KNOX-3253: Add advisory lock to the postgres table creation to avoid catalog race condition when multiple Knox instance start up simultaneously (#1157)

Author: hanicz

gateway-server/src/main/java/org/apache/knox/gateway/GatewayMessages.java

@@ -825,7 +825,4 @@ void failedToDiscoverClusterServices(String clusterName, String topologyName,
 
   @Message(level = MessageLevel.ERROR, text = "LDAP service not found or not properly registered")
   void ldapServiceNotFound();
-
-  @Message( level = MessageLevel.WARN, text = "Postgres type already exists exception caught. Tables already exist skipping creation." )
-  void typeAlreadyExistsCaught();
 }

gateway-server/src/main/java/org/apache/knox/gateway/database/AbstractDataSourceFactory.java

@@ -32,6 +32,8 @@ public abstract class AbstractDataSourceFactory {
     public static final String ORACLE_TOKEN_METADATA_TABLE_CREATE_SQL_FILE_NAME = "createKnoxTokenMetadataDatabaseTableOracle.sql";
     public static final String DERBY_TOKENS_TABLE_CREATE_SQL_FILE_NAME = "createKnoxTokenDatabaseTableDerby.sql";
     public static final String DERBY_TOKEN_METADATA_TABLE_CREATE_SQL_FILE_NAME = "createKnoxTokenMetadataDatabaseTableDerby.sql";
+    public static final String POSTGRES_TOKENS_TABLE_CREATE_SQL_FILE_NAME = "createKnoxTokenDatabaseTablePostgres.sql";
+    public static final String POSTGRES_TOKEN_METADATA_TABLE_CREATE_SQL_FILE_NAME = "createKnoxTokenMetadataDatabaseTablePostgres.sql";
 
     public static final String KNOX_PROVIDERS_TABLE_CREATE_SQL_FILE_NAME = "createKnoxProvidersTable.sql";
     public static final String KNOX_DESCRIPTORS_TABLE_CREATE_SQL_FILE_NAME = "createKnoxDescriptorsTable.sql";

gateway-server/src/main/java/org/apache/knox/gateway/database/DatabaseType.java

@@ -19,8 +19,8 @@
 
 public enum DatabaseType {
     POSTGRESQL("postgresql",
-            AbstractDataSourceFactory.TOKENS_TABLE_CREATE_SQL_FILE_NAME,
-            AbstractDataSourceFactory.TOKEN_METADATA_TABLE_CREATE_SQL_FILE_NAME,
+            AbstractDataSourceFactory.POSTGRES_TOKENS_TABLE_CREATE_SQL_FILE_NAME,
+            AbstractDataSourceFactory.POSTGRES_TOKEN_METADATA_TABLE_CREATE_SQL_FILE_NAME,
             AbstractDataSourceFactory.KNOX_PROVIDERS_TABLE_CREATE_SQL_FILE_NAME,
             AbstractDataSourceFactory.KNOX_DESCRIPTORS_TABLE_CREATE_SQL_FILE_NAME
     ),

gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/TokenStateDatabase.java

@@ -18,13 +18,10 @@
 package org.apache.knox.gateway.services.token.impl;
 
 import org.apache.commons.codec.binary.Base64;
-import org.apache.knox.gateway.GatewayMessages;
 import org.apache.knox.gateway.database.DatabaseType;
 import org.apache.knox.gateway.database.JDBCUtils;
-import org.apache.knox.gateway.i18n.messages.MessagesFactory;
 import org.apache.knox.gateway.services.security.token.KnoxToken;
 import org.apache.knox.gateway.services.security.token.TokenMetadata;
-import org.postgresql.util.PSQLException;
 
 import javax.sql.DataSource;
 import java.sql.Connection;
@@ -41,9 +38,6 @@
 import static java.nio.charset.StandardCharsets.UTF_8;
 
 public class TokenStateDatabase {
-
-  private static final GatewayMessages LOG = MessagesFactory.get(GatewayMessages.class);
-
   static final String TOKENS_TABLE_NAME = "KNOX_TOKENS";
   static final String TOKEN_METADATA_TABLE_NAME = "KNOX_TOKEN_METADATA";
   private static final String ADD_TOKEN_SQL = "INSERT INTO " + TOKENS_TABLE_NAME + "(token_id, issue_time, expiration, max_lifetime) VALUES(?, ?, ?, ?)";
@@ -66,20 +60,11 @@ public class TokenStateDatabase {
 
   private final DataSource dataSource;
 
