Allow not to return sync stat when describe index; TunnelClient: fix readMaxTimesPerRound logic; KnnQuery support minScore and numCandidates; Search: add trackTotalCount; search filter supports; add accessDeniedDetail in TableStoreNoPermissionException; support TunnelClient created by CredentialsProvider (#49)

Author: waterxjw

README.md

@@ -9,19 +9,19 @@
  - 阿里云表格存储是阿里云自主研发的NoSQL数据存储服务，提供海量结构化数据的存储和实时访问。
 
 ## 版本
- - 当前版本：5.17.4
+ - 当前版本：5.17.5
 
 ## 运行环境
  - JDK 6及其以上
 
 ## 安装
 #### Maven方式
-下载[最新版JAR包](https://search.maven.org/remotecontent?filepath=com/aliyun/openservices/tablestore/5.17.4/tablestore-5.17.4.jar)或者通过Maven：
+下载[最新版JAR包](https://search.maven.org/remotecontent?filepath=com/aliyun/openservices/tablestore/5.17.5/tablestore-5.17.5.jar)或者通过Maven：
 ```xml
 <dependency>
   <groupId>com.aliyun.openservices</groupId>
   <artifactId>tablestore</artifactId>
-  <version>5.17.4</version>
+  <version>5.17.5</version>
 </dependency>
 ```
 

pom.xml

@@ -3,7 +3,7 @@
   <modelVersion>4.0.0</modelVersion>  
   <groupId>com.aliyun.openservices</groupId>  
   <artifactId>tablestore</artifactId>  
-  <version>5.17.4</version>
+  <version>5.17.5</version>
   <packaging>jar</packaging>  
   <name>AliCloud TableStore SDK for Java</name>  
   <url>http://www.aliyun.com</url>

src/main/java/com/alicloud/openservices/tablestore/TableStoreNoPermissionException.java

@@ -0,0 +1,137 @@
+package com.alicloud.openservices.tablestore;
+
+import com.alicloud.openservices.tablestore.core.protocol.OtsInternalApi;
+
+public class TableStoreNoPermissionException extends TableStoreException {
+
+    private AccessDeniedDetail accessDeniedDetail;
+
+    public TableStoreNoPermissionException(String message, Throwable cause,
+                                           String errorCode,
+                                           String requestId, int httpStatus, OtsInternalApi.AccessDeniedDetail accessDeniedDetail) {
+        super(message, cause, errorCode, requestId, httpStatus);
+        this.accessDeniedDetail = new AccessDeniedDetail(
+                accessDeniedDetail.getAuthAction(),
+                accessDeniedDetail.getAuthPrincipalType(),
+                accessDeniedDetail.getAuthPrincipalOwnerId(),
+                accessDeniedDetail.getAuthPrincipalDisplayName(),
+                accessDeniedDetail.getPolicyType(),
+                accessDeniedDetail.getNoPermissionType(),
+                accessDeniedDetail.getEncodedDiagnosticMessage());
+    }
+
+    public TableStoreNoPermissionException(String message, Throwable cause,
+                                           String errorCode,
+                                           String requestId, int httpStatus, AccessDeniedDetail accessDeniedDetail) {
+        super(message, cause, errorCode, requestId, httpStatus);
+        this.accessDeniedDetail = accessDeniedDetail;
+    }
+
+    public AccessDeniedDetail getAccessDeniedDetail() {
+        return accessDeniedDetail;
+    }
+
+    public void setAccessDeniedDetail(AccessDeniedDetail accessDeniedDetail) {
+        this.accessDeniedDetail = accessDeniedDetail;
+    }
+
+    public String toString() {
+        return super.toString() + ", [AccessDeniedDetail]:" + accessDeniedDetail.toString();
+    }
+
+    public static class AccessDeniedDetail {
+
+        private String authAction;
+
+        private String authPrincipalType;
+
+        private String authPrincipalOwnerId;
+
+        private String authPrincipalDisplayName;
+
+        private String policyType;
+
+        private String noPermissionType;
+
+        private String encodedDiagnosticMessage;
+
+        public AccessDeniedDetail(String authAction, String authPrincipalType, String authPrincipalOwnerId, String authPrincipalDisplayName, String policyType, String noPermissionType, String encodedDiagnosticMessage) {
+            this.authAction = authAction;
+            this.authPrincipalType = authPrincipalType;
+            this.authPrincipalOwnerId = authPrincipalOwnerId;
+            this.authPrincipalDisplayName = authPrincipalDisplayName;
+            this.policyType = policyType;
+            this.noPermissionType = noPermissionType;
+            this.encodedDiagnosticMessage = encodedDiagnosticMessage;
+        }
+
+        public String getAuthAction() {
+            return authAction;
+        }
+
+        public void setAuthAction(String authAction) {
+            this.authAction = authAction;
+        }
+
+        public String getAuthPrincipalType() {
+            return authPrincipalType;
+        }
+
+        public void setAuthPrincipalType(String authPrincipalType) {
+            this.authPrincipalType = authPrincipalType;
+        }
+
+        public String getAuthPrincipalOwnerId() {
+            return authPrincipalOwnerId;
+        }
+
+        public void setAuthPrincipalOwnerId(String authPrincipalOwnerId) {
+            this.authPrincipalOwnerId = authPrincipalOwnerId;
+        }
+
+        public String getAuthPrincipalDisplayName() {
+            return authPrincipalDisplayName;
+        }
+
+        public void setAuthPrincipalDisplayName(String authPrincipalDisplayName) {
+            this.authPrincipalDisplayName = authPrincipalDisplayName;
+        }
+
+        public String getPolicyType() {
+            return policyType;
+        }
+
+        public void setPolicyType(String policyType) {
+            this.policyType = policyType;
+        }
+
+        public String getNoPermissionType() {
+            return noPermissionType;
+        }
+
+        public void setNoPermissionType(String noPermissionType) {
+            this.noPermissionType = noPermissionType;
+        }
+
+        public String getEncodedDiagnosticMessage() {
+            return encodedDiagnosticMessage;
+        }
+
+        public void setEncodedDiagnosticMessage(String encodedDiagnosticMessage) {
+            this.encodedDiagnosticMessage = encodedDiagnosticMessage;
+        }
+
+        @Override
+        public String toString() {
+            return "AccessDeniedDetail{" +
+                    "authAction='" + authAction + '\'' +
+                    ", authPrincipalType='" + authPrincipalType + '\'' +
+                    ", authPrincipalOwnerId='" + authPrincipalOwnerId + '\'' +
+                    ", authPrincipalDisplayName='" + authPrincipalDisplayName + '\'' +
+                    ", policyType='" + policyType + '\'' +
+                    ", noPermissionType='" + noPermissionType + '\'' +
+                    ", encodedDiagnosticMessage='" + encodedDiagnosticMessage + '\'' +
+                    '}';
+        }
+    }
+}

