Google Git
Sign in
apache / kudu / bf7a9535a264c7579bd783a7136bf3becb1a37a9
commitbf7a9535a264c7579bd783a7136bf3becb1a37a9[log] [tgz]
authorAlexey Serbin <alexey@apache.org>Tue May 25 00:05:36 2021 -0700
committerAlexey Serbin <aserbin@cloudera.com>Wed May 26 19:32:12 2021 +0000
treefbbcddcc68fe83e25c31c15f5c8ca7c709223dda
parenteda678de47856910c3b2aaef6e0e9e11473eb5ff [diff]
[txn_manager] allow a super user to call txn-related RPCs

Since we are planning to use transactional operations in kudu CLI tools
(e.g., in 'kudu perf loadgen'), it makes sense to allow txn-related RPCs
to be invoked by a super user as well since some kudu CLI tools are often
run under such credentials.  This patch changes the RPC-level coarse authz
settings for all methods in the TxnManagerService accordingly.

I also had a version of this patch where a service user was able to call
txn API as well, but it turned out that TabletServerService API isn't
accessible to service users, e.g. TabletServerService::Write() is
accessible only to regular and super users.  With that, I don't quite see
the necessity of allowing a service user to call txn API.

Change-Id: I21e4b29634fd01f0ced80b54373b1ce156e274ad
Reviewed-on: http://gerrit.cloudera.org:8080/17510
Tested-by: Alexey Serbin <aserbin@cloudera.com>
Reviewed-by: Andrew Wong <awong@cloudera.com>
2 files changed
tree: fbbcddcc68fe83e25c31c15f5c8ca7c709223dda
  1. build-support/
  2. cmake_modules/
  3. docker/
  4. docs/
  5. examples/
  6. java/
  7. kubernetes/
  8. python/
  9. src/
  10. thirdparty/
  11. www/
  12. .dockerignore
  13. .gitignore
  14. .ycm_extra_conf.py
  15. CMakeLists.txt
  16. CONTRIBUTING.adoc
  17. LICENSE.txt
  18. NOTICE.txt
  19. README.adoc
  20. RELEASING.adoc
  21. version.txt