Alexander Kolbasov created SENTRY-1541:
------------------------------------------
Summary: toSentryPrivilege() should not copy fields that are not
set in the source
Key: SENTRY-1541
URL: https://issues.apache.org/jira/browse/SENTRY-1541
Project: Sentry
Issue Type: Improvement
Components: Sentry
Affects Versions: 1.8.0, sentry-ha-redesign
Reporter: Alexander Kolbasov
The SentryStore.toSentryPrivilege() function:
{code}
private TSentryPrivilege toSentryPrivilege(TSentryAuthorizable tAuthorizable)
throws SentryInvalidInputException {
TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
tSentryPrivilege.setDbName(fromNULLCol(tAuthorizable.getDb()));
tSentryPrivilege.setServerName(fromNULLCol(tAuthorizable.getServer()));
tSentryPrivilege.setTableName(fromNULLCol(tAuthorizable.getTable()));
tSentryPrivilege.setColumnName(fromNULLCol(tAuthorizable.getColumn()));
tSentryPrivilege.setURI(fromNULLCol(tAuthorizable.getUri()));
PrivilegeScope scope;
if (!isNULL(tSentryPrivilege.getColumnName())) {
scope = PrivilegeScope.COLUMN;
} else if (!isNULL(tSentryPrivilege.getTableName())) {
scope = PrivilegeScope.TABLE;
} else if (!isNULL(tSentryPrivilege.getDbName())) {
scope = PrivilegeScope.DATABASE;
} else if (!isNULL(tSentryPrivilege.getURI())) {
scope = PrivilegeScope.URI;
} else {
scope = PrivilegeScope.SERVER;
}
tSentryPrivilege.setPrivilegeScope(scope.name());
tSentryPrivilege.setAction(AccessConstants.ALL);
return tSentryPrivilege;
}
{code}
Note that it blindly copies all fields from the source, replacing null with
empty strings and both itself and other consumers downstream do not know which
fields were actually set and which were not. Instead it should just clone
fields that were set.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
