[kudu-CR] KUDU-2262: allow Java client to retry if no master is a leader

Tue, 23 Jan 2018 16:20:25 -0800 

Alexey Serbin has posted comments on this change. ( 
http://gerrit.cloudera.org:8080/9088 )

Change subject: KUDU-2262: allow Java client to retry if no master is a leader
......................................................................


Patch Set 1:

(1 comment)

http://gerrit.cloudera.org:8080/#/c/9088/1/java/kudu-client/src/main/java/org/apache/kudu/client/NotAuthorizedException.java
File 
java/kudu-client/src/main/java/org/apache/kudu/client/NotAuthorizedException.java:

http://gerrit.cloudera.org:8080/#/c/9088/1/java/kudu-client/src/main/java/org/apache/kudu/client/NotAuthorizedException.java@23
PS1, Line 23: /**
            :  * Exception indicating that the request failed because is not 
authorized.
            :  * This is a recoverable exception. So the request can be retried 
as long
            :  * as the original call hasn't timed out, for cases documented in 
KUDU-2267,
            :  * e.g. masters are in the process of leader election and does 
not have
            :  * CA signed cert.
            :  */
            : @InterfaceAudience.Private
            : @InterfaceStability.Evolving
            : final class NotAuthorizedException extends RecoverableException {
> Currently we are retrying if non of masters are a leader in case not all re
Yep, I think we should retry on NotAuthorized only if the following is true:
(a) all masters returned NotAuthorized exception
(b) the client has valid 'secondary' authn credentials (such as authn token), 
but it does not have 'primary' authn credentials (such as Kerberos creds)

However, I'm not sure whether that it's easy and appropriate to check for (b) 
in the handler.

Another way of addressing the issue would be making some changes on the server 
side, like dropping connection at the server side if there isn't CA-signed 
certificate yet, but it's just crazy.

So, maybe simply retrying in such cases is not such a bad idea, after all :)

Any other ideas?



--
To view, visit http://gerrit.cloudera.org:8080/9088
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Ia39a8d77cbf58c6f2f1f97eaf5e2e17ac1fa09fa
Gerrit-Change-Number: 9088
Gerrit-PatchSet: 1
Gerrit-Owner: Hao Hao <[email protected]>
Gerrit-Reviewer: Alexey Serbin <[email protected]>
Gerrit-Reviewer: Hao Hao <[email protected]>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Todd Lipcon <[email protected]>
Gerrit-Comment-Date: Wed, 24 Jan 2018 00:19:57 +0000
Gerrit-HasComments: Yes

Reply via email to