[ https://issues.apache.org/jira/browse/HBASE-27528?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Beibei Zhao updated HBASE-27528: -------------------------------- Issue Type: Bug (was: Improvement) > log duplication issues in MasterRpcServices > ------------------------------------------- > > Key: HBASE-27528 > URL: https://issues.apache.org/jira/browse/HBASE-27528 > Project: HBase > Issue Type: Bug > Components: logging, master, rpc, security > Reporter: Beibei Zhao > Priority: Major > > MasterRpcServices record audit log in privileged operations (grant, revoke) > and vital apis like "execMasterService". > > {code:java} > public ClientProtos.CoprocessorServiceResponse execMasterService(final > RpcController controller, > ...... > String remoteAddress = > RpcServer.getRemoteAddress().map(InetAddress::toString).orElse(""); > User caller = RpcServer.getRequestUser().orElse(null); > AUDITLOG.info("User {} (remote address: {}) master service request for > {}.{}", caller, > remoteAddress, serviceName, methodName); > return CoprocessorRpcUtils.getResponse(execResult, > HConstants.EMPTY_BYTE_ARRAY); > } catch (IOException ie) { > throw new ServiceException(ie); > } > } > {code} > There are many "write" operations like "deleteTable", which may cause > security problems, should also record an audit log. > {code:java} > public DeleteTableResponse deleteTable(RpcController controller, > DeleteTableRequest request) > throws ServiceException { > try { > long procId = > server.deleteTable(ProtobufUtil.toTableName(request.getTableName()), > request.getNonceGroup(), request.getNonce()); > // an audit log is required here. > return DeleteTableResponse.newBuilder().setProcId(procId).build(); > } catch (IOException ioe) { > throw new ServiceException(ioe); > } > } > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)