[
https://issues.apache.org/jira/browse/HDDS-12704?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Attila Doroszlai updated HDDS-12704:
------------------------------------
Description:
SCMClientProtocolServer has different behavior for various operations:
- operation not audited at all (examples: decommissionNodes, recommissionNodes)
- operation audited, but admin access failure not logged, because it is checked
outside of try-catch block (examples: allocateContainer, getContainer,
closeContainer)
- operation audited, including admin access failure (examples: deleteContainer,
activatePipeline)
closeContainer checks admin access twice.
All operations (defined in {{StorageContainerLocationProtocol}}) should have
audit log.
Admin operations should check privilege in the try block to ensure failure is
audited in catch block.
Exceptions that are caught and logged to audit should not be also output with
stack trace to the regular log. (Example: recommissionNodes)
was:
SCMClientProtocolServer has different behavior for various admin operations:
- operation audited, including admin failure (examples: deleteContainer,
activatePipeline)
- operation audited, but admin access failure not logged, because it is checked
outside of try-catch block (examples: allocateContainer, getContainer,
closeContainer)
- operation not audited at all (examples: decommissionNodes, recommissionNodes)
closeContainer checks admin access twice.
All admin operations should:
- have audit log
- check admin access in the try block to ensure failure is audited in catch
block
Exceptions that are caught and logged to audit should not be also output with
stack trace to the regular log. (Example: recommissionNodes)
> Ensure SCM access logged to audit
> ---------------------------------
>
> Key: HDDS-12704
> URL: https://issues.apache.org/jira/browse/HDDS-12704
> Project: Apache Ozone
> Issue Type: Bug
> Components: SCM
> Reporter: Attila Doroszlai
> Assignee: Priyesh K
> Priority: Major
>
> SCMClientProtocolServer has different behavior for various operations:
> - operation not audited at all (examples: decommissionNodes,
> recommissionNodes)
> - operation audited, but admin access failure not logged, because it is
> checked outside of try-catch block (examples: allocateContainer,
> getContainer, closeContainer)
> - operation audited, including admin access failure (examples:
> deleteContainer, activatePipeline)
> closeContainer checks admin access twice.
> All operations (defined in {{StorageContainerLocationProtocol}}) should have
> audit log.
> Admin operations should check privilege in the try block to ensure failure is
> audited in catch block.
> Exceptions that are caught and logged to audit should not be also output with
> stack trace to the regular log. (Example: recommissionNodes)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
