do not detect ca path by default; only try on ca issues

hafenkran · Nov 16, 2024 · 3bbf9fc · 3bbf9fc
1 parent 3a13b34
commit 3bbf9fc
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 18 deletions.
diff --git a/src/bigquery_client.cpp b/src/bigquery_client.cpp
@@ -120,6 +120,7 @@ google::cloud::Options BigqueryClient::OptionsGRPC() {
 }
 
 vector<BigqueryDatasetRef> BigqueryClient::GetDatasets() {
+    std::cout << "BigqueryClient::GetDatasets" << std::endl;
     auto request = google::cloud::bigquery::v2::ListDatasetsRequest();
     request.set_project_id(config.project_id);
 
@@ -131,11 +132,13 @@ vector<BigqueryDatasetRef> BigqueryClient::GetDatasets() {
     for (google::cloud::StatusOr<google::cloud::bigquery::v2::ListFormatDataset> const &dataset : datasets) {
         if (!dataset.ok()) {
             // Special case for empty projects. The "empty" result object seems to be unparseable by the lib.
-            if (dataset.status().message() ==
-                "Permanent error, with a last message of Not a valid Json DatasetList object") {
+            if (CheckInvalidJsonError(dataset.status())) {
                 return result;
             }
-            return vector<BigqueryDatasetRef>();
+            if (CheckSSLError(dataset.status())) {
+                return GetDatasets();
+            }
+            throw BinderException(dataset.status().message());
         }
 
         google::cloud::bigquery::v2::ListFormatDataset dataset_val = dataset.value();
@@ -163,10 +166,12 @@ vector<BigqueryTableRef> BigqueryClient::GetTables(const string &dataset_id) {
     for (google::cloud::StatusOr<google::cloud::bigquery::v2::ListFormatTable> const &table : tables) {
         if (!table.ok()) {
             // Special case for empty datasets. The "empty" result object seems to be unparseable by the lib.
-            if (table.status().message() ==
-                "Permanent error, with a last message of Not a valid Json TableList object") {
+            if (CheckInvalidJsonError(table.status())) {
                 return table_names;
             }
+            if (CheckSSLError(table.status())) {
+                return GetTables(dataset_id);
+            }
             throw InternalException(table.status().message());
         }
 
@@ -192,6 +197,9 @@ BigqueryDatasetRef BigqueryClient::GetDataset(const string &dataset_id) {
 
     auto response = client->GetDataset(request);
     if (!response.ok()) {
+        if (CheckSSLError(response.status())) {
+            return GetDataset(dataset_id);
+        }
         throw InternalException(response.status().message());
     }
 
@@ -273,6 +281,9 @@ vector<google::cloud::bigquery::v2::ListFormatJob> BigqueryClient::ListJobs(cons
     int num_results = 0;
     for (const auto &job : response) {
         if (!job.ok()) {
+            if (CheckSSLError(job.status())) {
+                return ListJobs(params);
+            }
             throw BinderException(job.status().message());
         }
         auto job_val = job.value();
@@ -303,6 +314,9 @@ google::cloud::bigquery::v2::Job BigqueryClient::GetJob(const string &job_id, co
 
     auto response = client.GetJob(request);
     if (!response.ok()) {
+        if (CheckSSLError(response.status())) {
+            return GetJob(job_id, location);
+        }
         throw BinderException(response.status().message());
     }
 
@@ -321,6 +335,9 @@ BigqueryTableRef BigqueryClient::GetTable(const string &dataset_id, const string
 
     auto response = client->GetTable(request);
     if (!response.ok()) {
+        if (CheckSSLError(response.status())) {
+            return GetTable(dataset_id, table_id);
+        }
         throw InternalException(response.status().message());
     }
 
@@ -503,6 +520,9 @@ void BigqueryClient::GetTableInfo(const string &dataset_id,
 
     auto response = client->GetTable(request);
     if (!response.ok()) {
+        if (CheckSSLError(response.status())) {
+            return GetTableInfo(dataset_id, table_id, res_columns, res_constraints);
+        }
         if (response.status().code() == google::cloud::StatusCode::kNotFound) {
             auto table_ref = BigqueryUtils::FormatTableString(config.project_id, dataset_id, table_id);
             throw BinderException("GetTableInfo - table \"%s\" not found", table_ref);
@@ -521,7 +541,7 @@ void BigqueryClient::GetTableInfoForQuery(const string &query,
     if (!query_response.has_schema()) {
         throw BinderException("Query response does not contain a result schema.");
     }
- 	auto schema = query_response.schema();
+    auto schema = query_response.schema();
     MapTableSchema(schema, res_columns, res_constraints);
 }
 

diff --git a/src/include/bigquery_client.hpp b/src/include/bigquery_client.hpp
@@ -6,6 +6,7 @@
 
 #include "bigquery_arrow_reader.hpp"
 #include "bigquery_proto_writer.hpp"
+#include "bigquery_settings.hpp"
 #include "bigquery_utils.hpp"
 
 #include "duckdb.hpp"
@@ -107,8 +108,27 @@ class BigqueryClient {
                         ColumnList &res_columns,
                         vector<unique_ptr<Constraint>> &res_constraints);
 
+    bool CheckSSLError(const google::cloud::Status &status) {
+        if (status.message().find("Problem with the SSL CA cert") != std::string::npos) {
+            if (!uses_custom_ca_bundle_path && !BigquerySettings::CurlCaBundlePath().empty()) {
+                uses_custom_ca_bundle_path = true;
+                BigquerySettings::TryDetectCurlCaBundlePath();
+                return true;
+            }
+        }
+        return false;
+    }
+
+    bool CheckInvalidJsonError(const google::cloud::Status &status) {
+        if (status.message().find("Not a valid Json") != std::string::npos) {
+            return true;
+        }
+        return false;
+    }
+
 private:
     BigqueryConfig config;
+    bool uses_custom_ca_bundle_path = false;
 };
 
 } // namespace bigquery

diff --git a/src/include/bigquery_settings.hpp b/src/include/bigquery_settings.hpp
@@ -22,10 +22,10 @@ inline std::string DetectCAPath() {
         "/etc/pki/tls/certs/ca-bundle.crt",
         "/etc/ssl/ca-bundle.pem",
         "/etc/ssl/cert.pem",
-        "/usr/local/share/certs/ca-root-nss.crt",
         "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem",
         "/etc/openssl/certs/ca-certificates.crt",
         "/var/lib/ca-certificates/ca-bundle.pem",
+        "/usr/local/share/certs/ca-root-nss.crt",
         "/usr/local/etc/openssl/cert.pem" //
     };
     for (const char *path : ca_paths) {
@@ -85,27 +85,21 @@ struct BigquerySettings {
 
     static string &CurlCaBundlePath() {
         static string curl_ca_bundle_path = "";
-        if (curl_ca_bundle_path.empty()) {
-            curl_ca_bundle_path = DetectCAPath();
-        }
-#if defined(__linux__) || defined(__unix__)
-        if (curl_ca_bundle_path.empty()) {
-            throw BinderException("Curl CA bundle path not found. Try setting the 'bq_curl_ca_bundle_path' option.");
-        }
-#endif
         return curl_ca_bundle_path;
     }
 
     static void SetCurlCaBundlePath(ClientContext &context, SetScope scope, Value &parameter) {
         string path = StringValue::Get(parameter);
-        if (path.empty()) {
-            throw InvalidInputException("Curl CA bundle path cannot be empty");
-        } else if (!std::ifstream(path).good()) {
+        if (!path.empty() && !std::ifstream(path).good()) {
             throw InvalidInputException("Curl CA bundle path is not readable");
         }
         CurlCaBundlePath() = path;
     }
 
+    static void TryDetectCurlCaBundlePath() {
+        CurlCaBundlePath() = DetectCAPath();
+    }
+
     static bool &ExperimentalFetchCatalogFromInformationSchema() {
         static bool bigquery_experimental_fetch_catalog_from_information_schema = true;
         return bigquery_experimental_fetch_catalog_from_information_schema;