Todd Lipcon created KUDU-2540:
---------------------------------
Summary: Authorization failures on exactly-once RPCs cause FATAL
Key: KUDU-2540
URL: https://issues.apache.org/jira/browse/KUDU-2540
Project: Kudu
Issue Type: Bug
Components: rpc, security
Affects Versions: 1.7.1, 1.6.0, 1.5.0, 1.4.0, 1.3.1
Reporter: Todd Lipcon
If authorization fails on an RPC with result-tracking enabled (eg
TabletService.Write) then the ResultTracker will FATAL. The issue is that the
authz method is called prior to registering the request on the ResultTracker,
and the authz method then tries to call RespondFailure(). This triggers code in
the ResultTracker which tries to look up the RPC and fails because it wasn't
registered. The error is something like "couldn't find ClientState for request"
One fix would be for the authz method to be called after registering the
request tracker, but [~danburkert] had some concerns about that back in the
review https://gerrit.cloudera.org/c/4897/ . Another fix might be to remember
in the RpcContext whether the RPC has been registered yet, and if not,
short-circuit the call back into ResultTracker.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
