review feedback

Author: Joe Alphonso

core/base-rest-responses/src/main/java/datawave/marking/ColumnVisibilitySecurityMarking.java

@@ -1,5 +1,7 @@
 package datawave.marking;
 
+import static datawave.marking.AccessExpressionMarkings.ACCESS;
+
 import java.util.List;
 import java.util.Map;
 
@@ -9,10 +11,7 @@
 import javax.xml.bind.annotation.XmlAccessorType;
 import javax.xml.bind.annotation.XmlAttribute;
 
-import org.apache.accumulo.access.Access;
 import org.apache.accumulo.access.AccessExpression;
-import org.apache.accumulo.access.examples.ParseExamples;
-import org.apache.accumulo.access.impl.AccessExpressionImpl;
 
 import com.google.common.base.Preconditions;
 
@@ -22,8 +21,6 @@ public class ColumnVisibilitySecurityMarking implements SecurityMarking {
 
     public static final String VISIBILITY_MARKING = "columnVisibility";
 
-    private static final Access ACCESS = ParseExamples.ACCESS;
-
     @XmlAttribute(name = "columnVisibility")
     private String columnVisibility = null;
 
@@ -51,7 +48,7 @@ public void setColumnVisibility(String columnVisibility) {
     @Override
     public AccessExpression toAccessExpression() {
         if (columnVisibility == null || columnVisibility.isEmpty()) {
-            return AccessExpressionImpl.EMPTY;
+            return ACCESS.newExpression("");
         }
         return ACCESS.newExpression(columnVisibility);
     }

core/cached-results/pom.xml

@@ -15,11 +15,6 @@
             <groupId>gov.nsa.datawave.core</groupId>
             <artifactId>base-rest-responses</artifactId>
         </dependency>
-        <dependency>
-            <groupId>gov.nsa.datawave.core</groupId>
-            <artifactId>datawave-core-common-util</artifactId>
-            <version>${project.version}</version>
-        </dependency>
         <dependency>
             <groupId>gov.nsa.datawave.core</groupId>
             <artifactId>type-utils</artifactId>

core/cached-results/src/main/java/datawave/core/query/cachedresults/CacheableQueryRowImpl.java

@@ -1,5 +1,7 @@
 package datawave.core.query.cachedresults;
 
+import static datawave.marking.AccessExpressionMarkings.ACCESS;
+
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashMap;
@@ -9,16 +11,15 @@
 import java.util.Set;
 import java.util.TreeSet;
 
-import org.apache.accumulo.access.impl.AccessExpressionImpl;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import com.google.common.collect.Sets;
 
-import datawave.core.common.util.AccessExpressionUtil;
 import datawave.data.type.Type;
 import datawave.marking.AccessExpressionMarkings;
+import datawave.marking.AccessExpressionUtil;
 import datawave.marking.MarkingFunctions;
 import datawave.marking.Markings;
 import datawave.webservice.query.cachedresults.CacheableQueryRow;
@@ -28,7 +29,7 @@
 public class CacheableQueryRowImpl extends CacheableQueryRow implements ObjectSizeOf {
 
     private static final Logger LOGGER = LoggerFactory.getLogger(CacheableQueryRowImpl.class);
-    private static final Markings<?> EMPTY_MARKINGS = AccessExpressionMarkings.builder().accessExpression(AccessExpressionImpl.EMPTY).build();
+    private static final Markings<?> EMPTY_MARKINGS = AccessExpressionMarkings.builder().accessExpression(ACCESS.newExpression("")).build();
 
     private String user = null;
     private String queryId = null;

core/cached-results/src/main/java/datawave/core/query/cachedresults/CacheableQueryRowReader.java

@@ -1,6 +1,6 @@
 package datawave.core.query.cachedresults;
 
