Uploaded image for project: 'Kudu'
  1. Kudu
  2. KUDU-2769

Investigate NotAuthorized responses from Sentry on ListPrivilegesByUser in case of non-existent user

    XMLWordPrintableJSON

    Details

    • Type: Task
    • Status: Resolved
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: None
    • Fix Version/s: NA
    • Component/s: None
    • Labels:
      None

      Description

      It would be nice to clarify on the behavior of both Sentry and Kudu's wrapper around Sentry's HA client in src/kudu/thrift/client.h in the case when retrieving privileges for a non-existent user. Right now it seems Sentry responds with something that HaClient converts into Status::NotAuthorized, and that error causes the client to re-connect to the Sentry service (which is sub-optimal?). So, a couple of questions to clarify:

      • Is it a legit behavior from the Sentry side to responds with something that's converted into Status::NotAuthorized by the HaClient?
      • Is it really necessary for the HaClien to reconnect to Sentry upon 'sensing' Status::NotAuthorized status code from Sentry?

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              aserbin Alexey Serbin
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: