[ https://issues.apache.org/jira/browse/SENTRY-2497?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
kalyan kumar kalvagadda updated SENTRY-2497: -------------------------------------------- Resolution: Fixed Fix Version/s: 2.2.0 Status: Resolved (was: Patch Available) > show grant role results in NPE when URI does not have scheme > ------------------------------------------------------------ > > Key: SENTRY-2497 > URL: https://issues.apache.org/jira/browse/SENTRY-2497 > Project: Sentry > Issue Type: Bug > Affects Versions: 2.0.0 > Reporter: Haley Reeve > Assignee: Haley Reeve > Priority: Major > Fix For: 2.2.0 > > Attachments: sentry-2497.00001.patch, sentry-2497.0001.patch, > sentry-2497.001.patch, sentry-2497.01.patch, sentry-2497.1.patch > > > Sentry throws a NullPointerException when trying to run "show grant role" on > a URI with no scheme associated with it. You can see the stacktrace in the > HS2 logs: > {noformat} > HS2 logs are showing the stacktrace: > 2019-02-08 05:53:58,650 INFO org.apache.hadoop.hive.ql.Driver: > [HiveServer2-Background-Pool: Thread-84]: Executing > command(queryId=hive_20190208 > 055358_a283626f-c906-4bd1-be50-43e2e9a6949b): show grant role uritest > 2019-02-08 05:53:58,651 INFO org.apache.hadoop.hive.ql.Driver: > [HiveServer2-Background-Pool: Thread-84]: Starting task [Stage-0:DDL] in > serial m > ode > 2019-02-08 05:53:58,661 ERROR hive.ql.exec.DDLTask: > [HiveServer2-Background-Pool: Thread-84]: java.lang.NullPointerException > at > org.apache.sentry.binding.util.SentryAuthorizerUtil.isLocalUri(SentryAuthorizerUtil.java:283) > at > org.apache.sentry.binding.util.SentryAuthorizerUtil.convert2HivePrivilegeObject(SentryAuthorizerUtil.java:267) > at > org.apache.sentry.binding.util.SentryAuthorizerUtil.convert2HivePrivilegeInfo(SentryAuthorizerUtil.java:220) > at > org.apache.sentry.binding.hive.authz.DefaultSentryAccessController.showPrivilegesByPrincipal(DefaultSentryAccessController.java:279) > at > org.apache.sentry.binding.hive.authz.DefaultSentryAccessController.showPrivileges(DefaultSentryAccessController.java:213) > at > org.apache.sentry.binding.hive.authz.SentryHiveAuthorizerImpl.showPrivileges(SentryHiveAuthorizerImpl.java:146) > at org.apache.hadoop.hive.ql.exec.DDLTask.showGrants(DDLTask.java:746) > at org.apache.hadoop.hive.ql.exec.DDLTask.execute(DDLTask.java:527) > at org.apache.hadoop.hive.ql.exec.Task.executeTask(Task.java:199) > at > org.apache.hadoop.hive.ql.exec.TaskRunner.runSequential(TaskRunner.java:97) > at org.apache.hadoop.hive.ql.Driver.launchTask(Driver.java:2250) > at org.apache.hadoop.hive.ql.Driver.execute(Driver.java:1893) > at org.apache.hadoop.hive.ql.Driver.runInternal(Driver.java:1613) > at org.apache.hadoop.hive.ql.Driver.run(Driver.java:1332) > ... > 2019-02-08 05:53:58,663 ERROR org.apache.hadoop.hive.ql.Driver: > [HiveServer2-Background-Pool: Thread-84]: FAILED: Execution Error, return > code 1 > from org.apache.hadoop.hive.ql.exec.DDLTask. null > {noformat} > This appears to be happening because the show grant role logic is trying to > construct a HivePrivilegeObject, which it wasn't doing in 1.8.0, and assumes > the URI will have a scheme. See: > {noformat} > public static boolean isLocalUri(String uriString) throws > URISyntaxException { > URI uri = new URI(uriString); > if (uri.getScheme().equalsIgnoreCase("file")) { > return true; > } > return false; > } > {noformat} > Because uri.getScheme() can return null, the equalsIgnoreCase() can result in > an NPE. -- This message was sent by Atlassian JIRA (v7.6.3#76005)