hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yi Liang (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-16311) Audit log for delete snapshot operation is missing in case of snapshot owner deleting the same
Date Thu, 25 Aug 2016 17:42:20 GMT

    [ https://issues.apache.org/jira/browse/HBASE-16311?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15437305#comment-15437305
] 

Yi Liang commented on HBASE-16311:
----------------------------------

[~mbertozzi], have a question about errors in the hadoop.hbase.security.access.TestAccessController

in the test code, the 'snapshot' parameter in clone action has been set as 'NULL' on purpose,
that's why not pass test, but all other action such as listsnapshot, and deletesnapshot, their
snapshot parameter are not set null.  However, in its original code,all the Accesscontroller#preXXXSnapshot
method have not deal with situation when 'snapshot' parameter is 'NULL'

code below is in the  hadoop.hbase.security.access.TestAccessController, where the programmer
set snapshot name as null in cloneAction on purpose. 
{code}  
2052 AccessTestAction cloneAction = new AccessTestAction() {
2053      @Override
2054      public Object run() throws Exception {
2055        ACCESS_CONTROLLER.preCloneSnapshot(ObserverContext.createAndPrepare(CP_ENV, null),
2056          null, null);
2057        return null;
2058      }
2059  };
{code}

code below is  in Accesscontroller#preXXXSnapshot,where the programmer did not deal with snapshot
parameter as null, and all other preXXX are not deal with null snapshot as well
{code}
1335  @Override
1336  public void preCloneSnapshot(final ObserverContext<MasterCoprocessorEnvironment>
ctx,
1337      final SnapshotDescription snapshot, final HTableDescriptor hTableDescriptor)
1338      throws IOException {
1339    requirePermission(getActiveUser(ctx), "clone " + snapshot.getName(), Action.ADMIN);
1340  }
{code}

do you think I need to change the code to deal with null snapshot parameter, which has lot
of works; or I just easily change the cloneAction parameter to a non-null snapshot in test
code. 

Or do you know anybody who is familiar with this part of code, we can ask his advice. Thanks




> Audit log for delete snapshot operation is missing in case of snapshot owner deleting
the same
> ----------------------------------------------------------------------------------------------
>
>                 Key: HBASE-16311
>                 URL: https://issues.apache.org/jira/browse/HBASE-16311
>             Project: HBase
>          Issue Type: Sub-task
>          Components: snapshots
>    Affects Versions: 2.0.0
>            Reporter: Abhishek Kumar
>            Assignee: Yi Liang
>            Priority: Minor
>             Fix For: 2.0.0
>
>         Attachments: HBASE-16311-V1.patch, HBASE-16311-V2.patch
>
>
> 1. Audit log seems to be left as a TODO task in AccessController.java:
> {code}
>   @Override
>   public void preDeleteSnapshot(final ObserverContext<MasterCoprocessorEnvironment>
ctx,
>       final SnapshotDescription snapshot) throws IOException {
>     if (SnapshotDescriptionUtils.isSnapshotOwner(snapshot, getActiveUser())) {
>       // Snapshot owner is allowed to delete the snapshot
>       // TODO: We are not logging this for audit
>     } else {
>       requirePermission("deleteSnapshot", Action.ADMIN);
>     }
>   }
> {code}
> 2. Also, snapshot name is not getting logged in the audit logs.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message