-import static org.apache.accumulo.access.examples.ParseExamples.ACCESS;
+import static datawave.marking.AccessExpressionMarkings.ACCESS;
 
 import java.sql.ResultSet;
 import java.sql.ResultSetMetaData;
@@ -14,7 +14,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import datawave.core.common.util.AccessExpressionUtil;
+import datawave.marking.AccessExpressionUtil;
 import datawave.marking.MarkingFunctions;
 import datawave.marking.Markings;
 import datawave.webservice.query.cachedresults.CacheableQueryRow;

core/common-util/pom.xml

@@ -13,10 +13,6 @@
         <dependencies />
     </dependencyManagement>
     <dependencies>
-        <dependency>
-            <groupId>gov.nsa.datawave.core</groupId>
-            <artifactId>accumulo-utils</artifactId>
-        </dependency>
         <dependency>
             <groupId>gov.nsa.datawave.core</groupId>
             <artifactId>datawave-core-connection-pool</artifactId>

core/modification/src/main/java/datawave/modification/MutableMetadataHandler.java

@@ -1,6 +1,6 @@
 package datawave.modification;
 
-import static org.apache.accumulo.access.examples.ParseExamples.ACCESS;
+import static datawave.marking.AccessExpressionMarkings.ACCESS;
 
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -47,12 +47,12 @@
 import com.google.common.collect.Multimap;
 
 import datawave.core.common.connection.AccumuloConnectionFactory;
-import datawave.core.common.util.AccessExpressionUtil;
 import datawave.core.iterators.FieldIndexDocumentFilter;
 import datawave.data.ColumnFamilyConstants;
 import datawave.data.type.Type;
 import datawave.ingest.protobuf.Uid;
 import datawave.ingest.protobuf.Uid.List.Builder;
+import datawave.marking.AccessExpressionUtil;
 import datawave.marking.MarkingFunctions;
 import datawave.marking.Markings;
 import datawave.microservice.query.DefaultQueryParameters;

core/utils/accumulo-utils/pom.xml

@@ -67,11 +67,6 @@
             <artifactId>accumulo-access-core</artifactId>
             <version>1.0.0-java-11</version>
         </dependency>
-        <dependency>
-            <groupId>org.apache.accumulo</groupId>
-            <artifactId>accumulo-access-examples</artifactId>
-            <version>1.0.0-java-11</version>
-        </dependency>
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-collections4</artifactId>

core/utils/accumulo-utils/src/main/java/datawave/marking/AccessExpressionMarkings.java

@@ -2,7 +2,6 @@
 
 import org.apache.accumulo.access.Access;
 import org.apache.accumulo.access.AccessExpression;
-import org.apache.accumulo.access.examples.ParseExamples;
 
 import com.fasterxml.jackson.annotation.JsonAutoDetect;
 import com.fasterxml.jackson.annotation.JsonCreator;
@@ -15,8 +14,8 @@
 @Builder
 @JsonAutoDetect(getterVisibility = JsonAutoDetect.Visibility.NONE, isGetterVisibility = JsonAutoDetect.Visibility.NONE)
 public class AccessExpressionMarkings implements Markings<AccessExpression> {
+    public static final Access ACCESS = Access.builder().build();
 
-    private static final Access ACCESS = ParseExamples.ACCESS;
     public static final String COLUMN_VISIBILITY_KEY = "columnVisibility";
 
     private final AccessExpression accessExpression;

…re/common/util/AccessExpressionUtil.java …tawave/marking/AccessExpressionUtil.javacore/common-util/src/main/java/datawave/core/common/util/AccessExpressionUtil.java renamed to core/utils/accumulo-utils/src/main/java/datawave/marking/AccessExpressionUtil.java core/common-util/src/main/java/datawave/core/common/util/AccessExpressionUtil.java renamed to core/utils/accumulo-utils/src/main/java/datawave/marking/AccessExpressionUtil.java

@@ -1,21 +1,21 @@
-package datawave.core.common.util;
+package datawave.marking;
 
 import static java.nio.charset.StandardCharsets.UTF_8;
 
+import static datawave.marking.AccessExpressionMarkings.ACCESS;
+import static org.apache.accumulo.access.ParsedAccessExpression.ExpressionType.AND;
+import static org.apache.accumulo.access.ParsedAccessExpression.ExpressionType.AUTHORIZATION;
+
 import java.util.Collection;
 import java.util.List;
+import java.util.SortedSet;
+import java.util.TreeSet;
 
 import org.apache.accumulo.access.Access;
 import org.apache.accumulo.access.AccessExpression;
 import org.apache.accumulo.access.ParsedAccessExpression;
-import org.apache.accumulo.access.examples.ParseExamples;
-import org.apache.accumulo.access.impl.AccessExpressionImpl;
 import org.apache.accumulo.core.security.ColumnVisibility;
 
