This is an automated email from the ASF dual-hosted git repository.
abhay pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 2e224cf9d RANGER-4136: Incorrect processing of tag-deltas by
RangerTagEnricher
2e224cf9d is described below
commit 2e224cf9d4d28f3e23b5f8462a92024993a104bc
Author: Abhay Kulkarni
AuthorDate: Wed Mar 22 11:28:51 2023 -0700
RANGER-4136: Incorrect processing of tag-deltas by RangerTagEnricher
---
.../plugin/contextenricher/RangerTagEnricher.java | 19 ++-
.../plugin/policyengine/RangerAccessRequestImpl.java | 10 +-
.../plugin/service/RangerDefaultRequestProcessor.java | 19 ++-
.../util/RangerResourceEvaluatorsRetriever.java | 2 +-
4 files changed, 42 insertions(+), 8 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
index efb885a74..198d24d97 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
@@ -78,9 +78,8 @@ public class RangerTagEnricher extends
RangerAbstractContextEnricher {
private static final Logger PERF_SET_SERVICETAGS_LOG =
RangerPerfTracer.getPerfLogger("tagenricher.setservicetags");
private static final Logger PERF_SERVICETAGS_RETRIEVAL_LOG =
RangerPerfTracer.getPerfLogger("tagenricher.tags.retrieval");
-
private static final String TAG_REFRESHER_POLLINGINTERVAL_OPTION =
"tagRefresherPollingInterval";
- public static final String TAG_RETRIEVER_CLASSNAME_OPTION =
"tagRetrieverClassName";
+ public static final String TAG_RETRIEVER_CLASSNAME_OPTION=
"tagRetrieverClassName";
private static final String TAG_DISABLE_TRIE_PREFILTER_OPTION=
"disableTrieLookupPrefilter";
private RangerTagRefresher tagRefresher;
@@ -485,12 +484,19 @@ public class RangerTagEnricher extends
RangerAbstractContextEnricher {
if (resourceMatcher != null) {
for
(RangerServiceDef.RangerResourceDef resourceDef : serviceDef.getResources()) {
+
RangerPolicy.RangerPolicyResource policyResource =
serviceResource.getResourceElements().get(resourceDef.getName());
+
RangerResourceTrie trie =
serviceResourceTrie.get(resourceDef.getName());
+ if
(LOG.isDebugEnabled()) {
+
LOG.debug("Trying to add resource-matcher to " + (trie == null ? "new" :
"existing") + " trie for " + resourceDef.getName());
+ }
+
if (trie != null) {
-
trie.add(serviceResource.getResourceElements().get(resourceDef.getName()),
resourceMatcher);
+
trie.add(policyResource, resourceMatcher);
+
trie.wrapUpUpdate();
if
(LOG.isDebugEnabled()) {
-
LOG.debug("Added resource-matcher for service-resource:[" + serviceResource +
"]");
+
LOG.debug("Added resource-matcher for policy-resource:[" + policyResource +
"]");
}
} else {
trie = new
RangerResourceTrie<>(resourceDef, Collections.singletonList(resourceMatcher),
getPolicyEngineOptions().optimizeTagTrieForRetrieval,
getPolicyEngineOptions().optimizeTagTrieForSpace, null);
@@ -541,7 +547,7 @@ public class RangerTagEnricher extends
RangerAbstractContextEnricher {
RangerAccessResourceImpl accessResource = new
RangerAccessResourceImpl();
for (Map.Entry entry :
serviceResource.getResourceElements().entrySet()) {
- accessResource.setValue(entry.getKey(),
entry.getValue());
+ accessResource.setValue(entry.getKey(),
entry.getValue().getValues());
}
if (LOG.isDebugEnabled()) {
LOG.debug("RangerAccessResource:[" +