snazy opened a new issue, #544: URL: https://github.com/apache/polaris/issues/544
### Is this a possible security vulnerability? - [X] This is NOT a possible security vulnerability ### Describe the bug From #465: "The existing code assumes that all of the entities are in the cache once the Resolver runs. That process puts all of the entities and their grants into the cache so that by the time the Authorizer retrieves the grants, it fetches them from the cache." It sounds like that the code really relies on the entities being available from the cache, which means that no eviction must happen. If eviction happens (which must be assumed to happen at any point in time to any cache entry) requests can fail at any time w/ misleading errors and/or wrong information. ### To Reproduce _No response_ ### Actual Behavior _No response_ ### Expected Behavior _No response_ ### Additional context _No response_ ### System information _No response_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
