hadoop-hdfs-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andy Isaacson (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HDFS-3733) audit logging must cover WebHdfs access
Date Fri, 27 Jul 2012 01:37:37 GMT
Andy Isaacson created HDFS-3733:

             Summary: audit logging must cover WebHdfs access
                 Key: HDFS-3733
                 URL: https://issues.apache.org/jira/browse/HDFS-3733
             Project: Hadoop HDFS
          Issue Type: Bug
          Components: webhdfs
    Affects Versions: 2.0.0-alpha
            Reporter: Andy Isaacson
            Assignee: Andy Isaacson

Access via WebHdfs does not result in audit log entries.  It should.

% curl "http://nn1:50070/webhdfs/v1/user/adi/hello.txt?op=GETFILESTATUS"
and observe that no audit log entry is generated.

Interestingly, OPEN requests do not generate audit log entries when the NN generates the redirect,
but do generate audit log entries when the second phase against the DN is executed.
% curl -v 'http://nn1:50070/webhdfs/v1/user/adi/hello.txt?op=OPEN'
< Location: http://dn01:50075/webhdfs/v1/user/adi/hello.txt?op=OPEN&namenoderpcaddress=nn1:8020&offset=0
% curl -v 'http://dn01:50075/webhdfs/v1/user/adi/hello.txt?op=OPEN&namenoderpcaddress=nn1:8020'
< HTTP/1.1 200 OK
< Content-Type: application/octet-stream
< Content-Length: 12
< Server: Jetty(6.1.26.cloudera.1)
hello world
This happens because {{DatanodeWebHdfsMethods#get}} uses {{DFSClient#open}} thereby triggering
the existing {{logAuditEvent}} code.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message