-  private static final String POSTGRES_DUPLICATE_OBJECT_STATE = "42710";
-
   TokenStateDatabase(DataSource dataSource, String dbType) throws Exception {
     this.dataSource = dataSource;
     DatabaseType databaseType = DatabaseType.fromString(dbType);
-    try {
-      createTableIfNotExists(TOKENS_TABLE_NAME, databaseType.tokensTableSql());
-      createTableIfNotExists(TOKEN_METADATA_TABLE_NAME, databaseType.metadataTableSql());
-    } catch (PSQLException psqlException) {
-      if (!psqlException.getSQLState().equals(POSTGRES_DUPLICATE_OBJECT_STATE)) {
-        throw psqlException;
-      }
-      LOG.typeAlreadyExistsCaught();
-    }
+    createTableIfNotExists(TOKENS_TABLE_NAME, databaseType.tokensTableSql());
+    createTableIfNotExists(TOKEN_METADATA_TABLE_NAME, databaseType.metadataTableSql());
   }
 
   private void createTableIfNotExists(String tableName, String createSqlFileName) throws Exception {

gateway-server/src/main/resources/createKnoxTokenDatabaseTablePostgres.sql

@@ -0,0 +1,26 @@
+--  Licensed to the Apache Software Foundation (ASF) under one or more
+--  contributor license agreements. See the NOTICE file distributed with this
+--  work for additional information regarding copyright ownership. The ASF
+--  licenses this file to you under the Apache License, Version 2.0 (the
+--  "License"); you may not use this file except in compliance with the License.
+--  You may obtain a copy of the License at
+-- 
+--  http://www.apache.org/licenses/LICENSE-2.0
+-- 
+--  Unless required by applicable law or agreed to in writing, software
+--  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+--  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+--  License for the specific language governing permissions and limitations under
+--  the License.
+
+SELECT pg_advisory_lock (12345);
+
+CREATE TABLE IF NOT EXISTS KNOX_TOKENS (
+   token_id varchar(128) NOT NULL,
+   issue_time bigint NOT NULL,
+   expiration bigint NOT NULL,
+   max_lifetime bigint NOT NULL,
+   PRIMARY KEY (token_id)
+);
+
+SELECT pg_advisory_unlock (12345);

gateway-server/src/main/resources/createKnoxTokenMetadataDatabaseTablePostgres.sql

@@ -0,0 +1,26 @@
+--  Licensed to the Apache Software Foundation (ASF) under one or more
+--  contributor license agreements. See the NOTICE file distributed with this
+--  work for additional information regarding copyright ownership. The ASF
+--  licenses this file to you under the Apache License, Version 2.0 (the
+--  "License"); you may not use this file except in compliance with the License.
+--  You may obtain a copy of the License at
+-- 
+--  http://www.apache.org/licenses/LICENSE-2.0
+-- 
+--  Unless required by applicable law or agreed to in writing, software
+--  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+--  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+--  License for the specific language governing permissions and limitations under
+--  the License.
+
+SELECT pg_advisory_lock (12345);
+
+CREATE TABLE IF NOT EXISTS KNOX_TOKEN_METADATA (
+   token_id varchar(128) NOT NULL,
+   md_name varchar(32) NOT NULL,
+   md_value varchar(256) NOT NULL,
+   PRIMARY KEY (token_id, md_name),
+   CONSTRAINT fk_token_id FOREIGN KEY(token_id) REFERENCES KNOX_TOKENS(token_id) ON DELETE CASCADE
+);
+
+SELECT pg_advisory_unlock (12345);