You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ozone.apache.org by "Zita Dombi (Jira)" <ji...@apache.org> on 2022/09/20 15:44:00 UTC

[jira] [Created] (HDDS-7240) List all volume operation should go through ACL check as well in order to trigger audit logging

Zita Dombi created HDDS-7240:
--------------------------------

             Summary: List all volume operation should go through ACL check as well in order to trigger audit logging
                 Key: HDDS-7240
                 URL: https://issues.apache.org/jira/browse/HDDS-7240
             Project: Apache Ozone
          Issue Type: Bug
            Reporter: Zita Dombi


The list all volume operation at the moment only goes through the ACL check if the list all volume is not enabled ({{{}ozone.om.volume.listall.allowed{}}}).
{code:java}
if (!allowListAllVolumes) {
  // Only admin can list all volumes when disallowed in config
  if (isAclEnabled) {
    checkAcls(ResourceType.VOLUME, StoreType.OZONE, ACLType.LIST,
      OzoneConsts.OZONE_ROOT, null, null);
  }
}
return volumeManager.listVolumes(null, prefix, prevKey, maxKeys);{code}
With this the audit logging is not triggered if the list all volumes is enabled. We can remove the [if condition|https://github.com/apache/ozone/blob/master/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java#L2712], so the ACL check gets called in every case and the audit logging will happen.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org