[jira] [Created] (IMPALA-10576) Failing test_grant_revoke_with_role on ASAN builds

Tue, 09 Mar 2021 08:47:04 -0800 

Fang-Yu Rao created IMPALA-10576:
------------------------------------

             Summary: Failing test_grant_revoke_with_role on ASAN builds
                 Key: IMPALA-10576
                 URL: https://issues.apache.org/jira/browse/IMPALA-10576
             Project: IMPALA
          Issue Type: Bug
          Components: Frontend
            Reporter: Fang-Yu Rao
            Assignee: Fang-Yu Rao


We found that test_grant_revoke_with_role() could fail with the following error 
message.
{noformat}
Stacktrace
authorization/test_ranger.py:1084: in test_grant_revoke_with_role
 self.run_test_case('QueryTest/grant_revoke', vector, use_db="default")
common/impala_test_suite.py:677: in run_test_case
 expected_str, query)
E AssertionError: Expected exception: User doesn't have necessary permission to 
grant access
E 
E when running:
E 
E grant all on table functional.alltypes to grant_revoke_test_NON_OWNER
{noformat}

The failed test case is the query "[grant all on table functional.alltypes to 
grant_revoke_test_NON_OWNER|https://github.com/apache/impala/blob/3f2eab8764cb19d75de64a6bdc4c4cf982b201a0/testdata/workloads/functional-query/queries/QueryTest/grant_revoke.test#L627]";,
 where the user {{non_owner}} is used to grant the privilege on the 
{{functional.alltypes}} table to the role {{grant_revoke_test_NON_OWNER}}.

We expected Impala to return an {{AuthorizationException}} since "[revoke grant 
option for all on database functional from 
grant_revoke_test_NON_OWNER|https://github.com/apache/impala/blob/3f2eab8764cb19d75de64a6bdc4c4cf982b201a0/testdata/workloads/functional-query/queries/QueryTest/grant_revoke.test#L622]";
 was executed so that the users belonging to the groups associated with the 
role "{{grant_revoke_test_NON_OWNER}}" do not have the privilege to perform 
grant/revoke operations anymore. Recall that the user {{non_owner}} belongs to 
the group {{non_owner}} as well, and the group {{non_owner}} is granted the 
role of {{grant_revoke_test_NON_OWNER}}.

One thing I can think of to make this test less flaky is to add a "{{refresh 
authorization}}" after "{{revoke grant option for all on database functional 
from grant_revoke_test_NON_OWNER}}".




--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to