Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
1.3.0
-
None
-
None
Description
The Sentry Policy Service does not treat role names as case insensitive. Role names are always stored in lowercase, but the checks to see if a role exists are done in a case sensitive fashion. This leads to lots of errors about roles not existing when they actually do.
For example:
SentryPolicyServiceClient client = new SentryPolicyServiceClient(conf); Set<String> userGroupNames = Sets.newHashSet(); userGroupNames.add("lskuff"); String roleName = "newRole"; client.createRole("lskuff", userGroupNames, roleName); // Fails with role does not exist error message since "newRole" is stored as "newrole" client.grantRoleToGroup("lskuff", userGroupNames, "lskuff", roleName); org.apache.sentry.provider.db.SentryNoSuchObjectException: Role: TAlterSentryRoleAddGroupsRequest(protocol_version:1, requestorUserName:lskuff, requestorGroupNames:[lskuff], roleName:newRole, groups:[TSentryGroup(groupName:lskuff)]) does not exist.. Server Stacktrace: org.apache.sentry.provider.db.SentryNoSuchObjectException: Role: newRole at org.apache.sentry.provider.db.service.persistent.SentryStore.alterSentryRoleAddGroups(SentryStore.java:435)