src/main/java/com/alicloud/openservices/tablestore/TunnelClient.java

@@ -3,6 +3,8 @@
 import java.util.Map;
 import java.util.concurrent.*;
 
+import com.alicloud.openservices.tablestore.core.ResourceManager;
+import com.alicloud.openservices.tablestore.core.auth.CredentialsProvider;
 import com.alicloud.openservices.tablestore.core.utils.Preconditions;
 import com.alicloud.openservices.tablestore.model.tunnel.CreateTunnelRequest;
 import com.alicloud.openservices.tablestore.model.tunnel.CreateTunnelResponse;
@@ -103,16 +105,28 @@ public TunnelClient(String endpoint, String accessKeyId,
     public TunnelClient(String endpoint, String accessKeyId,
                         String accessKeySecret, String instanceName, ClientConfiguration config, String stsToken,
                         ExecutorService callbackExecutor) {
-        if (config != null) {
-            config.setEnableResponseValidation(false);
-        } else {
+        if (config == null) {
             config = new ClientConfiguration();
-            config.setEnableResponseValidation(false);
         }
+        config.setEnableResponseValidation(false);
+
         this.internalClient = new InternalClient(endpoint, accessKeyId, accessKeySecret, instanceName, config,
             callbackExecutor, stsToken);
     }
 
+    /**
+     * 使用指定的TableStore Endpoint和默认配置构造一个新的{@link TunnelClient}实例。
+     */
+    public TunnelClient(String endpoint, CredentialsProvider credsProvider, String instanceName,
+                            ClientConfiguration config, ResourceManager resourceManager) {
+        if (config == null) {
+            config = new ClientConfiguration();
+        }
+        config.setEnableResponseValidation(false);
+
+        this.internalClient = new InternalClient(endpoint, credsProvider, instanceName, config, resourceManager);
+    }
+
     TunnelClient(InternalClient internalClient) {
         this.internalClient = internalClient;
     }
@@ -139,6 +153,15 @@ public String getInstanceName() {
         return this.internalClient.getInstanceName();
     }
 
+    /**
+     * 返回Client配置
+     *
+     * @return client configuration
+     */
+    public ClientConfiguration getClientConfig() {
+        return this.internalClient.getClientConfig();
+    }
+
     @Override
     public CreateTunnelResponse createTunnel(CreateTunnelRequest request)
         throws TableStoreException, ClientException {

src/main/java/com/alicloud/openservices/tablestore/core/CallbackImpledFuture.java

@@ -9,6 +9,7 @@
 import com.alicloud.openservices.tablestore.TableStoreCallback;
 import com.alicloud.openservices.tablestore.TableStoreException;
 import com.alicloud.openservices.tablestore.ClientException;
+import com.alicloud.openservices.tablestore.TableStoreNoPermissionException;
 import com.alicloud.openservices.tablestore.core.utils.Preconditions;
 
 public class CallbackImpledFuture<Req, Res>
@@ -101,7 +102,14 @@ public Res get(long timeout, TimeUnit unit)
 
 
     private Res getResultWithoutLock() throws TableStoreException, ClientException {
-        if (this.ex instanceof TableStoreException) {
+        if (this.ex instanceof TableStoreNoPermissionException) {
+            // create a new exception as this.ex doesn't has current stack trace
+            TableStoreNoPermissionException tmp = (TableStoreNoPermissionException) this.ex;
+            TableStoreNoPermissionException newExp = new TableStoreNoPermissionException(tmp.getMessage(), tmp, tmp.getErrorCode(), tmp.getRequestId(), tmp.getHttpStatus(),tmp.getAccessDeniedDetail());
+            newExp.setTraceId(tmp.getTraceId());
+            throw newExp;
+        }
+        else if (this.ex instanceof TableStoreException) {
             // create a new exception as this.ex doesn't has current stack trace
             TableStoreException tmp = (TableStoreException)this.ex;
             TableStoreException newExp = new TableStoreException(tmp.getMessage(), tmp, tmp.getErrorCode(), tmp.getRequestId(), tmp.getHttpStatus());

src/main/java/com/alicloud/openservices/tablestore/core/Constants.java

@@ -5,7 +5,7 @@
 public class Constants {
     // ALL HTTP HEADERS SHOULD BE DEFINED IN LOWERCASE
     // request headers
-    public static final String USER_AGENT = "ots-java-sdk 5.17.4";
+    public static final String USER_AGENT = "ots-java-sdk 5.17.5";
     public static final String OTS_HEADER_API_VERSION = "x-ots-apiversion";
     public static final String OTS_HEADER_ACCESS_KEY_ID = "x-ots-accesskeyid";
     public static final String OTS_HEADER_OTS_CONTENT_MD5 = "x-ots-contentmd5";

src/main/java/com/alicloud/openservices/tablestore/core/http/ErrorResponseHandler.java

@@ -6,6 +6,7 @@
 
 import com.alicloud.openservices.tablestore.ClientException;
 import com.alicloud.openservices.tablestore.TableStoreException;
+import com.alicloud.openservices.tablestore.TableStoreNoPermissionException;
 import com.alicloud.openservices.tablestore.core.Constants;
 import com.alicloud.openservices.tablestore.core.protocol.OtsInternalApi;
 import com.alicloud.openservices.tablestore.core.utils.Preconditions;
@@ -53,6 +54,9 @@ public void handle(ResponseMessage responseData) throws TableStoreException, Cli
 
         try {
             OtsInternalApi.Error errMsg = OtsInternalApi.Error.parseFrom(errorStream);
+            if (errMsg.hasAccessDeniedDetail()) {
+                throw new TableStoreNoPermissionException(errMsg.getMessage(), null, errMsg.getCode(), requestId, httpStatus,errMsg.getAccessDeniedDetail());
+            }
             throw new TableStoreException(errMsg.getMessage(), null, errMsg.getCode(), requestId, httpStatus);
         } catch (IOException e) {
             throw new ClientException("Network error.", e);

src/main/java/com/alicloud/openservices/tablestore/core/http/OTSValidationResponseHandler.java

@@ -15,6 +15,8 @@
 import com.alicloud.openservices.tablestore.core.utils.Bytes;
 import com.alicloud.openservices.tablestore.core.auth.ServiceCredentials;
 import com.alicloud.openservices.tablestore.core.auth.HmacSHA1Signature;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import static com.alicloud.openservices.tablestore.core.Constants.*;
 
@@ -23,7 +25,7 @@
  *
  */
 public class OTSValidationResponseHandler implements ResponseHandler{
-
+    private static final Logger LOG = LoggerFactory.getLogger(OTSValidationResponseHandler.class);
     private ServiceCredentials credentials;
     private OTSUri uri;
 
@@ -64,7 +66,6 @@ public void handle(ResponseMessage responseData) throws ClientException {
         }
         strToSign.append('/');
         strToSign.append(uri.getAction());
-
         HmacSHA1Signature signer = new HmacSHA1Signature(Bytes.toBytes(credentials.getAccessKeySecret()));
         signer.updateUTF8String(strToSign.toString());
         String actualSign = signer.computeSignature();
@@ -74,14 +75,17 @@ public void handle(ResponseMessage responseData) throws ClientException {
         int posSign = authHeader.indexOf(actualSign);
         if (posSign < 0) {
             // cannot find signature
+            LOG.error("Validate response authorization failed, cannot find signature. headers:{}, accessKeyId:{}, computedSign:{}", headers, credentials.getAccessKeyId(), actualSign);
             throw new ClientException("返回结果授权信息验证失败。");
         }
         if (posSign == 0 || authHeader.charAt(posSign - 1) != ':') {
             // cannot find separator ':'
+            LOG.error("Validate response authorization failed, cannot find separator ':'. headers:{}, accessKeyId:{}, computedSign:{}", headers, credentials.getAccessKeyId(), actualSign);
             throw new ClientException("返回结果授权信息验证失败。");
         }
         if (posSign + actualSign.length() != authHeader.length()) {
             // signature is not the last part of authHeader
+            LOG.error("Validate response authorization failed, signature is not the last part of authHeader. headers:{}, accessKeyId:{}, computedSign:{}", headers, credentials.getAccessKeyId(), actualSign);
             throw new ClientException("返回结果授权信息验证失败。");
         }
     }