Uploaded image for project: 'Kudu'
  1. Kudu
  2. KUDU-2850

Thrift comparison is broken

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Blocker
    • Resolution: Fixed
    • 1.10.0
    • 1.10.0
    • authz
    • None

    Description

      Kudu has custom-defined operator< for its Thrift objects, used for maps and sets, found here:

      https://github.com/apache/kudu/blob/master/src/kudu/sentry/thrift_operators.cc

      Let's walk through a couple examples of TSentryAuthorizables (using the format server.uri.db.table.column).

      "server".none."db".none.none < "server"."uri".none.none.none because none < "uri"

      At the same time:

      "server"."uri".none.none.none < "server".none."db".none.none because none < "db"

      This is clearly wrong because a < b, but b < a. Specifically, in this second case, we are not returning upon comparing "uri" vs none, when we should be because we've ||ed a bunch of comparisons together in our operator.

      Given we use it in every map/set of TSentry(Privilege,Authorizable) thanks to our usage of auto-gened Thrift, we should fix this ASAP.

      Attachments

        Activity

          People

            awong Andrew Wong
            awong Andrew Wong
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: