ivandika3 commented on code in PR #10329:
URL: https://github.com/apache/ozone/pull/10329#discussion_r3357114812
##########
hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/bucket/OMBucketDeleteRequest.java:
##########
@@ -73,6 +74,35 @@ public OMBucketDeleteRequest(OMRequest omRequest) {
super(omRequest);
}
+ @Override
+ public OMRequest preExecute(OzoneManager ozoneManager) throws IOException {
+ OMRequest request = super.preExecute(ozoneManager);
+ DeleteBucketRequest deleteBucketRequest =
+ request.getDeleteBucketRequest();
+ String volumeName = deleteBucketRequest.getVolumeName();
+ String bucketName = deleteBucketRequest.getBucketName();
+
+ // ACL check during preExecute
+ if (ozoneManager.getAclsEnabled()) {
+ try {
+ checkAcls(ozoneManager, OzoneObj.ResourceType.BUCKET,
+ OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.DELETE,
+ volumeName, bucketName, null);
+ } catch (IOException ex) {
+ // Ensure audit log captures preExecute failures
+ Map<String, String> auditMap = new LinkedHashMap<>();
+ auditMap.put(OzoneConsts.VOLUME, volumeName);
+ auditMap.put(OzoneConsts.BUCKET, bucketName);
+ markForAudit(ozoneManager.getAuditLogger(),
+ buildAuditMessage(OMAction.DELETE_BUCKET, auditMap, ex,
+ request.getUserInfo()));
+ throw ex;
+ }
+ }
+
+ return request;
Review Comment:
Previously, we only check ACLType.DELETE, but since super.preExecute check
AclType.WRITE_ACL, won't there be a regession?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
