Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/17529 )
Change subject: KUDU-2612 allow system user to read list of table replicas ...................................................................... Patch Set 1: (3 comments) http://gerrit.cloudera.org:8080/#/c/17529/1/src/kudu/integration-tests/ts_authz-itest.cc File src/kudu/integration-tests/ts_authz-itest.cc: http://gerrit.cloudera.org:8080/#/c/17529/1/src/kudu/integration-tests/ts_authz-itest.cc@705 PS1, Line 705: opts.num_tablet_servers = 3; > I'm fairly confident that's the case -- follower replicas don't perform aut Done http://gerrit.cloudera.org:8080/#/c/17529/1/src/kudu/integration-tests/ts_authz-itest.cc@713 PS1, Line 713: TEST_P(TSAuthzTxnOpsITest, BasicOpsOnEmptyTransactions) { > nit: if it's more convenient, TestWorkload might be worth trying out for th It might be more convenient if that wasn't about using MANUAL_FLUSH and don't flushing before calling KuduTransaction::Commit() in one of these scenarios. Also, it's necessary to create a table under different user credentials compared with credentials used for INSERT operations. I guess we don't want to give a test user all creds on the database level to avoid missing any issues in case of finer-grained cases like we have here. http://gerrit.cloudera.org:8080/#/c/17529/1/src/kudu/master/catalog_manager.cc File src/kudu/master/catalog_manager.cc: http://gerrit.cloudera.org:8080/#/c/17529/1/src/kudu/master/catalog_manager.cc@5536 PS1, Line 5536: && !master_->IsServiceUserOrSuperUser(*user)) { : // Acquire the table lock and then check that the user is authorized to operate on : // the table that the tablet belongs to. : TableMetadataLock table_lock(tablet_info->table().get(), LockMode::READ); > Ah indeed, I missed the context that this was for getting tablet locations Thank you for the feedback! -- To view, visit http://gerrit.cloudera.org:8080/17529 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I26f06af17e5ee85522e2ef867d41cf0f3ddbe5d5 Gerrit-Change-Number: 17529 Gerrit-PatchSet: 1 Gerrit-Owner: Alexey Serbin <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Andrew Wong <[email protected]> Gerrit-Reviewer: Grant Henke <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Comment-Date: Tue, 01 Jun 2021 21:55:52 +0000 Gerrit-HasComments: Yes
