adutra opened a new pull request, #3691: URL: https://github.com/apache/polaris/pull/3691
The method `doTestInsufficientPrivilegeSets()` was incorrectly testing that each privilege in the set was *individually* insufficient. But this is not the intent of a privilege set negative test: the test is expected to fail even if *all* privileges in the set are granted. See for instance `PolicyCatalogHandlerAuthzTest.testDetachPolicyFromNamespaceInsufficientPrivilege()`: the intent is to verify that it is insufficient to have *both* `POLICY_DETACH` and `CATALOG_DETACH_POLICY`. <!-- ๐ Describe what changes you're proposing, especially breaking or user-facing changes. ๐ See https://github.com/apache/polaris/blob/main/CONTRIBUTING.md for more. --> ## Checklist - [ ] ๐ก๏ธ Don't disclose security issues! (contact [email protected]) - [ ] ๐ Clearly explained why the changes are needed, or linked related issues: Fixes # - [ ] ๐งช Added/updated tests with good coverage, or manually tested (and explained how) - [ ] ๐ก Added comments for complex logic - [ ] ๐งพ Updated `CHANGELOG.md` (if needed) - [ ] ๐ Updated documentation in `site/content/in-dev/unreleased` (if needed) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