-import datawave.marking.AccessExpressionMarkings;
-import datawave.marking.MarkingFunctions;
-import datawave.marking.Markings;
-
 /**
  * Utility for bridging between Accumulo's {@link ColumnVisibility} (from accumulo-core) and {@link AccessExpression} (from accumulo-access).
  * <p>
@@ -24,9 +24,7 @@
  */
 public final class AccessExpressionUtil {
 
-    private static final Access ACCESS = ParseExamples.ACCESS;
-
-    private static final AccessExpression EMPTY_EXPRESSION = AccessExpressionImpl.EMPTY;
+    private static final AccessExpression EMPTY_EXPRESSION = ACCESS.newExpression("");
 
     private AccessExpressionUtil() {}
 
@@ -128,7 +126,7 @@ public static AccessExpression normalize(AccessExpression expression) {
             return expression;
         }
         ParsedAccessExpression parsed = ACCESS.newParsedExpression(expr);
-        return ACCESS.newExpression(ParseExamples.normalize(parsed).expression);
+        return ACCESS.newExpression(normalize(parsed).expression);
     }
 
     /**
@@ -192,4 +190,131 @@ public static Markings<?> mergeMarkings(MarkingFunctions<?> markingFunctions, Ma
         }
         return markings1;
     }
+
+    /**
+     * As part of normalizing access expression this class is used to sort and dedupe sub-expressions in a tree set.
+     */
+    public static class NormalizedExpression implements Comparable<NormalizedExpression> {
+        public final String expression;
+        public final ParsedAccessExpression.ExpressionType type;
+
+        NormalizedExpression(String expression, ParsedAccessExpression.ExpressionType type) {
+            this.expression = expression;
+            this.type = type;
+        }
+
+        // determines the sort order of different kinds of subexpressions.
+        private static int typeOrder(ParsedAccessExpression.ExpressionType type) {
+            switch (type) {
+                case AUTHORIZATION:
+                    return 1;
+                case OR:
+                    return 2;
+                case AND:
+                    return 3;
+                case EMPTY:
+                default:
+                    throw new IllegalArgumentException("Unexpected type " + type);
+            }
+        }
+
+        @Override
+        public int compareTo(NormalizedExpression o) {
+            // Changing this comparator would significantly change how expressions are normalized.
+            int cmp = typeOrder(type) - typeOrder(o.type);
+            if (cmp == 0) {
+                if (type == AUTHORIZATION) {
+                    // sort based on the unquoted and unescaped form of the authorization
+                    cmp = ACCESS.unquote(expression).compareTo(ACCESS.unquote(o.expression));
+                } else {
+                    cmp = expression.compareTo(o.expression);
+                }
+
+            }
+            return cmp;
+        }
+
+        @Override
+        public boolean equals(Object o) {
+            return this == o || (o instanceof NormalizedExpression && compareTo((NormalizedExpression) o) == 0);
+        }
+
+        @Override
+        public int hashCode() {
+            return expression.hashCode();
+        }
+    }
+
+    /**
+     * This method helps with the flattening aspect of normalization by recursing down as far as possible the parse tree in the case when the expression type is
+     * the same. As long as the type is the same in the sub expression, keep using the same set.
+     */
+    public static void flatten(ParsedAccessExpression.ExpressionType parentType, ParsedAccessExpression parsed,
+                    SortedSet<NormalizedExpression> normalizedExpressions) {
+        if (parsed.getType() == parentType) {
+            for (var child : parsed.getChildren()) {
+                flatten(parentType, child, normalizedExpressions);
+            }
+        } else {
+            // The type changed, so start again on the subexpression.
+            normalizedExpressions.add(normalize(parsed));
+        }
+    }
+
+    /**
+     * <p>
+     * For a given access expression this example will deduplicate, sort, flatten, and remove unneeded parentheses or quotes in the expressions. The following
+     * list gives examples of what each normalization step does.
+     *
+     * <ul>
+     * <li>As an example of flattening, the expression {@code A&(B&C)} flattens to {@code
+     * A&B&C}.</li>
+     * <li>As an example of sorting, the expression {@code (Z&Y)|(C&B)} sorts to {@code
+     * (B&C)|(Y&Z)}</li>
+     * <li>As an example of deduplication, the expression {@code X&Y&X} normalizes to {@code X&Y}</li>
+     * <li>As an example of unneeded quotes, the expression {@code "ABC"&"XYZ"} normalizes to {@code ABC&XYZ}</li>
+     * <li>As an example of unneeded parentheses, the expression {@code (((ABC)|(XYZ)))} normalizes to {@code ABC|XYZ}</li>
+     * </ul>
+     *
+     * <p>
+     * This algorithm attempts to have the same behavior as the one in the Accumulo 2.1 ColumnVisibility class. However the implementation is very different.
+     */
+    public static NormalizedExpression normalize(ParsedAccessExpression parsed) {
+        if (parsed.getType() == AUTHORIZATION) {
+            // If the authorization is quoted and it does not need to be quoted then the following two
+            // lines will remove the unnecessary quoting.
+            String unquoted = ACCESS.unquote(parsed.getExpression());
+            String quoted = ACCESS.quote(unquoted);
+            return new NormalizedExpression(quoted, parsed.getType());
+        } else {
+            // The tree set does the work of sorting and deduplicating sub expressions.
+            TreeSet<NormalizedExpression> normalizedChildren = new TreeSet<>();
+            for (var child : parsed.getChildren()) {
+                flatten(parsed.getType(), child, normalizedChildren);
+            }
+
+            if (normalizedChildren.size() == 1) {
+                return normalizedChildren.first();
+            } else {
+                String operator = parsed.getType() == AND ? "&" : "|";
+                String sep = "";
+
+                StringBuilder builder = new StringBuilder();
+
+                for (var child : normalizedChildren) {
+                    builder.append(sep);
+                    if (child.type == AUTHORIZATION) {
+                        builder.append(child.expression);
+                    } else {
+                        builder.append("(");
+                        builder.append(child.expression);
+                        builder.append(")");
+                    }
+                    sep = operator;
+                }
+
+                return new NormalizedExpression(builder.toString(), parsed.getType());
+            }
+        }
+    }
 }

core/utils/accumulo-utils/src/main/java/datawave/marking/MarkingFunctions.java

@@ -1,15 +1,14 @@
 package datawave.marking;
 
+import static datawave.marking.AccessExpressionMarkings.ACCESS;
+
 import java.util.Collection;
 import java.util.HashSet;
 import java.util.Set;
 import java.util.stream.Collectors;
 
-import org.apache.accumulo.access.Access;
 import org.apache.accumulo.access.AccessExpression;
 import org.apache.accumulo.access.ParsedAccessExpression;
-import org.apache.accumulo.access.examples.ParseExamples;
-import org.apache.accumulo.access.impl.AccessExpressionImpl;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.context.support.ClassPathXmlApplicationContext;
@@ -49,8 +48,8 @@ public Exception(Throwable cause) {
     }
 
     class Default implements MarkingFunctions<AccessExpressionMarkings> {
-        private static final Access ACCESS = ParseExamples.ACCESS;
-        private static final AccessExpressionMarkings EMPTY_MARKINGS = AccessExpressionMarkings.builder().accessExpression(AccessExpressionImpl.EMPTY).build();
+
+        private static final AccessExpressionMarkings EMPTY_MARKINGS = AccessExpressionMarkings.builder().accessExpression(ACCESS.newExpression("")).build();
 
         @Override
         public AccessExpressionMarkings combine(Collection<AccessExpressionMarkings> markings) {
@@ -80,7 +79,7 @@ public AccessExpressionMarkings combine(Collection<AccessExpressionMarkings> mar
 
             // normalize the Parsed Expression and then return a copy without the parse tree
             // FIXME: Using a beta of the accumulo-access API so temporarily using the normalize function from the example code
-            return AccessExpressionMarkings.builder().accessExpression(ACCESS.newExpression(ParseExamples.normalize(expression).expression)).build();
+            return AccessExpressionMarkings.builder().accessExpression(ACCESS.newExpression(AccessExpressionUtil.normalize(expression).expression)).build();
         }
     }