Hello Kudu Jenkins, Andrew Wong, Grant Henke,
I'd like you to reexamine a change. Please visit
http://gerrit.cloudera.org:8080/17529
to look at the new patch set (#2).
Change subject: KUDU-2612 allow system user to read list of table replicas
......................................................................
KUDU-2612 allow system user to read list of table replicas
It turned out that txn system client wasn't able to send BEGIN_COMMIT to
participating tablets if fine-grained authz is enabled. Its request to
get the list of tablets for a table was rejected: the system user isn't
granted the METADATA privilege on any of user tables, of course.
This patch addresses that deficiency, bypassing the fine-grained authz
for the MasterService::GetTabletLocations() RPC if the caller is a
service- or super-user. In addition, tests are added to make sure the
multi-row transaction API works as expected even in the presence of
fine-grained authorization.
Change-Id: I26f06af17e5ee85522e2ef867d41cf0f3ddbe5d5
---
M src/kudu/integration-tests/ts_authz-itest.cc
M src/kudu/master/catalog_manager.cc
2 files changed, 273 insertions(+), 10 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/29/17529/2
--
To view, visit http://gerrit.cloudera.org:8080/17529
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I26f06af17e5ee85522e2ef867d41cf0f3ddbe5d5
Gerrit-Change-Number: 17529
Gerrit-PatchSet: 2
Gerrit-Owner: Alexey Serbin <[email protected]>
Gerrit-Reviewer: Alexey Serbin <[email protected]>
Gerrit-Reviewer: Andrew Wong <[email protected]>
Gerrit-Reviewer: Grant Henke <[email protected]>
Gerrit-Reviewer: Kudu Jenkins (120)
