[jira] [Updated] (HDDS-6742) Audit operation category mismatch

Attila Doroszlai (Jira) Thu, 12 May 2022 12:58:03 -0700


     [ 
https://issues.apache.org/jira/browse/HDDS-6742?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Attila Doroszlai updated HDDS-6742:
-----------------------------------
    Description: 
{{AddSCM}} operation is logged in audit as a "read" operation, which is by 
default ignored.  It should be "write", since it changes state.

{code:title=https://github.com/apache/ozone/blob/9f0766ecf1a38356db3eac0ef8a229114912d377/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMBlockProtocolServer.java#L298-L323}
  @Override
  public boolean addSCM(AddSCMRequest request) throws IOException {
    LOG.debug("Adding SCM {} addr {} cluster id {}",
        request.getScmId(), request.getRatisAddr(), request.getClusterId());


    Map<String, String> auditMap = Maps.newHashMap();
    auditMap.put("scmId", String.valueOf(request.getScmId()));
    auditMap.put("cluster", String.valueOf(request.getClusterId()));
    auditMap.put("addr", String.valueOf(request.getRatisAddr()));
    boolean auditSuccess = true;
    try {
      return scm.getScmHAManager().addSCM(request);
    } catch (Exception ex) {
      auditSuccess = false;
      AUDIT.logReadFailure(
          buildAuditMessageForFailure(SCMAction.ADD_SCM, auditMap, ex)
      );
      throw ex;
    } finally {
      if (auditSuccess) {
        AUDIT.logReadSuccess(
            buildAuditMessageForSuccess(SCMAction.ADD_SCM, auditMap)
        );
      }
    }
  }
{code}

There are a couple more examples both ways (read should be write or write 
should be read).

  was:
{{AddSCM}} operation is logged in audit as a "read" operation, which is by 
default ignored.  It should be "write", since it changes state.

{code:title=https://github.com/apache/ozone/blob/9f0766ecf1a38356db3eac0ef8a229114912d377/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMBlockProtocolServer.java#L298-L323}
  @Override
  public boolean addSCM(AddSCMRequest request) throws IOException {
    LOG.debug("Adding SCM {} addr {} cluster id {}",
        request.getScmId(), request.getRatisAddr(), request.getClusterId());


    Map<String, String> auditMap = Maps.newHashMap();
    auditMap.put("scmId", String.valueOf(request.getScmId()));
    auditMap.put("cluster", String.valueOf(request.getClusterId()));
    auditMap.put("addr", String.valueOf(request.getRatisAddr()));
    boolean auditSuccess = true;
    try {
      return scm.getScmHAManager().addSCM(request);
    } catch (Exception ex) {
      auditSuccess = false;
      AUDIT.logReadFailure(
          buildAuditMessageForFailure(SCMAction.ADD_SCM, auditMap, ex)
      );
      throw ex;
    } finally {
      if (auditSuccess) {
        AUDIT.logReadSuccess(
            buildAuditMessageForSuccess(SCMAction.ADD_SCM, auditMap)
        );
      }
    }
  }
{code}


> Audit operation category mismatch
> ---------------------------------
>
>                 Key: HDDS-6742
>                 URL: https://issues.apache.org/jira/browse/HDDS-6742
>             Project: Apache Ozone
>          Issue Type: Bug
>          Components: SCM
>            Reporter: Attila Doroszlai
>            Assignee: Attila Doroszlai
>            Priority: Major
>
> {{AddSCM}} operation is logged in audit as a "read" operation, which is by 
> default ignored.  It should be "write", since it changes state.
> {code:title=https://github.com/apache/ozone/blob/9f0766ecf1a38356db3eac0ef8a229114912d377/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMBlockProtocolServer.java#L298-L323}
>   @Override
>   public boolean addSCM(AddSCMRequest request) throws IOException {
>     LOG.debug("Adding SCM {} addr {} cluster id {}",
>         request.getScmId(), request.getRatisAddr(), request.getClusterId());
>     Map<String, String> auditMap = Maps.newHashMap();
>     auditMap.put("scmId", String.valueOf(request.getScmId()));
>     auditMap.put("cluster", String.valueOf(request.getClusterId()));
>     auditMap.put("addr", String.valueOf(request.getRatisAddr()));
>     boolean auditSuccess = true;
>     try {
>       return scm.getScmHAManager().addSCM(request);
>     } catch (Exception ex) {
>       auditSuccess = false;
>       AUDIT.logReadFailure(
>           buildAuditMessageForFailure(SCMAction.ADD_SCM, auditMap, ex)
>       );
>       throw ex;
>     } finally {
>       if (auditSuccess) {
>         AUDIT.logReadSuccess(
>             buildAuditMessageForSuccess(SCMAction.ADD_SCM, auditMap)
>         );
>       }
>     }
>   }
> {code}
> There are a couple more examples both ways (read should be write or write 
> should be read).



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Updated] (HDDS-6742) Audit operation category mismatch

Reply via email to