-
Notifications
You must be signed in to change notification settings - Fork 301
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HPCC-29970 Check case-insensitive owner ID in LF/WU #17624
Conversation
The owner ID of a logical file or workunit is based on user's login name which can be case-insensitive. The code for the ID verification should allow the case-insensitive ID as we do in CDaliWorkUnitFactory.getWorkUnitsByOwner(). 1. Change the setFileProtectTree(), getNamedPropTree(), getAttrQueryStr(), and related code to allow case- insensitive owner ID. 2. Allow case-insensitive owner ID when validating ECL WU access by ownership. 3. In the IDFUWorkUnitFactory.getWorkUnitsByOwner(), allow case-insensitive owner ID and wildcard match (the same as in CDaliWorkUnitFactory.getWorkUnitsByOwner()). Signed-off-by: wangkx <[email protected]>
https://track.hpccsystems.com/browse/HPCC-29970 |
@@ -3287,7 +3287,7 @@ class CDFUWorkUnitFactory : implements IDFUWorkUnitFactory, implements ISDSSubsc | |||
{ | |||
StringBuffer path("*"); | |||
if (owner && *owner) | |||
path.append("[@submitID=\"").append(owner).append("\"]"); | |||
path.append("[@submitID=?~\"").append(owner).append("\"]"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is the '~' to specify a wild match? If so, that MIGHT not be needed anymore (ptree might always support wild card characters?). but I guess it doesn't hurt.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As I said doesn't hurt and makes the wildcard more explicit.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the implication is that wildcard is desired here? (it would not have done so before with a regular equality qualifier)
I would not expect getWorkUnitsByOwner("usera") to also return dfu workunits owned by "notusera" ..
I do notice it's already this way for ecl workunits in it's implementation of getWorkUnitsByOwner, but should it be?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also, using anything but a regular equality is lot more inefficient, because jptree optimizes lookups of sibling via qualifiers on attributes with straight equalities (by auto building HT's on the fly), so using "=?" (or =?~") will result in a linear scan of all dfu workunits instead.
The normal approach to case-insensitivity employed elsewhere is to store it lower case it when set, and looked up.
Perhaps the original cased submitID is needed here(?), but we could add an internal attribute for this purpose instead and thus avoid "=?".
Either way, that won't help with pre-existing workunits that don't have the lower-case @submitID (but could be 'fixed' automatically via other changes).
@wangkx - first question is - does submitID need to preserve case when it is set?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jakesmith I have 3 concerns for not preserving case. 1. confuse a user ('who changed my username?' or 'the submitID was not in lower case on previous ECLWatch page'). 2. how to handle old WUs which contain case sensitive submitID? 3. break some existing logic (where? I do not know).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@wangkx - this is quite a significant performance issue.
- @submitID doesn't need to change.
- A new internal attribute can be added (lower-cased) explicitly for the purpose of optimized caseless searching.
- Old WUs can be scanned for the new missing attribute at startup time (it would be best to do in Dali itself), and the new attribute added.
- Code for searching attributed can use regular hard equality matching, which will be an order of magnitude faster than the linear search that =? would involve.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure why this one was marked as resolved.
There are 2 relates issues here:
- the wildcard question - why should getWorkUnitsByOwner("usera") return results for "notusera" ?
- the efficiency issues caused by not performing a standard equality match
@ghalliday please merge. |
It looked good to me. @jakesmith please can you sanity check - e.g., that use of =~ doesn't introduce any major inefficiencies. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@wangkx - a couple of questions.
@@ -3287,7 +3287,7 @@ class CDFUWorkUnitFactory : implements IDFUWorkUnitFactory, implements ISDSSubsc | |||
{ | |||
StringBuffer path("*"); | |||
if (owner && *owner) | |||
path.append("[@submitID=\"").append(owner).append("\"]"); | |||
path.append("[@submitID=?~\"").append(owner).append("\"]"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the implication is that wildcard is desired here? (it would not have done so before with a regular equality qualifier)
I would not expect getWorkUnitsByOwner("usera") to also return dfu workunits owned by "notusera" ..
I do notice it's already this way for ecl workunits in it's implementation of getWorkUnitsByOwner, but should it be?
{ | ||
assertex(key[0]=='@'); | ||
str.appendf("%s[%s=\"%s\"]",sub,key,name); | ||
if (nameCaseInsensitive) | ||
str.appendf("%s[%s=?\"%s\"]",sub,key,name); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
as long as these are not top-level properties, and the only one nameCaseInsnsitive=true is used for is for Protect/@name, then the loss of efficiency this implies is okay I think.
@@ -3287,7 +3287,7 @@ class CDFUWorkUnitFactory : implements IDFUWorkUnitFactory, implements ISDSSubsc | |||
{ | |||
StringBuffer path("*"); | |||
if (owner && *owner) | |||
path.append("[@submitID=\"").append(owner).append("\"]"); | |||
path.append("[@submitID=?~\"").append(owner).append("\"]"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also, using anything but a regular equality is lot more inefficient, because jptree optimizes lookups of sibling via qualifiers on attributes with straight equalities (by auto building HT's on the fly), so using "=?" (or =?~") will result in a linear scan of all dfu workunits instead.
The normal approach to case-insensitivity employed elsewhere is to store it lower case it when set, and looked up.
Perhaps the original cased submitID is needed here(?), but we could add an internal attribute for this purpose instead and thus avoid "=?".
Either way, that won't help with pre-existing workunits that don't have the lower-case @submitID (but could be 'fixed' automatically via other changes).
@wangkx - first question is - does submitID need to preserve case when it is set?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@wangkx - please see new comments.
Need to re-design. Closing for now. |
The owner ID of a logical file or workunit is based on user's login name which can be case-insensitive. The code for the ID verification should allow the case-insensitive ID as we do in CDaliWorkUnitFactory.getWorkUnitsByOwner().
Type of change:
Checklist:
Smoketest:
Testing: