Hao Hao has posted comments on this change. ( http://gerrit.cloudera.org:8080/13013 )
Change subject: WIP master: use AuthzProvider to generate authz tokens ...................................................................... Patch Set 4: (1 comment) http://gerrit.cloudera.org:8080/#/c/13013/4/src/kudu/master/catalog_manager.cc File src/kudu/master/catalog_manager.cc: http://gerrit.cloudera.org:8080/#/c/13013/4/src/kudu/master/catalog_manager.cc@2755 PS4, Line 2755: Should we send back : // an error that the client can retry, e.g. if Sentry was down? > Yep, Hao and I discussed that a bit in the context of https://gerrit.cloude I don't see return service unavailable will have any side-channel leaks as long as the operation is denied. Though as Kudu tries connection to Sentry if receives network error, so I don't see much needs for Kudu's client to retry again. How do you think? -- To view, visit http://gerrit.cloudera.org:8080/13013 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ic5404d6437699bc6c7c8bb0e530b202109e8f166 Gerrit-Change-Number: 13013 Gerrit-PatchSet: 4 Gerrit-Owner: Andrew Wong <aw...@cloudera.com> Gerrit-Reviewer: Adar Dembo <a...@cloudera.com> Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com> Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com> Gerrit-Reviewer: Hao Hao <hao....@cloudera.com> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Tidy Bot (241) Gerrit-Comment-Date: Fri, 19 Apr 2019 04:52:44 +0000 Gerrit-HasComments: Yes