[jira] [Commented] (HADOOP-10756) KMS audit log should consolidate successful similar requests

Wed, 23 Jul 2014 10:02:06 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-10756?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14071958#comment-14071958
 ] 

Alejandro Abdelnur commented on HADOOP-10756:
---------------------------------------------

Arun, seems in the right direction, a few comments after a quick pass:

*KMSAuditAppender.java*:
* {{DelayedEvent}} inner class should be private or package private (for 
testing)
* {{DelayedEvent}}, instead having {{delay}} & {{cTime}} instance vars and 
adding them on {{getDelay()}}, add them in the constructor into a single 
instance var {{exitTime}}
* {{DelayEvent}}, a few methods do not seem being used, {{getEvent()}} and 
{{getKeyName()}}, it seems patch is not complete
* {{KMSAuditInfo}} inner class should be private or package private (for 
testing), this class is not use in the patch
* {{KMSRewritePolicy}} 'accesscount' in the message should be 'accessCount'
* {{wrapAppender()}} local var name {{maskingAppender}} seems wrong
* config setter methods should change state other than setting the property, 
use an init() method to start trheadpoolexecutor and initialize data structures.
* threadpool executor should have named threads
* {{append}}, if a failure comes, we should flush successful log entries before 
writing the failure. this could be done by having a boolean in the queue entry 
that is has been logged, and keep a ref to the queue entry on the accessCount, 
then we don’t have to worry about pursing the queue, which would be expensive.


> KMS audit log should consolidate successful similar requests
> ------------------------------------------------------------
>
>                 Key: HADOOP-10756
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10756
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 3.0.0
>            Reporter: Alejandro Abdelnur
>            Assignee: Arun Suresh
>         Attachments: HADOOP-10756.1.patch
>
>
> Every rejected access should be audited, but successful accesses should be 
> consolidated within a given amount of time if the request is from the same 
> user for he same key. 



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to