[
https://issues.apache.org/jira/browse/HDDS-1768?focusedWorklogId=294428&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-294428
]
ASF GitHub Bot logged work on HDDS-1768:
----------------------------------------
Author: ASF GitHub Bot
Created on: 14/Aug/19 04:07
Start Date: 14/Aug/19 04:07
Worklog Time Spent: 10m
Work Description: dchitlangia commented on pull request #1204: HDDS-1768.
Audit xxxAcl methods in OzoneManager
URL: https://github.com/apache/hadoop/pull/1204#discussion_r313697013
##########
File path:
hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
##########
@@ -2999,23 +3016,36 @@ public OmKeyInfo lookupFile(OmKeyArgs args) throws
IOException {
*/
@Override
public boolean addAcl(OzoneObj obj, OzoneAcl acl) throws IOException {
- if(isAclEnabled) {
- checkAcls(obj.getResourceType(), obj.getStoreType(), ACLType.WRITE_ACL,
- obj.getVolumeName(), obj.getBucketName(), obj.getKeyName());
- }
- // TODO: Audit ACL operation.
- switch (obj.getResourceType()) {
- case VOLUME:
- return volumeManager.addAcl(obj, acl);
- case BUCKET:
- return bucketManager.addAcl(obj, acl);
- case KEY:
- return keyManager.addAcl(obj, acl);
- case PREFIX:
- return prefixManager.addAcl(obj, acl);
- default:
- throw new OMException("Unexpected resource type: " +
- obj.getResourceType(), INVALID_REQUEST);
+ boolean auditSuccess = true;
+
+ try{
+ if(isAclEnabled) {
+ checkAcls(obj.getResourceType(), obj.getStoreType(), ACLType.WRITE_ACL,
+ obj.getVolumeName(), obj.getBucketName(), obj.getKeyName());
+ }
+ switch (obj.getResourceType()) {
+ case VOLUME:
+ return volumeManager.addAcl(obj, acl);
+ case BUCKET:
+ return bucketManager.addAcl(obj, acl);
+ case KEY:
+ return keyManager.addAcl(obj, acl);
+ case PREFIX:
+ return prefixManager.addAcl(obj, acl);
+ default:
+ throw new OMException("Unexpected resource type: " +
+ obj.getResourceType(), INVALID_REQUEST);
+ }
+ } catch(Exception ex) {
+ auditSuccess = false;
+ auditAcl(obj, Arrays.asList(acl), OMAction.ADD_ACL,
Review comment:
@bharatviswa504 I think we can skip this one as throughout this class we are
following this approach of using auditSuccess, mostly for code
readability/correctness.
I think we can discuss with @anuengineer on this. If he is onboard with
this change then we can change it across OM, SCM, DN for audit log. Since that
will be a big enough change, we can do that in separate jira. Does that sound
good?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 294428)
Time Spent: 3h (was: 2h 50m)
> Audit xxxAcl methods in OzoneManager
> ------------------------------------
>
> Key: HDDS-1768
> URL: https://issues.apache.org/jira/browse/HDDS-1768
> Project: Hadoop Distributed Data Store
> Issue Type: Sub-task
> Reporter: Ajay Kumar
> Assignee: Dinesh Chitlangia
> Priority: Major
> Labels: pull-request-available
> Time Spent: 3h
> Remaining Estimate: 0h
>
> Audit permission failures from authorizer
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
