[+] add graceful fallback for local log parsing (#1109)

* Check privileges before invoking `ParseLogsLocal()`

I didn't consider testing all possible directory and
file privileges, assuming the default setup so
if a user (postgres or superuser) has read privilege
on the logs directory then he should be able to
read all the files.

* Update log parsing docs

We don't neccesarily require superuser privileges in local
mode, e.g, `postgres` user will be enough as he can access
the log dir and its content.

* Move `... on the same host ...` log message to the first condition

Author: 0xgouda

docs/reference/advanced_features.md

@@ -46,7 +46,7 @@ Only event counts are stored - no error messages, usernames, or other details. E
 
 pgwatch automatically selects between two parsing modes:
 
-1. **Local mode** - Used when pgwatch runs on the same host as the database server and can access log files directly. Requires superuser privileges and `pg_read_all_settings` role.
+1. **Local mode** - Used when pgwatch runs on the same host as the database server and can access log files directly. Requires OS user with read privileges on the logs directory and its files and `pg_read_all_settings` role.
 
 2. **Remote mode** - Used when pgwatch runs on a different host. Requires `pg_monitor` role and execute privilege on `pg_read_file()`.
 

internal/reaper/logparser.go

@@ -2,6 +2,7 @@ package reaper
 
 import (
 	"context"
+	"os"
 	"path"
 	"path/filepath"
 	"regexp"
@@ -15,6 +16,26 @@ import (
 	"github.com/jackc/pgx/v5"
 )
 
+// Constants and types
+var pgSeverities = [...]string{"DEBUG", "INFO", "NOTICE", "WARNING", "ERROR", "LOG", "FATAL", "PANIC"}
+var pgSeveritiesLocale = map[string]map[string]string{
+	"C.": {"DEBUG": "DEBUG", "LOG": "LOG", "INFO": "INFO", "NOTICE": "NOTICE", "WARNING": "WARNING", "ERROR": "ERROR", "FATAL": "FATAL", "PANIC": "PANIC"},
+	"de": {"DEBUG": "DEBUG", "LOG": "LOG", "INFO": "INFO", "HINWEIS": "NOTICE", "WARNUNG": "WARNING", "FEHLER": "ERROR", "FATAL": "FATAL", "PANIK": "PANIC"},
+	"fr": {"DEBUG": "DEBUG", "LOG": "LOG", "INFO": "INFO", "NOTICE": "NOTICE", "ATTENTION": "WARNING", "ERREUR": "ERROR", "FATAL": "FATAL", "PANIK": "PANIC"},
