[jira] [Work logged] (HDDS-1768) Audit xxxAcl methods in OzoneManager
[ https://issues.apache.org/jira/browse/HDDS-1768?focusedWorklogId=295709=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-295709 ] ASF GitHub Bot logged work on HDDS-1768: Author: ASF GitHub Bot Created on: 15/Aug/19 19:50 Start Date: 15/Aug/19 19:50 Worklog Time Spent: 10m Work Description: dineshchitlangia commented on issue #1204: HDDS-1768. Audit xxxAcl methods in OzoneManager URL: https://github.com/apache/hadoop/pull/1204#issuecomment-521773241 @bharatviswa504 thanks for review & commit. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking --- Worklog Id: (was: 295709) Time Spent: 4h 50m (was: 4h 40m) > Audit xxxAcl methods in OzoneManager > > > Key: HDDS-1768 > URL: https://issues.apache.org/jira/browse/HDDS-1768 > Project: Hadoop Distributed Data Store > Issue Type: Sub-task >Reporter: Ajay Kumar >Assignee: Dinesh Chitlangia >Priority: Major > Labels: pull-request-available > Fix For: 0.5.0 > > Time Spent: 4h 50m > Remaining Estimate: 0h > > Audit permission failures from authorizer -- This message was sent by Atlassian JIRA (v7.6.14#76016) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Work logged] (HDDS-1768) Audit xxxAcl methods in OzoneManager
[ https://issues.apache.org/jira/browse/HDDS-1768?focusedWorklogId=295509=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-295509 ] ASF GitHub Bot logged work on HDDS-1768: Author: ASF GitHub Bot Created on: 15/Aug/19 15:43 Start Date: 15/Aug/19 15:43 Worklog Time Spent: 10m Work Description: bharatviswa504 commented on issue #1204: HDDS-1768. Audit xxxAcl methods in OzoneManager URL: https://github.com/apache/hadoop/pull/1204#issuecomment-521688910 Thank You @dineshchitlangia for the contribution. I will commit this to the trunk. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking --- Worklog Id: (was: 295509) Time Spent: 4.5h (was: 4h 20m) > Audit xxxAcl methods in OzoneManager > > > Key: HDDS-1768 > URL: https://issues.apache.org/jira/browse/HDDS-1768 > Project: Hadoop Distributed Data Store > Issue Type: Sub-task >Reporter: Ajay Kumar >Assignee: Dinesh Chitlangia >Priority: Major > Labels: pull-request-available > Time Spent: 4.5h > Remaining Estimate: 0h > > Audit permission failures from authorizer -- This message was sent by Atlassian JIRA (v7.6.14#76016) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Work logged] (HDDS-1768) Audit xxxAcl methods in OzoneManager
[ https://issues.apache.org/jira/browse/HDDS-1768?focusedWorklogId=295510=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-295510 ] ASF GitHub Bot logged work on HDDS-1768: Author: ASF GitHub Bot Created on: 15/Aug/19 15:43 Start Date: 15/Aug/19 15:43 Worklog Time Spent: 10m Work Description: bharatviswa504 commented on pull request #1204: HDDS-1768. Audit xxxAcl methods in OzoneManager URL: https://github.com/apache/hadoop/pull/1204 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking --- Worklog Id: (was: 295510) Time Spent: 4h 40m (was: 4.5h) > Audit xxxAcl methods in OzoneManager > > > Key: HDDS-1768 > URL: https://issues.apache.org/jira/browse/HDDS-1768 > Project: Hadoop Distributed Data Store > Issue Type: Sub-task >Reporter: Ajay Kumar >Assignee: Dinesh Chitlangia >Priority: Major > Labels: pull-request-available > Time Spent: 4h 40m > Remaining Estimate: 0h > > Audit permission failures from authorizer -- This message was sent by Atlassian JIRA (v7.6.14#76016) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Work logged] (HDDS-1768) Audit xxxAcl methods in OzoneManager
[ https://issues.apache.org/jira/browse/HDDS-1768?focusedWorklogId=295503=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-295503 ] ASF GitHub Bot logged work on HDDS-1768: Author: ASF GitHub Bot Created on: 15/Aug/19 15:35 Start Date: 15/Aug/19 15:35 Worklog Time Spent: 10m Work Description: dineshchitlangia commented on issue #1204: HDDS-1768. Audit xxxAcl methods in OzoneManager URL: https://github.com/apache/hadoop/pull/1204#issuecomment-521686023 @bharatviswa504 , @anuengineer - Verified the failures are unrelated to the test. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking --- Worklog Id: (was: 295503) Time Spent: 4h 20m (was: 4h 10m) > Audit xxxAcl methods in OzoneManager > > > Key: HDDS-1768 > URL: https://issues.apache.org/jira/browse/HDDS-1768 > Project: Hadoop Distributed Data Store > Issue Type: Sub-task >Reporter: Ajay Kumar >Assignee: Dinesh Chitlangia >Priority: Major > Labels: pull-request-available > Time Spent: 4h 20m > Remaining Estimate: 0h > > Audit permission failures from authorizer -- This message was sent by Atlassian JIRA (v7.6.14#76016) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Work logged] (HDDS-1768) Audit xxxAcl methods in OzoneManager
[
https://issues.apache.org/jira/browse/HDDS-1768?focusedWorklogId=294865=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-294865
]
ASF GitHub Bot logged work on HDDS-1768:
Author: ASF GitHub Bot
Created on: 14/Aug/19 16:51
Start Date: 14/Aug/19 16:51
Worklog Time Spent: 10m
Work Description: bharatviswa504 commented on pull request #1204:
HDDS-1768. Audit xxxAcl methods in OzoneManager
URL: https://github.com/apache/hadoop/pull/1204#discussion_r313978226
##
File path:
hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
##
@@ -2999,23 +3016,36 @@ public OmKeyInfo lookupFile(OmKeyArgs args) throws
IOException {
*/
@Override
public boolean addAcl(OzoneObj obj, OzoneAcl acl) throws IOException {
-if(isAclEnabled) {
- checkAcls(obj.getResourceType(), obj.getStoreType(), ACLType.WRITE_ACL,
- obj.getVolumeName(), obj.getBucketName(), obj.getKeyName());
-}
-// TODO: Audit ACL operation.
-switch (obj.getResourceType()) {
-case VOLUME:
- return volumeManager.addAcl(obj, acl);
-case BUCKET:
- return bucketManager.addAcl(obj, acl);
-case KEY:
- return keyManager.addAcl(obj, acl);
-case PREFIX:
- return prefixManager.addAcl(obj, acl);
-default:
- throw new OMException("Unexpected resource type: " +
- obj.getResourceType(), INVALID_REQUEST);
+boolean auditSuccess = true;
+
+try{
+ if(isAclEnabled) {
+checkAcls(obj.getResourceType(), obj.getStoreType(), ACLType.WRITE_ACL,
+obj.getVolumeName(), obj.getBucketName(), obj.getKeyName());
+ }
+ switch (obj.getResourceType()) {
+ case VOLUME:
+return volumeManager.addAcl(obj, acl);
+ case BUCKET:
+return bucketManager.addAcl(obj, acl);
+ case KEY:
+return keyManager.addAcl(obj, acl);
+ case PREFIX:
+return prefixManager.addAcl(obj, acl);
+ default:
+throw new OMException("Unexpected resource type: " +
+obj.getResourceType(), INVALID_REQUEST);
+ }
+} catch(Exception ex) {
+ auditSuccess = false;
+ auditAcl(obj, Arrays.asList(acl), OMAction.ADD_ACL,
Review comment:
My comment is to change only modify the auditAcl as below.
private void auditAcl(OzoneObj ozoneObj, List ozoneAcl,
OMAction omAction, Exception ex) {
Map auditMap = ozoneObj.toAuditMap();
if(ozoneAcl != null) {
auditMap.put(OzoneConsts.ACL, ozoneAcl.toString());
}
if(exception == null) {
AUDIT.logWriteSuccess(
buildAuditMessageForSuccess(omAction, auditMap));
} else {
AUDIT.logWriteFailure(
buildAuditMessageForFailure(omAction, auditMap, ex));
}
}
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 294865)
Time Spent: 4h (was: 3h 50m)
> Audit xxxAcl methods in OzoneManager
>
>
> Key: HDDS-1768
> URL: https://issues.apache.org/jira/browse/HDDS-1768
> Project: Hadoop Distributed Data Store
> Issue Type: Sub-task
>Reporter: Ajay Kumar
>Assignee: Dinesh Chitlangia
>Priority: Major
> Labels: pull-request-available
> Time Spent: 4h
> Remaining Estimate: 0h
>
> Audit permission failures from authorizer
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Work logged] (HDDS-1768) Audit xxxAcl methods in OzoneManager
[
https://issues.apache.org/jira/browse/HDDS-1768?focusedWorklogId=294867=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-294867
]
ASF GitHub Bot logged work on HDDS-1768:
Author: ASF GitHub Bot
Created on: 14/Aug/19 16:52
Start Date: 14/Aug/19 16:52
Worklog Time Spent: 10m
Work Description: bharatviswa504 commented on pull request #1204:
HDDS-1768. Audit xxxAcl methods in OzoneManager
URL: https://github.com/apache/hadoop/pull/1204#discussion_r313978226
##
File path:
hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
##
@@ -2999,23 +3016,36 @@ public OmKeyInfo lookupFile(OmKeyArgs args) throws
IOException {
*/
@Override
public boolean addAcl(OzoneObj obj, OzoneAcl acl) throws IOException {
-if(isAclEnabled) {
- checkAcls(obj.getResourceType(), obj.getStoreType(), ACLType.WRITE_ACL,
- obj.getVolumeName(), obj.getBucketName(), obj.getKeyName());
-}
-// TODO: Audit ACL operation.
-switch (obj.getResourceType()) {
-case VOLUME:
- return volumeManager.addAcl(obj, acl);
-case BUCKET:
- return bucketManager.addAcl(obj, acl);
-case KEY:
- return keyManager.addAcl(obj, acl);
-case PREFIX:
- return prefixManager.addAcl(obj, acl);
-default:
- throw new OMException("Unexpected resource type: " +
- obj.getResourceType(), INVALID_REQUEST);
+boolean auditSuccess = true;
+
+try{
+ if(isAclEnabled) {
+checkAcls(obj.getResourceType(), obj.getStoreType(), ACLType.WRITE_ACL,
+obj.getVolumeName(), obj.getBucketName(), obj.getKeyName());
+ }
+ switch (obj.getResourceType()) {
+ case VOLUME:
+return volumeManager.addAcl(obj, acl);
+ case BUCKET:
+return bucketManager.addAcl(obj, acl);
+ case KEY:
+return keyManager.addAcl(obj, acl);
+ case PREFIX:
+return prefixManager.addAcl(obj, acl);
+ default:
+throw new OMException("Unexpected resource type: " +
+obj.getResourceType(), INVALID_REQUEST);
+ }
+} catch(Exception ex) {
+ auditSuccess = false;
+ auditAcl(obj, Arrays.asList(acl), OMAction.ADD_ACL,
Review comment:
My comment is to change only modify the auditAcl as below.
```
private void auditAcl(OzoneObj ozoneObj, List ozoneAcl,
OMAction omAction, Exception ex) {
Map auditMap = ozoneObj.toAuditMap();
if(ozoneAcl != null) {
auditMap.put(OzoneConsts.ACL, ozoneAcl.toString());
}
if(exception == null) {
AUDIT.logWriteSuccess(
buildAuditMessageForSuccess(omAction, auditMap));
} else {
AUDIT.logWriteFailure(
buildAuditMessageForFailure(omAction, auditMap, ex));
}
}
```
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 294867)
Time Spent: 4h 10m (was: 4h)
> Audit xxxAcl methods in OzoneManager
>
>
> Key: HDDS-1768
> URL: https://issues.apache.org/jira/browse/HDDS-1768
> Project: Hadoop Distributed Data Store
> Issue Type: Sub-task
>Reporter: Ajay Kumar
>Assignee: Dinesh Chitlangia
>Priority: Major
> Labels: pull-request-available
> Time Spent: 4h 10m
> Remaining Estimate: 0h
>
> Audit permission failures from authorizer
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Work logged] (HDDS-1768) Audit xxxAcl methods in OzoneManager
[
https://issues.apache.org/jira/browse/HDDS-1768?focusedWorklogId=294445=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-294445
]
ASF GitHub Bot logged work on HDDS-1768:
Author: ASF GitHub Bot
Created on: 14/Aug/19 05:05
Start Date: 14/Aug/19 05:05
Worklog Time Spent: 10m
Work Description: dineshchitlangia commented on pull request #1204:
HDDS-1768. Audit xxxAcl methods in OzoneManager
URL: https://github.com/apache/hadoop/pull/1204#discussion_r313704753
##
File path:
hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/TestOzoneRpcClientForAclAuditLog.java
##
@@ -0,0 +1,268 @@
+package org.apache.hadoop.ozone.client.rpc;
+
+import org.apache.commons.io.FileUtils;
+import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.hadoop.hdds.conf.OzoneConfiguration;
+import
org.apache.hadoop.hdds.scm.protocolPB.StorageContainerLocationProtocolClientSideTranslatorPB;
+import org.apache.hadoop.ozone.MiniOzoneCluster;
+import org.apache.hadoop.ozone.OzoneAcl;
+import org.apache.hadoop.ozone.audit.AuditEventStatus;
+import org.apache.hadoop.ozone.audit.OMAction;
+import org.apache.hadoop.ozone.client.ObjectStore;
+import org.apache.hadoop.ozone.client.OzoneClient;
+import org.apache.hadoop.ozone.client.OzoneClientFactory;
+import org.apache.hadoop.ozone.client.OzoneVolume;
+import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
+import org.apache.hadoop.ozone.security.acl.OzoneObj;
+import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.FixMethodOrder;
+import org.junit.Test;
+import org.junit.runners.MethodSorters;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.UUID;
+
+import static org.apache.hadoop.ozone.OzoneAcl.AclScope.ACCESS;
+import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS;
+import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS_NATIVE;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_ENABLED;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS;
+import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS_WILDCARD;
+import static
org.apache.hadoop.ozone.security.acl.OzoneObj.ResourceType.VOLUME;
+import static org.apache.hadoop.ozone.security.acl.OzoneObj.StoreType.OZONE;
+import static org.junit.Assert.assertTrue;
+
+/**
+ * This class is to test audit logs for xxxACL APIs of Ozone Client.
+ */
+@FixMethodOrder(MethodSorters.NAME_ASCENDING)
+public class TestOzoneRpcClientForAclAuditLog {
+
+ static final Logger LOG =
+ LoggerFactory.getLogger(TestOzoneRpcClientForAclAuditLog.class);
+ private static UserGroupInformation ugi;
+ private static final OzoneAcl USER_ACL =
+ new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER,
+ "johndoe", IAccessAuthorizer.ACLType.ALL, ACCESS);
+ private static final OzoneAcl USER_ACL_2 =
+ new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER,
+ "jane", IAccessAuthorizer.ACLType.ALL, ACCESS);
+ private static List aclListToAdd = new ArrayList<>();
+ private static MiniOzoneCluster cluster = null;
+ private static OzoneClient ozClient = null;
+ private static ObjectStore store = null;
+ private static StorageContainerLocationProtocolClientSideTranslatorPB
+ storageContainerLocationClient;
+ private static String scmId = UUID.randomUUID().toString();
+
+
+ /**
+ * Create a MiniOzoneCluster for testing.
+ *
+ * Ozone is made active by setting OZONE_ENABLED = true
+ *
+ * @throws IOException
+ */
+ @BeforeClass
+ public static void init() throws Exception {
+System.setProperty("log4j.configurationFile", "log4j2.properties");
+ugi = UserGroupInformation.getCurrentUser();
+OzoneConfiguration conf = new OzoneConfiguration();
+conf.setBoolean(OZONE_ACL_ENABLED, true);
+conf.set(OZONE_ADMINISTRATORS, OZONE_ADMINISTRATORS_WILDCARD);
+conf.set(OZONE_ACL_AUTHORIZER_CLASS,
+OZONE_ACL_AUTHORIZER_CLASS_NATIVE);
+startCluster(conf);
+aclListToAdd.add(USER_ACL);
+aclListToAdd.add(USER_ACL_2);
+ }
+
+ private /**
+ * Create a MiniOzoneCluster for testing.
+ * @param conf Configurations to start the cluster.
+ * @throws Exception
+ */
+ static void startCluster(OzoneConfiguration conf) throws Exception {
+cluster = MiniOzoneCluster.newBuilder(conf)
+.setNumDatanodes(3)
+.setScmId(scmId)
+.build();
+cluster.waitForClusterToBeReady();
+ozClient = OzoneClientFactory.getRpcClient(conf);
+store = ozClient.getObjectStore();
+
[jira] [Work logged] (HDDS-1768) Audit xxxAcl methods in OzoneManager
[
https://issues.apache.org/jira/browse/HDDS-1768?focusedWorklogId=294443=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-294443
]
ASF GitHub Bot logged work on HDDS-1768:
Author: ASF GitHub Bot
Created on: 14/Aug/19 05:04
Start Date: 14/Aug/19 05:04
Worklog Time Spent: 10m
Work Description: dineshchitlangia commented on pull request #1204:
HDDS-1768. Audit xxxAcl methods in OzoneManager
URL: https://github.com/apache/hadoop/pull/1204#discussion_r313704727
##
File path:
hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/TestOzoneRpcClientForAclAuditLog.java
##
@@ -0,0 +1,268 @@
+package org.apache.hadoop.ozone.client.rpc;
+
+import org.apache.commons.io.FileUtils;
+import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.hadoop.hdds.conf.OzoneConfiguration;
+import
org.apache.hadoop.hdds.scm.protocolPB.StorageContainerLocationProtocolClientSideTranslatorPB;
+import org.apache.hadoop.ozone.MiniOzoneCluster;
+import org.apache.hadoop.ozone.OzoneAcl;
+import org.apache.hadoop.ozone.audit.AuditEventStatus;
+import org.apache.hadoop.ozone.audit.OMAction;
+import org.apache.hadoop.ozone.client.ObjectStore;
+import org.apache.hadoop.ozone.client.OzoneClient;
+import org.apache.hadoop.ozone.client.OzoneClientFactory;
+import org.apache.hadoop.ozone.client.OzoneVolume;
+import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
+import org.apache.hadoop.ozone.security.acl.OzoneObj;
+import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.FixMethodOrder;
+import org.junit.Test;
+import org.junit.runners.MethodSorters;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.UUID;
+
+import static org.apache.hadoop.ozone.OzoneAcl.AclScope.ACCESS;
+import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS;
+import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS_NATIVE;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_ENABLED;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS;
+import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS_WILDCARD;
+import static
org.apache.hadoop.ozone.security.acl.OzoneObj.ResourceType.VOLUME;
+import static org.apache.hadoop.ozone.security.acl.OzoneObj.StoreType.OZONE;
+import static org.junit.Assert.assertTrue;
+
+/**
+ * This class is to test audit logs for xxxACL APIs of Ozone Client.
+ */
+@FixMethodOrder(MethodSorters.NAME_ASCENDING)
+public class TestOzoneRpcClientForAclAuditLog {
+
+ static final Logger LOG =
+ LoggerFactory.getLogger(TestOzoneRpcClientForAclAuditLog.class);
+ private static UserGroupInformation ugi;
+ private static final OzoneAcl USER_ACL =
+ new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER,
+ "johndoe", IAccessAuthorizer.ACLType.ALL, ACCESS);
+ private static final OzoneAcl USER_ACL_2 =
+ new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER,
+ "jane", IAccessAuthorizer.ACLType.ALL, ACCESS);
+ private static List aclListToAdd = new ArrayList<>();
+ private static MiniOzoneCluster cluster = null;
+ private static OzoneClient ozClient = null;
+ private static ObjectStore store = null;
+ private static StorageContainerLocationProtocolClientSideTranslatorPB
+ storageContainerLocationClient;
+ private static String scmId = UUID.randomUUID().toString();
+
+
+ /**
+ * Create a MiniOzoneCluster for testing.
+ *
+ * Ozone is made active by setting OZONE_ENABLED = true
+ *
+ * @throws IOException
+ */
+ @BeforeClass
+ public static void init() throws Exception {
+System.setProperty("log4j.configurationFile", "log4j2.properties");
+ugi = UserGroupInformation.getCurrentUser();
+OzoneConfiguration conf = new OzoneConfiguration();
+conf.setBoolean(OZONE_ACL_ENABLED, true);
+conf.set(OZONE_ADMINISTRATORS, OZONE_ADMINISTRATORS_WILDCARD);
+conf.set(OZONE_ACL_AUTHORIZER_CLASS,
+OZONE_ACL_AUTHORIZER_CLASS_NATIVE);
+startCluster(conf);
+aclListToAdd.add(USER_ACL);
+aclListToAdd.add(USER_ACL_2);
+ }
+
+ private /**
Review comment:
done
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 294443)
Time Spent: 3.5h (was: 3h 20m)
> Audit xxxAcl
[jira] [Work logged] (HDDS-1768) Audit xxxAcl methods in OzoneManager
[
https://issues.apache.org/jira/browse/HDDS-1768?focusedWorklogId=29=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-29
]
ASF GitHub Bot logged work on HDDS-1768:
Author: ASF GitHub Bot
Created on: 14/Aug/19 05:04
Start Date: 14/Aug/19 05:04
Worklog Time Spent: 10m
Work Description: dineshchitlangia commented on pull request #1204:
HDDS-1768. Audit xxxAcl methods in OzoneManager
URL: https://github.com/apache/hadoop/pull/1204#discussion_r313704740
##
File path:
hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/TestOzoneRpcClientForAclAuditLog.java
##
@@ -0,0 +1,268 @@
+package org.apache.hadoop.ozone.client.rpc;
+
+import org.apache.commons.io.FileUtils;
+import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.hadoop.hdds.conf.OzoneConfiguration;
+import
org.apache.hadoop.hdds.scm.protocolPB.StorageContainerLocationProtocolClientSideTranslatorPB;
+import org.apache.hadoop.ozone.MiniOzoneCluster;
+import org.apache.hadoop.ozone.OzoneAcl;
+import org.apache.hadoop.ozone.audit.AuditEventStatus;
+import org.apache.hadoop.ozone.audit.OMAction;
+import org.apache.hadoop.ozone.client.ObjectStore;
+import org.apache.hadoop.ozone.client.OzoneClient;
+import org.apache.hadoop.ozone.client.OzoneClientFactory;
+import org.apache.hadoop.ozone.client.OzoneVolume;
+import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
+import org.apache.hadoop.ozone.security.acl.OzoneObj;
+import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.FixMethodOrder;
+import org.junit.Test;
+import org.junit.runners.MethodSorters;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.UUID;
+
+import static org.apache.hadoop.ozone.OzoneAcl.AclScope.ACCESS;
+import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS;
+import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS_NATIVE;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_ENABLED;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS;
+import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS_WILDCARD;
+import static
org.apache.hadoop.ozone.security.acl.OzoneObj.ResourceType.VOLUME;
+import static org.apache.hadoop.ozone.security.acl.OzoneObj.StoreType.OZONE;
+import static org.junit.Assert.assertTrue;
+
+/**
+ * This class is to test audit logs for xxxACL APIs of Ozone Client.
+ */
+@FixMethodOrder(MethodSorters.NAME_ASCENDING)
+public class TestOzoneRpcClientForAclAuditLog {
+
+ static final Logger LOG =
+ LoggerFactory.getLogger(TestOzoneRpcClientForAclAuditLog.class);
+ private static UserGroupInformation ugi;
+ private static final OzoneAcl USER_ACL =
+ new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER,
+ "johndoe", IAccessAuthorizer.ACLType.ALL, ACCESS);
+ private static final OzoneAcl USER_ACL_2 =
+ new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER,
+ "jane", IAccessAuthorizer.ACLType.ALL, ACCESS);
+ private static List aclListToAdd = new ArrayList<>();
+ private static MiniOzoneCluster cluster = null;
+ private static OzoneClient ozClient = null;
+ private static ObjectStore store = null;
+ private static StorageContainerLocationProtocolClientSideTranslatorPB
+ storageContainerLocationClient;
+ private static String scmId = UUID.randomUUID().toString();
+
+
+ /**
+ * Create a MiniOzoneCluster for testing.
+ *
+ * Ozone is made active by setting OZONE_ENABLED = true
+ *
+ * @throws IOException
+ */
+ @BeforeClass
+ public static void init() throws Exception {
+System.setProperty("log4j.configurationFile", "log4j2.properties");
+ugi = UserGroupInformation.getCurrentUser();
+OzoneConfiguration conf = new OzoneConfiguration();
+conf.setBoolean(OZONE_ACL_ENABLED, true);
+conf.set(OZONE_ADMINISTRATORS, OZONE_ADMINISTRATORS_WILDCARD);
+conf.set(OZONE_ACL_AUTHORIZER_CLASS,
+OZONE_ACL_AUTHORIZER_CLASS_NATIVE);
+startCluster(conf);
+aclListToAdd.add(USER_ACL);
+aclListToAdd.add(USER_ACL_2);
+ }
+
+ private /**
+ * Create a MiniOzoneCluster for testing.
+ * @param conf Configurations to start the cluster.
+ * @throws Exception
+ */
+ static void startCluster(OzoneConfiguration conf) throws Exception {
+cluster = MiniOzoneCluster.newBuilder(conf)
+.setNumDatanodes(3)
+.setScmId(scmId)
+.build();
+cluster.waitForClusterToBeReady();
+ozClient = OzoneClientFactory.getRpcClient(conf);
+store = ozClient.getObjectStore();
+
[jira] [Work logged] (HDDS-1768) Audit xxxAcl methods in OzoneManager
[
https://issues.apache.org/jira/browse/HDDS-1768?focusedWorklogId=294441=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-294441
]
ASF GitHub Bot logged work on HDDS-1768:
Author: ASF GitHub Bot
Created on: 14/Aug/19 05:03
Start Date: 14/Aug/19 05:03
Worklog Time Spent: 10m
Work Description: dchitlangia commented on pull request #1204: HDDS-1768.
Audit xxxAcl methods in OzoneManager
URL: https://github.com/apache/hadoop/pull/1204#discussion_r313704529
##
File path:
hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/TestOzoneRpcClientForAclAuditLog.java
##
@@ -0,0 +1,268 @@
+package org.apache.hadoop.ozone.client.rpc;
+
+import org.apache.commons.io.FileUtils;
+import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.hadoop.hdds.conf.OzoneConfiguration;
+import
org.apache.hadoop.hdds.scm.protocolPB.StorageContainerLocationProtocolClientSideTranslatorPB;
+import org.apache.hadoop.ozone.MiniOzoneCluster;
+import org.apache.hadoop.ozone.OzoneAcl;
+import org.apache.hadoop.ozone.audit.AuditEventStatus;
+import org.apache.hadoop.ozone.audit.OMAction;
+import org.apache.hadoop.ozone.client.ObjectStore;
+import org.apache.hadoop.ozone.client.OzoneClient;
+import org.apache.hadoop.ozone.client.OzoneClientFactory;
+import org.apache.hadoop.ozone.client.OzoneVolume;
+import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
+import org.apache.hadoop.ozone.security.acl.OzoneObj;
+import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.FixMethodOrder;
+import org.junit.Test;
+import org.junit.runners.MethodSorters;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.UUID;
+
+import static org.apache.hadoop.ozone.OzoneAcl.AclScope.ACCESS;
+import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS;
+import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS_NATIVE;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_ENABLED;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS;
+import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS_WILDCARD;
+import static
org.apache.hadoop.ozone.security.acl.OzoneObj.ResourceType.VOLUME;
+import static org.apache.hadoop.ozone.security.acl.OzoneObj.StoreType.OZONE;
+import static org.junit.Assert.assertTrue;
+
+/**
+ * This class is to test audit logs for xxxACL APIs of Ozone Client.
+ */
+@FixMethodOrder(MethodSorters.NAME_ASCENDING)
+public class TestOzoneRpcClientForAclAuditLog {
+
+ static final Logger LOG =
+ LoggerFactory.getLogger(TestOzoneRpcClientForAclAuditLog.class);
+ private static UserGroupInformation ugi;
+ private static final OzoneAcl USER_ACL =
+ new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER,
+ "johndoe", IAccessAuthorizer.ACLType.ALL, ACCESS);
+ private static final OzoneAcl USER_ACL_2 =
+ new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER,
+ "jane", IAccessAuthorizer.ACLType.ALL, ACCESS);
+ private static List aclListToAdd = new ArrayList<>();
+ private static MiniOzoneCluster cluster = null;
+ private static OzoneClient ozClient = null;
+ private static ObjectStore store = null;
+ private static StorageContainerLocationProtocolClientSideTranslatorPB
+ storageContainerLocationClient;
+ private static String scmId = UUID.randomUUID().toString();
+
+
+ /**
+ * Create a MiniOzoneCluster for testing.
+ *
+ * Ozone is made active by setting OZONE_ENABLED = true
+ *
+ * @throws IOException
+ */
+ @BeforeClass
+ public static void init() throws Exception {
+System.setProperty("log4j.configurationFile", "log4j2.properties");
+ugi = UserGroupInformation.getCurrentUser();
+OzoneConfiguration conf = new OzoneConfiguration();
+conf.setBoolean(OZONE_ACL_ENABLED, true);
+conf.set(OZONE_ADMINISTRATORS, OZONE_ADMINISTRATORS_WILDCARD);
+conf.set(OZONE_ACL_AUTHORIZER_CLASS,
+OZONE_ACL_AUTHORIZER_CLASS_NATIVE);
+startCluster(conf);
+aclListToAdd.add(USER_ACL);
+aclListToAdd.add(USER_ACL_2);
+ }
+
+ private /**
Review comment:
Done.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 294441)
Time Spent: 3h 20m (was: 3h 10m)
> Audit xxxAcl
[jira] [Work logged] (HDDS-1768) Audit xxxAcl methods in OzoneManager
[
https://issues.apache.org/jira/browse/HDDS-1768?focusedWorklogId=294440=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-294440
]
ASF GitHub Bot logged work on HDDS-1768:
Author: ASF GitHub Bot
Created on: 14/Aug/19 05:03
Start Date: 14/Aug/19 05:03
Worklog Time Spent: 10m
Work Description: dchitlangia commented on pull request #1204: HDDS-1768.
Audit xxxAcl methods in OzoneManager
URL: https://github.com/apache/hadoop/pull/1204#discussion_r313704529
##
File path:
hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/TestOzoneRpcClientForAclAuditLog.java
##
@@ -0,0 +1,268 @@
+package org.apache.hadoop.ozone.client.rpc;
+
+import org.apache.commons.io.FileUtils;
+import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.hadoop.hdds.conf.OzoneConfiguration;
+import
org.apache.hadoop.hdds.scm.protocolPB.StorageContainerLocationProtocolClientSideTranslatorPB;
+import org.apache.hadoop.ozone.MiniOzoneCluster;
+import org.apache.hadoop.ozone.OzoneAcl;
+import org.apache.hadoop.ozone.audit.AuditEventStatus;
+import org.apache.hadoop.ozone.audit.OMAction;
+import org.apache.hadoop.ozone.client.ObjectStore;
+import org.apache.hadoop.ozone.client.OzoneClient;
+import org.apache.hadoop.ozone.client.OzoneClientFactory;
+import org.apache.hadoop.ozone.client.OzoneVolume;
+import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
+import org.apache.hadoop.ozone.security.acl.OzoneObj;
+import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.FixMethodOrder;
+import org.junit.Test;
+import org.junit.runners.MethodSorters;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.UUID;
+
+import static org.apache.hadoop.ozone.OzoneAcl.AclScope.ACCESS;
+import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS;
+import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS_NATIVE;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_ENABLED;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS;
+import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS_WILDCARD;
+import static
org.apache.hadoop.ozone.security.acl.OzoneObj.ResourceType.VOLUME;
+import static org.apache.hadoop.ozone.security.acl.OzoneObj.StoreType.OZONE;
+import static org.junit.Assert.assertTrue;
+
+/**
+ * This class is to test audit logs for xxxACL APIs of Ozone Client.
+ */
+@FixMethodOrder(MethodSorters.NAME_ASCENDING)
+public class TestOzoneRpcClientForAclAuditLog {
+
+ static final Logger LOG =
+ LoggerFactory.getLogger(TestOzoneRpcClientForAclAuditLog.class);
+ private static UserGroupInformation ugi;
+ private static final OzoneAcl USER_ACL =
+ new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER,
+ "johndoe", IAccessAuthorizer.ACLType.ALL, ACCESS);
+ private static final OzoneAcl USER_ACL_2 =
+ new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER,
+ "jane", IAccessAuthorizer.ACLType.ALL, ACCESS);
+ private static List aclListToAdd = new ArrayList<>();
+ private static MiniOzoneCluster cluster = null;
+ private static OzoneClient ozClient = null;
+ private static ObjectStore store = null;
+ private static StorageContainerLocationProtocolClientSideTranslatorPB
+ storageContainerLocationClient;
+ private static String scmId = UUID.randomUUID().toString();
+
+
+ /**
+ * Create a MiniOzoneCluster for testing.
+ *
+ * Ozone is made active by setting OZONE_ENABLED = true
+ *
+ * @throws IOException
+ */
+ @BeforeClass
+ public static void init() throws Exception {
+System.setProperty("log4j.configurationFile", "log4j2.properties");
+ugi = UserGroupInformation.getCurrentUser();
+OzoneConfiguration conf = new OzoneConfiguration();
+conf.setBoolean(OZONE_ACL_ENABLED, true);
+conf.set(OZONE_ADMINISTRATORS, OZONE_ADMINISTRATORS_WILDCARD);
+conf.set(OZONE_ACL_AUTHORIZER_CLASS,
+OZONE_ACL_AUTHORIZER_CLASS_NATIVE);
+startCluster(conf);
+aclListToAdd.add(USER_ACL);
+aclListToAdd.add(USER_ACL_2);
+ }
+
+ private /**
Review comment:
Done.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 294440)
Time Spent: 3h 10m (was: 3h)
> Audit xxxAcl methods in
[jira] [Work logged] (HDDS-1768) Audit xxxAcl methods in OzoneManager
[
https://issues.apache.org/jira/browse/HDDS-1768?focusedWorklogId=294428=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-294428
]
ASF GitHub Bot logged work on HDDS-1768:
Author: ASF GitHub Bot
Created on: 14/Aug/19 04:07
Start Date: 14/Aug/19 04:07
Worklog Time Spent: 10m
Work Description: dchitlangia commented on pull request #1204: HDDS-1768.
Audit xxxAcl methods in OzoneManager
URL: https://github.com/apache/hadoop/pull/1204#discussion_r313697013
##
File path:
hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
##
@@ -2999,23 +3016,36 @@ public OmKeyInfo lookupFile(OmKeyArgs args) throws
IOException {
*/
@Override
public boolean addAcl(OzoneObj obj, OzoneAcl acl) throws IOException {
-if(isAclEnabled) {
- checkAcls(obj.getResourceType(), obj.getStoreType(), ACLType.WRITE_ACL,
- obj.getVolumeName(), obj.getBucketName(), obj.getKeyName());
-}
-// TODO: Audit ACL operation.
-switch (obj.getResourceType()) {
-case VOLUME:
- return volumeManager.addAcl(obj, acl);
-case BUCKET:
- return bucketManager.addAcl(obj, acl);
-case KEY:
- return keyManager.addAcl(obj, acl);
-case PREFIX:
- return prefixManager.addAcl(obj, acl);
-default:
- throw new OMException("Unexpected resource type: " +
- obj.getResourceType(), INVALID_REQUEST);
+boolean auditSuccess = true;
+
+try{
+ if(isAclEnabled) {
+checkAcls(obj.getResourceType(), obj.getStoreType(), ACLType.WRITE_ACL,
+obj.getVolumeName(), obj.getBucketName(), obj.getKeyName());
+ }
+ switch (obj.getResourceType()) {
+ case VOLUME:
+return volumeManager.addAcl(obj, acl);
+ case BUCKET:
+return bucketManager.addAcl(obj, acl);
+ case KEY:
+return keyManager.addAcl(obj, acl);
+ case PREFIX:
+return prefixManager.addAcl(obj, acl);
+ default:
+throw new OMException("Unexpected resource type: " +
+obj.getResourceType(), INVALID_REQUEST);
+ }
+} catch(Exception ex) {
+ auditSuccess = false;
+ auditAcl(obj, Arrays.asList(acl), OMAction.ADD_ACL,
Review comment:
@bharatviswa504 I think we can skip this one as throughout this class we are
following this approach of using auditSuccess, mostly for code
readability/correctness.
I think we can discuss with @anuengineer on this. If he is onboard with
this change then we can change it across OM, SCM, DN for audit log. Since that
will be a big enough change, we can do that in separate jira. Does that sound
good?
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 294428)
Time Spent: 3h (was: 2h 50m)
> Audit xxxAcl methods in OzoneManager
>
>
> Key: HDDS-1768
> URL: https://issues.apache.org/jira/browse/HDDS-1768
> Project: Hadoop Distributed Data Store
> Issue Type: Sub-task
>Reporter: Ajay Kumar
>Assignee: Dinesh Chitlangia
>Priority: Major
> Labels: pull-request-available
> Time Spent: 3h
> Remaining Estimate: 0h
>
> Audit permission failures from authorizer
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Work logged] (HDDS-1768) Audit xxxAcl methods in OzoneManager
[
https://issues.apache.org/jira/browse/HDDS-1768?focusedWorklogId=294338=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-294338
]
ASF GitHub Bot logged work on HDDS-1768:
Author: ASF GitHub Bot
Created on: 14/Aug/19 02:01
Start Date: 14/Aug/19 02:01
Worklog Time Spent: 10m
Work Description: bharatviswa504 commented on pull request #1204:
HDDS-1768. Audit xxxAcl methods in OzoneManager
URL: https://github.com/apache/hadoop/pull/1204#discussion_r313679227
##
File path:
hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/TestOzoneRpcClientForAclAuditLog.java
##
@@ -0,0 +1,268 @@
+package org.apache.hadoop.ozone.client.rpc;
+
+import org.apache.commons.io.FileUtils;
+import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.hadoop.hdds.conf.OzoneConfiguration;
+import
org.apache.hadoop.hdds.scm.protocolPB.StorageContainerLocationProtocolClientSideTranslatorPB;
+import org.apache.hadoop.ozone.MiniOzoneCluster;
+import org.apache.hadoop.ozone.OzoneAcl;
+import org.apache.hadoop.ozone.audit.AuditEventStatus;
+import org.apache.hadoop.ozone.audit.OMAction;
+import org.apache.hadoop.ozone.client.ObjectStore;
+import org.apache.hadoop.ozone.client.OzoneClient;
+import org.apache.hadoop.ozone.client.OzoneClientFactory;
+import org.apache.hadoop.ozone.client.OzoneVolume;
+import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
+import org.apache.hadoop.ozone.security.acl.OzoneObj;
+import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.FixMethodOrder;
+import org.junit.Test;
+import org.junit.runners.MethodSorters;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.UUID;
+
+import static org.apache.hadoop.ozone.OzoneAcl.AclScope.ACCESS;
+import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS;
+import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS_NATIVE;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_ENABLED;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS;
+import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS_WILDCARD;
+import static
org.apache.hadoop.ozone.security.acl.OzoneObj.ResourceType.VOLUME;
+import static org.apache.hadoop.ozone.security.acl.OzoneObj.StoreType.OZONE;
+import static org.junit.Assert.assertTrue;
+
+/**
+ * This class is to test audit logs for xxxACL APIs of Ozone Client.
+ */
+@FixMethodOrder(MethodSorters.NAME_ASCENDING)
+public class TestOzoneRpcClientForAclAuditLog {
+
+ static final Logger LOG =
+ LoggerFactory.getLogger(TestOzoneRpcClientForAclAuditLog.class);
+ private static UserGroupInformation ugi;
+ private static final OzoneAcl USER_ACL =
+ new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER,
+ "johndoe", IAccessAuthorizer.ACLType.ALL, ACCESS);
+ private static final OzoneAcl USER_ACL_2 =
+ new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER,
+ "jane", IAccessAuthorizer.ACLType.ALL, ACCESS);
+ private static List aclListToAdd = new ArrayList<>();
+ private static MiniOzoneCluster cluster = null;
+ private static OzoneClient ozClient = null;
+ private static ObjectStore store = null;
+ private static StorageContainerLocationProtocolClientSideTranslatorPB
+ storageContainerLocationClient;
+ private static String scmId = UUID.randomUUID().toString();
+
+
+ /**
+ * Create a MiniOzoneCluster for testing.
+ *
+ * Ozone is made active by setting OZONE_ENABLED = true
+ *
+ * @throws IOException
+ */
+ @BeforeClass
+ public static void init() throws Exception {
+System.setProperty("log4j.configurationFile", "log4j2.properties");
+ugi = UserGroupInformation.getCurrentUser();
+OzoneConfiguration conf = new OzoneConfiguration();
+conf.setBoolean(OZONE_ACL_ENABLED, true);
+conf.set(OZONE_ADMINISTRATORS, OZONE_ADMINISTRATORS_WILDCARD);
+conf.set(OZONE_ACL_AUTHORIZER_CLASS,
+OZONE_ACL_AUTHORIZER_CLASS_NATIVE);
+startCluster(conf);
+aclListToAdd.add(USER_ACL);
+aclListToAdd.add(USER_ACL_2);
+ }
+
+ private /**
+ * Create a MiniOzoneCluster for testing.
+ * @param conf Configurations to start the cluster.
+ * @throws Exception
+ */
+ static void startCluster(OzoneConfiguration conf) throws Exception {
+cluster = MiniOzoneCluster.newBuilder(conf)
+.setNumDatanodes(3)
+.setScmId(scmId)
+.build();
+cluster.waitForClusterToBeReady();
+ozClient = OzoneClientFactory.getRpcClient(conf);
+store = ozClient.getObjectStore();
+
[jira] [Work logged] (HDDS-1768) Audit xxxAcl methods in OzoneManager
[
https://issues.apache.org/jira/browse/HDDS-1768?focusedWorklogId=294334=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-294334
]
ASF GitHub Bot logged work on HDDS-1768:
Author: ASF GitHub Bot
Created on: 14/Aug/19 01:56
Start Date: 14/Aug/19 01:56
Worklog Time Spent: 10m
Work Description: bharatviswa504 commented on pull request #1204:
HDDS-1768. Audit xxxAcl methods in OzoneManager
URL: https://github.com/apache/hadoop/pull/1204#discussion_r313678380
##
File path:
hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/TestOzoneRpcClientForAclAuditLog.java
##
@@ -0,0 +1,268 @@
+package org.apache.hadoop.ozone.client.rpc;
+
+import org.apache.commons.io.FileUtils;
+import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.hadoop.hdds.conf.OzoneConfiguration;
+import
org.apache.hadoop.hdds.scm.protocolPB.StorageContainerLocationProtocolClientSideTranslatorPB;
+import org.apache.hadoop.ozone.MiniOzoneCluster;
+import org.apache.hadoop.ozone.OzoneAcl;
+import org.apache.hadoop.ozone.audit.AuditEventStatus;
+import org.apache.hadoop.ozone.audit.OMAction;
+import org.apache.hadoop.ozone.client.ObjectStore;
+import org.apache.hadoop.ozone.client.OzoneClient;
+import org.apache.hadoop.ozone.client.OzoneClientFactory;
+import org.apache.hadoop.ozone.client.OzoneVolume;
+import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
+import org.apache.hadoop.ozone.security.acl.OzoneObj;
+import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.FixMethodOrder;
+import org.junit.Test;
+import org.junit.runners.MethodSorters;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.UUID;
+
+import static org.apache.hadoop.ozone.OzoneAcl.AclScope.ACCESS;
+import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS;
+import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS_NATIVE;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_ENABLED;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS;
+import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS_WILDCARD;
+import static
org.apache.hadoop.ozone.security.acl.OzoneObj.ResourceType.VOLUME;
+import static org.apache.hadoop.ozone.security.acl.OzoneObj.StoreType.OZONE;
+import static org.junit.Assert.assertTrue;
+
+/**
+ * This class is to test audit logs for xxxACL APIs of Ozone Client.
+ */
+@FixMethodOrder(MethodSorters.NAME_ASCENDING)
+public class TestOzoneRpcClientForAclAuditLog {
+
+ static final Logger LOG =
+ LoggerFactory.getLogger(TestOzoneRpcClientForAclAuditLog.class);
+ private static UserGroupInformation ugi;
+ private static final OzoneAcl USER_ACL =
+ new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER,
+ "johndoe", IAccessAuthorizer.ACLType.ALL, ACCESS);
+ private static final OzoneAcl USER_ACL_2 =
+ new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER,
+ "jane", IAccessAuthorizer.ACLType.ALL, ACCESS);
+ private static List aclListToAdd = new ArrayList<>();
+ private static MiniOzoneCluster cluster = null;
+ private static OzoneClient ozClient = null;
+ private static ObjectStore store = null;
+ private static StorageContainerLocationProtocolClientSideTranslatorPB
+ storageContainerLocationClient;
+ private static String scmId = UUID.randomUUID().toString();
+
+
+ /**
+ * Create a MiniOzoneCluster for testing.
+ *
+ * Ozone is made active by setting OZONE_ENABLED = true
+ *
+ * @throws IOException
+ */
+ @BeforeClass
+ public static void init() throws Exception {
+System.setProperty("log4j.configurationFile", "log4j2.properties");
+ugi = UserGroupInformation.getCurrentUser();
+OzoneConfiguration conf = new OzoneConfiguration();
+conf.setBoolean(OZONE_ACL_ENABLED, true);
+conf.set(OZONE_ADMINISTRATORS, OZONE_ADMINISTRATORS_WILDCARD);
+conf.set(OZONE_ACL_AUTHORIZER_CLASS,
+OZONE_ACL_AUTHORIZER_CLASS_NATIVE);
+startCluster(conf);
+aclListToAdd.add(USER_ACL);
+aclListToAdd.add(USER_ACL_2);
+ }
+
+ private /**
+ * Create a MiniOzoneCluster for testing.
+ * @param conf Configurations to start the cluster.
+ * @throws Exception
+ */
+ static void startCluster(OzoneConfiguration conf) throws Exception {
+cluster = MiniOzoneCluster.newBuilder(conf)
+.setNumDatanodes(3)
+.setScmId(scmId)
+.build();
+cluster.waitForClusterToBeReady();
+ozClient = OzoneClientFactory.getRpcClient(conf);
+store = ozClient.getObjectStore();
+
[jira] [Work logged] (HDDS-1768) Audit xxxAcl methods in OzoneManager
[
https://issues.apache.org/jira/browse/HDDS-1768?focusedWorklogId=294328=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-294328
]
ASF GitHub Bot logged work on HDDS-1768:
Author: ASF GitHub Bot
Created on: 14/Aug/19 01:55
Start Date: 14/Aug/19 01:55
Worklog Time Spent: 10m
Work Description: bharatviswa504 commented on pull request #1204:
HDDS-1768. Audit xxxAcl methods in OzoneManager
URL: https://github.com/apache/hadoop/pull/1204#discussion_r313678178
##
File path:
hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/TestOzoneRpcClientForAclAuditLog.java
##
@@ -0,0 +1,268 @@
+package org.apache.hadoop.ozone.client.rpc;
+
+import org.apache.commons.io.FileUtils;
+import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.hadoop.hdds.conf.OzoneConfiguration;
+import
org.apache.hadoop.hdds.scm.protocolPB.StorageContainerLocationProtocolClientSideTranslatorPB;
+import org.apache.hadoop.ozone.MiniOzoneCluster;
+import org.apache.hadoop.ozone.OzoneAcl;
+import org.apache.hadoop.ozone.audit.AuditEventStatus;
+import org.apache.hadoop.ozone.audit.OMAction;
+import org.apache.hadoop.ozone.client.ObjectStore;
+import org.apache.hadoop.ozone.client.OzoneClient;
+import org.apache.hadoop.ozone.client.OzoneClientFactory;
+import org.apache.hadoop.ozone.client.OzoneVolume;
+import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
+import org.apache.hadoop.ozone.security.acl.OzoneObj;
+import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.FixMethodOrder;
+import org.junit.Test;
+import org.junit.runners.MethodSorters;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.UUID;
+
+import static org.apache.hadoop.ozone.OzoneAcl.AclScope.ACCESS;
+import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS;
+import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS_NATIVE;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_ENABLED;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS;
+import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS_WILDCARD;
+import static
org.apache.hadoop.ozone.security.acl.OzoneObj.ResourceType.VOLUME;
+import static org.apache.hadoop.ozone.security.acl.OzoneObj.StoreType.OZONE;
+import static org.junit.Assert.assertTrue;
+
+/**
+ * This class is to test audit logs for xxxACL APIs of Ozone Client.
+ */
+@FixMethodOrder(MethodSorters.NAME_ASCENDING)
+public class TestOzoneRpcClientForAclAuditLog {
+
+ static final Logger LOG =
+ LoggerFactory.getLogger(TestOzoneRpcClientForAclAuditLog.class);
+ private static UserGroupInformation ugi;
+ private static final OzoneAcl USER_ACL =
+ new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER,
+ "johndoe", IAccessAuthorizer.ACLType.ALL, ACCESS);
+ private static final OzoneAcl USER_ACL_2 =
+ new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER,
+ "jane", IAccessAuthorizer.ACLType.ALL, ACCESS);
+ private static List aclListToAdd = new ArrayList<>();
+ private static MiniOzoneCluster cluster = null;
+ private static OzoneClient ozClient = null;
+ private static ObjectStore store = null;
+ private static StorageContainerLocationProtocolClientSideTranslatorPB
+ storageContainerLocationClient;
+ private static String scmId = UUID.randomUUID().toString();
+
+
+ /**
+ * Create a MiniOzoneCluster for testing.
+ *
+ * Ozone is made active by setting OZONE_ENABLED = true
+ *
+ * @throws IOException
+ */
+ @BeforeClass
+ public static void init() throws Exception {
+System.setProperty("log4j.configurationFile", "log4j2.properties");
+ugi = UserGroupInformation.getCurrentUser();
+OzoneConfiguration conf = new OzoneConfiguration();
+conf.setBoolean(OZONE_ACL_ENABLED, true);
+conf.set(OZONE_ADMINISTRATORS, OZONE_ADMINISTRATORS_WILDCARD);
+conf.set(OZONE_ACL_AUTHORIZER_CLASS,
+OZONE_ACL_AUTHORIZER_CLASS_NATIVE);
+startCluster(conf);
+aclListToAdd.add(USER_ACL);
+aclListToAdd.add(USER_ACL_2);
+ }
+
+ private /**
Review comment:
indentation. (Comments are in between private)
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 294328)
Time Spent:
[jira] [Work logged] (HDDS-1768) Audit xxxAcl methods in OzoneManager
[
https://issues.apache.org/jira/browse/HDDS-1768?focusedWorklogId=294324=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-294324
]
ASF GitHub Bot logged work on HDDS-1768:
Author: ASF GitHub Bot
Created on: 14/Aug/19 01:48
Start Date: 14/Aug/19 01:48
Worklog Time Spent: 10m
Work Description: bharatviswa504 commented on pull request #1204:
HDDS-1768. Audit xxxAcl methods in OzoneManager
URL: https://github.com/apache/hadoop/pull/1204#discussion_r313677222
##
File path:
hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
##
@@ -2999,23 +3016,36 @@ public OmKeyInfo lookupFile(OmKeyArgs args) throws
IOException {
*/
@Override
public boolean addAcl(OzoneObj obj, OzoneAcl acl) throws IOException {
-if(isAclEnabled) {
- checkAcls(obj.getResourceType(), obj.getStoreType(), ACLType.WRITE_ACL,
- obj.getVolumeName(), obj.getBucketName(), obj.getKeyName());
-}
-// TODO: Audit ACL operation.
