HDFS-5799. Make audit logging consistent across ACL APIs. Contributed by Chris Nauroth.
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/HDFS-4685@1560766 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Chris Nauroth
parent
21a5bc7f2c
commit
cd7cd94e3f
|
|
@ -56,3 +56,5 @@ HDFS-4685 (Unreleased)
|
||||||
|
|
||||||
HADOOP-10213. Fix bugs parsing ACL spec in FsShell setfacl.
|
HADOOP-10213. Fix bugs parsing ACL spec in FsShell setfacl.
|
||||||
(Vinay via cnauroth)
|
(Vinay via cnauroth)
|
||||||
|
|
||||||
|
HDFS-5799. Make audit logging consistent across ACL APIs. (cnauroth)
|
||||||
|
|
|
||||||
|
|
@ -7327,6 +7327,7 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
||||||
}
|
}
|
||||||
|
|
||||||
void modifyAclEntries(String src, List<AclEntry> aclSpec) throws IOException {
|
void modifyAclEntries(String src, List<AclEntry> aclSpec) throws IOException {
|
||||||
|
HdfsFileStatus resultingStat = null;
|
||||||
FSPermissionChecker pc = getPermissionChecker();
|
FSPermissionChecker pc = getPermissionChecker();
|
||||||
checkOperation(OperationCategory.WRITE);
|
checkOperation(OperationCategory.WRITE);
|
||||||
byte[][] pathComponents = FSDirectory.getPathComponentsForReservedPath(src);
|
byte[][] pathComponents = FSDirectory.getPathComponentsForReservedPath(src);
|
||||||
|
|
@ -7337,14 +7338,16 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
||||||
src = FSDirectory.resolvePath(src, pathComponents, dir);
|
src = FSDirectory.resolvePath(src, pathComponents, dir);
|
||||||
checkOwner(pc, src);
|
checkOwner(pc, src);
|
||||||
dir.modifyAclEntries(src, aclSpec);
|
dir.modifyAclEntries(src, aclSpec);
|
||||||
|
resultingStat = getAuditFileInfo(src, false);
|
||||||
} finally {
|
} finally {
|
||||||
writeUnlock();
|
writeUnlock();
|
||||||
}
|
}
|
||||||
getEditLog().logSync();
|
getEditLog().logSync();
|
||||||
logAuditEvent(true, "modifyAclEntries", src);
|
logAuditEvent(true, "modifyAclEntries", src, null, resultingStat);
|
||||||
}
|
}
|
||||||
|
|
||||||
void removeAclEntries(String src, List<AclEntry> aclSpec) throws IOException {
|
void removeAclEntries(String src, List<AclEntry> aclSpec) throws IOException {
|
||||||
|
HdfsFileStatus resultingStat = null;
|
||||||
FSPermissionChecker pc = getPermissionChecker();
|
FSPermissionChecker pc = getPermissionChecker();
|
||||||
checkOperation(OperationCategory.WRITE);
|
checkOperation(OperationCategory.WRITE);
|
||||||
byte[][] pathComponents = FSDirectory.getPathComponentsForReservedPath(src);
|
byte[][] pathComponents = FSDirectory.getPathComponentsForReservedPath(src);
|
||||||
|
|
@ -7355,14 +7358,16 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
||||||
src = FSDirectory.resolvePath(src, pathComponents, dir);
|
src = FSDirectory.resolvePath(src, pathComponents, dir);
|
||||||
checkOwner(pc, src);
|
checkOwner(pc, src);
|
||||||
dir.removeAclEntries(src, aclSpec);
|
dir.removeAclEntries(src, aclSpec);
|
||||||
|
resultingStat = getAuditFileInfo(src, false);
|
||||||
} finally {
|
} finally {
|
||||||
writeUnlock();
|
writeUnlock();
|
||||||
}
|
}
|
||||||
getEditLog().logSync();
|
getEditLog().logSync();
|
||||||
logAuditEvent(true, "removeAclEntries", src);
|
logAuditEvent(true, "removeAclEntries", src, null, resultingStat);
|
||||||
}
|
}
|
||||||
|
|
||||||
void removeDefaultAcl(String src) throws IOException {
|
void removeDefaultAcl(String src) throws IOException {
|
||||||
|
HdfsFileStatus resultingStat = null;
|
||||||
FSPermissionChecker pc = getPermissionChecker();
