[KUDU-2850] Thrift comparison is broken - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Blocker
Resolution: Fixed
Affects Version/s: 1.10.0
Fix Version/s: 1.10.0
Component/s: authz
Labels:
None

Code Review:
https://gerrit.cloudera.org/c/13608/

Description

Kudu has custom-defined operator< for its Thrift objects, used for maps and sets, found here:

https://github.com/apache/kudu/blob/master/src/kudu/sentry/thrift_operators.cc

Let's walk through a couple examples of TSentryAuthorizables (using the format server.uri.db.table.column).

"server".none."db".none.none < "server"."uri".none.none.none because none < "uri"

At the same time:

"server"."uri".none.none.none < "server".none."db".none.none because none < "db"

This is clearly wrong because a < b, but b < a. Specifically, in this second case, we are not returning upon comparing "uri" vs none, when we should be because we've ||ed a bunch of comparisons together in our operator.

Given we use it in every map/set of TSentry(Privilege,Authorizable) thanks to our usage of auto-gened Thrift, we should fix this ASAP.

Attachments

Activity

People

Assignee:: Andrew Wong

Reporter:: Andrew Wong

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 13/Jun/19 06:40

Updated:: 14/Jun/19 07:54

Resolved:: 14/Jun/19 07:54