HDFS-6224. Add a unit test to TestAuditLogger for file permissions passed to logAuditEvent. Contributed by Charles Lamb.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1586490 13f79535-47bb-0310-9956-ffa450edef68
2014-04-10 22:35:07 +00:00 · 2014-04-10 22:35:07 +00:00 · fad8620a71
parent 26421dd7dc
commit fad8620a71
3 changed files with 61 additions and 8 deletions
--- a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
+++ b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
@ -293,6 +293,9 @@ Release 2.5.0 - UNRELEASED
    HDFS-6225. Remove the o.a.h.hdfs.server.common.UpgradeStatusReport.
    (wheat9)
    
+    HDFS-6224. Add a unit test to TestAuditLogger for file permissions
+    passed to logAuditEvent. (Charles Lamb via wang)
+
  OPTIMIZATIONS

  BUG FIXES 
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
@ -7336,6 +7336,7 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
      cacheManager.waitForRescanIfNeeded();
    }
    writeLock();
+    String effectiveDirectiveStr = null;
    Long result = null;
    try {
      checkOperation(OperationCategory.WRITE);
@ -7352,6 +7353,7 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
      getEditLog().logAddCacheDirectiveInfo(effectiveDirective,
          cacheEntry != null);
      result = effectiveDirective.getId();
+      effectiveDirectiveStr = effectiveDirective.toString();
      success = true;
    } finally {
      writeUnlock();
@ -7359,7 +7361,7 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
        getEditLog().logSync();
      }
      if (isAuditEnabled() && isExternalInvocation()) {
-        logAuditEvent(success, "addCacheDirective", null, null, null);
+        logAuditEvent(success, "addCacheDirective", effectiveDirectiveStr, null, null);
      }
      RetryCache.setState(cacheEntry, success, result);
    }
@ -7396,7 +7398,8 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
        getEditLog().logSync();
      }
      if (isAuditEnabled() && isExternalInvocation()) {
-        logAuditEvent(success, "modifyCacheDirective", null, null, null);
+        String idStr = "{id: " + directive.getId().toString() + "}";
+        logAuditEvent(success, "modifyCacheDirective", idStr, directive.toString(), null);
      }
      RetryCache.setState(cacheEntry, success);
    }
@ -7424,7 +7427,8 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
    } finally {
      writeUnlock();
      if (isAuditEnabled() && isExternalInvocation()) {
-        logAuditEvent(success, "removeCacheDirective", null, null,
+        String idStr = "{id: " + id.toString() + "}";
+        logAuditEvent(success, "removeCacheDirective", idStr, null,
            null);
      }
      RetryCache.setState(cacheEntry, success);
@ -7449,7 +7453,7 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
    } finally {
      readUnlock();
      if (isAuditEnabled() && isExternalInvocation()) {
-        logAuditEvent(success, "listCacheDirectives", null, null,
+        logAuditEvent(success, "listCacheDirectives", filter.toString(), null,
            null);
      }
    }
@ -7466,6 +7470,7 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
    }
    writeLock();
    boolean success = false;
+    String poolInfoStr = null;
    try {
      checkOperation(OperationCategory.WRITE);
      if (isInSafeMode()) {
@ -7476,12 +7481,13 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
        pc.checkSuperuserPrivilege();
      }
      CachePoolInfo info = cacheManager.addCachePool(req);
+      poolInfoStr = info.toString();
      getEditLog().logAddCachePool(info, cacheEntry != null);
      success = true;
    } finally {
      writeUnlock();
      if (isAuditEnabled() && isExternalInvocation()) {
-        logAuditEvent(success, "addCachePool", req.getPoolName(), null, null);
+        logAuditEvent(success, "addCachePool", poolInfoStr, null, null);
      }
      RetryCache.setState(cacheEntry, success);
    }
@ -7514,7 +7520,8 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
    } finally {
      writeUnlock();
      if (isAuditEnabled() && isExternalInvocation()) {
-        logAuditEvent(success, "modifyCachePool", req.getPoolName(), null, null);
+        String poolNameStr = "{poolName: " + req.getPoolName() + "}";
+        logAuditEvent(success, "modifyCachePool", poolNameStr, req.toString(), null);
      }
      RetryCache.setState(cacheEntry, success);
    }
@ -7547,7 +7554,8 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
    } finally {
      writeUnlock();
      if (isAuditEnabled() && isExternalInvocation()) {
-        logAuditEvent(success, "removeCachePool", cachePoolName, null, null);
+        String poolNameStr = "{poolName: " + cachePoolName + "}";
+        logAuditEvent(success, "removeCachePool", poolNameStr, null, null);
      }
      RetryCache.setState(cacheEntry, success);
    }
--- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuditLogger.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuditLogger.java
@ -29,6 +29,7 @@ import java.net.InetAddress;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.fs.FileStatus;
 import org.apache.hadoop.fs.FileSystem;
+import org.apache.hadoop.fs.permission.FsPermission;
 import org.apache.hadoop.fs.Path;
 import org.apache.hadoop.hdfs.HdfsConfiguration;
 import org.apache.hadoop.hdfs.MiniDFSCluster;
@ -42,6 +43,8 @@ import org.junit.Test;
 */
 public class TestAuditLogger {

+  private static final short TEST_PERMISSION = (short) 0654;
+
  /**
   * Tests that AuditLogger works as expected.
   */
@ -55,6 +58,7 @@ public class TestAuditLogger {
    try {
      cluster.waitClusterUp();
      assertTrue(DummyAuditLogger.initialized);
+      DummyAuditLogger.resetLogCount();

      FileSystem fs = cluster.getFileSystem();
      long time = System.currentTimeMillis();
@ -65,6 +69,36 @@ public class TestAuditLogger {
    }
  }

+  /**
+   * Minor test related to HADOOP-9155. Verify that during a
+   * FileSystem.setPermission() operation, the stat passed in during the
+   * logAuditEvent() call returns the new permission rather than the old
+   * permission.
+   */
+  @Test
+  public void testAuditLoggerWithSetPermission() throws IOException {
+    Configuration conf = new HdfsConfiguration();
+    conf.set(DFS_NAMENODE_AUDIT_LOGGERS_KEY,
+        DummyAuditLogger.class.getName());
+    MiniDFSCluster cluster = new MiniDFSCluster.Builder(conf).build();
+
+    try {
+      cluster.waitClusterUp();
+      assertTrue(DummyAuditLogger.initialized);
+      DummyAuditLogger.resetLogCount();
+
+      FileSystem fs = cluster.getFileSystem();
+      long time = System.currentTimeMillis();
+      final Path p = new Path("/");
+      fs.setTimes(p, time, time);
+      fs.setPermission(p, new FsPermission(TEST_PERMISSION));
+      assertEquals(TEST_PERMISSION, DummyAuditLogger.foundPermission);
+      assertEquals(2, DummyAuditLogger.logCount);
+    } finally {
+      cluster.shutdown();
+    }
+  }
+
  /**
   * Tests that a broken audit logger causes requests to fail.
   */
@ -93,15 +127,23 @@ public class TestAuditLogger {

    static boolean initialized;
    static int logCount;
+    static short foundPermission;

    public void initialize(Configuration conf) {
      initialized = true;
    }

+    public static void resetLogCount() {
+      logCount = 0;
+    }
+
    public void logAuditEvent(boolean succeeded, String userName,
        InetAddress addr, String cmd, String src, String dst,
        FileStatus stat) {
      logCount++;
+      if (stat != null) {
+        foundPermission = stat.getPermission().toShort();
+      }
    }

  }