[
https://issues.apache.org/jira/browse/HADOOP-14772?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16143371#comment-16143371
]
Xiao Chen commented on HADOOP-14772:
------------------------------------
After looking at the code, it's kinda understandable why there wasn't audit log
added.
- {{DelegationTokenAuthenticationHandler}} is where we should add it
- That class handles both HTTPFS and KMS so far, and could theoretically handle
other things depending on the filter configuration.
- This jira becomes 'add audit log support for {{AuthenticationHandler}}, then
add a KMS implementation.
- {{KMSAudit}} is does not have any base classes, making generalization
difficult.
Looking at the effort-benefit ratio, perhaps we could just go to kms log to
find those tokens. INFO level kms log isn't as noisy as NameNode, and from
experience I can find the interested token logs from production KMS more than
90% of the time.
Better ideas welcome of course. Otherwise I'll just close as won't fix for
now....
> Audit-log delegation token related operations to the KMS
> --------------------------------------------------------
>
> Key: HADOOP-14772
> URL: https://issues.apache.org/jira/browse/HADOOP-14772
> Project: Hadoop Common
> Issue Type: Improvement
> Components: kms
> Affects Versions: 2.6.0
> Reporter: Xiao Chen
> Assignee: Xiao Chen
>
> When inspecting the code, I found that the following methods are not audit
> logged:
> - getDelegationToken
> - renewDelegationToken
> - cancelDelegationToken
> This jira is to propose add audit logging. A similar jira for HDFS is
> HDFS-12300
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
