Alexey Serbin has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/17529 )
Change subject: KUDU-2612 allow system user to read list of table replicas ...................................................................... KUDU-2612 allow system user to read list of table replicas It turned out that txn system client wasn't able to send BEGIN_COMMIT to participating tablets if fine-grained authz is enabled. Its request to get the list of tablets for a table was rejected: the system user isn't granted the METADATA privilege on any of user tables, of course. This patch addresses that deficiency, bypassing the fine-grained authz for the MasterService::GetTabletLocations() RPC if the caller is a service- or super-user. In addition, tests are added to make sure the multi-row transaction API works as expected even in the presence of fine-grained authorization. Change-Id: I26f06af17e5ee85522e2ef867d41cf0f3ddbe5d5 Reviewed-on: http://gerrit.cloudera.org:8080/17529 Tested-by: Alexey Serbin <[email protected]> Reviewed-by: Andrew Wong <[email protected]> --- M src/kudu/integration-tests/ts_authz-itest.cc M src/kudu/master/catalog_manager.cc 2 files changed, 273 insertions(+), 10 deletions(-) Approvals: Alexey Serbin: Verified Andrew Wong: Looks good to me, approved -- To view, visit http://gerrit.cloudera.org:8080/17529 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: merged Gerrit-Change-Id: I26f06af17e5ee85522e2ef867d41cf0f3ddbe5d5 Gerrit-Change-Number: 17529 Gerrit-PatchSet: 3 Gerrit-Owner: Alexey Serbin <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Andrew Wong <[email protected]> Gerrit-Reviewer: Grant Henke <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120)
