hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yi Liang (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-16311) Audit log for delete snapshot operation is missing in case of snapshot owner deleting the same
Date Tue, 23 Aug 2016 23:43:20 GMT

    [ https://issues.apache.org/jira/browse/HBASE-16311?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15433870#comment-15433870

Yi Liang commented on HBASE-16311:

I found that no activity for this jira for 3 weeks, so I take this jira and provide a patch.

in my patch, i finished two parts:
  (1)TODO part:
     log the delete_snapshot and list_snapshot info into audti log
   (2) log snapshot name into audit logs, 
    Since 'AuthResult'(which is used to store audit log related information) class does not
have field/variable for snapshot, so I just put the snapshot name into the 'request' filed
in AuthResult. The output is showed below:
2016-08-23 16:29:47,423 TRACE SecurityLogger.org.apache.hadoop.hbase.security.access.AccessController:
Access allowed for user hbase; reason: Global check allowed; remote address: /;
request: deleteSnapshot my-snapshot; context: (user=hbase, scope=GLOBAL, action=ADMIN)

> Audit log for delete snapshot operation is missing in case of snapshot owner deleting
the same
> ----------------------------------------------------------------------------------------------
>                 Key: HBASE-16311
>                 URL: https://issues.apache.org/jira/browse/HBASE-16311
>             Project: HBase
>          Issue Type: Sub-task
>          Components: snapshots
>            Reporter: Abhishek Kumar
>            Assignee: Yi Liang
>            Priority: Minor
>         Attachments: HBASE-16311-V1.patch
> 1. Audit log seems to be left as a TODO task in AccessController.java:
> {code}
>   @Override
>   public void preDeleteSnapshot(final ObserverContext<MasterCoprocessorEnvironment>
>       final SnapshotDescription snapshot) throws IOException {
>     if (SnapshotDescriptionUtils.isSnapshotOwner(snapshot, getActiveUser())) {
>       // Snapshot owner is allowed to delete the snapshot
>       // TODO: We are not logging this for audit
>     } else {
>       requirePermission("deleteSnapshot", Action.ADMIN);
>     }
>   }
> {code}
> 2. Also, snapshot name is not getting logged in the audit logs.

This message was sent by Atlassian JIRA

View raw message