You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@sentry.apache.org by "Hadoop QA (JIRA)" <ji...@apache.org> on 2018/01/22 22:54:00 UTC
[jira] [Commented] (SENTRY-2091) User-based Privilege is broken by
SENTRY-769
[ https://issues.apache.org/jira/browse/SENTRY-2091?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16335092#comment-16335092 ]
Hadoop QA commented on SENTRY-2091:
-----------------------------------
Here are the results of testing the latest attachment
https://issues.apache.org/jira/secure/attachment/12907185/SENTRY-2091.006.patch against master.
{color:green}Overall:{color} +1 all checks pass
{color:green}SUCCESS:{color} all tests passed
Console output: https://builds.apache.org/job/PreCommit-SENTRY-Build/3638/console
This message is automatically generated.
> User-based Privilege is broken by SENTRY-769
> --------------------------------------------
>
> Key: SENTRY-2091
> URL: https://issues.apache.org/jira/browse/SENTRY-2091
> Project: Sentry
> Issue Type: Bug
> Components: Sentry
> Affects Versions: 2.1.0
> Reporter: Na Li
> Assignee: Na Li
> Priority: Major
> Attachments: SENTRY-2091.001.patch, SENTRY-2091.002.patch, SENTRY-2091.003.patch, SENTRY-2091.004.patch, SENTRY-2091.004.patch, SENTRY-2091.006.patch
>
>
> SENTRY-769 throws exception when a user has no group. This breaks user-based privilege as the exception prevents getting privilege using user-based privilege.
> For example, in the following code
> {code}
> Set<String> userPrivileges =
> authProvider.getPolicyEngine().getPrivileges(
> authProvider.getGroupMapping().getGroups(userName), Sets.newHashSet(userName),
> hiveAuthzBinding.getActiveRoleSet(), hiveAuthzBinding.getAuthServer());
> {code}
> when user has no group, the exception causes the processing stops even when user has privilege.
> The solution is to catch the exception, and continue the processing.
> {code}
> try {
> Set<String> groups = null;
> try {
> groups = authProvider.getGroupMapping().getGroups(userName)
> } catch (SentryGroupNotFoundException ex) {
> log.debug(...);
> groups = new HashSet<String>();
> }
> Set<String> userPrivileges =
> authProvider.getPolicyEngine().getPrivileges(
> groups, Sets.newHashSet(userName),
> hiveAuthzBinding.getActiveRoleSet(), hiveAuthzBinding.getAuthServer());
> ...
> }
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)