You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by we...@apache.org on 2021/04/02 06:07:02 UTC
[hadoop] 01/05: HDFS-15667. Audit log record the unexpected allowed
result when delete (#2437)
This is an automated email from the ASF dual-hosted git repository.
weichiu pushed a commit to branch branch-3.3
in repository https://gitbox.apache.org/repos/asf/hadoop.git
commit 2b207ea4029acbfd88bf69292aeb7b606bf50249
Author: maobaolong <30...@qq.com>
AuthorDate: Tue Nov 10 13:01:10 2020 +0800
HDFS-15667. Audit log record the unexpected allowed result when delete (#2437)
(cherry picked from commit 95c96605b30cc31839a04bd5d4061a2c89e4c09c)
---
.../apache/hadoop/hdfs/server/namenode/FSNamesystem.java | 2 +-
.../hdfs/server/namenode/TestAuditLoggerWithCommands.java | 13 +++++++++++++
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
index 194f1af..ba52441 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
@@ -3256,7 +3256,7 @@ public class FSNamesystem implements Namesystem, FSNamesystemMBean,
throw e;
}
getEditLog().logSync();
- logAuditEvent(true, operationName, src);
+ logAuditEvent(ret, operationName, src);
if (toRemovedBlocks != null) {
removeBlocks(toRemovedBlocks); // Incremental deletion of blocks
}
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuditLoggerWithCommands.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuditLoggerWithCommands.java
index 0814d4a..4d379b1 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuditLoggerWithCommands.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuditLoggerWithCommands.java
@@ -51,6 +51,7 @@ import org.junit.Before;
import org.junit.Test;
import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_ALWAYS_USE_KEY;
import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.assertFalse;
import static org.junit.Assert.fail;
import org.mockito.Mockito;
@@ -1205,6 +1206,18 @@ public class TestAuditLoggerWithCommands {
}
}
+ @Test
+ public void testDeleteRoot() throws Exception {
+ Path srcDir = new Path("/");
+ fileSys = DFSTestUtil.getFileSystemAs(user1, conf);
+ boolean result = fileSys.delete(srcDir, true);
+ fileSys.close();
+ assertFalse(result);
+ String aceDeletePattern =
+ ".*allowed=false.*ugi=theDoctor.*cmd=delete.*";
+ verifyAuditLogs(aceDeletePattern);
+ }
+
private void verifyAuditRestoreFailedStorageACE(
FSNamesystem fsNamesystem, String arg) throws IOException {
String operationName = fsNamesystem.getFailedStorageCommand(arg);
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org