[ https://issues.apache.org/jira/browse/HDDS-12704?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Krishna Kumar Asawa reassigned HDDS-12704: ------------------------------------------ Assignee: Priyesh K > Ensure SCM admin access failures are logged to audit > ---------------------------------------------------- > > Key: HDDS-12704 > URL: https://issues.apache.org/jira/browse/HDDS-12704 > Project: Apache Ozone > Issue Type: Bug > Components: SCM > Reporter: Attila Doroszlai > Assignee: Priyesh K > Priority: Major > > SCMClientProtocolServer has different behavior for various admin operations: > - operation audited, including admin failure (examples: deleteContainer, > activatePipeline) > - operation audited, but admin access failure not logged, because it is > checked outside of try-catch block (examples: allocateContainer, > getContainer, closeContainer) > - operation not audited at all (examples: decommissionNodes, > recommissionNodes) > closeContainer checks admin access twice. > All admin operations should: > - have audit log > - check admin access in the try block to ensure failure is audited in catch > block > Exceptions that are caught and logged to audit should not be also output with > stack trace to the regular log. (Example: recommissionNodes) -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@ozone.apache.org For additional commands, e-mail: issues-h...@ozone.apache.org