You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ozone.apache.org by ad...@apache.org on 2022/05/16 12:15:43 UTC
[ozone] branch master updated: HDDS-6742. Audit operation category mismatch (#3407)
This is an automated email from the ASF dual-hosted git repository.
adoroszlai pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ozone.git
The following commit(s) were added to refs/heads/master by this push:
new ed470082e6 HDDS-6742. Audit operation category mismatch (#3407)
ed470082e6 is described below
commit ed470082e650a2ab9ac269e70ad737923bae6cb4
Author: Doroszlai, Attila <64...@users.noreply.github.com>
AuthorDate: Mon May 16 14:15:39 2022 +0200
HDDS-6742. Audit operation category mismatch (#3407)
---
.../hdds/scm/server/SCMBlockProtocolServer.java | 4 +--
.../hdds/scm/server/SCMClientProtocolServer.java | 10 +++----
.../org/apache/hadoop/ozone/om/OzoneManager.java | 34 +++++++---------------
3 files changed, 17 insertions(+), 31 deletions(-)
diff --git a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMBlockProtocolServer.java b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMBlockProtocolServer.java
index fb4ba7db65..c5a80d95f1 100644
--- a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMBlockProtocolServer.java
+++ b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMBlockProtocolServer.java
@@ -309,13 +309,13 @@ public class SCMBlockProtocolServer implements
return scm.getScmHAManager().addSCM(request);
} catch (Exception ex) {
auditSuccess = false;
- AUDIT.logReadFailure(
+ AUDIT.logWriteFailure(
buildAuditMessageForFailure(SCMAction.ADD_SCM, auditMap, ex)
);
throw ex;
} finally {
if (auditSuccess) {
- AUDIT.logReadSuccess(
+ AUDIT.logWriteSuccess(
buildAuditMessageForSuccess(SCMAction.ADD_SCM, auditMap)
);
}
diff --git a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMClientProtocolServer.java b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMClientProtocolServer.java
index 3feca15fd7..2d38331ceb 100644
--- a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMClientProtocolServer.java
+++ b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMClientProtocolServer.java
@@ -687,7 +687,7 @@ public class SCMClientProtocolServer implements
@Override
public void activatePipeline(HddsProtos.PipelineID pipelineID)
throws IOException {
- AUDIT.logReadSuccess(buildAuditMessageForSuccess(
+ AUDIT.logWriteSuccess(buildAuditMessageForSuccess(
SCMAction.ACTIVATE_PIPELINE, null));
scm.getPipelineManager().activatePipeline(
PipelineID.getFromProtobuf(pipelineID));
@@ -697,7 +697,7 @@ public class SCMClientProtocolServer implements
public void deactivatePipeline(HddsProtos.PipelineID pipelineID)
throws IOException {
getScm().checkAdminAccess(getRemoteUser());
- AUDIT.logReadSuccess(buildAuditMessageForSuccess(
+ AUDIT.logWriteSuccess(buildAuditMessageForSuccess(
SCMAction.DEACTIVATE_PIPELINE, null));
scm.getPipelineManager().deactivatePipeline(
PipelineID.getFromProtobuf(pipelineID));
@@ -806,7 +806,7 @@ public class SCMClientProtocolServer implements
@Override
public boolean getReplicationManagerStatus() {
- AUDIT.logWriteSuccess(buildAuditMessageForSuccess(
+ AUDIT.logReadSuccess(buildAuditMessageForSuccess(
SCMAction.GET_REPLICATION_MANAGER_STATUS, null));
return scm.getReplicationManager().isRunning();
}
@@ -815,7 +815,7 @@ public class SCMClientProtocolServer implements
public ReplicationManagerReport getReplicationManagerReport()
throws IOException {
getScm().checkAdminAccess(getRemoteUser());
- AUDIT.logWriteSuccess(buildAuditMessageForSuccess(
+ AUDIT.logReadSuccess(buildAuditMessageForSuccess(
SCMAction.GET_REPLICATION_MANAGER_REPORT, null));
