[KUDU-2769] Investigate NotAuthorized responses from Sentry on ListPrivilegesByUser in case of non-existent user - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Resolved
Priority: Major
Resolution: Won't Fix
Affects Version/s: None
Fix Version/s: NA
Component/s: None
Labels:
None

Description

It would be nice to clarify on the behavior of both Sentry and Kudu's wrapper around Sentry's HA client in src/kudu/thrift/client.h in the case when retrieving privileges for a non-existent user. Right now it seems Sentry responds with something that HaClient converts into Status::NotAuthorized, and that error causes the client to re-connect to the Sentry service (which is sub-optimal?). So, a couple of questions to clarify:

Is it a legit behavior from the Sentry side to responds with something that's converted into Status::NotAuthorized by the HaClient?
Is it really necessary for the HaClien to reconnect to Sentry upon 'sensing' Status::NotAuthorized status code from Sentry?

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Alexey Serbin

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 09/Apr/19 17:46

Updated:: 03/Jun/20 14:43

Resolved:: 03/Jun/20 14:43