Abhishek Chennaka has uploaded this change for review. ( http://gerrit.cloudera.org:8080/22806
Change subject: [RANGER] KUDU-3661 Ranger policy not honored in Kudu ...................................................................... [RANGER] KUDU-3661 Ranger policy not honored in Kudu This fixes a long-standing bug in the Ranger authorization provider where we return prematurely from RangerAuthzProvider::FillTablePrivilegePB() when the SELECT action is encountered while iterating through an unordered_set<ActionPB, ActionHash> named actions, potentially resulting in missing privileges depending on the position of the SELECT action in the set. While this behavior depends on the libc++/libstdc++ implementation, we have observed reports of this issue on RHEL/CentOS 8 machines. Testing this is not straightforward, as the ordering of elements in the unordered_set depends on the standard library implementation. An existing test has been modified to also check for the UPDATE privilege, in addition to the already present permissions (INSERT, DELETE, and UPDATE). Change-Id: I635132154d622eb41e993a0a1a818b21b5af6bb7 --- M src/kudu/master/ranger_authz_provider.cc M src/kudu/ranger/ranger_client-test.cc 2 files changed, 6 insertions(+), 4 deletions(-) git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/06/22806/1 -- To view, visit http://gerrit.cloudera.org:8080/22806 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: I635132154d622eb41e993a0a1a818b21b5af6bb7 Gerrit-Change-Number: 22806 Gerrit-PatchSet: 1 Gerrit-Owner: Abhishek Chennaka <[email protected]>
