Uploaded image for project: 'Kudu'
  1. Kudu
  2. KUDU-2850

Thrift comparison is broken

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 1.10.0
    • Fix Version/s: 1.10.0
    • Component/s: authz
    • Labels:
      None

      Description

      Kudu has custom-defined operator< for its Thrift objects, used for maps and sets, found here:

      https://github.com/apache/kudu/blob/master/src/kudu/sentry/thrift_operators.cc

      Let's walk through a couple examples of TSentryAuthorizables (using the format server.uri.db.table.column).

      "server".none."db".none.none < "server"."uri".none.none.none because none < "uri"

      At the same time:

      "server"."uri".none.none.none < "server".none."db".none.none because none < "db"

      This is clearly wrong because a < b, but b < a. Specifically, in this second case, we are not returning upon comparing "uri" vs none, when we should be because we've ||ed a bunch of comparisons together in our operator.

      Given we use it in every map/set of TSentry(Privilege,Authorizable) thanks to our usage of auto-gened Thrift, we should fix this ASAP.

        Attachments

          Activity

            People

            • Assignee:
              awong Andrew Wong
              Reporter:
              awong Andrew Wong
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: