This is an automated email from the ASF dual-hosted git repository.
adoroszlai pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hadoop-ozone.git
The following commit(s) were added to refs/heads/master by this push:
new 1b09b63 HDDS-3694. Reduce dn-audit log (#1001)
1b09b63 is described below
commit 1b09b631ee33189db56c68097952ef34b5d2c039
Author: Dinesh Chitlangia <[email protected]>
AuthorDate: Wed Jun 3 11:01:27 2020 -0400
HDDS-3694. Reduce dn-audit log (#1001)
---
.../container/common/impl/HddsDispatcher.java | 46 ++++++++++++++++------
1 file changed, 33 insertions(+), 13 deletions(-)
diff --git
a/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/common/impl/HddsDispatcher.java
b/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/common/impl/HddsDispatcher.java
index c998f89..ab65805 100644
---
a/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/common/impl/HddsDispatcher.java
+++
b/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/common/impl/HddsDispatcher.java
@@ -65,6 +65,7 @@ import io.opentracing.Span;
import io.opentracing.util.GlobalTracer;
import static
org.apache.hadoop.hdds.scm.protocolPB.ContainerCommandResponseBuilders.malformedRequest;
import static
org.apache.hadoop.hdds.scm.protocolPB.ContainerCommandResponseBuilders.unsupportedRequest;
+
import org.apache.ratis.thirdparty.com.google.protobuf.ProtocolMessageEnum;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -113,7 +114,7 @@ public class HddsDispatcher implements ContainerDispatcher,
Auditor {
this.tokenVerifier = tokenVerifier;
protocolMetrics =
- new ProtocolMessageMetrics<ProtocolMessageEnum>(
+ new ProtocolMessageMetrics<>(
"HddsDispatcher",
"HDDS dispatcher metrics",
ContainerProtos.Type.values());
@@ -175,7 +176,7 @@ public class HddsDispatcher implements ContainerDispatcher,
Auditor {
ContainerCommandRequestProto msg, DispatcherContext dispatcherContext) {
Preconditions.checkNotNull(msg);
if (LOG.isTraceEnabled()) {
- LOG.trace("Command {}, trace ID: {} ", msg.getCmdType().toString(),
+ LOG.trace("Command {}, trace ID: {} ", msg.getCmdType(),
msg.getTraceID());
}
@@ -490,10 +491,9 @@ public class HddsDispatcher implements
ContainerDispatcher, Auditor {
try {
validateBlockToken(msg);
} catch (IOException ioe) {
- StorageContainerException sce = new StorageContainerException(
+ throw new StorageContainerException(
"Block token verification failed. " + ioe.getMessage(), ioe,
ContainerProtos.Result.BLOCK_TOKEN_VERIFICATION_FAILED);
- throw sce;
}
}
@@ -583,14 +583,16 @@ public class HddsDispatcher implements
ContainerDispatcher, Auditor {
AuditMessage amsg;
switch (result) {
case SUCCESS:
- if(eventType == EventType.READ &&
- AUDIT.getLogger().isInfoEnabled(AuditMarker.READ.getMarker())) {
- amsg = buildAuditMessageForSuccess(action, params);
- AUDIT.logReadSuccess(amsg);
- } else if(eventType == EventType.WRITE &&
- AUDIT.getLogger().isInfoEnabled(AuditMarker.WRITE.getMarker())) {
- amsg = buildAuditMessageForSuccess(action, params);
- AUDIT.logWriteSuccess(amsg);
+ if(isAllowed(action.getAction())) {
+ if(eventType == EventType.READ &&
+ AUDIT.getLogger().isInfoEnabled(AuditMarker.READ.getMarker())) {
+ amsg = buildAuditMessageForSuccess(action, params);
+ AUDIT.logReadSuccess(amsg);
+ } else if(eventType == EventType.WRITE &&
+ AUDIT.getLogger().isInfoEnabled(AuditMarker.WRITE.getMarker())) {
+ amsg = buildAuditMessageForSuccess(action, params);
+ AUDIT.logWriteSuccess(amsg);
+ }
}
break;
@@ -627,7 +629,6 @@ public class HddsDispatcher implements ContainerDispatcher,
Auditor {
.build();
}
- //TODO: use GRPC to fetch user and ip details
@Override
public AuditMessage buildAuditMessageForFailure(AuditAction op,
Map<String, String> auditMap, Throwable throwable) {
@@ -646,4 +647,23 @@ public class HddsDispatcher implements
ContainerDispatcher, Auditor {
READ,
WRITE
}
+
+ /**
+ * Checks if the action is allowed for audit.
+ * @param action
+ * @return true or false accordingly.
+ */
+ private boolean isAllowed(String action) {
+ switch(action) {
+ case "CLOSE_CONTAINER":
+ case "CREATE_CONTAINER":
+ case "LIST_CONTAINER":
+ case "DELETE_CONTAINER":
+ case "READ_CONTAINER":
+ case "UPDATE_CONTAINER":
+ case "DELETE_BLOCK":
+ return true;
+ default: return false;
+ }
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
