subject:"\[ranger\] branch master updated\: RANGER\-4136\: Incorrect processing of tag\-deltas by RangerTagEnricher"

[ranger] branch master updated: RANGER-4136: Incorrect processing of tag-deltas by RangerTagEnricher - Part 2

2023-04-17 Thread abhay

This is an automated email from the ASF dual-hosted git repository.

abhay pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
 new fb63f21cf RANGER-4136: Incorrect processing of tag-deltas by 
RangerTagEnricher - Part 2
fb63f21cf is described below

commit fb63f21cf6f5007f178eef8f11f68cf2c9a57279
Author: Abhay Kulkarni 
AuthorDate: Mon Apr 17 09:50:42 2023 -0700

RANGER-4136: Incorrect processing of tag-deltas by RangerTagEnricher - Part 
2
---
 .../plugin/contextenricher/RangerTagEnricher.java  | 64 +++---
 .../org/apache/ranger/plugin/util/ServiceTags.java |  3 +
 2 files changed, 47 insertions(+), 20 deletions(-)

diff --git 
a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
 
b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
index 198d24d97..e0a86c398 100644
--- 
a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
+++ 
b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
@@ -385,6 +385,9 @@ public class RangerTagEnricher extends 
RangerAbstractContextEnricher {
this.tagRefresher = null;
 
if (tagRefresher != null) {
+   if (LOG.isDebugEnabled()) {
+   LOG.debug("Trying to clean up 
RangerTagRefresher(" + tagRefresher.getName() + ")");
+   }
tagRefresher.cleanup();
}
 
@@ -473,20 +476,16 @@ public class RangerTagEnricher extends 
RangerAbstractContextEnricher {
List changedServiceResources = 
deltas.getServiceResources();
 
for (RangerServiceResource serviceResource : 
changedServiceResources) {
-
final boolean removedOldServiceResource = 
MapUtils.isEmpty(serviceResource.getResourceElements()) || 
removeOldServiceResource(serviceResource, resourceMatchers, 
serviceResourceTrie);
-   if (removedOldServiceResource) {
 
+   if (removedOldServiceResource) {
if 
(!StringUtils.isEmpty(serviceResource.getResourceSignature())) {
-
RangerServiceResourceMatcher 
resourceMatcher = createRangerServiceResourceMatcher(serviceResource, 
serviceDefHelper, hierarchies);
 
if (resourceMatcher != null) {
for 
(RangerServiceDef.RangerResourceDef resourceDef : serviceDef.getResources()) {
-
-   
RangerPolicy.RangerPolicyResource policyResource = 
serviceResource.getResourceElements().get(resourceDef.getName());
-
-   
RangerResourceTrie trie = 
serviceResourceTrie.get(resourceDef.getName());
+   
RangerPolicy.RangerPolicyResourcepolicyResource = 
serviceResource.getResourceElements().get(resourceDef.getName());
+   
RangerResourceTrie trie   = 
serviceResourceTrie.get(resourceDef.getName());
 
if 
(LOG.isDebugEnabled()) {

LOG.debug("Trying to add resource-matcher to " + (trie == null ? "new" : 
"existing") + " trie for " + resourceDef.getName());
@@ -495,6 +494,7 @@ public class RangerTagEnricher extends 
RangerAbstractContextEnricher {
if (trie != null) {

trie.add(policyResource, resourceMatcher);

trie.wrapUpUpdate();
+
if 
(LOG.isDebugEnabled()) {

LOG.debug("Added resource-matcher for policy-resource:[" + policyResource + 
"]");
}
@@ -521,6 +521,7 @@ public class RangerTagEnricher extends 
RangerAbstractContextEnricher {
break;
}
}
+
if (isInError) {
LOG.error("Error in processing tag-deltas. Will 
continue to use old tags");
deltas.setTagVersion(-1L);
@@ -530,44 +531,61 @@ public class RangerTagEnricher extends 
RangerAbstractContextEnricher {
}
enrichedServiceTags = new 
EnrichedServiceTags(allServiceTags, resourceMatchers, serviceResourceTrie);
}
-
}
 
private boolean removeOldServiceReso

[ranger] branch master updated: RANGER-4136: Incorrect processing of tag-deltas by RangerTagEnricher

2023-03-22 Thread abhay

This is an automated email from the ASF dual-hosted git repository.

