[ 
https://issues.apache.org/jira/browse/HDDS-12704?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Krishna Kumar Asawa reassigned HDDS-12704:
------------------------------------------

    Assignee: Priyesh K

> Ensure SCM admin access failures are logged to audit
> ----------------------------------------------------
>
>                 Key: HDDS-12704
>                 URL: https://issues.apache.org/jira/browse/HDDS-12704
>             Project: Apache Ozone
>          Issue Type: Bug
>          Components: SCM
>            Reporter: Attila Doroszlai
>            Assignee: Priyesh K
>            Priority: Major
>
> SCMClientProtocolServer has different behavior for various admin operations:
> - operation audited, including admin failure (examples: deleteContainer, 
> activatePipeline)
> - operation audited, but admin access failure not logged, because it is 
> checked outside of try-catch block (examples: allocateContainer, 
> getContainer, closeContainer)
> - operation not audited at all (examples: decommissionNodes, 
> recommissionNodes)
> closeContainer checks admin access twice.
> All admin operations should:
> - have audit log
> - check admin access in the try block to ensure failure is audited in catch 
> block
> Exceptions that are caught and logged to audit should not be also output with 
> stack trace to the regular log.  (Example: recommissionNodes)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@ozone.apache.org
For additional commands, e-mail: issues-h...@ozone.apache.org

Reply via email to