Alexey Serbin has uploaded this change for review. ( http://gerrit.cloudera.org:8080/17532
Change subject: KUDU-2612 allow system user to read list of table replicas ...................................................................... KUDU-2612 allow system user to read list of table replicas It turned out that txn system client wasn't able to send BEGIN_COMMIT to participating tablets if fine-grained authz is enabled. Its request to get the list of tablets for a table was rejected: the system user isn't granted the METADATA privilege on any of user tables, of course. This patch addresses that deficiency, bypassing the fine-grained authz for the MasterService::GetTabletLocations() RPC if the caller is a service- or super-user. In addition, tests are added to make sure the multi-row transaction API works as expected even in the presence of fine-grained authorization. Change-Id: I26f06af17e5ee85522e2ef867d41cf0f3ddbe5d5 Reviewed-on: http://gerrit.cloudera.org:8080/17529 Tested-by: Alexey Serbin <[email protected]> Reviewed-by: Andrew Wong <[email protected]> (cherry picked from commit 4e724988fb9dc6eeb8cd4b91f46760a03cfa5fde) --- M src/kudu/integration-tests/ts_authz-itest.cc M src/kudu/master/catalog_manager.cc 2 files changed, 273 insertions(+), 10 deletions(-) git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/32/17532/1 -- To view, visit http://gerrit.cloudera.org:8080/17532 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: branch-1.15.x Gerrit-MessageType: newchange Gerrit-Change-Id: I26f06af17e5ee85522e2ef867d41cf0f3ddbe5d5 Gerrit-Change-Number: 17532 Gerrit-PatchSet: 1 Gerrit-Owner: Alexey Serbin <[email protected]>
