Skip to content

Fix policy deletion with commas in quoted fields (#1733)#1739

Open
Jbansal2 wants to merge 1 commit into
apache:masterfrom
Jbansal2:fix/quoted-policy-delete-issue-1733
Open

Fix policy deletion with commas in quoted fields (#1733)#1739
Jbansal2 wants to merge 1 commit into
apache:masterfrom
Jbansal2:fix/quoted-policy-delete-issue-1733

Conversation

@Jbansal2

@Jbansal2 Jbansal2 commented Jul 3, 2026

Copy link
Copy Markdown

This fixes an issue where policies with commas in quoted fields (e.g., ABAC conditions) were not being deleted correctly in batch operations.

Root Cause:

  • Policy hash keys were generated using comma as separator via strings.Join(rule, ',')
  • This created hash collisions when policy fields contained commas
  • Example: ['alice', 'data,file', 'read'] and ['alice', 'data', 'file', 'read'] produced the same hash key 'alice,data,file,read'

Solution:

  • Introduced policyKey() helper function that uses ASCII Unit Separator (\x1f)
  • This character is designed for field separation and won't appear in policy data
  • Updated all policy operations to use policyKey() instead of strings.Join()

Changes:

  • model/policy.go: Added policyKey() and replaced all hash key generation
  • Added comprehensive tests demonstrating the fix
  • All existing tests pass (216 tests)

Fixes #1733

This fixes an issue where policies with commas in quoted fields (e.g., ABAC conditions) were not being deleted correctly in batch operations.

Root Cause:
- Policy hash keys were generated using comma as separator via strings.Join(rule, ',')
- This created hash collisions when policy fields contained commas
- Example: ['alice', 'data,file', 'read'] and ['alice', 'data', 'file', 'read']
  produced the same hash key 'alice,data,file,read'

Solution:
- Introduced policyKey() helper function that uses ASCII Unit Separator (\x1f)
- This character is designed for field separation and won't appear in policy data
- Updated all policy operations to use policyKey() instead of strings.Join()

Changes:
- model/policy.go: Added policyKey() and replaced all hash key generation
- Added comprehensive tests demonstrating the fix
- All existing tests pass (216 tests)

Fixes apache#1733
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Quoted policy conditions with commas: load works, exact batch delete does not remove all rules

1 participant