hadoop-hdfs-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andy Isaacson (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HDFS-3733) audit logging must cover WebHdfs access
Date Fri, 27 Jul 2012 01:37:37 GMT
Andy Isaacson created HDFS-3733:
-----------------------------------

             Summary: audit logging must cover WebHdfs access
                 Key: HDFS-3733
                 URL: https://issues.apache.org/jira/browse/HDFS-3733
             Project: Hadoop HDFS
          Issue Type: Bug
          Components: webhdfs
    Affects Versions: 2.0.0-alpha
            Reporter: Andy Isaacson
            Assignee: Andy Isaacson


Access via WebHdfs does not result in audit log entries.  It should.

{noformat}
% curl "http://nn1:50070/webhdfs/v1/user/adi/hello.txt?op=GETFILESTATUS"
{"FileStatus":{"accessTime":1343351432395,"blockSize":134217728,"group":"supergroup","length":12,"modificationTime":1342808158399,"owner":"adi","pathSuffix":"","permission":"644","replication":1,"type":"FILE"}}
{noformat}
and observe that no audit log entry is generated.

Interestingly, OPEN requests do not generate audit log entries when the NN generates the redirect,
but do generate audit log entries when the second phase against the DN is executed.
{noformat}
% curl -v 'http://nn1:50070/webhdfs/v1/user/adi/hello.txt?op=OPEN'
...
< HTTP/1.1 307 TEMPORARY_REDIRECT
< Location: http://dn01:50075/webhdfs/v1/user/adi/hello.txt?op=OPEN&namenoderpcaddress=nn1:8020&offset=0
...
% curl -v 'http://dn01:50075/webhdfs/v1/user/adi/hello.txt?op=OPEN&namenoderpcaddress=nn1:8020'
...
< HTTP/1.1 200 OK
< Content-Type: application/octet-stream
< Content-Length: 12
< Server: Jetty(6.1.26.cloudera.1)
< 
hello world
{noformat}
This happens because {{DatanodeWebHdfsMethods#get}} uses {{DFSClient#open}} thereby triggering
the existing {{logAuditEvent}} code.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message