hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ravi Prakash (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-12300) Audit-log delegation token related operations
Date Thu, 31 Aug 2017 23:01:00 GMT

    [ https://issues.apache.org/jira/browse/HDFS-12300?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16149738#comment-16149738

Ravi Prakash commented on HDFS-12300:

Hi Xiao! Thanks a lot for your effort on this.

Is the performance overhead of reflection appreciable over here? Should different modules
really be decoding tokens? I'm not sure I understand why we don't audit log when some exceptions
are thrown and not others. But that is not related to this JIRA.

Otherwise patch looks good to me.

> Audit-log delegation token related operations
> ---------------------------------------------
>                 Key: HDFS-12300
>                 URL: https://issues.apache.org/jira/browse/HDFS-12300
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>          Components: namenode
>    Affects Versions: 0.22.0
>            Reporter: Xiao Chen
>            Assignee: Xiao Chen
>         Attachments: HDFS-12300.01.patch
> When inspecting the code, I found that the following methods in FSNamesystem are not
audit logged:
> - getDelegationToken
> - renewDelegationToken
> - cancelDelegationToken
> The audit log itself does have a logTokenTrackingId field to additionally log some details
when a token is used for authentication.
> After emailing the community, we should add that.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org

View raw message