Uploaded image for project: 'Kudu'
  1. Kudu
  2. KUDU-2769

Investigate NotAuthorized responses from Sentry on ListPrivilegesByUser in case of non-existent user

    XMLWordPrintableJSON

Details

    • Task
    • Status: Resolved
    • Major
    • Resolution: Won't Fix
    • None
    • NA
    • None
    • None

    Description

      It would be nice to clarify on the behavior of both Sentry and Kudu's wrapper around Sentry's HA client in src/kudu/thrift/client.h in the case when retrieving privileges for a non-existent user. Right now it seems Sentry responds with something that HaClient converts into Status::NotAuthorized, and that error causes the client to re-connect to the Sentry service (which is sub-optimal?). So, a couple of questions to clarify:

      • Is it a legit behavior from the Sentry side to responds with something that's converted into Status::NotAuthorized by the HaClient?
      • Is it really necessary for the HaClien to reconnect to Sentry upon 'sensing' Status::NotAuthorized status code from Sentry?

      Attachments

        Activity

          People

            Unassigned Unassigned
            aserbin Alexey Serbin
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: