[kudu-CR] KUDU-2543 pt 1: basic checks for authz tokens

Wed, 02 Jan 2019 22:09:39 -0800 

Alexey Serbin has posted comments on this change. ( 
http://gerrit.cloudera.org:8080/11751 )

Change subject: KUDU-2543 pt 1: basic checks for authz tokens
......................................................................


Patch Set 8:

(2 comments)

http://gerrit.cloudera.org:8080/#/c/11751/8/src/kudu/rpc/rpc_header.proto
File src/kudu/rpc/rpc_header.proto:

http://gerrit.cloudera.org:8080/#/c/11751/8/src/kudu/rpc/rpc_header.proto@335
PS8, Line 335: The connection is no
             :     // longer authenticated, so the client should obtain a new 
authn token and
             :     // reconnect.
I'm not sure that adds any clarify or useful information.  IIRC, in KRPC the 
authenticity of a peer is verified during connection negotiation, and once a 
connection negotiation successfully completed, we never send 
FATAL_INVALID_AUTHENTICATION_TOKEN after that over the connection because the 
authn token is not present in further communications over an negotiated 
connection.  I.e., there cannot be a situation that first connection was 
authenticated, but after some time it becomes 'no longer authenticated'.


http://gerrit.cloudera.org:8080/#/c/11751/8/src/kudu/tserver/tablet_service.cc
File src/kudu/tserver/tablet_service.cc:

http://gerrit.cloudera.org:8080/#/c/11751/8/src/kudu/tserver/tablet_service.cc@421
PS8, Line 421: failed to authorize token
nit: I'm not sure that's semantically correct -- tokens do not need 
authorization, usually some actions/operations need that.  Maybe, report "token 
verification failure" instead?



--
To view, visit http://gerrit.cloudera.org:8080/11751
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I99555e0ab2d09d4abcbc12b1100658a9a17590f4
Gerrit-Change-Number: 11751
Gerrit-PatchSet: 8
Gerrit-Owner: Andrew Wong <[email protected]>
Gerrit-Reviewer: Adar Dembo <[email protected]>
Gerrit-Reviewer: Alexey Serbin <[email protected]>
Gerrit-Reviewer: Andrew Wong <[email protected]>
Gerrit-Reviewer: Hao Hao <[email protected]>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Reviewer: Tidy Bot (241)
Gerrit-Comment-Date: Thu, 03 Jan 2019 06:09:01 +0000
Gerrit-HasComments: Yes

Reply via email to