-switch (obj.getResourceType()) {
-case VOLUME:
- return volumeManager.addAcl(obj, acl);
-case BUCKET:
- return bucketManager.addAcl(obj, acl);
-case KEY:
- return keyManager.addAcl(obj, acl);
-case PREFIX:
- return prefixManager.addAcl(obj, acl);
-default:
- throw new OMException("Unexpected resource type: " +
- obj.getResourceType(), INVALID_REQUEST);
+boolean auditSuccess = true;
+
+try{
+ if(isAclEnabled) {
+checkAcls(obj.getResourceType(), obj.getStoreType(), ACLType.WRITE_ACL,
+obj.getVolumeName(), obj.getBucketName(), obj.getKeyName());
+ }
+ switch (obj.getResourceType()) {
+ case VOLUME:
+return volumeManager.addAcl(obj, acl);
+ case BUCKET:
+return bucketManager.addAcl(obj, acl);
+ case KEY:
+return keyManager.addAcl(obj, acl);
+ case PREFIX:
+return prefixManager.addAcl(obj, acl);
+ default:
+throw new OMException("Unexpected resource type: " +
+obj.getResourceType(), INVALID_REQUEST);
+ }
+} catch(Exception ex) {
+ auditSuccess = false;
+ auditAcl(obj, Arrays.asList(acl), OMAction.ADD_ACL,
Review comment:
Minor comment: No need of auditSuccess flag, we can use exepection value to
decide whether it is success or not.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 294324)
Time Spent: 2h 20m (was: 2h 10m)
> Audit xxxAcl methods in OzoneManager
>
>
> Key: HDDS-1768
> URL: https://issues.apache.org/jira/browse/HDDS-1768
> Project: Hadoop Distributed Data Store
> Issue Type: Sub-task
>Reporter: Ajay Kumar
>Assignee: Dinesh Chitlangia
>Priority: Major
> Labels: pull-request-available
> Time Spent: 2h 20m
> Remaining Estimate: 0h
>
> Audit permission failures from authorizer
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Work logged] (HDDS-1768) Audit xxxAcl methods in OzoneManager
[ https://issues.apache.org/jira/browse/HDDS-1768?focusedWorklogId=294224=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-294224 ] ASF GitHub Bot logged work on HDDS-1768: Author: ASF GitHub Bot Created on: 13/Aug/19 22:13 Start Date: 13/Aug/19 22:13 Worklog Time Spent: 10m Work Description: dineshchitlangia commented on issue #1204: HDDS-1768. Audit xxxAcl methods in OzoneManager URL: https://github.com/apache/hadoop/pull/1204#issuecomment-521029139 @bharatviswa504 Thanks for reviewing. Updated PR to address review comments. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking --- Worklog Id: (was: 294224) Time Spent: 2h 10m (was: 2h) > Audit xxxAcl methods in OzoneManager > > > Key: HDDS-1768 > URL: https://issues.apache.org/jira/browse/HDDS-1768 > Project: Hadoop Distributed Data Store > Issue Type: Sub-task >Reporter: Ajay Kumar >Assignee: Dinesh Chitlangia >Priority: Major > Labels: pull-request-available > Time Spent: 2h 10m > Remaining Estimate: 0h > > Audit permission failures from authorizer -- This message was sent by Atlassian JIRA (v7.6.14#76016) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Work logged] (HDDS-1768) Audit xxxAcl methods in OzoneManager
[
https://issues.apache.org/jira/browse/HDDS-1768?focusedWorklogId=294143=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-294143
]
ASF GitHub Bot logged work on HDDS-1768:
Author: ASF GitHub Bot
Created on: 13/Aug/19 20:04
Start Date: 13/Aug/19 20:04
Worklog Time Spent: 10m
Work Description: bharatviswa504 commented on pull request #1204:
HDDS-1768. Audit xxxAcl methods in OzoneManager
URL: https://github.com/apache/hadoop/pull/1204#discussion_r313587300
##
File path:
hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
##
@@ -3029,24 +3044,39 @@ public boolean addAcl(OzoneObj obj, OzoneAcl acl)
throws IOException {
*/
@Override
public boolean removeAcl(OzoneObj obj, OzoneAcl acl) throws IOException {
-if(isAclEnabled) {
- checkAcls(obj.getResourceType(), obj.getStoreType(), ACLType.WRITE_ACL,
- obj.getVolumeName(), obj.getBucketName(), obj.getKeyName());
-}
-// TODO: Audit ACL operation.
-switch (obj.getResourceType()) {
-case VOLUME:
- return volumeManager.removeAcl(obj, acl);
-case BUCKET:
- return bucketManager.removeAcl(obj, acl);
-case KEY:
- return keyManager.removeAcl(obj, acl);
-case PREFIX:
- return prefixManager.removeAcl(obj, acl);
+Map auditMap = obj.toAuditMap();
+auditMap.put(OzoneConsts.ACLS, acl.toString());
Review comment:
Discussed offline, how we can make this audit for acls in to a common
method, which can help HA code path.
And also can you file a Jira to make code changes to address this in HA code
path also.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 294143)
Time Spent: 2h (was: 1h 50m)
> Audit xxxAcl methods in OzoneManager
>
>
> Key: HDDS-1768
> URL: https://issues.apache.org/jira/browse/HDDS-1768
> Project: Hadoop Distributed Data Store
> Issue Type: Sub-task
>Reporter: Ajay Kumar
>Assignee: Dinesh Chitlangia
>Priority: Major
> Labels: pull-request-available
> Time Spent: 2h
> Remaining Estimate: 0h
>
> Audit permission failures from authorizer
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Work logged] (HDDS-1768) Audit xxxAcl methods in OzoneManager
[
https://issues.apache.org/jira/browse/HDDS-1768?focusedWorklogId=294131=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-294131
]
ASF GitHub Bot logged work on HDDS-1768:
Author: ASF GitHub Bot
Created on: 13/Aug/19 19:53
Start Date: 13/Aug/19 19:53
Worklog Time Spent: 10m
Work Description: bharatviswa504 commented on pull request #1204:
HDDS-1768. Audit xxxAcl methods in OzoneManager
URL: https://github.com/apache/hadoop/pull/1204#discussion_r313582727
##
File path:
hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/TestOzoneRpcClientForAclAuditLog.java
##
@@ -0,0 +1,422 @@
+package org.apache.hadoop.ozone.client.rpc;
+
+import org.apache.commons.io.FileUtils;
+import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.hadoop.hdds.conf.OzoneConfiguration;
+import org.apache.hadoop.ozone.OzoneAcl;
+import org.apache.hadoop.ozone.audit.AuditEventStatus;
+import org.apache.hadoop.ozone.audit.OMAction;
+import org.apache.hadoop.ozone.client.OzoneVolume;
+import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
+import org.apache.hadoop.ozone.security.acl.OzoneObj;
+import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.FixMethodOrder;
+import org.junit.Test;
+import org.junit.runners.MethodSorters;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+import static org.apache.hadoop.ozone.OzoneAcl.AclScope.ACCESS;
+import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS;
+import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS_NATIVE;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_ENABLED;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS;
+import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS_WILDCARD;
+import static
org.apache.hadoop.ozone.security.acl.OzoneObj.ResourceType.VOLUME;
+import static org.apache.hadoop.ozone.security.acl.OzoneObj.StoreType.OZONE;
+import static org.junit.Assert.assertTrue;
+
+/**
+ * This class is to test audit logs for xxxACL APIs of Ozone Client.
+ */
+@FixMethodOrder(MethodSorters.NAME_ASCENDING)
+public class TestOzoneRpcClientForAclAuditLog extends
+TestOzoneRpcClientAbstract {
+
+ private static UserGroupInformation ugi;
+ private static final OzoneAcl USER_ACL =
+ new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER,
Review comment:
Ya then I think making a new test class will be a good idea here.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 294131)
Time Spent: 1h 50m (was: 1h 40m)
> Audit xxxAcl methods in OzoneManager
>
>
> Key: HDDS-1768
> URL: https://issues.apache.org/jira/browse/HDDS-1768
> Project: Hadoop Distributed Data Store
> Issue Type: Sub-task
>Reporter: Ajay Kumar
>Assignee: Dinesh Chitlangia
>Priority: Major
> Labels: pull-request-available
> Time Spent: 1h 50m
> Remaining Estimate: 0h
>
> Audit permission failures from authorizer
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Work logged] (HDDS-1768) Audit xxxAcl methods in OzoneManager
[
https://issues.apache.org/jira/browse/HDDS-1768?focusedWorklogId=290976=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-290976
]
ASF GitHub Bot logged work on HDDS-1768:
Author: ASF GitHub Bot
Created on: 08/Aug/19 03:48
Start Date: 08/Aug/19 03:48
Worklog Time Spent: 10m
Work Description: dineshchitlangia commented on pull request #1204:
HDDS-1768. Audit xxxAcl methods in OzoneManager
URL: https://github.com/apache/hadoop/pull/1204#discussion_r311846099
##
File path:
hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
##
@@ -3029,24 +3044,39 @@ public boolean addAcl(OzoneObj obj, OzoneAcl acl)
throws IOException {
*/
@Override
public boolean removeAcl(OzoneObj obj, OzoneAcl acl) throws IOException {
-if(isAclEnabled) {
- checkAcls(obj.getResourceType(), obj.getStoreType(), ACLType.WRITE_ACL,
- obj.getVolumeName(), obj.getBucketName(), obj.getKeyName());
-}
-// TODO: Audit ACL operation.
-switch (obj.getResourceType()) {
-case VOLUME:
- return volumeManager.removeAcl(obj, acl);
-case BUCKET:
- return bucketManager.removeAcl(obj, acl);
-case KEY:
- return keyManager.removeAcl(obj, acl);
-case PREFIX:
- return prefixManager.removeAcl(obj, acl);
+Map auditMap = obj.toAuditMap();
+auditMap.put(OzoneConsts.ACLS, acl.toString());
Review comment:
@bharatviswa504 I actually spotted a typo because of your comment.
removeAcl & addAcl will use `auditMap.put(OzoneConsts.ACL, acl.toString())`
setAcl will use `auditMap.put(OzoneConsts.ACLS, acls.toString())`
getAcl will not have such a line.
The difference between first 2 is that setAcl can have more than one Acl in
question hence using 'ACLS' to indicate multiple.
Let me know if you think we still need to move this line to common method
and avoid such detailed classification.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 290976)
Time Spent: 1h 40m (was: 1.5h)
> Audit xxxAcl methods in OzoneManager
>
>
> Key: HDDS-1768
> URL: https://issues.apache.org/jira/browse/HDDS-1768
> Project: Hadoop Distributed Data Store
> Issue Type: Sub-task
>Reporter: Ajay Kumar
>Assignee: Dinesh Chitlangia
>Priority: Major
> Labels: pull-request-available
> Time Spent: 1h 40m
> Remaining Estimate: 0h
>
> Audit permission failures from authorizer
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Work logged] (HDDS-1768) Audit xxxAcl methods in OzoneManager
[
https://issues.apache.org/jira/browse/HDDS-1768?focusedWorklogId=290973=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-290973
]
ASF GitHub Bot logged work on HDDS-1768:
Author: ASF GitHub Bot
Created on: 08/Aug/19 03:43
Start Date: 08/Aug/19 03:43
Worklog Time Spent: 10m
Work Description: dineshchitlangia commented on pull request #1204:
HDDS-1768. Audit xxxAcl methods in OzoneManager
URL: https://github.com/apache/hadoop/pull/1204#discussion_r311845409
##
File path:
hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/TestOzoneRpcClientForAclAuditLog.java
##
@@ -0,0 +1,422 @@
+package org.apache.hadoop.ozone.client.rpc;
+
+import org.apache.commons.io.FileUtils;
+import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.hadoop.hdds.conf.OzoneConfiguration;
+import org.apache.hadoop.ozone.OzoneAcl;
+import org.apache.hadoop.ozone.audit.AuditEventStatus;
+import org.apache.hadoop.ozone.audit.OMAction;
+import org.apache.hadoop.ozone.client.OzoneVolume;
+import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
+import org.apache.hadoop.ozone.security.acl.OzoneObj;
+import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.FixMethodOrder;
+import org.junit.Test;
+import org.junit.runners.MethodSorters;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+import static org.apache.hadoop.ozone.OzoneAcl.AclScope.ACCESS;
+import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS;
+import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS_NATIVE;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_ENABLED;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS;
+import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS_WILDCARD;
+import static
org.apache.hadoop.ozone.security.acl.OzoneObj.ResourceType.VOLUME;
+import static org.apache.hadoop.ozone.security.acl.OzoneObj.StoreType.OZONE;
+import static org.junit.Assert.assertTrue;
+
+/**
+ * This class is to test audit logs for xxxACL APIs of Ozone Client.