return scm.getReplicationManager().getContainerReport();
}
@@ -938,7 +938,7 @@ public class SCMClientProtocolServer implements
@Override
public boolean getContainerBalancerStatus() {
- AUDIT.logWriteSuccess(buildAuditMessageForSuccess(
+ AUDIT.logReadSuccess(buildAuditMessageForSuccess(
SCMAction.GET_CONTAINER_BALANCER_STATUS, null));
return scm.getContainerBalancer().isBalancerRunning();
}
diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
index 5d2517b677..4e051875d7 100644
--- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
+++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
@@ -3043,12 +3043,12 @@ public final class OzoneManager extends ServiceRuntimeInfoImpl
OmMultipartUploadListParts omMultipartUploadListParts =
keyManager.listParts(bucket.realVolume(), bucket.realBucket(),
keyName, uploadID, partNumberMarker, maxParts);
- AUDIT.logWriteSuccess(buildAuditMessageForSuccess(OMAction
+ AUDIT.logReadSuccess(buildAuditMessageForSuccess(OMAction
.LIST_MULTIPART_UPLOAD_PARTS, auditMap));
return omMultipartUploadListParts;
} catch (IOException ex) {
metrics.incNumListMultipartUploadPartFails();
- AUDIT.logWriteFailure(buildAuditMessageForFailure(OMAction
+ AUDIT.logReadFailure(buildAuditMessageForFailure(OMAction
.LIST_MULTIPART_UPLOAD_PARTS, auditMap, ex));
throw ex;
}
@@ -3068,13 +3068,13 @@ public final class OzoneManager extends ServiceRuntimeInfoImpl
OmMultipartUploadList omMultipartUploadList =
keyManager.listMultipartUploads(bucket.realVolume(),
bucket.realBucket(), prefix);
- AUDIT.logWriteSuccess(buildAuditMessageForSuccess(OMAction
+ AUDIT.logReadSuccess(buildAuditMessageForSuccess(OMAction
.LIST_MULTIPART_UPLOADS, auditMap));
return omMultipartUploadList;
} catch (IOException ex) {
metrics.incNumListMultipartUploadFails();
- AUDIT.logWriteFailure(buildAuditMessageForFailure(OMAction
+ AUDIT.logReadFailure(buildAuditMessageForFailure(OMAction
.LIST_MULTIPART_UPLOADS, auditMap, ex));
throw ex;
}
@@ -3134,12 +3134,12 @@ public final class OzoneManager extends ServiceRuntimeInfoImpl
} catch (Exception ex) {
metrics.incNumLookupFileFails();
auditSuccess = false;
- AUDIT.logWriteFailure(buildAuditMessageForFailure(OMAction.LOOKUP_FILE,
+ AUDIT.logReadFailure(buildAuditMessageForFailure(OMAction.LOOKUP_FILE,
auditMap, ex));
throw ex;
} finally {
if (auditSuccess) {
- AUDIT.logWriteSuccess(buildAuditMessageForSuccess(
+ AUDIT.logReadSuccess(buildAuditMessageForSuccess(
OMAction.LOOKUP_FILE, auditMap));
}
}
@@ -3179,22 +3179,6 @@ public final class OzoneManager extends ServiceRuntimeInfoImpl
}
}
- private void auditAcl(OzoneObj ozoneObj, List<OzoneAcl> ozoneAcl,
- OMAction omAction, Exception ex) {
- Map<String, String> auditMap = ozoneObj.toAuditMap();
- if (ozoneAcl != null) {
- auditMap.put(OzoneConsts.ACL, ozoneAcl.toString());
- }
-
- if (ex == null) {
- AUDIT.logWriteSuccess(
- buildAuditMessageForSuccess(omAction, auditMap));
- } else {
- AUDIT.logWriteFailure(
- buildAuditMessageForFailure(omAction, auditMap, ex));
- }
- }
-
/**
* Returns list of ACLs for given Ozone object.
*
@@ -3227,11 +3211,13 @@ public final class OzoneManager extends ServiceRuntimeInfoImpl
}
} catch (Exception ex) {
auditSuccess = false;
- auditAcl(obj, null, OMAction.GET_ACL, ex);
+ AUDIT.logReadFailure(
+ buildAuditMessageForFailure(OMAction.GET_ACL, obj.toAuditMap(), ex));
throw ex;
} finally {
if (auditSuccess) {
- auditAcl(obj, null, OMAction.GET_ACL, null);
+ AUDIT.logReadSuccess(
+ buildAuditMessageForSuccess(OMAction.GET_ACL, obj.toAuditMap()));
}
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@ozone.apache.org
For additional commands, e-mail: commits-help@ozone.apache.org