This is an automated email from the ASF dual-hosted git repository.
ferhui pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/hadoop.git
The following commit(s) were added to refs/heads/trunk by this push:
new 95c9660 HDFS-15667. Audit log record the unexpected allowed result
when delete (#2437)
95c9660 is described below
commit 95c96605b30cc31839a04bd5d4061a2c89e4c09c
Author: maobaolong <[email protected]>
AuthorDate: Tue Nov 10 13:01:10 2020 +0800
HDFS-15667. Audit log record the unexpected allowed result when delete
(#2437)
---
.../apache/hadoop/hdfs/server/namenode/FSNamesystem.java | 2 +-
.../hdfs/server/namenode/TestAuditLoggerWithCommands.java | 13 +++++++++++++
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git
a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
index c8ade1a..4d74071 100644
---
a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
+++
b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
@@ -3321,7 +3321,7 @@ public class FSNamesystem implements Namesystem,
FSNamesystemMBean,
throw e;
}
getEditLog().logSync();
- logAuditEvent(true, operationName, src);
+ logAuditEvent(ret, operationName, src);
if (toRemovedBlocks != null) {
removeBlocks(toRemovedBlocks); // Incremental deletion of blocks
}
diff --git
a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuditLoggerWithCommands.java
b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuditLoggerWithCommands.java
index 0814d4a..4d379b1 100644
---
a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuditLoggerWithCommands.java
+++
b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuditLoggerWithCommands.java
@@ -51,6 +51,7 @@ import org.junit.Before;
import org.junit.Test;
import static
org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_ALWAYS_USE_KEY;
import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.assertFalse;
import static org.junit.Assert.fail;
import org.mockito.Mockito;
@@ -1205,6 +1206,18 @@ public class TestAuditLoggerWithCommands {
}
}
+ @Test
+ public void testDeleteRoot() throws Exception {
+ Path srcDir = new Path("/");
+ fileSys = DFSTestUtil.getFileSystemAs(user1, conf);
+ boolean result = fileSys.delete(srcDir, true);
+ fileSys.close();
+ assertFalse(result);
+ String aceDeletePattern =
+ ".*allowed=false.*ugi=theDoctor.*cmd=delete.*";
+ verifyAuditLogs(aceDeletePattern);
+ }
+
private void verifyAuditRestoreFailedStorageACE(
FSNamesystem fsNamesystem, String arg) throws IOException {
String operationName = fsNamesystem.getFailedStorageCommand(arg);
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
