bharatviswa504 edited a comment on issue #857: HDDS-1600. Add userName and IPAddress as part of OMRequest. URL: https://github.com/apache/hadoop/pull/857#issuecomment-498325870 > @bharatviswa504 thanks for the patch. On a second thought i wonder why don't we complete authorization on the OM which receives the first request from client, this will save us the trouble of propagating credentials in rest of the call and simplify HA design. We cannot do checkAcls on any OM(which some times might not be leader), because think of a case like setAcl's is not applied on that OM(as it is a follower) but we are performing check Acl's. Discussed offline with @xiaoyuyao and @ajayydv, we cannot take this approach as OM followers can lag leader OM, so it might not have latest changes, if we do check on Non-leader OM, we might see some inconsistent behavior.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