+ */
+@FixMethodOrder(MethodSorters.NAME_ASCENDING)
+public class TestOzoneRpcClientForAclAuditLog extends
+TestOzoneRpcClientAbstract {
+
+ private static UserGroupInformation ugi;
+ private static final OzoneAcl USER_ACL =
+ new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER,
Review comment:
@bharatviswa504 I only need the two tests I have added here. The only reason
I extended the base class is to leverage the setup(). Happy to make it a
standalone test class.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 290973)
Time Spent: 1.5h (was: 1h 20m)
> Audit xxxAcl methods in OzoneManager
>
>
> Key: HDDS-1768
> URL: https://issues.apache.org/jira/browse/HDDS-1768
> Project: Hadoop Distributed Data Store
> Issue Type: Sub-task
>Reporter: Ajay Kumar
>Assignee: Dinesh Chitlangia
>Priority: Major
> Labels: pull-request-available
> Time Spent: 1.5h
> Remaining Estimate: 0h
>
> Audit permission failures from authorizer
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Work logged] (HDDS-1768) Audit xxxAcl methods in OzoneManager
[ https://issues.apache.org/jira/browse/HDDS-1768?focusedWorklogId=290954=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-290954 ] ASF GitHub Bot logged work on HDDS-1768: Author: ASF GitHub Bot Created on: 08/Aug/19 02:38 Start Date: 08/Aug/19 02:38 Worklog Time Spent: 10m Work Description: hadoop-yetus commented on issue #1204: HDDS-1768. Audit xxxAcl methods in OzoneManager URL: https://github.com/apache/hadoop/pull/1204#issuecomment-519339871 :broken_heart: **-1 overall** | Vote | Subsystem | Runtime | Comment | |::|--:|:|:| | 0 | reexec | 102 | Docker mode activated. | ||| _ Prechecks _ | | +1 | dupname | 0 | No case conflicting files found. | | +1 | @author | 0 | The patch does not contain any @author tags. | | +1 | test4tests | 0 | The patch appears to include 2 new or modified test files. | ||| _ trunk Compile Tests _ | | 0 | mvndep | 26 | Maven dependency ordering for branch | | +1 | mvninstall | 591 | trunk passed | | +1 | compile | 378 | trunk passed | | +1 | checkstyle | 79 | trunk passed | | +1 | mvnsite | 0 | trunk passed | | +1 | shadedclient | 955 | branch has no errors when building and testing our client artifacts. | | +1 | javadoc | 190 | trunk passed | | 0 | spotbugs | 450 | Used deprecated FindBugs config; considering switching to SpotBugs. | | +1 | findbugs | 654 | trunk passed | ||| _ Patch Compile Tests _ | | 0 | mvndep | 30 | Maven dependency ordering for patch | | -1 | mvninstall | 311 | hadoop-ozone in the patch failed. | | -1 | compile | 256 | hadoop-ozone in the patch failed. | | -1 | javac | 256 | hadoop-ozone in the patch failed. | | +1 | checkstyle | 78 | the patch passed | | +1 | mvnsite | 0 | the patch passed | | +1 | whitespace | 0 | The patch has no whitespace issues. | | +1 | shadedclient | 719 | patch has no errors when building and testing our client artifacts. | | +1 | javadoc | 165 | the patch passed | | -1 | findbugs | 416 | hadoop-ozone in the patch failed. | ||| _ Other Tests _ | | -1 | unit | 359 | hadoop-hdds in the patch failed. | | -1 | unit | 44 | hadoop-ozone in the patch failed. | | +1 | asflicense | 36 | The patch does not generate ASF License warnings. | | | | 5993 | | | Reason | Tests | |---:|:--| | Failed junit tests | hadoop.hdds.scm.block.TestBlockManager | | Subsystem | Report/Notes | |--:|:-| | Docker | Client=19.03.1 Server=19.03.1 base: https://builds.apache.org/job/hadoop-multibranch/job/PR-1204/2/artifact/out/Dockerfile | | GITHUB PR | https://github.com/apache/hadoop/pull/1204 | | Optional Tests | dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient findbugs checkstyle | | uname | Linux 99deb6b4f21e 4.15.0-48-generic #51-Ubuntu SMP Wed Apr 3 08:28:49 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux | | Build tool | maven | | Personality | personality/hadoop.sh | | git revision | trunk / 70b4617 | | Default Java | 1.8.0_212 | | mvninstall | https://builds.apache.org/job/hadoop-multibranch/job/PR-1204/2/artifact/out/patch-mvninstall-hadoop-ozone.txt | | compile | https://builds.apache.org/job/hadoop-multibranch/job/PR-1204/2/artifact/out/patch-compile-hadoop-ozone.txt | | javac | https://builds.apache.org/job/hadoop-multibranch/job/PR-1204/2/artifact/out/patch-compile-hadoop-ozone.txt | | findbugs | https://builds.apache.org/job/hadoop-multibranch/job/PR-1204/2/artifact/out/patch-findbugs-hadoop-ozone.txt | | unit | https://builds.apache.org/job/hadoop-multibranch/job/PR-1204/2/artifact/out/patch-unit-hadoop-hdds.txt | | unit | https://builds.apache.org/job/hadoop-multibranch/job/PR-1204/2/artifact/out/patch-unit-hadoop-ozone.txt | | Test Results | https://builds.apache.org/job/hadoop-multibranch/job/PR-1204/2/testReport/ | | Max. process+thread count | 358 (vs. ulimit of 5500) | | modules | C: hadoop-hdds/common hadoop-ozone/common hadoop-ozone/integration-test hadoop-ozone/ozone-manager U: . | | Console output | https://builds.apache.org/job/hadoop-multibranch/job/PR-1204/2/console | | versions | git=2.7.4 maven=3.3.9 findbugs=3.1.0-RC1 | | Powered by | Apache Yetus 0.10.0 http://yetus.apache.org | This message was automatically generated. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking --- Worklog Id: (was: 290954) Time Spent: 1h 20m (was: 1h 10m) > Audit xxxAcl
[jira] [Work logged] (HDDS-1768) Audit xxxAcl methods in OzoneManager
[
https://issues.apache.org/jira/browse/HDDS-1768?focusedWorklogId=290946=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-290946
]
ASF GitHub Bot logged work on HDDS-1768:
Author: ASF GitHub Bot
Created on: 08/Aug/19 02:22
Start Date: 08/Aug/19 02:22
Worklog Time Spent: 10m
Work Description: bharatviswa504 commented on pull request #1204:
HDDS-1768. Audit xxxAcl methods in OzoneManager
URL: https://github.com/apache/hadoop/pull/1204#discussion_r311832848
##
File path:
hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
##
@@ -3029,24 +3044,39 @@ public boolean addAcl(OzoneObj obj, OzoneAcl acl)
throws IOException {
*/
@Override
public boolean removeAcl(OzoneObj obj, OzoneAcl acl) throws IOException {
-if(isAclEnabled) {
- checkAcls(obj.getResourceType(), obj.getStoreType(), ACLType.WRITE_ACL,
- obj.getVolumeName(), obj.getBucketName(), obj.getKeyName());
-}
-// TODO: Audit ACL operation.
-switch (obj.getResourceType()) {
-case VOLUME:
- return volumeManager.removeAcl(obj, acl);
-case BUCKET:
- return bucketManager.removeAcl(obj, acl);
-case KEY:
- return keyManager.removeAcl(obj, acl);
-case PREFIX:
- return prefixManager.removeAcl(obj, acl);
+Map auditMap = obj.toAuditMap();
+auditMap.put(OzoneConsts.ACLS, acl.toString());
Review comment:
We can move this audit log to the common method.
As this is common code for all ACL requests.
`auditAcl(OzoneObj ozoneObj, OzoneAcl ozoneAcl, OMAction omAction, Exception
exception)`
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 290946)
Time Spent: 1h 10m (was: 1h)
> Audit xxxAcl methods in OzoneManager
>
>
> Key: HDDS-1768
> URL: https://issues.apache.org/jira/browse/HDDS-1768
> Project: Hadoop Distributed Data Store
> Issue Type: Sub-task
>Reporter: Ajay Kumar
>Assignee: Dinesh Chitlangia
>Priority: Major
> Labels: pull-request-available
> Time Spent: 1h 10m
> Remaining Estimate: 0h
>
> Audit permission failures from authorizer
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Work logged] (HDDS-1768) Audit xxxAcl methods in OzoneManager
[
https://issues.apache.org/jira/browse/HDDS-1768?focusedWorklogId=290942=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-290942
]
ASF GitHub Bot logged work on HDDS-1768:
Author: ASF GitHub Bot
Created on: 08/Aug/19 02:17
Start Date: 08/Aug/19 02:17
Worklog Time Spent: 10m
Work Description: bharatviswa504 commented on pull request #1204:
HDDS-1768. Audit xxxAcl methods in OzoneManager
URL: https://github.com/apache/hadoop/pull/1204#discussion_r311831941
##
File path:
hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/TestOzoneRpcClientForAclAuditLog.java
##
@@ -0,0 +1,422 @@
+package org.apache.hadoop.ozone.client.rpc;
+
+import org.apache.commons.io.FileUtils;
+import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.hadoop.hdds.conf.OzoneConfiguration;
+import org.apache.hadoop.ozone.OzoneAcl;
+import org.apache.hadoop.ozone.audit.AuditEventStatus;
+import org.apache.hadoop.ozone.audit.OMAction;
+import org.apache.hadoop.ozone.client.OzoneVolume;
+import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
+import org.apache.hadoop.ozone.security.acl.OzoneObj;
+import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.FixMethodOrder;
+import org.junit.Test;
+import org.junit.runners.MethodSorters;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+import static org.apache.hadoop.ozone.OzoneAcl.AclScope.ACCESS;
+import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS;
+import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS_NATIVE;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_ENABLED;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS;
+import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS_WILDCARD;
+import static
org.apache.hadoop.ozone.security.acl.OzoneObj.ResourceType.VOLUME;
+import static org.apache.hadoop.ozone.security.acl.OzoneObj.StoreType.OZONE;
+import static org.junit.Assert.assertTrue;
+
+/**
+ * This class is to test audit logs for xxxACL APIs of Ozone Client.
