Andy Isaacson created HDFS-3733: ----------------------------------- Summary: audit logging must cover WebHdfs access Key: HDFS-3733 URL: https://issues.apache.org/jira/browse/HDFS-3733 Project: Hadoop HDFS Issue Type: Bug Components: webhdfs Affects Versions: 2.0.0-alpha Reporter: Andy Isaacson Assignee: Andy Isaacson
Access via WebHdfs does not result in audit log entries. It should. {noformat} % curl "http://nn1:50070/webhdfs/v1/user/adi/hello.txt?op=GETFILESTATUS" {"FileStatus":{"accessTime":1343351432395,"blockSize":134217728,"group":"supergroup","length":12,"modificationTime":1342808158399,"owner":"adi","pathSuffix":"","permission":"644","replication":1,"type":"FILE"}} {noformat} and observe that no audit log entry is generated. Interestingly, OPEN requests do not generate audit log entries when the NN generates the redirect, but do generate audit log entries when the second phase against the DN is executed. {noformat} % curl -v 'http://nn1:50070/webhdfs/v1/user/adi/hello.txt?op=OPEN' ... < HTTP/1.1 307 TEMPORARY_REDIRECT < Location: http://dn01:50075/webhdfs/v1/user/adi/hello.txt?op=OPEN&namenoderpcaddress=nn1:8020&offset=0 ... % curl -v 'http://dn01:50075/webhdfs/v1/user/adi/hello.txt?op=OPEN&namenoderpcaddress=nn1:8020' ... < HTTP/1.1 200 OK < Content-Type: application/octet-stream < Content-Length: 12 < Server: Jetty(6.1.26.cloudera.1) < hello world {noformat} This happens because {{DatanodeWebHdfsMethods#get}} uses {{DFSClient#open}} thereby triggering the existing {{logAuditEvent}} code. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira