Google Git
Sign in
apache / kudu / 4e724988fb9dc6eeb8cd4b91f46760a03cfa5fde
commit4e724988fb9dc6eeb8cd4b91f46760a03cfa5fde[log] [tgz]
authorAlexey Serbin <alexey@apache.org>Sat May 29 11:49:46 2021 -0700
committerAlexey Serbin <aserbin@cloudera.com>Wed Jun 02 00:43:47 2021 +0000
treeb65c7cc45f13db341bcb9e01f885de52b63d8f1b
parent0a8c84a53b4bbe916f9afca3280eb863840ece2a [diff]
KUDU-2612 allow system user to read list of table replicas

It turned out that txn system client wasn't able to send BEGIN_COMMIT to
participating tablets if fine-grained authz is enabled.  Its request to
get the list of tablets for a table was rejected: the system user isn't
granted the METADATA privilege on any of user tables, of course.

This patch addresses that deficiency, bypassing the fine-grained authz
for the MasterService::GetTabletLocations() RPC if the caller is a
service- or super-user.  In addition, tests are added to make sure the
multi-row transaction API works as expected even in the presence of
fine-grained authorization.

Change-Id: I26f06af17e5ee85522e2ef867d41cf0f3ddbe5d5
Reviewed-on: http://gerrit.cloudera.org:8080/17529
Tested-by: Alexey Serbin <aserbin@cloudera.com>
Reviewed-by: Andrew Wong <awong@cloudera.com>
2 files changed
tree: b65c7cc45f13db341bcb9e01f885de52b63d8f1b
  1. build-support/
  2. cmake_modules/
  3. docker/
  4. docs/
  5. examples/
  6. java/
  7. kubernetes/
  8. python/
  9. src/
  10. thirdparty/
  11. www/
  12. .dockerignore
  13. .gitignore
  14. .ycm_extra_conf.py
  15. CMakeLists.txt
  16. CONTRIBUTING.adoc
  17. LICENSE.txt
  18. NOTICE.txt
  19. README.adoc
  20. RELEASING.adoc
  21. version.txt