+	"it": {"DEBUG": "DEBUG", "LOG": "LOG", "INFO": "INFO", "NOTIFICA": "NOTICE", "ATTENZIONE": "WARNING", "ERRORE": "ERROR", "FATALE": "FATAL", "PANICO": "PANIC"},
+	"ko": {"디버그": "DEBUG", "로그": "LOG", "정보": "INFO", "알림": "NOTICE", "경고": "WARNING", "오류": "ERROR", "치명적오류": "FATAL", "손상": "PANIC"},
+	"pl": {"DEBUG": "DEBUG", "DZIENNIK": "LOG", "INFORMACJA": "INFO", "UWAGA": "NOTICE", "OSTRZEŻENIE": "WARNING", "BŁĄD": "ERROR", "KATASTROFALNY": "FATAL", "PANIKA": "PANIC"},
+	"ru": {"ОТЛАДКА": "DEBUG", "СООБЩЕНИЕ": "LOG", "ИНФОРМАЦИЯ": "INFO", "ЗАМЕЧАНИЕ": "NOTICE", "ПРЕДУПРЕЖДЕНИЕ": "WARNING", "ОШИБКА": "ERROR", "ВАЖНО": "FATAL", "ПАНИКА": "PANIC"},
+	"sv": {"DEBUG": "DEBUG", "LOGG": "LOG", "INFO": "INFO", "NOTIS": "NOTICE", "VARNING": "WARNING", "FEL": "ERROR", "FATALT": "FATAL", "PANIK": "PANIC"},
+	"tr": {"DEBUG": "DEBUG", "LOG": "LOG", "BİLGİ": "INFO", "NOT": "NOTICE", "UYARI": "WARNING", "HATA": "ERROR", "ÖLÜMCÜL (FATAL)": "FATAL", "KRİTİK": "PANIC"},
+	"zh": {"调试": "DEBUG", "日志": "LOG", "信息": "INFO", "注意": "NOTICE", "警告": "WARNING", "错误": "ERROR", "致命错误": "FATAL", "比致命错误还过分的错误": "PANIC"},
+}
+
+const csvLogDefaultRegEx = `^^(?P<log_time>.*?),"?(?P<user_name>.*?)"?,"?(?P<database_name>.*?)"?,(?P<process_id>\d+),"?(?P<connection_from>.*?)"?,(?P<session_id>.*?),(?P<session_line_num>\d+),"?(?P<command_tag>.*?)"?,(?P<session_start_time>.*?),(?P<virtual_transaction_id>.*?),(?P<transaction_id>.*?),(?P<error_severity>\w+),`
+const csvLogDefaultGlobSuffix = "*.csv"
+
+const maxChunkSize int32 = 10 * 1024 * 1024 // 10 MB
+
 type LogParser struct {
 	ctx                context.Context
 	LogsMatchRegex     *regexp.Regexp
@@ -74,12 +95,14 @@ func (lp *LogParser) ParseLogs() error {
 	l := log.GetLogger(lp.ctx)
 	if ok, err := db.IsClientOnSameHost(lp.SourceConn.Conn); ok && err == nil {
 		l.Info("DB is on the same host. parsing logs locally")
-		// TODO: check privileges before invoking local parsing
-		return lp.parseLogsLocal()
+		if err = checkHasLocalPrivileges(lp.LogFolder); err == nil {
+			return lp.parseLogsLocal()
+		}
+		l.WithError(err).Error("Could't parse logs locally. lacking required privileges")
 	}
 
 	l.Info("DB is not detected to be on the same host. parsing logs remotely")
-	if err := checkHasPrivileges(lp.ctx, lp.SourceConn, lp.LogFolder); err != nil {
+	if err := checkHasRemotePrivileges(lp.ctx, lp.SourceConn, lp.LogFolder); err != nil {
 		l.WithError(err).Error("Could't parse logs remotely. lacking required privileges")
 		return err
 	}
@@ -113,7 +136,7 @@ func tryDetermineLogMessagesLanguage(ctx context.Context, conn db.PgxIface) (str
 	return lc, nil
 }
 
-func checkHasPrivileges(ctx context.Context, mdb *sources.SourceConn, logsDirPath string) error {
+func checkHasRemotePrivileges(ctx context.Context, mdb *sources.SourceConn, logsDirPath string) error {
 	var logFile string
 	err := mdb.Conn.QueryRow(ctx, "select name from pg_ls_logdir() limit 1").Scan(&logFile)
 	if err != nil && err != pgx.ErrNoRows {
@@ -125,27 +148,14 @@ func checkHasPrivileges(ctx context.Context, mdb *sources.SourceConn, logsDirPat
 	return err
 }
 
-// Constants and types
-
-var pgSeverities = [...]string{"DEBUG", "INFO", "NOTICE", "WARNING", "ERROR", "LOG", "FATAL", "PANIC"}
-var pgSeveritiesLocale = map[string]map[string]string{
-	"C.": {"DEBUG": "DEBUG", "LOG": "LOG", "INFO": "INFO", "NOTICE": "NOTICE", "WARNING": "WARNING", "ERROR": "ERROR", "FATAL": "FATAL", "PANIC": "PANIC"},
-	"de": {"DEBUG": "DEBUG", "LOG": "LOG", "INFO": "INFO", "HINWEIS": "NOTICE", "WARNUNG": "WARNING", "FEHLER": "ERROR", "FATAL": "FATAL", "PANIK": "PANIC"},
-	"fr": {"DEBUG": "DEBUG", "LOG": "LOG", "INFO": "INFO", "NOTICE": "NOTICE", "ATTENTION": "WARNING", "ERREUR": "ERROR", "FATAL": "FATAL", "PANIK": "PANIC"},
-	"it": {"DEBUG": "DEBUG", "LOG": "LOG", "INFO": "INFO", "NOTIFICA": "NOTICE", "ATTENZIONE": "WARNING", "ERRORE": "ERROR", "FATALE": "FATAL", "PANICO": "PANIC"},
-	"ko": {"디버그": "DEBUG", "로그": "LOG", "정보": "INFO", "알림": "NOTICE", "경고": "WARNING", "오류": "ERROR", "치명적오류": "FATAL", "손상": "PANIC"},
-	"pl": {"DEBUG": "DEBUG", "DZIENNIK": "LOG", "INFORMACJA": "INFO", "UWAGA": "NOTICE", "OSTRZEŻENIE": "WARNING", "BŁĄD": "ERROR", "KATASTROFALNY": "FATAL", "PANIKA": "PANIC"},
-	"ru": {"ОТЛАДКА": "DEBUG", "СООБЩЕНИЕ": "LOG", "ИНФОРМАЦИЯ": "INFO", "ЗАМЕЧАНИЕ": "NOTICE", "ПРЕДУПРЕЖДЕНИЕ": "WARNING", "ОШИБКА": "ERROR", "ВАЖНО": "FATAL", "ПАНИКА": "PANIC"},
-	"sv": {"DEBUG": "DEBUG", "LOGG": "LOG", "INFO": "INFO", "NOTIS": "NOTICE", "VARNING": "WARNING", "FEL": "ERROR", "FATALT": "FATAL", "PANIK": "PANIC"},
-	"tr": {"DEBUG": "DEBUG", "LOG": "LOG", "BİLGİ": "INFO", "NOT": "NOTICE", "UYARI": "WARNING", "HATA": "ERROR", "ÖLÜMCÜL (FATAL)": "FATAL", "KRİTİK": "PANIC"},
-	"zh": {"调试": "DEBUG", "日志": "LOG", "信息": "INFO", "注意": "NOTICE", "警告": "WARNING", "错误": "ERROR", "致命错误": "FATAL", "比致命错误还过分的错误": "PANIC"},
+func checkHasLocalPrivileges(logsDirPath string) error {
+	_, err := os.ReadDir(logsDirPath)
+	if err != nil {
+		return err
+	}
+	return nil
 }
 
-const csvLogDefaultRegEx = `^^(?P<log_time>.*?),"?(?P<user_name>.*?)"?,"?(?P<database_name>.*?)"?,(?P<process_id>\d+),"?(?P<connection_from>.*?)"?,(?P<session_id>.*?),(?P<session_line_num>\d+),"?(?P<command_tag>.*?)"?,(?P<session_start_time>.*?),(?P<virtual_transaction_id>.*?),(?P<transaction_id>.*?),(?P<error_severity>\w+),`
-const csvLogDefaultGlobSuffix = "*.csv"
-
-const maxChunkSize int32 = 10 * 1024 * 1024 // 10 MB
-
 func severityToEnglish(serverLang, errorSeverity string) string {
 	if serverLang == "en" {
 		return errorSeverity

internal/reaper/logparser_test.go

@@ -206,7 +206,7 @@ func TestCheckHasPrivileges(t *testing.T) {
 
 	names := [2]string{"pg_ls_logdir() fails", "pg_read_file() permission denied"}
 	for _, name := range names {
-		t.Run("checkHasPrivileges fails - "+name, func(t *testing.T) {
+		t.Run("checkHasRemotePrivileges fails - "+name, func(t *testing.T) {
 			mock, err := pgxmock.NewPool()
 			require.NoError(t, err)
 			defer mock.Close()