Andrew Wong has posted comments on this change. ( http://gerrit.cloudera.org:8080/13013 )
Change subject: WIP master: use AuthzProvider to generate authz tokens ...................................................................... Patch Set 4: (1 comment) http://gerrit.cloudera.org:8080/#/c/13013/4/src/kudu/master/catalog_manager.cc File src/kudu/master/catalog_manager.cc: http://gerrit.cloudera.org:8080/#/c/13013/4/src/kudu/master/catalog_manager.cc@2762 PS4, Line 2762: RETURN_NOT_OK(token_signer->GenerateAuthzToken( > Sorry for not being clear; I was referring to the crypto aspect of token ge Ah, yeah I don't think token caching should be a thing. It might make sense to quell the thundering herd, if all that signing slows us down, but keep in mind that each token has its own expiration time. For requests that come in really close to each other, I suppose we could cache, and have a really short TTL on the cache eg on the order of seconds, but 1) not sure what the cache key would be (the TablePrivilegePB? the user/table? If the latter, why'd we bother caching in the provider?), and 2) seems complicated, not sure if it's worth the work or the complexity. -- To view, visit http://gerrit.cloudera.org:8080/13013 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ic5404d6437699bc6c7c8bb0e530b202109e8f166 Gerrit-Change-Number: 13013 Gerrit-PatchSet: 4 Gerrit-Owner: Andrew Wong <aw...@cloudera.com> Gerrit-Reviewer: Adar Dembo <a...@cloudera.com> Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com> Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com> Gerrit-Reviewer: Hao Hao <hao....@cloudera.com> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Tidy Bot (241) Gerrit-Comment-Date: Mon, 15 Apr 2019 05:07:06 +0000 Gerrit-HasComments: Yes