[RANGER-1949] KMS getKeys should filter based on name policy - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: kms
Labels:
None

Description

Currently when there are policies that limit users to certain keys, such as "pii*" those users can't call KMS.getKeyNames() even if they have the "getkeys" permission.

This is because the method passes a null down for the key name, which will only match if the user can see all keys. A much better solution would be to filter each key individually and just returns the ones that should be visible. So if they have permission to see "pii*" and the keys were

{"pii", "pii256", and "secret"}

they would get back a list of "pii" and "pii256".

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

RANGER-1949.patch
12/Jan/18 22:20
3 kB
Zsombor Gegesy

Activity

People

Assignee:: Zsombor Gegesy

Reporter:: Owen O'Malley

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 09/Jan/18 15:36

Updated:: 12/Jan/18 22:20