[
https://issues.apache.org/jira/browse/RANGER-3524?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17475162#comment-17475162
]
kirby zhou commented on RANGER-3524:
------------------------------------
It donot seems a bug.
isACLPresent returns true when a ACL rule present for KeyName or a ACL rule
present for MANAGEMENT on all keys.
{code:java}
public boolean isACLPresent(String keyName, KeyOpType opType) {
return (keyAcls.containsKey(keyName) || defaultKeyAcls.containsKey(opType));
}
{code}
> Bug in KeyAuthorizationKeyProvider.checkAccess
> ----------------------------------------------
>
> Key: RANGER-3524
> URL: https://issues.apache.org/jira/browse/RANGER-3524
> Project: Ranger
> Issue Type: Bug
> Components: kms
> Affects Versions: 2.2.0
> Reporter: Huicheng Song
> Priority: Major
>
> In KMS *KeyAuthorizationKeyProvider.checkAccess,* it checks whether the ACL
> is present first for the requested operation.
>
> But the code instead check whether ACL is present for operation
> {*}KeyOpType{*}{*}.MANAGEMENT{*}:
> [https://github.com/apache/ranger/blob/ranger-2.2/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KeyAuthorizationKeyProvider.java#L154]
>
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
