You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@impala.apache.org by "Vihang Karajgaonkar (JIRA)" <ji...@apache.org> on 2019/05/15 01:29:00 UTC

[jira] [Created] (IMPALA-8550) Sentry refresh privileges has race conditions

Vihang Karajgaonkar created IMPALA-8550:
-------------------------------------------

             Summary: Sentry refresh privileges has race conditions
                 Key: IMPALA-8550
                 URL: https://issues.apache.org/jira/browse/IMPALA-8550
             Project: IMPALA
          Issue Type: Bug
            Reporter: Vihang Karajgaonkar


Recently, I encountered a race condition in \{{SentryProxy}}'s refreshSentryAuthorization loop. The race happens when Sentry server is slow to update its information based on changes in HMS. Consider the following scenario:
 # Impala session from user A creates a database/table.
 # AuthorizationManager will updateDatabaseOwnerPrivilege [here|[https://github.com/apache/impala/blob/master/fe/src/main/java/org/apache/impala/service/CatalogOpExecutor.java#L1159]] Note that this add adds the user privilege in Catalog's cache out-of-band (without confirming that Sentry has added this privilege in its database)
 # Assume that Sentry is slow to update its database of roles/privileges. (Actually depending on the timing of these events, it doesn't really matter but likely increases if Sentry is slow.
 # The refreshSentryAuthorization loop is triggered based on a configured interval [here|[https://github.com/apache/impala/blob/master/fe/src/main/java/org/apache/impala/authorization/sentry/SentryProxy.java#L174]]. Since Sentry has not yet updated its database of the owner information, this loop will remove the privilege from Catalog. Any subsequent SQL which requires privileges will fail until Sentry is synced and refresh loop adds this privilege again the catalog cache.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)