[
https://issues.apache.org/jira/browse/HDFS-12300?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16152076#comment-16152076
]
Xiao Chen commented on HDFS-12300:
----------------------------------
I tried to backport to branch-2, which isn't too hard. But
{{DelegationTokenIdentifier#toStringStable}} was added by HDFS-9732, which is
very messy to get backported, according to Yongjun's
[comment|https://issues.apache.org/jira/browse/HDFS-9732?focusedCommentId=15287588&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-15287588].
(Also roughly tried myself, HDFS-5570 is a source of headache, where
{{DelegationTokenFetcher}} was largely modified)
So for this reason I will resolve this as branch-3 only, and link to HDFS-9732
as a dependent.
Thanks again Ravi!
> Audit-log delegation token related operations
> ---------------------------------------------
>
> Key: HDFS-12300
> URL: https://issues.apache.org/jira/browse/HDFS-12300
> Project: Hadoop HDFS
> Issue Type: Improvement
> Components: namenode
> Affects Versions: 0.22.0
> Reporter: Xiao Chen
> Assignee: Xiao Chen
> Fix For: 3.0.0-beta1
>
> Attachments: HDFS-12300.01.patch, HDFS-12300.02.patch
>
>
> When inspecting the code, I found that the following methods in FSNamesystem
> are not audit logged:
> - getDelegationToken
> - renewDelegationToken
> - cancelDelegationToken
> The audit log itself does have a logTokenTrackingId field to additionally log
> some details when a token is used for authentication.
> After emailing the community, we should add that.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
