HDFS-15667. Audit log record the unexpected allowed result when delete (#2437)

This commit is contained in:
maobaolong 2020-11-10 13:01:10 +08:00 committed by GitHub
parent 34e2abd811
commit 95c96605b3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 1 deletions

View File

@ -3321,7 +3321,7 @@ public class FSNamesystem implements Namesystem, FSNamesystemMBean,
throw e; throw e;
} }
getEditLog().logSync(); getEditLog().logSync();
logAuditEvent(true, operationName, src); logAuditEvent(ret, operationName, src);
if (toRemovedBlocks != null) { if (toRemovedBlocks != null) {
removeBlocks(toRemovedBlocks); // Incremental deletion of blocks removeBlocks(toRemovedBlocks); // Incremental deletion of blocks
} }

View File

@ -51,6 +51,7 @@ import org.junit.Before;
import org.junit.Test; import org.junit.Test;
import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_ALWAYS_USE_KEY; import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_ALWAYS_USE_KEY;
import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertTrue;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.fail; import static org.junit.Assert.fail;
import org.mockito.Mockito; import org.mockito.Mockito;
@ -1205,6 +1206,18 @@ public class TestAuditLoggerWithCommands {
} }
} }
@Test
public void testDeleteRoot() throws Exception {
Path srcDir = new Path("/");
fileSys = DFSTestUtil.getFileSystemAs(user1, conf);
boolean result = fileSys.delete(srcDir, true);
fileSys.close();
assertFalse(result);
String aceDeletePattern =
".*allowed=false.*ugi=theDoctor.*cmd=delete.*";
verifyAuditLogs(aceDeletePattern);
}
private void verifyAuditRestoreFailedStorageACE( private void verifyAuditRestoreFailedStorageACE(
FSNamesystem fsNamesystem, String arg) throws IOException { FSNamesystem fsNamesystem, String arg) throws IOException {
String operationName = fsNamesystem.getFailedStorageCommand(arg); String operationName = fsNamesystem.getFailedStorageCommand(arg);