[SENTRY-1474] createSentryRole() isn't thread-safe - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Not A Bug
Affects Version/s: 1.7.0, 2.0.0
Fix Version/s: None
Component/s: Core
Labels:
None

Description

Here is the function createSentryRole():

  public CommitContext createSentryRole(String roleName)
      throws SentryAlreadyExistsException, SentryStandbyException {
    boolean rollbackTransaction = true;
    PersistenceManager pm = null;
    try {
      pm = openTransaction();
      createSentryRoleCore(pm, roleName);
      CommitContext commit = commitUpdateTransaction(pm);
      rollbackTransaction = false;
      return commit;
    } finally {
       ...
    }
  }

And here is createSentryRoleCore():

  private void createSentryRoleCore(PersistenceManager pm, String roleName)
      throws SentryAlreadyExistsException {
    String trimmedRoleName = trimAndLower(roleName);
    MSentryRole mSentryRole = getMSentryRole(pm, trimmedRoleName);
    if (mSentryRole == null) {
      MSentryRole mRole = new MSentryRole(trimmedRoleName, System.currentTimeMillis());
      pm.makePersistent(mRole);
    } else {
      throw new SentryAlreadyExistsException("Role: " + trimmedRoleName);
    }
  }

The problem is that after the call to getMSentryRole() the role can be added by another thread. So we will successfully add two instances of a role with the same name. After that calls to getMSentryRole() with this name will fail because we have two instances with the same name.

Attachments

Issue Links

blocks

SENTRY-872 Uber jira for HMS HA + Sentry HA redesign

Resolved

Activity

People

Assignee:: Alex Leblang

Reporter:: Alex Kolbasov

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 18/Sep/16 20:56

Updated:: 24/Jul/17 15:36

Resolved:: 26/Sep/16 20:26