abhay pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
 new 2e224cf9d RANGER-4136: Incorrect processing of tag-deltas by 
RangerTagEnricher
2e224cf9d is described below

commit 2e224cf9d4d28f3e23b5f8462a92024993a104bc
Author: Abhay Kulkarni 
AuthorDate: Wed Mar 22 11:28:51 2023 -0700

RANGER-4136: Incorrect processing of tag-deltas by RangerTagEnricher
---
 .../plugin/contextenricher/RangerTagEnricher.java | 19 ++-
 .../plugin/policyengine/RangerAccessRequestImpl.java  | 10 +-
 .../plugin/service/RangerDefaultRequestProcessor.java | 19 ++-
 .../util/RangerResourceEvaluatorsRetriever.java   |  2 +-
 4 files changed, 42 insertions(+), 8 deletions(-)

diff --git 
a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
 
b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
index efb885a74..198d24d97 100644
--- 
a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
+++ 
b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
@@ -78,9 +78,8 @@ public class RangerTagEnricher extends 
RangerAbstractContextEnricher {
private static final Logger PERF_SET_SERVICETAGS_LOG  = 
RangerPerfTracer.getPerfLogger("tagenricher.setservicetags");
private static final Logger PERF_SERVICETAGS_RETRIEVAL_LOG = 
RangerPerfTracer.getPerfLogger("tagenricher.tags.retrieval");
 
-
private static final String TAG_REFRESHER_POLLINGINTERVAL_OPTION = 
"tagRefresherPollingInterval";
-   public  static final String TAG_RETRIEVER_CLASSNAME_OPTION   = 
"tagRetrieverClassName";
+   public static final String TAG_RETRIEVER_CLASSNAME_OPTION= 
"tagRetrieverClassName";
private static final String TAG_DISABLE_TRIE_PREFILTER_OPTION= 
"disableTrieLookupPrefilter";
 
private RangerTagRefresher tagRefresher;
@@ -485,12 +484,19 @@ public class RangerTagEnricher extends 
RangerAbstractContextEnricher {
if (resourceMatcher != null) {
for 
(RangerServiceDef.RangerResourceDef resourceDef : serviceDef.getResources()) {
 
+   
RangerPolicy.RangerPolicyResource policyResource = 
serviceResource.getResourceElements().get(resourceDef.getName());
+

RangerResourceTrie trie = 
serviceResourceTrie.get(resourceDef.getName());
 
+   if 
(LOG.isDebugEnabled()) {
+   
LOG.debug("Trying to add resource-matcher to " + (trie == null ? "new" : 
"existing") + " trie for " + resourceDef.getName());
+   }
+
if (trie != null) {
-   
trie.add(serviceResource.getResourceElements().get(resourceDef.getName()), 
resourceMatcher);
+   
trie.add(policyResource, resourceMatcher);
+   
trie.wrapUpUpdate();
if 
(LOG.isDebugEnabled()) {
-   
LOG.debug("Added resource-matcher for service-resource:[" + serviceResource + 
"]");
+   
LOG.debug("Added resource-matcher for policy-resource:[" + policyResource + 
"]");
}
} else {
trie = new 
RangerResourceTrie<>(resourceDef, Collections.singletonList(resourceMatcher), 
getPolicyEngineOptions().optimizeTagTrieForRetrieval, 
getPolicyEngineOptions().optimizeTagTrieForSpace, null);
@@ -541,7 +547,7 @@ public class RangerTagEnricher extends 
RangerAbstractContextEnricher {
RangerAccessResourceImpl accessResource = new 
RangerAccessResourceImpl();
 
for (Map.Entry entry : 
serviceResource.getResourceElements().entrySet()) {
-   accessResource.setValue(entry.getKey(), 
entry.getValue());
+   accessResource.setValue(entry.getKey(), 
entry.getValue().getValues());
}
if (LOG.isDebugEnabled()) {
LOG.debug("RangerAccessResource:[" + 
accessRes

[ranger] branch master updated: RANGER-4136: Incorrect processing of tag-deltas by RangerTagEnricher - Part 2

[ranger] branch master updated: RANGER-4136: Incorrect processing of tag-deltas by RangerTagEnricher

2 matches

Site Navigation

Mail list logo

Footer information