Andy Isaacson created HDFS-3733:
-----------------------------------
Summary: audit logging must cover WebHdfs access
Key: HDFS-3733
URL: https://issues.apache.org/jira/browse/HDFS-3733
Project: Hadoop HDFS
Issue Type: Bug
Components: webhdfs
Affects Versions: 2.0.0-alpha
Reporter: Andy Isaacson
Assignee: Andy Isaacson
Access via WebHdfs does not result in audit log entries. It should.
{noformat}
% curl "http://nn1:50070/webhdfs/v1/user/adi/hello.txt?op=GETFILESTATUS";
{"FileStatus":{"accessTime":1343351432395,"blockSize":134217728,"group":"supergroup","length":12,"modificationTime":1342808158399,"owner":"adi","pathSuffix":"","permission":"644","replication":1,"type":"FILE"}}
{noformat}
and observe that no audit log entry is generated.
Interestingly, OPEN requests do not generate audit log entries when the NN
generates the redirect, but do generate audit log entries when the second phase
against the DN is executed.
{noformat}
% curl -v 'http://nn1:50070/webhdfs/v1/user/adi/hello.txt?op=OPEN'
...
< HTTP/1.1 307 TEMPORARY_REDIRECT
< Location:
http://dn01:50075/webhdfs/v1/user/adi/hello.txt?op=OPEN&namenoderpcaddress=nn1:8020&offset=0
...
% curl -v
'http://dn01:50075/webhdfs/v1/user/adi/hello.txt?op=OPEN&namenoderpcaddress=nn1:8020'
...
< HTTP/1.1 200 OK
< Content-Type: application/octet-stream
< Content-Length: 12
< Server: Jetty(6.1.26.cloudera.1)
<
hello world
{noformat}
This happens because {{DatanodeWebHdfsMethods#get}} uses {{DFSClient#open}}
thereby triggering the existing {{logAuditEvent}} code.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
