Vihang Karajgaonkar created IMPALA-8550:
-------------------------------------------
Summary: Sentry refresh privileges has race conditions
Key: IMPALA-8550
URL: https://issues.apache.org/jira/browse/IMPALA-8550
Project: IMPALA
Issue Type: Bug
Reporter: Vihang Karajgaonkar
Recently, I encountered a race condition in \{{SentryProxy}}'s
refreshSentryAuthorization loop. The race happens when Sentry server is slow to
update its information based on changes in HMS. Consider the following scenario:
# Impala session from user A creates a database/table.
# AuthorizationManager will updateDatabaseOwnerPrivilege
[here|[https://github.com/apache/impala/blob/master/fe/src/main/java/org/apache/impala/service/CatalogOpExecutor.java#L1159]]
Note that this add adds the user privilege in Catalog's cache out-of-band
(without confirming that Sentry has added this privilege in its database)
# Assume that Sentry is slow to update its database of roles/privileges.
(Actually depending on the timing of these events, it doesn't really matter but
likely increases if Sentry is slow.
# The refreshSentryAuthorization loop is triggered based on a configured
interval
[here|[https://github.com/apache/impala/blob/master/fe/src/main/java/org/apache/impala/authorization/sentry/SentryProxy.java#L174]].
Since Sentry has not yet updated its database of the owner information, this
loop will remove the privilege from Catalog. Any subsequent SQL which requires
privileges will fail until Sentry is synced and refresh loop adds this
privilege again the catalog cache.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
