Ashwani Raina has posted comments on this change. ( http://gerrit.cloudera.org:8080/23844 )
Change subject: [tools] Add --preserve_table_ids flag to unsafe_rebuild ...................................................................... Patch Set 6: Code-Review+1 (1 comment) Overall looks good to me. If you can address the question I have raised, that would be great! http://gerrit.cloudera.org:8080/#/c/23844/6//COMMIT_MSG Commit Message: http://gerrit.cloudera.org:8080/#/c/23844/6//COMMIT_MSG@1 PS6, Line 1: Parent: 242b465f ([codegen] relax memory ordering for metric updates) I have a general concern about whether preservation has any impact on implicit invalidation of tokens on server side. Without this patch, the old token with old table id is considered unauthorized (refer CheckMatchingTableIdOrRespond) when new table id is not found to be matching with table id embedded inside old token. With this patch, this implicit invalidation is gone. Maybe this is just a hypothetical scenario, consider a security incident happened followed by a 'master unsafe_rebuild' with preserve flag i.e. all the old table ids remain intact and any subsequent scan from the previous source with old token succeeds when it should have been rejected. I think it boils down to ensuring that preserve table id flag should not be used in cases where security incident has happened. What are your thoughts on this? -- To view, visit http://gerrit.cloudera.org:8080/23844 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I6ae4353564922312d646f0323271d804e32e3b0d Gerrit-Change-Number: 23844 Gerrit-PatchSet: 6 Gerrit-Owner: Yan-Daojiang <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Ashwani Raina <[email protected]> Gerrit-Reviewer: Gabriella Lotz <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Yan-Daojiang <[email protected]> Gerrit-Comment-Date: Fri, 06 Mar 2026 09:57:11 +0000 Gerrit-HasComments: Yes
