Uploaded image for project: 'Sentry'
  1. Sentry
  2. SENTRY-177

Sentry Policy Service does not treat role names as case insensitive

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.3.0
    • Fix Version/s: 1.4.0
    • Component/s: None
    • Labels:
      None

      Description

      The Sentry Policy Service does not treat role names as case insensitive. Role names are always stored in lowercase, but the checks to see if a role exists are done in a case sensitive fashion. This leads to lots of errors about roles not existing when they actually do.

      For example:

      SentryPolicyServiceClient client = new SentryPolicyServiceClient(conf);
Set<String> userGroupNames = Sets.newHashSet();
userGroupNames.add("lskuff");

String roleName = "newRole";
client.createRole("lskuff", userGroupNames, roleName);

// Fails with role does not exist error message since "newRole" is stored as "newrole"
client.grantRoleToGroup("lskuff", userGroupNames,
        "lskuff", roleName);

org.apache.sentry.provider.db.SentryNoSuchObjectException: Role: TAlterSentryRoleAddGroupsRequest(protocol_version:1, requestorUserName:lskuff, requestorGroupNames:[lskuff], roleName:newRole, groups:[TSentryGroup(groupName:lskuff)]) does not exist.. Server Stacktrace: org.apache.sentry.provider.db.SentryNoSuchObjectException: Role: newRole
	at org.apache.sentry.provider.db.service.persistent.SentryStore.alterSentryRoleAddGroups(SentryStore.java:435)

        Attachments

        1. SENTRY-177.1.patch
          7 kB
          Sravya Tirukkovalur

          Activity

            People

            • Assignee:
              sravya Sravya Tirukkovalur
              Reporter:
              lskuff Lenni Kuff
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: