Hello Kudu Jenkins,
I'd like you to reexamine a change. Please visit
http://gerrit.cloudera.org:8080/22806
to look at the new patch set (#2).
Change subject: [RANGER] KUDU-3661 Ranger policy not honored in Kudu
......................................................................
[RANGER] KUDU-3661 Ranger policy not honored in Kudu
This fixes a long-standing bug in the Ranger authorization provider
where we return prematurely from
RangerAuthzProvider::FillTablePrivilegePB() when the SELECT
action is encountered while iterating through an
unordered_set<ActionPB, ActionHash> named actions, potentially
resulting in missing privileges depending on the position of the
SELECT action in the set. While this behavior depends on the
libc++/libstdc++ implementation, we have observed reports of this
issue on RHEL/CentOS 8 machines.
Testing this is not straightforward, as the ordering of elements in
the unordered_set depends on the standard library implementation.
An existing test has been modified to also check for the UPDATE
privilege, in addition to the already present permissions (INSERT,
DELETE, and UPDATE).
Change-Id: I635132154d622eb41e993a0a1a818b21b5af6bb7
---
M src/kudu/master/ranger_authz_provider.cc
M src/kudu/ranger/ranger_client-test.cc
2 files changed, 6 insertions(+), 4 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/06/22806/2
--
To view, visit http://gerrit.cloudera.org:8080/22806
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I635132154d622eb41e993a0a1a818b21b5af6bb7
Gerrit-Change-Number: 22806
Gerrit-PatchSet: 2
Gerrit-Owner: Abhishek Chennaka <[email protected]>
Gerrit-Reviewer: Kudu Jenkins (120)