|
FSPermissionChecker pc = getPermissionChecker();
|
||||||
checkOperation(OperationCategory.WRITE);
|
checkOperation(OperationCategory.WRITE);
|
||||||
byte[][] pathComponents = FSDirectory.getPathComponentsForReservedPath(src);
|
byte[][] pathComponents = FSDirectory.getPathComponentsForReservedPath(src);
|
||||||
|
|
@ -7373,14 +7378,16 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
||||||
src = FSDirectory.resolvePath(src, pathComponents, dir);
|
src = FSDirectory.resolvePath(src, pathComponents, dir);
|
||||||
checkOwner(pc, src);
|
checkOwner(pc, src);
|
||||||
dir.removeDefaultAcl(src);
|
dir.removeDefaultAcl(src);
|
||||||
|
resultingStat = getAuditFileInfo(src, false);
|
||||||
} finally {
|
} finally {
|
||||||
writeUnlock();
|
writeUnlock();
|
||||||
}
|
}
|
||||||
getEditLog().logSync();
|
getEditLog().logSync();
|
||||||
logAuditEvent(true, "removeDefaultAcl", src);
|
logAuditEvent(true, "removeDefaultAcl", src, null, resultingStat);
|
||||||
}
|
}
|
||||||
|
|
||||||
void removeAcl(String src) throws IOException {
|
void removeAcl(String src) throws IOException {
|
||||||
|
HdfsFileStatus resultingStat = null;
|
||||||
FSPermissionChecker pc = getPermissionChecker();
|
FSPermissionChecker pc = getPermissionChecker();
|
||||||
checkOperation(OperationCategory.WRITE);
|
checkOperation(OperationCategory.WRITE);
|
||||||
byte[][] pathComponents = FSDirectory.getPathComponentsForReservedPath(src);
|
byte[][] pathComponents = FSDirectory.getPathComponentsForReservedPath(src);
|
||||||
|
|
@ -7391,14 +7398,16 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
||||||
src = FSDirectory.resolvePath(src, pathComponents, dir);
|
src = FSDirectory.resolvePath(src, pathComponents, dir);
|
||||||
checkOwner(pc, src);
|
checkOwner(pc, src);
|
||||||
dir.removeAcl(src);
|
dir.removeAcl(src);
|
||||||
|
resultingStat = getAuditFileInfo(src, false);
|
||||||
} finally {
|
} finally {
|
||||||
writeUnlock();
|
writeUnlock();
|
||||||
}
|
}
|
||||||
getEditLog().logSync();
|
getEditLog().logSync();
|
||||||
logAuditEvent(true, "removeAcl", src);
|
logAuditEvent(true, "removeAcl", src, null, resultingStat);
|
||||||
}
|
}
|
||||||
|
|
||||||
void setAcl(String src, List<AclEntry> aclSpec) throws IOException {
|
void setAcl(String src, List<AclEntry> aclSpec) throws IOException {
|
||||||
|
HdfsFileStatus resultingStat = null;
|
||||||
FSPermissionChecker pc = getPermissionChecker();
|
FSPermissionChecker pc = getPermissionChecker();
|
||||||
checkOperation(OperationCategory.WRITE);
|
checkOperation(OperationCategory.WRITE);
|
||||||
byte[][] pathComponents = FSDirectory.getPathComponentsForReservedPath(src);
|
byte[][] pathComponents = FSDirectory.getPathComponentsForReservedPath(src);
|
||||||
|
|
@ -7409,9 +7418,12 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
||||||
src = FSDirectory.resolvePath(src, pathComponents, dir);
|
src = FSDirectory.resolvePath(src, pathComponents, dir);
|
||||||
checkOwner(pc, src);
|
checkOwner(pc, src);
|
||||||
dir.setAcl(src, aclSpec);
|
dir.setAcl(src, aclSpec);
|
||||||
|
resultingStat = getAuditFileInfo(src, false);
|
||||||
} finally {
|
} finally {
|
||||||
writeUnlock();
|
writeUnlock();
|
||||||
}
|
}
|
||||||
|
getEditLog().logSync();
|
||||||
|
logAuditEvent(true, "setAcl", src, null, resultingStat);
|
||||||
}
|
}
|
||||||
|
|
||||||
AclStatus getAclStatus(String src) throws IOException {
|
AclStatus getAclStatus(String src) throws IOException {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue