-
Notifications
You must be signed in to change notification settings - Fork 304
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HPCC-32847 Require WsLogAccess to include logs in ZAP #19389
base: candidate-9.8.x
Are you sure you want to change the base?
Changes from 1 commit
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -45,6 +45,9 @@ | |
|
||
namespace ws_workunits { | ||
|
||
// Same feature access as in ws_logaccess.ecm | ||
#define WS_LOGACCESS "WsLogAccess" | ||
|
||
const char * const timerFilterText = "measure[time],source[global],depth[1,]"; // Does not include hthor subgraph timings | ||
const char* zipFolder = "tempzipfiles" PATHSEPSTR; | ||
|
||
|
@@ -4096,8 +4099,7 @@ void CWsWuFileHelper::createThorSlaveLogfile(IConstWorkUnit* cwu, WsWuInfo& winf | |
} | ||
#endif | ||
|
||
void CWsWuFileHelper::createZAPInfoFile(const char* url, const char* esp, const char* thor, const char* problemDesc, | ||
const char* whatChanged, const char* timing, IConstWorkUnit* cwu, const char* tempDirName) | ||
void CWsWuFileHelper::createZAPInfoFile(CWsWuZAPInfoReq &request, IConstWorkUnit* cwu, const char* tempDirName) | ||
{ | ||
VStringBuffer fileName("%s%c%s.txt", tempDirName, PATHSEPCHAR, cwu->queryWuid()); | ||
Owned<IFileIOStream> outFile = createBufferedIOStreamFromFile(fileName.str(), IFOcreate); | ||
|
@@ -4109,11 +4111,11 @@ void CWsWuFileHelper::createZAPInfoFile(const char* url, const char* esp, const | |
sb.append("User: ").append(cwu->queryUser()).append("\r\n"); | ||
sb.append("Build Version:").append(getBuildVersion()).append("\r\n"); | ||
sb.append("Cluster: ").append(cwu->queryClusterName()).append("\r\n"); | ||
sb.append("ESP: ").append(esp).append("\r\n"); | ||
if (!isEmptyString(url)) | ||
sb.append("URL: ").append(url).append("\r\n"); | ||
if (!isEmptyString(thor)) | ||
sb.append("Thor: ").append(thor).append("\r\n"); | ||
sb.append("ESP: ").append(request.esp).append("\r\n"); | ||
if (!isEmptyString(request.url)) | ||
sb.append("URL: ").append(request.url).append("\r\n"); | ||
if (!isEmptyString(request.thor)) | ||
sb.append("Thor: ").append(request.thor).append("\r\n"); | ||
outFile->write(sb.length(), sb.str()); | ||
|
||
//Exceptions/Warnings/Info | ||
|
@@ -4147,9 +4149,14 @@ void CWsWuFileHelper::createZAPInfoFile(const char* url, const char* esp, const | |
} | ||
|
||
//User provided Information | ||
writeZAPWUInfoToIOStream(outFile, "Problem: ", problemDesc); | ||
writeZAPWUInfoToIOStream(outFile, "What Changed: ", whatChanged); | ||
writeZAPWUInfoToIOStream(outFile, "Timing: ", timing); | ||
writeZAPWUInfoToIOStream(outFile, "Problem: ", request.problemDesc); | ||
writeZAPWUInfoToIOStream(outFile, "What Changed: ", request.whatChanged); | ||
writeZAPWUInfoToIOStream(outFile, "Timing: ", request.whereSlow); | ||
if (request.logsExcludedDueToNoAccess()) | ||
{ | ||
writeZAPWUInfoToIOStream(outFile, "Logs: ", "Excluded due to no access, need WsLogAccess:Read"); | ||
LOG(MCuserWarning, "ZAP report for workunit %s excludes logs due to access restrictions. Need WsLogAccess:READ", request.wuid.str()); | ||
} | ||
} | ||
|
||
void CWsWuFileHelper::writeZAPWUInfoToIOStream(IFileIOStream* outFile, const char* name, SCMStringBuffer& value) | ||
|
@@ -4517,36 +4524,39 @@ int CWsWuFileHelper::zipAFolder(const char* folder, bool gzip, const char* zipFi | |
void CWsWuFileHelper::createWUZAPFile(IEspContext& context, IConstWorkUnit* cwu, CWsWuZAPInfoReq& request, | ||
const char* tempDirName, StringBuffer& zapFileName, StringBuffer& zipFileNameWithFullPath, unsigned _thorSlaveLogThreadPoolSize) | ||
{ | ||
request.hasLogsAccess = context.validateFeatureAccess(WS_LOGACCESS, SecAccess_Read, false); | ||
setZAPReportName(request.zapFileName, cwu->queryWuid(), zapFileName); | ||
|
||
zipFileNameWithFullPath.set(tempDirName).append(PATHSEPCHAR).append("zapreport.zip"); | ||
thorSlaveLogThreadPoolSize = _thorSlaveLogThreadPoolSize; | ||
|
||
//create WU ZAP files | ||
createZAPInfoFile(request.url.str(), request.esp.str(), request.thor.str(), request.problemDesc.str(), request.whatChanged.str(), | ||
request.whereSlow.str(), cwu, tempDirName); | ||
//create WU ZAP files | ||
createZAPInfoFile(request, cwu, tempDirName); | ||
createZAPECLQueryArchiveFiles(cwu, tempDirName); | ||
|
||
WsWuInfo winfo(context, cwu); | ||
createZAPWUXMLFile(winfo, tempDirName); | ||
createZAPWUGraphProgressFile(request.wuid.str(), tempDirName); | ||
|
||
StringArray localFiles; | ||
createZAPWUQueryAssociatedFiles(cwu, tempDirName, localFiles); | ||
createZAPWUQueryAssociatedFiles(cwu, tempDirName, localFiles, request.hasLogsAccess); | ||
if (request.hasLogsAccess) | ||
{ | ||
#ifndef _CONTAINERIZED | ||
createProcessLogfile(cwu, winfo, "EclAgent", tempDirName); | ||
createProcessLogfile(cwu, winfo, "Thor", tempDirName); | ||
if (request.includeThorSlaveLog.isEmpty() || strieq(request.includeThorSlaveLog.str(), "on")) | ||
createThorSlaveLogfile(cwu, winfo, tempDirName); | ||
createProcessLogfile(cwu, winfo, "EclAgent", tempDirName); | ||
createProcessLogfile(cwu, winfo, "Thor", tempDirName); | ||
if (request.includeThorSlaveLog.isEmpty() || strieq(request.includeThorSlaveLog.str(), "on")) | ||
createThorSlaveLogfile(cwu, winfo, tempDirName); | ||
#else | ||
readWULogToFiles(cwu, winfo, tempDirName, request); | ||
readWULogToFiles(cwu, winfo, tempDirName, request); | ||
#endif | ||
} | ||
|
||
//Write out to ZIP file | ||
zipAllZAPFiles(tempDirName, localFiles, request.password, zipFileNameWithFullPath); | ||
} | ||
|
||
void CWsWuFileHelper::createZAPWUQueryAssociatedFiles(IConstWorkUnit* cwu, const char* tempDirName, StringArray& localFiles) | ||
void CWsWuFileHelper::createZAPWUQueryAssociatedFiles(IConstWorkUnit* cwu, const char* tempDirName, StringArray& localFiles, bool hasLogsAccess) | ||
{ | ||
Owned<IConstWUQuery> query = cwu->getQuery(); | ||
if (!query) | ||
|
@@ -4563,6 +4573,9 @@ void CWsWuFileHelper::createZAPWUQueryAssociatedFiles(IConstWorkUnit* cwu, const | |
cur.getName(name); | ||
cur.getIp(ip); | ||
|
||
if (!hasLogsAccess && endsWith(name.str(), ".eclcc.log")) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I'm not sure I follow what's special about *.eclcc.log files, this might need a code comment There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The eclcc log files are included as "Associated Files" for bare-metal clusters. I'm checking for them specifically here to exclude if the user doesn't have access. I considered checking for any *.log file but thought it might be best to limit the exclusion to just the log file I'd seen could be included here. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Thanks @asselitx, as mentioned offline, eclcc.log files aren't typically creating via the logAccess feature, and the logAccess feature level flag might not apply here. |
||
continue; | ||
|
||
RemoteFilename rfn; | ||
SocketEndpoint ep(ip.str()); | ||
rfn.setPath(ep, name.str()); | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -369,6 +369,7 @@ struct CWsWuZAPInfoReq | |
bool sendEmail, attachZAPReportToEmail; | ||
bool includeRelatedLogs = true, includePerComponentLogs = false; | ||
unsigned maxAttachmentSize, port; | ||
bool hasLogsAccess = false; | ||
|
||
WUComponentLogOptions logFilter; | ||
|
||
|
@@ -381,6 +382,17 @@ struct CWsWuZAPInfoReq | |
{ | ||
logFilter.populateLogFilter(wuid.str(), httpRequest); | ||
} | ||
|
||
// True when logs _would have been included_ if the user had access | ||
bool logsExcludedDueToNoAccess() | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. minor, but for some reason the current method name misleads me into thinking the logs have already been excluded, but I think the method is determining if the logs should be excluded, does it make sense to rename to excludeLogsDueToNoAccess()? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. OK will do |
||
{ | ||
#ifdef _CONTAINERIZED | ||
return (includeRelatedLogs || includePerComponentLogs) && !hasLogsAccess; | ||
#else | ||
// Bare metal historically always includes Thor and EclAgent logs | ||
return !hasLogsAccess; | ||
#endif | ||
} | ||
}; | ||
|
||
class WsWuInfo | ||
|
@@ -890,11 +902,10 @@ class CWsWuFileHelper | |
IFile *createWorkingFolder(IEspContext &context, const char *wuid, const char *namePrefix, | ||
StringBuffer &namePrefixStr, StringBuffer &folderName); | ||
|
||
void createZAPInfoFile(const char *url, const char *espIP, const char *thorIP, const char *problemDesc, | ||
const char *whatChanged, const char *timing, IConstWorkUnit *cwu, const char *pathNameStr); | ||
void createZAPInfoFile(CWsWuZAPInfoReq &request, IConstWorkUnit *cwu, const char *pathNameStr); | ||
void createZAPWUXMLFile(WsWuInfo &winfo, const char *pathNameStr); | ||
void createZAPECLQueryArchiveFiles(IConstWorkUnit *cwu, const char *pathNameStr); | ||
void createZAPWUQueryAssociatedFiles(IConstWorkUnit *cwu, const char *pathToCreate, StringArray &localFiles); | ||
void createZAPWUQueryAssociatedFiles(IConstWorkUnit *cwu, const char *pathToCreate, StringArray &localFiles, bool hasLogsAccess); | ||
void createZAPWUGraphProgressFile(const char *wuid, const char *pathNameStr); | ||
#ifndef _CONTAINERIZED | ||
void createProcessLogfile(IConstWorkUnit *cwu, WsWuInfo &winfo, const char *process, const char *path); | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Very minor, but potentially very helpful would be to add "user lacks 'WsLogAccess:Read' feature access, please contact admin" or something to that affect.