[
https://issues.apache.org/jira/browse/HDFS-12300?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16149738#comment-16149738
]
Ravi Prakash commented on HDFS-12300:
-------------------------------------
Hi Xiao! Thanks a lot for your effort on this.
Is the performance overhead of reflection appreciable over here? Should
different modules really be decoding tokens? I'm not sure I understand why we
don't audit log when some exceptions are thrown and not others. But that is not
related to this JIRA.
Otherwise patch looks good to me.
> Audit-log delegation token related operations
> ---------------------------------------------
>
> Key: HDFS-12300
> URL: https://issues.apache.org/jira/browse/HDFS-12300
> Project: Hadoop HDFS
> Issue Type: Improvement
> Components: namenode
> Affects Versions: 0.22.0
> Reporter: Xiao Chen
> Assignee: Xiao Chen
> Attachments: HDFS-12300.01.patch
>
>
> When inspecting the code, I found that the following methods in FSNamesystem
> are not audit logged:
> - getDelegationToken
> - renewDelegationToken
> - cancelDelegationToken
> The audit log itself does have a logTokenTrackingId field to additionally log
> some details when a token is used for authentication.
> After emailing the community, we should add that.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
