-
Type:
Bug
-
Status: Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 1.3.0
-
Fix Version/s: 1.4.0
-
Component/s: None
-
Labels:None
The Sentry Policy Service does not treat role names as case insensitive. Role names are always stored in lowercase, but the checks to see if a role exists are done in a case sensitive fashion. This leads to lots of errors about roles not existing when they actually do.
For example:
SentryPolicyServiceClient client = new SentryPolicyServiceClient(conf); Set<String> userGroupNames = Sets.newHashSet(); userGroupNames.add("lskuff"); String roleName = "newRole"; client.createRole("lskuff", userGroupNames, roleName); // Fails with role does not exist error message since "newRole" is stored as "newrole" client.grantRoleToGroup("lskuff", userGroupNames, "lskuff", roleName); org.apache.sentry.provider.db.SentryNoSuchObjectException: Role: TAlterSentryRoleAddGroupsRequest(protocol_version:1, requestorUserName:lskuff, requestorGroupNames:[lskuff], roleName:newRole, groups:[TSentryGroup(groupName:lskuff)]) does not exist.. Server Stacktrace: org.apache.sentry.provider.db.SentryNoSuchObjectException: Role: newRole at org.apache.sentry.provider.db.service.persistent.SentryStore.alterSentryRoleAddGroups(SentryStore.java:435)