[GitHub] [hadoop-ozone] adoroszlai commented on a change in pull request #1001: HDDS-3694. Refactor dn-audit log

Tue, 02 Jun 2020 00:07:08 -0700 


adoroszlai commented on a change in pull request #1001:
URL: https://github.com/apache/hadoop-ozone/pull/1001#discussion_r433660441



##########
File path: 
hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/common/impl/HddsDispatcher.java
##########
@@ -583,14 +585,16 @@ private void audit(AuditAction action, EventType 
eventType,
     AuditMessage amsg;
     switch (result) {
     case SUCCESS:
-      if(eventType == EventType.READ &&
-          AUDIT.getLogger().isInfoEnabled(AuditMarker.READ.getMarker())) {
-        amsg = buildAuditMessageForSuccess(action, params);
-        AUDIT.logReadSuccess(amsg);
-      } else if(eventType == EventType.WRITE &&
-          AUDIT.getLogger().isInfoEnabled(AuditMarker.WRITE.getMarker())) {
-        amsg = buildAuditMessageForSuccess(action, params);
-        AUDIT.logWriteSuccess(amsg);
+      if(action.getAction().contains("CONTAINER")) {

Review comment:
       Instead of the substring check, can we explicitly list `DNAction` types 
that should be logged even in case of success?  I think that would be better 
for both performance and documentation.  It would also allow finer grained 
control.   I would consider keeping log for `DELETE_BLOCK` and `DELETE_CHUNK`.

##########
File path: 
hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/common/impl/HddsDispatcher.java
##########
@@ -613,28 +617,26 @@ private void audit(AuditAction action, EventType 
eventType,
     }
   }
 
-  //TODO: use GRPC to fetch user and ip details
   @Override
   public AuditMessage buildAuditMessageForSuccess(AuditAction op,
       Map<String, String> auditMap) {
 
     return new AuditMessage.Builder()
-        .setUser(null)
-        .atIp(null)
+        .setUser(getRemoteUserName())
+        .atIp(Server.getRemoteAddress())

Review comment:
       Judging by the following message, I think there is more to be done here:
   
   ```
   2020-06-02 06:48:10,478 | INFO  | DNAudit | user=null | ip=null | 
op=CLOSE_CONTAINER {containerID=1} | ret=SUCCESS |
   ```




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to