Greg Solovyev has posted comments on this change. ( http://gerrit.cloudera.org:8080/12653 )
Change subject: WIP [master] introduced SentryAuthzCache ...................................................................... Patch Set 1: (1 comment) http://gerrit.cloudera.org:8080/#/c/12653/1/src/kudu/master/sentry_authz_provider.cc File src/kudu/master/sentry_authz_provider.cc: http://gerrit.cloudera.org:8080/#/c/12653/1/src/kudu/master/sentry_authz_provider.cc@319 PS1, Line 319: if (PREDICT_TRUE(cache_)) { If I am reading this correctly, when cache is enabled and a privilege is not in the cache, Kudu will deny the action. When Sentry has more privileges than Kudu's cache capacity Kudu will incorrectly denying actions due to cache miss rather than due to configured privilege. Is this the behavior we want by design? -- To view, visit http://gerrit.cloudera.org:8080/12653 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: If377cd4a7bae481ffc9a6950cb26862b66e9bab5 Gerrit-Change-Number: 12653 Gerrit-PatchSet: 1 Gerrit-Owner: Alexey Serbin <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Andrew Wong <[email protected]> Gerrit-Reviewer: Greg Solovyev <[email protected]> Gerrit-Reviewer: Hao Hao <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Comment-Date: Mon, 18 Mar 2019 18:40:08 +0000 Gerrit-HasComments: Yes
