[KUDU-2540] Authorization failures on exactly-once RPCs cause FATAL - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.3.1, 1.4.0, 1.5.0, 1.6.0, 1.7.1
Fix Version/s: 1.6.1, 1.8.0, 1.7.2
Component/s: rpc, security
Labels:
None

Target Version/s:

1.8.0

Description

If authorization fails on an RPC with result-tracking enabled (eg TabletService.Write) then the ResultTracker will FATAL. The issue is that the authz method is called prior to registering the request on the ResultTracker, and the authz method then tries to call RespondFailure(). This triggers code in the ResultTracker which tries to look up the RPC and fails because it wasn't registered. The error is something like "couldn't find ClientState for request"

One fix would be for the authz method to be called after registering the request tracker, but danburkert had some concerns about that back in the review https://gerrit.cloudera.org/c/4897/ . Another fix might be to remember in the RpcContext whether the RPC has been registered yet, and if not, short-circuit the call back into ResultTracker.

Attachments

Activity

People

Assignee:: Dan Burkert

Reporter:: Todd Lipcon

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 14/Aug/18 18:11

Updated:: 05/Dec/19 05:29

Resolved:: 14/Aug/18 22:58