Author: jeagles
Date: Tue Apr 29 21:53:36 2014
New Revision: 1591118
URL: http://svn.apache.org/r1591118
Log:
HDFS-6269. NameNode Audit Log should differentiate between webHDFS open and
HDFS open. (Eric Payne via jeagles)
Modified:
hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuditLogs.java
hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestFsck.java
Modified:
hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt?rev=1591118&r1=1591117&r2=1591118&view=diff
==============================================================================
--- hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
(original)
+++ hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
Tue Apr 29 21:53:36 2014
@@ -77,6 +77,9 @@ Release 2.5.0 - UNRELEASED
HDFS-6210. Support GETACLSTATUS operation in WebImageViewer.
(Akira Ajisaka via wheat9)
+ HDFS-6269. NameNode Audit Log should differentiate between webHDFS open and
+ HDFS open. (Eric Payne via jeagles)
+
OPTIMIZATIONS
HDFS-6214. Webhdfs has poor throughput for files >2GB (daryn)
Modified:
hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java?rev=1591118&r1=1591117&r2=1591118&view=diff
==============================================================================
---
hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
(original)
+++
hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
Tue Apr 29 21:53:36 2014
@@ -7759,6 +7759,8 @@ public class FSNamesystem implements Nam
}
sb.append(trackingId);
}
+ sb.append("\t").append("proto=");
+ sb.append(NamenodeWebHdfsMethods.isWebHdfsInvocation() ? "webhdfs" :
"rpc");
logAuditMessage(sb.toString());
}
}
Modified:
hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuditLogs.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuditLogs.java?rev=1591118&r1=1591117&r2=1591118&view=diff
==============================================================================
---
hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuditLogs.java
(original)
+++
hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuditLogs.java
Tue Apr 29 21:53:36 2014
@@ -92,6 +92,9 @@ public class TestAuditLogs {
"perm=.*?");
static final Pattern successPattern = Pattern.compile(
".*allowed=true.*");
+ static final Pattern webOpenPattern = Pattern.compile(
+ ".*cmd=open.*proto=webhdfs.*");
+
static final String username = "bob";
static final String[] groups = { "group1" };
static final String fileName = "/srcdat";
@@ -265,6 +268,22 @@ public class TestAuditLogs {
verifyAuditLogsRepeat(false, 2);
}
+ /** test that open via webhdfs puts proper entry in audit log */
+ @Test
+ public void testAuditWebHdfsOpen() throws Exception {
+ final Path file = new Path(fnames[0]);
+
+ fs.setPermission(file, new FsPermission((short)0644));
+ fs.setOwner(file, "root", null);
+
+ setupAuditLogs();
+
+ WebHdfsFileSystem webfs =
WebHdfsTestUtil.getWebHdfsFileSystemAs(userGroupInfo, conf,
WebHdfsFileSystem.SCHEME);
+ webfs.open(file);
+
+ verifyAuditLogsCheckPattern(true, 3, webOpenPattern);
+ }
+
/** Sets up log4j logger for auditlogs */
private void setupAuditLogs() throws IOException {
Logger logger = ((Log4JLogger) FSNamesystem.auditLog).getLogger();
@@ -328,4 +347,38 @@ public class TestAuditLogs {
reader.close();
}
}
+
+ // Ensure audit log has exactly N entries
+ private void verifyAuditLogsCheckPattern(boolean expectSuccess, int ndupe,
Pattern pattern)
+ throws IOException {
+ // Turn off the logs
+ Logger logger = ((Log4JLogger) FSNamesystem.auditLog).getLogger();
+ logger.setLevel(Level.OFF);
+
+ // Close the appenders and force all logs to be flushed
+ Enumeration<?> appenders = logger.getAllAppenders();
+ while (appenders.hasMoreElements()) {
+ Appender appender = (Appender)appenders.nextElement();
+ appender.close();
+ }
+
+ BufferedReader reader = new BufferedReader(new FileReader(auditLogFile));
+ String line = null;
+ boolean ret = true;
+ boolean patternMatches = false;
+
+ try {
+ for (int i = 0; i < ndupe; i++) {
+ line = reader.readLine();
+ assertNotNull(line);
+ patternMatches |= pattern.matcher(line).matches();
+ ret &= successPattern.matcher(line).matches();
+ }
+ assertNull("Unexpected event in audit log", reader.readLine());
+ assertTrue("Expected audit event not found in audit log",
patternMatches);
+ assertTrue("Expected success=" + expectSuccess, ret == expectSuccess);
+ } finally {
+ reader.close();
+ }
+ }
}
Modified:
hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestFsck.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestFsck.java?rev=1591118&r1=1591117&r2=1591118&view=diff
==============================================================================
---
hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestFsck.java
(original)
+++
hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestFsck.java
Tue Apr 29 21:53:36 2014
@@ -99,13 +99,13 @@ public class TestFsck {
"ugi=.*?\\s" +
"ip=/\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\s" +
"cmd=fsck\\ssrc=\\/\\sdst=null\\s" +
- "perm=null");
+ "perm=null\\s" + "proto=.*");
static final Pattern getfileinfoPattern = Pattern.compile(
"allowed=.*?\\s" +
"ugi=.*?\\s" +
"ip=/\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\s" +
"cmd=getfileinfo\\ssrc=\\/\\sdst=null\\s" +
- "perm=null");
+ "perm=null\\s" + "proto=.*");
static final Pattern numCorruptBlocksPattern = Pattern.compile(
".*Corrupt blocks:\t\t([0123456789]*).*");
