}] is not authorized to register {}", tenant, namespace, + log.warn("{}/{}/{} Client [{}] is not authorized to register {}", tenant, namespace, sourceName, clientRole, ComponentTypeUtils.toString(componentType)); throw new RestException(Response.Status.UNAUTHORIZED, "client is not authorize to perform operation"); } @@ -263,7 +263,7 @@ public void updateSource(final String tenant, try { if (!isAuthorizedRole(tenant, namespace, clientRole, clientAuthenticationDataHttps)) { - log.error("{}/{}/{} Client [{}] is not authorized to update {}", tenant, namespace, + log.warn("{}/{}/{} Client [{}] is not authorized to update {}", tenant, namespace, sourceName, clientRole, ComponentTypeUtils.toString(componentType)); throw new RestException(Response.Status.UNAUTHORIZED, "client is not authorize to perform operation");