[jira] [Commented] (SENTRY-2091) User-based Privilege is broken by SENTRY-769

Hadoop QA (JIRA) Fri, 14 Jun 2019 11:51:14 -0700


    [ 
https://issues.apache.org/jira/browse/SENTRY-2091?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16864360#comment-16864360
 ]


Hadoop QA commented on SENTRY-2091:
-----------------------------------

Here are the results of testing the latest attachment
https://issues.apache.org/jira/secure/attachment/12907185/SENTRY-2091.006.patch 
against master.

{color:red}Overall:{color} -1 due to an error

{color:red}ERROR:{color} failed to apply patch (exit code 1):
error: 
a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzBindingHookBaseV2.java:
 does not exist in index
error: 
a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBindingHookBase.java:
 does not exist in index
error: 
a/sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java:
 does not exist in index
error: 
a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java:
 does not exist in index
error: 
a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestGrantUserToRole.java:
 does not exist in index
error: 
a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUserManagement.java:
 does not exist in index
error: 
sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzBindingHookBaseV2.java:
 does not exist in index
error: patch failed: 
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBindingHookBase.java:547
Falling back to three-way merge...
Applied patch to 
'sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBindingHookBase.java'
 cleanly.
error: patch failed: 
sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java:22
Falling back to three-way merge...
Applied patch to 
'sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java'
 with conflicts.
error: 
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java:
 does not exist in index
error: 
sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzBindingHookBaseV2.java:
 does not exist in index
error: 
sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBindingHookBase.java:
 does not exist in index
error: 
sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java:
 does not exist in index
error: 
sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java:
 does not exist in index
error: 
sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestGrantUserToRole.java:
 does not exist in index
error: 
sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUserManagement.java:
 does not exist in index
The patch does not appear to apply with p0, p1, or p2



Console output: 
https://builds.apache.org/job/PreCommit-SENTRY-Build/4422/console

This message is automatically generated.

> User-based Privilege is broken by SENTRY-769
> --------------------------------------------
>
>                 Key: SENTRY-2091
>                 URL: https://issues.apache.org/jira/browse/SENTRY-2091
>             Project: Sentry
>          Issue Type: Sub-task
>          Components: Sentry
>    Affects Versions: 2.1.0
>            Reporter: Na Li
>            Priority: Major
>         Attachments: SENTRY-2091.001.patch, SENTRY-2091.002.patch, 
> SENTRY-2091.003.patch, SENTRY-2091.004.patch, SENTRY-2091.004.patch, 
> SENTRY-2091.006.patch
>
>
> SENTRY-769 throws exception when a user has no group. This breaks user-based 
> privilege as the exception prevents getting privilege using user-based 
> privilege.
> For example, in the following code
> {code}
> Set<String> userPrivileges =
>         authProvider.getPolicyEngine().getPrivileges(
>             authProvider.getGroupMapping().getGroups(userName), 
> Sets.newHashSet(userName),
>             hiveAuthzBinding.getActiveRoleSet(), 
> hiveAuthzBinding.getAuthServer());
> {code}
> when user has no group, the exception causes the processing stops even when 
> user has privilege. 
> The solution is to catch the exception, and continue the processing. 
> {code}
> try {
> Set<String> groups = null;
> try {
>   groups = authProvider.getGroupMapping().getGroups(userName)
> } catch (SentryGroupNotFoundException ex) {
>   log.debug(...);
>   groups = new HashSet<String>();
> }
> Set<String> userPrivileges =
>         authProvider.getPolicyEngine().getPrivileges(
>             groups, Sets.newHashSet(userName),
>             hiveAuthzBinding.getActiveRoleSet(), 
> hiveAuthzBinding.getAuthServer());
>         ...
> }
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (SENTRY-2091) User-based Privilege is broken by SENTRY-769

Reply via email to