Kudu has custom-defined operator< for its Thrift objects, used for maps and sets, found here:
Let's walk through a couple examples of TSentryAuthorizables (using the format server.uri.db.table.column).
"server".none."db".none.none < "server"."uri".none.none.none because none < "uri"
At the same time:
"server"."uri".none.none.none < "server".none."db".none.none because none < "db"
This is clearly wrong because a < b, but b < a. Specifically, in this second case, we are not returning upon comparing "uri" vs none, when we should be because we've ||ed a bunch of comparisons together in our operator.
Given we use it in every map/set of TSentry(Privilege,Authorizable) thanks to our usage of auto-gened Thrift, we should fix this ASAP.