Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] creating an existing principal role assignment returns 500 instead of 409 #226

Closed
1 task done
TomerHeber opened this issue Aug 28, 2024 · 3 comments · Fixed by #243
Closed
1 task done

[BUG] creating an existing principal role assignment returns 500 instead of 409 #226

TomerHeber opened this issue Aug 28, 2024 · 3 comments · Fixed by #243
Labels
bug Something isn't working

Comments

@TomerHeber
Copy link

Is this a possible security vulnerability?

  • This is NOT a possible security vulnerability

Describe the bug

When I try to assign between a principal role and a principal I get 2xx.
If I try to run the same assignment again (conflict) I will get 5xx.

To Reproduce

  1. Create a principal.
  2. Create a principal role.
  3. Assign role to principal.
  4. Assign role to principal (again).

Actual Behavior

500 error.

{
    "error": {
        "message": "Exception [EclipseLink-4002] (Eclipse Persistence Services - 4.0.3.v202405220658): org.eclipse.persistence.exceptions.DatabaseException\nInternal Exception: org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique constraint \"grant_records_pkey\"\n  Detail: Key (granteecatalogid, privilegecode, granteeid, securableid, securablecatalogid)=(0, 4, 1599, 1149, 0) already exists.\nError Code: 0\nCall: INSERT INTO GRANT_RECORDS (GRANTEECATALOGID, PRIVILEGECODE, GRANTEEID, SECURABLEID, SECURABLECATALOGID, VERSION) VALUES (?, ?, ?, ?, ?, ?)\n\tbind => [0, 4, 1599, 1149, 0, 1]\nQuery: InsertObjectQuery(org.apache.polaris.core.persistence.models.ModelGrantRecord@5780643b)",
        "type": "PersistenceException",
        "code": 500
    }
}

Expected Behavior

409 - conflict.

Additional context

No response

System information

N/A
@TomerHeber TomerHeber added the bug Something isn't working label Aug 28, 2024
@eric-maynard
Copy link
Contributor

Can you share more details on how you hit this?

I configured my Polaris to use a local Postgres instance, purge+bootstrapped it, and then ran the following without seeing an error:

./polaris \
	--access-token 'principal:root;realm:default-realm' \
	catalogs \
	create example_catalog \
	--storage-type file \
	--default-base-location 'file:///tmp/example'

./polaris \
	--access-token 'principal:root;realm:default-realm' \
	principals \
	create \
	example_user

./polaris \
	--access-token 'principal:root;realm:default-realm' \
	principal-roles \
	create \
	example_user_role

./polaris \
	--access-token 'principal:root;realm:default-realm' \
	principal-roles \
	grant \
	--principal example_user \
	example_user_role

./polaris \
	--access-token 'principal:root;realm:default-realm' \
	principal-roles \
	grant \
	--principal example_user \
	example_user_role

@TomerHeber
Copy link
Author

Hi @eric-maynard - my apologies .
I did not mention it.

This is with the EclipseLink plugin.
By the way, the same error occurs with other resources.

@eric-maynard eric-maynard mentioned this issue Sep 3, 2024
Merged
8 tasks
@eric-maynard
Copy link
Contributor

Thanks for clarifying @TomerHeber, I don't know how I missed that. I pushed a PR that should be a simple fix, but I'm going to look at see if there are other places we need a similar fix too. Thanks for filing this!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

When a grant already exists, return the appropriate response eric-maynard/polaris
2 participants
@TomerHeber @eric-maynard