You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kudu.apache.org by aw...@apache.org on 2020/03/30 18:53:35 UTC

[kudu] 02/04: [ranger] fix authorizing list tables

This is an automated email from the ASF dual-hosted git repository.

awong pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git

commit 5660d9583e88c4ece2c73efc2cfcb51bd3d22523
Author: Hao Hao <ha...@cloudera.com>
AuthorDate: Mon Mar 30 00:03:38 2020 -0700

    [ranger] fix authorizing list tables
    
    When authorizing list tables and there is no tables in Kudu, we should
    return 'OK' instead of 'InvalidArgument' error.
    
    Change-Id: I2a4dfe61e85fc21d67e6422a1cdb36d887d51f4f
    Reviewed-on: http://gerrit.cloudera.org:8080/15592
    Reviewed-by: Attila Bukor <ab...@apache.org>
    Reviewed-by: Andrew Wong <aw...@cloudera.com>
    Tested-by: Kudu Jenkins
---
 src/kudu/ranger/ranger_client-test.cc | 6 ++++++
 src/kudu/ranger/ranger_client.cc      | 3 ++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/kudu/ranger/ranger_client-test.cc b/src/kudu/ranger/ranger_client-test.cc
index b2cae2c..9a85aaa 100644
--- a/src/kudu/ranger/ranger_client-test.cc
+++ b/src/kudu/ranger/ranger_client-test.cc
@@ -161,6 +161,12 @@ TEST_F(RangerClientTest, TestAuthorizeCreateTableAuthorized) {
 
 TEST_F(RangerClientTest, TestAuthorizeListNoTables) {
   unordered_set<string> tables;
+  ASSERT_OK(client_.AuthorizeActionMultipleTables("jdoe", ActionPB::METADATA, &tables));
+  ASSERT_EQ(0, tables.size());
+}
+
+TEST_F(RangerClientTest, TestAuthorizeListNoTablesAuthorized) {
+  unordered_set<string> tables;
   tables.emplace("foo.bar");
   tables.emplace("foo.baz");
   auto s = client_.AuthorizeActionMultipleTables("jdoe", ActionPB::METADATA, &tables);
diff --git a/src/kudu/ranger/ranger_client.cc b/src/kudu/ranger/ranger_client.cc
index c67e03c..a2abee1 100644
--- a/src/kudu/ranger/ranger_client.cc
+++ b/src/kudu/ranger/ranger_client.cc
@@ -334,8 +334,9 @@ Status RangerClient::AuthorizeActionMultipleTables(const string& user_name,
                                                    const ActionPB& action,
                                                    unordered_set<string>* table_names) {
   DCHECK(subprocess_);
+  // Return immediately if there is no tables to authorize against.
   if (table_names->empty()) {
-    return Status::InvalidArgument("Empty set of tables");
+    return Status::OK();
   }
 
   RangerRequestListPB req_list;