hbase-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marcelo Vanzin <van...@cloudera.com>
Subject Re: Enhancing AccessController
Date Thu, 12 Jul 2012 23:42:00 GMT
Hello,

On Thu, Jul 12, 2012 at 3:54 PM, Andrew Purtell <apurtell@apache.org> wrote:
>> For example, HDFS logs audit messages at INFO level today (IIRC), while HBase does
so at TRACE level.
> This has been fixed.

Ah, good to know. It seems our git mirrors are a little bit out of date.

>> Well, the logging path wouldn't go away; this would just be an
>> extension for people who have might complicated needs than just
>> writing to log files. We're looking at maybe providing a similar thing
>> for HDFS. In the end, we don't want the easy way to be any different
>> than it is today, but at the same time have a system where doing more
>> complicated things is possible.
>
> This is the right approach, IMHO, build it into Hadoop core and then
> we can use it in a manner consistent with how core does.

My concern with trying to come up with a common solution for core
Hadoop and HBase is that the data being logged is fundamentally
different. Sure, you could have a silly logger that just takes a
string, but that's no better than hacking through the logging system,
which can be done today.

A proper interface would have proper types provided to the logger
(e.g., the "AuthResult" class currently private in AccessController).
And those cannot be shared among different services; maybe some base
type with common audit-related fields, but not much more than that.

Anyway, I'll clean up my code and post it on Jira instead of
elongating this thread. :-)

-- 
Marcelo

Mime
View raw message