Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/9373 )
Change subject: KUDU-2319 follower masters should be able to verify authn tokens ...................................................................... Patch Set 5: (5 comments) http://gerrit.cloudera.org:8080/#/c/9373/6/src/kudu/integration-tests/security-master-auth-itest.cc File src/kudu/integration-tests/security-master-auth-itest.cc: http://gerrit.cloudera.org:8080/#/c/9373/6/src/kudu/integration-tests/security-master-auth-itest.cc@119 PS6, Line 119: ASSERT_LE(0, verifier.GetMaxKnownKeySequenceNumber()); > Shouldn't this be ASSERT_LT? In current implementation, valid TSK sequence numbers start with 0. E.g., below an excerpt from master's log: I0222 19:56:02.962090 139954 catalog_manager.cc:3847] T 00000000000000000000000000000000 P 0139908237bb4734833947c72c0faff3: Generated new TSK 0 http://gerrit.cloudera.org:8080/#/c/9373/6/src/kudu/master/catalog_manager.cc File src/kudu/master/catalog_manager.cc: http://gerrit.cloudera.org:8080/#/c/9373/6/src/kudu/master/catalog_manager.cc@1032 PS6, Line 1032: LOG_WITH_PREFIX(INFO) << kDescription << ": success"; > Consider adding the last key ID to this message. Done http://gerrit.cloudera.org:8080/#/c/9373/6/src/kudu/master/catalog_manager.cc@1040 PS6, Line 1040: static const auto kTskRotationInterval = > 'static const' seems a little fishy here - does this pick up the non-defaul I don't think it's fishy -- this is initialized first time the function is called. That's how static variables work in the function scope, and as far as I remember that's in the C++ standard. By the time this function is called, the flags should have been already initialized with appropriate override of FLAGS_tsk_rotation_seconds, so yes, it picks up the non-default value set via the flag. http://gerrit.cloudera.org:8080/#/c/9373/6/src/kudu/master/catalog_manager.cc@1050 PS6, Line 1050: master_->messenger()->token_verifier().GetMaxKnownKeySequenceNumber() < 0 || : !last_tspk_run->Initialized() > Seems like these first two clauses can be removed if you just initialize 'l That's a good observation -- yep, last_tspk_run is updated only on successful run. http://gerrit.cloudera.org:8080/#/c/9373/6/src/kudu/master/catalog_manager.cc@3875 PS6, Line 3875: LOG_WITH_PREFIX(INFO) << "Read public part of TSK: " << key.key_seq_num(); > This seems like it's going to be pretty chatty, maybe vlog? We're already Good idea! -- To view, visit http://gerrit.cloudera.org:8080/9373 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Idcc92dd4fae3d555af563d86634c07d3d06147a7 Gerrit-Change-Number: 9373 Gerrit-PatchSet: 5 Gerrit-Owner: Alexey Serbin <aser...@cloudera.com> Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com> Gerrit-Reviewer: Dan Burkert <danburk...@apache.org> Gerrit-Reviewer: Hao Hao <hao....@cloudera.com> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Tidy Bot Gerrit-Comment-Date: Fri, 23 Feb 2018 21:49:10 +0000 Gerrit-HasComments: Yes