Details
-
Bug
-
Status: Resolved
-
Blocker
-
Resolution: Fixed
-
1.10.0
-
None
Description
Kudu has custom-defined operator< for its Thrift objects, used for maps and sets, found here:
https://github.com/apache/kudu/blob/master/src/kudu/sentry/thrift_operators.cc
Let's walk through a couple examples of TSentryAuthorizables (using the format server.uri.db.table.column).
"server".none."db".none.none < "server"."uri".none.none.none because none < "uri"
At the same time:
"server"."uri".none.none.none < "server".none."db".none.none because none < "db"
This is clearly wrong because a < b, but b < a. Specifically, in this second case, we are not returning upon comparing "uri" vs none, when we should be because we've ||ed a bunch of comparisons together in our operator.
Given we use it in every map/set of TSentry(Privilege,Authorizable) thanks to our usage of auto-gened Thrift, we should fix this ASAP.