sentry-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SENTRY-2091) User-based Privilege is broken by SENTRY-769
Date Fri, 15 Dec 2017 00:07:00 GMT

    [ https://issues.apache.org/jira/browse/SENTRY-2091?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16291815#comment-16291815
] 

Hadoop QA commented on SENTRY-2091:
-----------------------------------

Here are the results of testing the latest attachment
https://issues.apache.org/jira/secure/attachment/12902150/SENTRY-2091.004.patch against master.

{color:red}Overall:{color} -1 due to 2 errors

{color:red}ERROR:{color} mvn test exited 1
{color:red}ERROR:{color} Failed: org.apache.sentry.tests.e2e.hdfs.TestHDFSIntegrationEnd2End

Console output: https://builds.apache.org/job/PreCommit-SENTRY-Build/3584/console

This message is automatically generated.

> User-based Privilege is broken by SENTRY-769
> --------------------------------------------
>
>                 Key: SENTRY-2091
>                 URL: https://issues.apache.org/jira/browse/SENTRY-2091
>             Project: Sentry
>          Issue Type: Bug
>          Components: Sentry
>    Affects Versions: 2.1.0
>            Reporter: Na Li
>            Assignee: Na Li
>         Attachments: SENTRY-2091.001.patch, SENTRY-2091.002.patch, SENTRY-2091.003.patch,
SENTRY-2091.004.patch
>
>
> SENTRY-769 throws exception when a user has no group. This breaks user-based privilege
as the exception prevents getting privilege using user-based privilege.
> For example, in the following code
> {code}
> Set<String> userPrivileges =
>         authProvider.getPolicyEngine().getPrivileges(
>             authProvider.getGroupMapping().getGroups(userName), Sets.newHashSet(userName),
>             hiveAuthzBinding.getActiveRoleSet(), hiveAuthzBinding.getAuthServer());
> {code}
> when user has no group, the exception causes the processing stops even when user has
privilege. 
> The solution is to catch the exception, and continue the processing. 
> {code}
> try {
> Set<String> groups = null;
> try {
>   groups = authProvider.getGroupMapping().getGroups(userName)
> } catch (SentryGroupNotFoundException ex) {
>   log.debug(...);
>   groups = new HashSet<String>();
> }
> Set<String> userPrivileges =
>         authProvider.getPolicyEngine().getPrivileges(
>             groups, Sets.newHashSet(userName),
>             hiveAuthzBinding.getActiveRoleSet(), hiveAuthzBinding.getAuthServer());
>         ...
> }
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message