+ */
+@FixMethodOrder(MethodSorters.NAME_ASCENDING)
+public class TestOzoneRpcClientForAclAuditLog extends
+TestOzoneRpcClientAbstract {
+
+ private static UserGroupInformation ugi;
+ private static final OzoneAcl USER_ACL =
+ new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER,
Review comment:
If we don't need any other methods for testing, can we make this a new
separate test class
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 290942)
Time Spent: 1h (was: 50m)
> Audit xxxAcl methods in OzoneManager
>
>
> Key: HDDS-1768
> URL: https://issues.apache.org/jira/browse/HDDS-1768
> Project: Hadoop Distributed Data Store
> Issue Type: Sub-task
>Reporter: Ajay Kumar
>Assignee: Dinesh Chitlangia
>Priority: Major
> Labels: pull-request-available
> Time Spent: 1h
> Remaining Estimate: 0h
>
> Audit permission failures from authorizer
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Work logged] (HDDS-1768) Audit xxxAcl methods in OzoneManager
[ https://issues.apache.org/jira/browse/HDDS-1768?focusedWorklogId=287387=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-287387 ] ASF GitHub Bot logged work on HDDS-1768: Author: ASF GitHub Bot Created on: 02/Aug/19 00:21 Start Date: 02/Aug/19 00:21 Worklog Time Spent: 10m Work Description: hadoop-yetus commented on issue #1204: HDDS-1768. Audit xxxAcl methods in OzoneManager URL: https://github.com/apache/hadoop/pull/1204#issuecomment-517502262 :broken_heart: **-1 overall** | Vote | Subsystem | Runtime | Comment | |::|--:|:|:| | 0 | reexec | 46 | Docker mode activated. | ||| _ Prechecks _ | | +1 | dupname | 0 | No case conflicting files found. | | +1 | @author | 0 | The patch does not contain any @author tags. | | +1 | test4tests | 0 | The patch appears to include 2 new or modified test files. | ||| _ trunk Compile Tests _ | | 0 | mvndep | 25 | Maven dependency ordering for branch | | +1 | mvninstall | 621 | trunk passed | | +1 | compile | 380 | trunk passed | | +1 | checkstyle | 67 | trunk passed | | +1 | mvnsite | 0 | trunk passed | | +1 | shadedclient | 869 | branch has no errors when building and testing our client artifacts. | | +1 | javadoc | 154 | trunk passed | | 0 | spotbugs | 456 | Used deprecated FindBugs config; considering switching to SpotBugs. | | +1 | findbugs | 669 | trunk passed | ||| _ Patch Compile Tests _ | | 0 | mvndep | 29 | Maven dependency ordering for patch | | +1 | mvninstall | 601 | the patch passed | | +1 | compile | 454 | the patch passed | | +1 | javac | 454 | the patch passed | | +1 | checkstyle | 82 | the patch passed | | +1 | mvnsite | 0 | the patch passed | | +1 | whitespace | 1 | The patch has no whitespace issues. | | +1 | shadedclient | 687 | patch has no errors when building and testing our client artifacts. | | +1 | javadoc | 196 | the patch passed | | +1 | findbugs | 828 | the patch passed | ||| _ Other Tests _ | | +1 | unit | 329 | hadoop-hdds in the patch passed. | | -1 | unit | 2874 | hadoop-ozone in the patch failed. | | +1 | asflicense | 59 | The patch does not generate ASF License warnings. | | | | 9127 | | | Reason | Tests | |---:|:--| | Failed junit tests | hadoop.ozone.client.rpc.TestReadRetries | | | hadoop.hdds.scm.pipeline.TestRatisPipelineCreateAndDestory | | | hadoop.ozone.client.rpc.TestOzoneRpcClientWithRatis | | | hadoop.ozone.client.rpc.TestCommitWatcher | | | hadoop.ozone.client.rpc.TestOzoneRpcClientForAclAuditLog | | | hadoop.ozone.client.rpc.TestSecureOzoneRpcClient | | | hadoop.ozone.TestMiniChaosOzoneCluster | | | hadoop.ozone.om.TestScmSafeMode | | | hadoop.ozone.client.rpc.TestOzoneRpcClient | | | hadoop.ozone.client.rpc.TestOzoneAtRestEncryption | | | hadoop.ozone.om.TestOzoneManagerHA | | | hadoop.ozone.client.rpc.TestMultiBlockWritesWithDnFailures | | Subsystem | Report/Notes | |--:|:-| | Docker | Client=19.03.1 Server=19.03.1 base: https://builds.apache.org/job/hadoop-multibranch/job/PR-1204/1/artifact/out/Dockerfile | | GITHUB PR | https://github.com/apache/hadoop/pull/1204 | | Optional Tests | dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient findbugs checkstyle | | uname | Linux dc27ac67b899 4.4.0-138-generic #164-Ubuntu SMP Tue Oct 2 17:16:02 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux | | Build tool | maven | | Personality | personality/hadoop.sh | | git revision | trunk / e111789 | | Default Java | 1.8.0_212 | | unit | https://builds.apache.org/job/hadoop-multibranch/job/PR-1204/1/artifact/out/patch-unit-hadoop-ozone.txt | | Test Results | https://builds.apache.org/job/hadoop-multibranch/job/PR-1204/1/testReport/ | | Max. process+thread count | 3553 (vs. ulimit of 5500) | | modules | C: hadoop-hdds/common hadoop-ozone/common hadoop-ozone/integration-test hadoop-ozone/ozone-manager U: . | | Console output | https://builds.apache.org/job/hadoop-multibranch/job/PR-1204/1/console | | versions | git=2.7.4 maven=3.3.9 findbugs=3.1.0-RC1 | | Powered by | Apache Yetus 0.10.0 http://yetus.apache.org | This message was automatically generated. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking --- Worklog Id: (was: 287387) Time Spent: 50m (was: 40m) > Audit xxxAcl methods in OzoneManager > >
[jira] [Work logged] (HDDS-1768) Audit xxxAcl methods in OzoneManager
[ https://issues.apache.org/jira/browse/HDDS-1768?focusedWorklogId=286455=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-286455 ] ASF GitHub Bot logged work on HDDS-1768: Author: ASF GitHub Bot Created on: 01/Aug/19 06:15 Start Date: 01/Aug/19 06:15 Worklog Time Spent: 10m Work Description: dineshchitlangia commented on issue #1204: HDDS-1768. Audit xxxAcl methods in OzoneManager URL: https://github.com/apache/hadoop/pull/1204#issuecomment-517135892 /label ozone This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking --- Worklog Id: (was: 286455) Time Spent: 40m (was: 0.5h) > Audit xxxAcl methods in OzoneManager > > > Key: HDDS-1768 > URL: https://issues.apache.org/jira/browse/HDDS-1768 > Project: Hadoop Distributed Data Store > Issue Type: Sub-task >Reporter: Ajay Kumar >Assignee: Dinesh Chitlangia >Priority: Major > Labels: pull-request-available > Time Spent: 40m > Remaining Estimate: 0h > > Audit permission failures from authorizer -- This message was sent by Atlassian JIRA (v7.6.14#76016) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Work logged] (HDDS-1768) Audit xxxAcl methods in OzoneManager
[ https://issues.apache.org/jira/browse/HDDS-1768?focusedWorklogId=286439=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-286439 ] ASF GitHub Bot logged work on HDDS-1768: Author: ASF GitHub Bot Created on: 01/Aug/19 05:54 Start Date: 01/Aug/19 05:54 Worklog Time Spent: 10m Work Description: dineshchitlangia commented on pull request #1204: HDDS-1768. Audit xxxAcl methods in OzoneManager URL: https://github.com/apache/hadoop/pull/1204 @xiaoyuyao , @ajayydv - Request you to please review this PR. Thank you. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking --- Worklog Id: (was: 286439) Time Spent: 0.5h (was: 20m) > Audit xxxAcl methods in OzoneManager > > > Key: HDDS-1768 > URL: https://issues.apache.org/jira/browse/HDDS-1768 > Project: Hadoop Distributed Data Store > Issue Type: Sub-task >Reporter: Ajay Kumar >Assignee: Dinesh Chitlangia >Priority: Major > Labels: pull-request-available > Time Spent: 0.5h > Remaining Estimate: 0h > > Audit permission failures from authorizer -- This message was sent by Atlassian JIRA (v7.6.14#76016) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Work logged] (HDDS-1768) Audit xxxAcl methods in OzoneManager
[ https://issues.apache.org/jira/browse/HDDS-1768?focusedWorklogId=286436=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-286436 ] ASF GitHub Bot logged work on HDDS-1768: Author: ASF GitHub Bot Created on: 01/Aug/19 05:53 Start Date: 01/Aug/19 05:53 Worklog Time Spent: 10m Work Description: dchitlangia commented on pull request #1203: HDDS-1768. Audit xxxAcl methods in OzoneManager URL: https://github.com/apache/hadoop/pull/1203 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking --- Worklog Id: (was: 286436) Time Spent: 20m (was: 10m) > Audit xxxAcl methods in OzoneManager > > > Key: HDDS-1768 > URL: https://issues.apache.org/jira/browse/HDDS-1768 > Project: Hadoop Distributed Data Store > Issue Type: Sub-task >Reporter: Ajay Kumar >Assignee: Dinesh Chitlangia >Priority: Major > Labels: pull-request-available > Time Spent: 20m > Remaining Estimate: 0h > > Audit permission failures from authorizer -- This message was sent by Atlassian JIRA (v7.6.14#76016) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Work logged] (HDDS-1768) Audit xxxAcl methods in OzoneManager
[ https://issues.apache.org/jira/browse/HDDS-1768?focusedWorklogId=286435=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-286435 ] ASF GitHub Bot logged work on HDDS-1768: Author: ASF GitHub Bot Created on: 01/Aug/19 05:52 Start Date: 01/Aug/19 05:52 Worklog Time Spent: 10m Work Description: dchitlangia commented on pull request #1203: HDDS-1768. Audit xxxAcl methods in OzoneManager URL: https://github.com/apache/hadoop/pull/1203 @xiaoyuyao , @ajayydv - Request you to please review this PR. Thank you. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking --- Worklog Id: (was: 286435) Time Spent: 10m Remaining Estimate: 0h > Audit xxxAcl methods in OzoneManager > > > Key: HDDS-1768 > URL: https://issues.apache.org/jira/browse/HDDS-1768 > Project: Hadoop Distributed Data Store > Issue Type: Sub-task >Reporter: Ajay Kumar >Assignee: Dinesh Chitlangia >Priority: Major > Labels: pull-request-available > Time Spent: 10m > Remaining Estimate: 0h > > Audit permission failures from authorizer -- This message was sent by Atlassian JIRA (v7.6.14#76016) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
