HDFS-6224. Add a unit test to TestAuditLogger for file permissions passed to logAuditEvent. Contributed by Charles Lamb.
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1586494 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
58aefafe76
commit
b4989ed791
|
@ -43,6 +43,9 @@ Release 2.5.0 - UNRELEASED
|
|||
HDFS-6225. Remove the o.a.h.hdfs.server.common.UpgradeStatusReport.
|
||||
(wheat9)
|
||||
|
||||
HDFS-6224. Add a unit test to TestAuditLogger for file permissions
|
||||
passed to logAuditEvent. (Charles Lamb via wang)
|
||||
|
||||
OPTIMIZATIONS
|
||||
|
||||
BUG FIXES
|
||||
|
|
|
@ -7324,6 +7324,7 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
|||
cacheManager.waitForRescanIfNeeded();
|
||||
}
|
||||
writeLock();
|
||||
String effectiveDirectiveStr = null;
|
||||
Long result = null;
|
||||
try {
|
||||
checkOperation(OperationCategory.WRITE);
|
||||
|
@ -7340,6 +7341,7 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
|||
getEditLog().logAddCacheDirectiveInfo(effectiveDirective,
|
||||
cacheEntry != null);
|
||||
result = effectiveDirective.getId();
|
||||
effectiveDirectiveStr = effectiveDirective.toString();
|
||||
success = true;
|
||||
} finally {
|
||||
writeUnlock();
|
||||
|
@ -7347,7 +7349,7 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
|||
getEditLog().logSync();
|
||||
}
|
||||
if (isAuditEnabled() && isExternalInvocation()) {
|
||||
logAuditEvent(success, "addCacheDirective", null, null, null);
|
||||
logAuditEvent(success, "addCacheDirective", effectiveDirectiveStr, null, null);
|
||||
}
|
||||
RetryCache.setState(cacheEntry, success, result);
|
||||
}
|
||||
|
@ -7384,7 +7386,8 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
|||
getEditLog().logSync();
|
||||
}
|
||||
if (isAuditEnabled() && isExternalInvocation()) {
|
||||
logAuditEvent(success, "modifyCacheDirective", null, null, null);
|
||||
String idStr = "{id: " + directive.getId().toString() + "}";
|
||||
logAuditEvent(success, "modifyCacheDirective", idStr, directive.toString(), null);
|
||||
}
|
||||
RetryCache.setState(cacheEntry, success);
|
||||
}
|
||||
|
@ -7412,7 +7415,8 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
|||
} finally {
|
||||
writeUnlock();
|
||||
if (isAuditEnabled() && isExternalInvocation()) {
|
||||
logAuditEvent(success, "removeCacheDirective", null, null,
|
||||
String idStr = "{id: " + id.toString() + "}";
|
||||
logAuditEvent(success, "removeCacheDirective", idStr, null,
|
||||
null);
|
||||
}
|
||||
RetryCache.setState(cacheEntry, success);
|
||||
|
@ -7437,7 +7441,7 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
|||
} finally {
|
||||
readUnlock();
|
||||
if (isAuditEnabled() && isExternalInvocation()) {
|
||||
logAuditEvent(success, "listCacheDirectives", null, null,
|
||||
logAuditEvent(success, "listCacheDirectives", filter.toString(), null,
|
||||
null);
|
||||
}
|
||||
}
|
||||
|
@ -7454,6 +7458,7 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
|||
}
|
||||
writeLock();
|
||||
boolean success = false;
|
||||
String poolInfoStr = null;
|
||||
try {
|
||||
checkOperation(OperationCategory.WRITE);
|
||||
if (isInSafeMode()) {
|
||||
|
@ -7464,12 +7469,13 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
|||
pc.checkSuperuserPrivilege();
|
||||
}
|
||||
CachePoolInfo info = cacheManager.addCachePool(req);
|
||||
poolInfoStr = info.toString();
|
||||
getEditLog().logAddCachePool(info, cacheEntry != null);
|
||||
success = true;
|
||||
} finally {
|
||||
writeUnlock();
|
||||
if (isAuditEnabled() && isExternalInvocation()) {
|
||||
logAuditEvent(success, "addCachePool", req.getPoolName(), null, null);
|
||||
logAuditEvent(success, "addCachePool", poolInfoStr, null, null);
|
||||
}
|
||||
RetryCache.setState(cacheEntry, success);
|
||||
}
|
||||
|
@ -7502,7 +7508,8 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
