New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HDFS-16868 Fix audit log duplicate issue when an ACE occurs in FSNamesystem. #5206
Conversation
…stem. checkSuperuserPrivilege and it' s caller log the same msg when an ACE occurs.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. +1 from my side. Let's wait what jenkins will say.
💔 -1 overall
This message was automatically generated. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 LGTM
Nice find, @curie71 !
Perhaps the reason this went unnoticed is that TestAuditLogger
does not cover these operations with assertions that they emitted exactly one log entry. We could potentially expand that test suite in the future.
@Hexiaoqiao @cnauroth Thanks for your reviews! |
…esystem. (apache#5206). Contributed by Beibei Zhao. Signed-off-by: Chris Nauroth <cnauroth@apache.org> Signed-off-by: He Xiaoqiao <hexiaoqiao@apache.org>
HDFS-16868 checkSuperuserPrivilege and it' s caller log the same msg when an ACE occurs.
checkSuperuserPrivilege call logAuditEvent and throw ace when an AccessControlException occurs.
It' s callers like metaSave call it like this:
but setQuota, addCachePool, modifyCachePool, removeCachePool, createEncryptionZone and reencryptEncryptionZone catch the ace and log the same msg again, it' s a waste of memory I think:
Maybe we should move the checkSuperuserPrivilege out of the try block as metaSave and other callers do.
Description of PR
How was this patch tested?
For code changes:
LICENSE
,LICENSE-binary
,NOTICE-binary
files?