[jira] [Commented] (HBASE-16311) Audit log for delete snapshot operation is missing in case of snapshot owner deleting the same

Thu, 25 Aug 2016 10:43:09 -0700 

    [ 
https://issues.apache.org/jira/browse/HBASE-16311?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15437305#comment-15437305
 ] 

Yi Liang commented on HBASE-16311:
----------------------------------

[~mbertozzi], have a question about errors in the 
hadoop.hbase.security.access.TestAccessController 
in the test code, the 'snapshot' parameter in clone action has been set as 
'NULL' on purpose, that's why not pass test, but all other action such as 
listsnapshot, and deletesnapshot, their snapshot parameter are not set null.  
However, in its original code,all the Accesscontroller#preXXXSnapshot method 
have not deal with situation when 'snapshot' parameter is 'NULL'

code below is in the  hadoop.hbase.security.access.TestAccessController, where 
the programmer set snapshot name as null in cloneAction on purpose. 
{code}  
2052 AccessTestAction cloneAction = new AccessTestAction() {
2053      @Override
2054      public Object run() throws Exception {
2055        
ACCESS_CONTROLLER.preCloneSnapshot(ObserverContext.createAndPrepare(CP_ENV, 
null),
2056          null, null);
2057        return null;
2058      }
2059  };
{code}

code below is  in Accesscontroller#preXXXSnapshot,where the programmer did not 
deal with snapshot parameter as null, and all other preXXX are not deal with 
null snapshot as well
{code}
1335  @Override
1336  public void preCloneSnapshot(final 
ObserverContext<MasterCoprocessorEnvironment> ctx,
1337      final SnapshotDescription snapshot, final HTableDescriptor 
hTableDescriptor)
1338      throws IOException {
1339    requirePermission(getActiveUser(ctx), "clone " + snapshot.getName(), 
Action.ADMIN);
1340  }
{code}

do you think I need to change the code to deal with null snapshot parameter, 
which has lot of works; or I just easily change the cloneAction parameter to a 
non-null snapshot in test code. 

Or do you know anybody who is familiar with this part of code, we can ask his 
advice. Thanks 



> Audit log for delete snapshot operation is missing in case of snapshot owner 
> deleting the same
> ----------------------------------------------------------------------------------------------
>
>                 Key: HBASE-16311
>                 URL: https://issues.apache.org/jira/browse/HBASE-16311
>             Project: HBase
>          Issue Type: Sub-task
>          Components: snapshots
>    Affects Versions: 2.0.0
>            Reporter: Abhishek Kumar
>            Assignee: Yi Liang
>            Priority: Minor
>             Fix For: 2.0.0
>
>         Attachments: HBASE-16311-V1.patch, HBASE-16311-V2.patch
>
>
> 1. Audit log seems to be left as a TODO task in AccessController.java:
> {code}
>   @Override
>   public void preDeleteSnapshot(final 
> ObserverContext<MasterCoprocessorEnvironment> ctx,
>       final SnapshotDescription snapshot) throws IOException {
>     if (SnapshotDescriptionUtils.isSnapshotOwner(snapshot, getActiveUser())) {
>       // Snapshot owner is allowed to delete the snapshot
>       // TODO: We are not logging this for audit
>     } else {
>       requirePermission("deleteSnapshot", Action.ADMIN);
>     }
>   }
> {code}
> 2. Also, snapshot name is not getting logged in the audit logs.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to