[
https://issues.apache.org/jira/browse/HDDS-7240?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
ASF GitHub Bot updated HDDS-7240:
---------------------------------
Labels: pull-request-available (was: )
> List all volume operation should go through ACL check as well in order to
> trigger audit logging
> -----------------------------------------------------------------------------------------------
>
> Key: HDDS-7240
> URL: https://issues.apache.org/jira/browse/HDDS-7240
> Project: Apache Ozone
> Issue Type: Bug
> Reporter: Zita Dombi
> Assignee: Zita Dombi
> Priority: Major
> Labels: pull-request-available
>
> The list all volume operation at the moment only goes through the ACL check
> if the list all volume is not enabled
> ({{{}ozone.om.volume.listall.allowed{}}}).
> {code:java}
> if (!allowListAllVolumes) {
> // Only admin can list all volumes when disallowed in config
> if (isAclEnabled) {
> checkAcls(ResourceType.VOLUME, StoreType.OZONE, ACLType.LIST,
> OzoneConsts.OZONE_ROOT, null, null);
> }
> }
> return volumeManager.listVolumes(null, prefix, prevKey, maxKeys);{code}
> With this the audit logging is not triggered if the list all volumes is
> enabled. We can remove the [if
> condition|https://github.com/apache/ozone/blob/master/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java#L2712],
> so the ACL check gets called in every case and the audit logging will happen.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
