[Impala-ASF-CR] IMPALA-13687: Support shared secret key for cookies

Thu, 10 Jul 2025 16:13:44 -0700 

Michael Smith has posted comments on this change. ( 
http://gerrit.cloudera.org:8080/22462 )

Change subject: IMPALA-13687: Support shared secret key for cookies
......................................................................


Patch Set 3:

(3 comments)

http://gerrit.cloudera.org:8080/#/c/22462/3/be/src/rpc/auth-provider.h
File be/src/rpc/auth-provider.h:

http://gerrit.cloudera.org:8080/#/c/22462/3/be/src/rpc/auth-provider.h@179
PS3, Line 179:   std::unique_ptr<AuthenticationHash> hash_;
> When the file-based authentication hash is rotated, there will be a period
That seems like reasonable behavior. I don't recall if that's what this patch 
currently does.


http://gerrit.cloudera.org:8080/#/c/22462/3/be/src/rpc/authentication.cc
File be/src/rpc/authentication.cc:

http://gerrit.cloudera.org:8080/#/c/22462/3/be/src/rpc/authentication.cc@1408
PS3, Line 1408:   if (!FLAGS_cookie_secret_file.empty() && 
FLAGS_max_cookie_lifetime_s > 0) {
I should document why max_cookie_lifetime_s should be non-zero for this.


http://gerrit.cloudera.org:8080/#/c/22462/3/be/src/util/openssl-util.cc
File be/src/util/openssl-util.cc:

http://gerrit.cloudera.org:8080/#/c/22462/3/be/src/util/openssl-util.cc@218
PS3, Line 218:   std::lock_guard<std::mutex> l(key_lock_);
> There is going to be a lot of contention on this lock since each incoming r
Could use a rwlock, or possibly an atomic.



--
To view, visit http://gerrit.cloudera.org:8080/22462
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Ie2e2345f771608069407e9dcf7ed4697fc0214e7
Gerrit-Change-Number: 22462
Gerrit-PatchSet: 3
Gerrit-Owner: Michael Smith <[email protected]>
Gerrit-Reviewer: Impala Public Jenkins <[email protected]>
Gerrit-Reviewer: Jason Fehr <[email protected]>
Gerrit-Reviewer: Joe McDonnell <[email protected]>
Gerrit-Reviewer: Michael Smith <[email protected]>
Gerrit-Reviewer: Yida Wu <[email protected]>
Gerrit-Comment-Date: Thu, 10 Jul 2025 23:13:35 +0000
Gerrit-HasComments: Yes

Reply via email to