|||
} finally {
|
||||
writeUnlock();
|
||||
if (isAuditEnabled() && isExternalInvocation()) {
|
||||
logAuditEvent(success, "modifyCachePool", req.getPoolName(), null, null);
|
||||
String poolNameStr = "{poolName: " + req.getPoolName() + "}";
|
||||
logAuditEvent(success, "modifyCachePool", poolNameStr, req.toString(), null);
|
||||
}
|
||||
RetryCache.setState(cacheEntry, success);
|
||||
}
|
||||
|
@ -7535,7 +7542,8 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
|||
} finally {
|
||||
writeUnlock();
|
||||
if (isAuditEnabled() && isExternalInvocation()) {
|
||||
logAuditEvent(success, "removeCachePool", cachePoolName, null, null);
|
||||
String poolNameStr = "{poolName: " + cachePoolName + "}";
|
||||
logAuditEvent(success, "removeCachePool", poolNameStr, null, null);
|
||||
}
|
||||
RetryCache.setState(cacheEntry, success);
|
||||
}
|
||||
|
|
|
@ -29,6 +29,7 @@ import java.net.InetAddress;
|
|||
import org.apache.hadoop.conf.Configuration;
|
||||
import org.apache.hadoop.fs.FileStatus;
|
||||
import org.apache.hadoop.fs.FileSystem;
|
||||
import org.apache.hadoop.fs.permission.FsPermission;
|
||||
import org.apache.hadoop.fs.Path;
|
||||
import org.apache.hadoop.hdfs.HdfsConfiguration;
|
||||
import org.apache.hadoop.hdfs.MiniDFSCluster;
|
||||
|
@ -42,6 +43,8 @@ import org.junit.Test;
|
|||
*/
|
||||
public class TestAuditLogger {
|
||||
|
||||
private static final short TEST_PERMISSION = (short) 0654;
|
||||
|
||||
/**
|
||||
* Tests that AuditLogger works as expected.
|
||||
*/
|
||||
|
@ -55,6 +58,7 @@ public class TestAuditLogger {
|
|||
try {
|
||||
cluster.waitClusterUp();
|
||||
assertTrue(DummyAuditLogger.initialized);
|
||||
DummyAuditLogger.resetLogCount();
|
||||
|
||||
FileSystem fs = cluster.getFileSystem();
|
||||
long time = System.currentTimeMillis();
|
||||
|
@ -65,6 +69,36 @@ public class TestAuditLogger {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Minor test related to HADOOP-9155. Verify that during a
|
||||
* FileSystem.setPermission() operation, the stat passed in during the
|
||||
* logAuditEvent() call returns the new permission rather than the old
|
||||
* permission.
|
||||
*/
|
||||
@Test
|
||||
public void testAuditLoggerWithSetPermission() throws IOException {
|
||||
Configuration conf = new HdfsConfiguration();
|
||||
conf.set(DFS_NAMENODE_AUDIT_LOGGERS_KEY,
|
||||
DummyAuditLogger.class.getName());
|
||||
MiniDFSCluster cluster = new MiniDFSCluster.Builder(conf).build();
|
||||
|
||||
try {
|
||||
cluster.waitClusterUp();
|
||||
assertTrue(DummyAuditLogger.initialized);
|
||||
DummyAuditLogger.resetLogCount();
|
||||
|
||||
FileSystem fs = cluster.getFileSystem();
|
||||
long time = System.currentTimeMillis();
|
||||
final Path p = new Path("/");
|
||||
fs.setTimes(p, time, time);
|
||||
fs.setPermission(p, new FsPermission(TEST_PERMISSION));
|
||||
assertEquals(TEST_PERMISSION, DummyAuditLogger.foundPermission);
|
||||
assertEquals(2, DummyAuditLogger.logCount);
|
||||
} finally {
|
||||
cluster.shutdown();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Tests that a broken audit logger causes requests to fail.
|
||||
*/
|
||||
|
@ -93,15 +127,23 @@ public class TestAuditLogger {
|
|||
|
||||
static boolean initialized;
|
||||
static int logCount;
|
||||
static short foundPermission;
|
||||
|
||||
public void initialize(Configuration conf) {
|
||||
initialized = true;
|
||||
}
|
||||
|
||||
public static void resetLogCount() {
|
||||
logCount = 0;
|
||||
}
|
||||
|
||||
public void logAuditEvent(boolean succeeded, String userName,
|
||||
InetAddress addr, String cmd, String src, String dst,
|
||||
FileStatus stat) {
|
||||
logCount++;
|
||||
if (stat != null) {
|
||||
foundPermission = stat.getPermission().toShort();
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue