From 3f78f9fae635b4dc1febdd1aad99e485cde412d6 Mon Sep 17 00:00:00 2001 From: Abhay Kulkarni Date: Sat, 4 Nov 2023 13:16:35 -0700 Subject: [PATCH] RANGER-4478: Incorrect trie updates when processing deltas - Part 3 --- .../policyengine/RangerResourceTrie.java | 41 +++++++++++++++++-- 1 file changed, 37 insertions(+), 4 deletions(-) diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceTrie.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceTrie.java index d95da7c50f..773a026092 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceTrie.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceTrie.java @@ -576,7 +576,7 @@ private void insert(TrieNode currentRoot, String resource, boolean isRecursiv } - private String getNonWildcardPrefix(String str) { + private int getNonWildcardPrefixLength(String str) { int minIndex = str.length(); for (int i = 0; i < wildcardChars.length(); i++) { @@ -587,9 +587,17 @@ private String getNonWildcardPrefix(String str) { } } - return str.substring(0, minIndex); + return minIndex; + } + + private String getNonWildcardPrefix(String str) { + int prefixLen = getNonWildcardPrefixLength(str); + + return (prefixLen < str.length()) ? str.substring(0, prefixLen) : str; } + + private Set getEvaluatorsForResource(String resource, ResourceElementMatchingScope scope) { if(LOG.isDebugEnabled()) { LOG.debug("==> RangerResourceTrie.getEvaluatorsForResource(" + resource + ", " + scope + ")"); @@ -718,7 +726,7 @@ private TrieNode getNodeForResource(String resource) { } TrieNode curr = root; - final int len = resource.length(); + final int len = getNonWildcardPrefixLength(resource); int i = 0; while (i < len) { @@ -738,6 +746,8 @@ private TrieNode getNodeForResource(String resource) { i += childStr.length(); } + curr = (i == len) ? curr : null; + RangerPerfTracer.logAlways(perf); if(LOG.isDebugEnabled()) { @@ -1128,11 +1138,21 @@ void undoSetup() { } void removeSelfFromTrie() { - if (evaluators == null && wildcardEvaluators == null && children.size() == 0) { + if (LOG.isDebugEnabled()) { + LOG.debug("==> removeSelfFromTrie(" + this + ")"); + } + if (evaluators == null && children.size() == 0) { TrieNode parent = getParent(); if (parent != null) { parent.children.remove(str.charAt(0)); } + } else { + if (LOG.isDebugEnabled()) { + LOG.debug("removeSelfFromTrie(" + this + ") could not remove self from Trie"); + } + } + if (LOG.isDebugEnabled()) { + LOG.debug("<== removeSelfFromTrie(" + this + ")"); } } @@ -1298,12 +1318,25 @@ private void collectChildEvaluators(Set childEvaluators) { } private void removeEvaluatorFromSubtree(U evaluator) { + if (LOG.isDebugEnabled()) { + LOG.debug("==> removeEvaluatorFromSubtree(" + evaluator.getId() + ")"); + } if (CollectionUtils.isNotEmpty(wildcardEvaluators) && wildcardEvaluators.contains(evaluator)) { removeWildcardEvaluator(evaluator); } else { removeEvaluator(evaluator); } removeSelfFromTrie(); + if (LOG.isDebugEnabled()) { + LOG.debug("<== removeEvaluatorFromSubtree(" + evaluator.getId() + ")"); + } + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder(); + toString(sb); + return sb.toString(); } void toString(StringBuilder sb) {