Alexander Kolbasov created SENTRY-1540:
------------------------------------------
Summary: SentryStore.isMultiActionsSupported() is always true
Key: SENTRY-1540
URL: https://issues.apache.org/jira/browse/SENTRY-1540
Project: Sentry
Issue Type: Bug
Components: Sentry
Affects Versions: 1.8.0, sentry-ha-redesign
Reporter: Alexander Kolbasov
The SentryStore.isMultiActionsSupported() function:
{code}
// Currently INSERT/SELECT/ALL are supported for Table and DB level privileges
private boolean isMultiActionsSupported(TSentryPrivilege tPrivilege) {
return tPrivilege.getDbName() != null;
}
{code}
It is called in two places - in drop_privileges():
{code}
TSentryPrivilege tPrivilege = toSentryPrivilege(tAuthorizable);
try {
if (isMultiActionsSupported(tPrivilege)) {
...
{code}
The toSentryPrivilege() function:
{code}
private TSentryPrivilege toSentryPrivilege(TSentryAuthorizable tAuthorizable)
throws SentryInvalidInputException {
TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
tSentryPrivilege.setDbName(fromNULLCol(tAuthorizable.getDb()));
tSentryPrivilege.setServerName(fromNULLCol(tAuthorizable.getServer()));
tSentryPrivilege.setTableName(fromNULLCol(tAuthorizable.getTable()));
tSentryPrivilege.setColumnName(fromNULLCol(tAuthorizable.getColumn()));
tSentryPrivilege.setURI(fromNULLCol(tAuthorizable.getUri()));
...
{code}
So all fields are initialized to an emoty string which means that
isMultiActionsSupported is always true.
The same is true for the second usage in renamePrivilege().
So currently the function is meaningless. So it should be either removed or
changed to verify that dbName is non-empty and not "__NULL__".
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
