From 0b67436068899497e99c86f37fd4887ca188fae2 Mon Sep 17 00:00:00 2001 From: Kai Zheng Date: Mon, 7 Aug 2017 19:30:10 +0800 Subject: [PATCH] HDFS-12306. Add audit log for some erasure coding operations. Contributed by Huafeng Wang --- .../hdfs/server/namenode/FSNamesystem.java | 48 +++++++++++-------- .../server/namenode/NameNodeRpcServer.java | 2 +- 2 files changed, 29 insertions(+), 21 deletions(-) diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java index 229de0555b..b1639b2322 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java @@ -7055,18 +7055,13 @@ void setErasureCodingPolicy(final String srcArg, final String ecPolicyName, resultingStat = FSDirErasureCodingOp.setErasureCodingPolicy(this, srcArg, ecPolicyName, pc, logRetryCache); success = true; - } catch (AccessControlException ace) { - logAuditEvent(success, operationName, srcArg, null, - resultingStat); - throw ace; } finally { writeUnlock(operationName); if (success) { getEditLog().logSync(); } + logAuditEvent(success, operationName, srcArg, null, resultingStat); } - logAuditEvent(success, operationName, srcArg, null, - resultingStat); } /** @@ -7074,9 +7069,9 @@ void setErasureCodingPolicy(final String srcArg, final String ecPolicyName, * @param policies The policies to add. * @return The according result of add operation. */ - AddECPolicyResponse[] addECPolicies(ErasureCodingPolicy[] policies) + AddECPolicyResponse[] addErasureCodingPolicies(ErasureCodingPolicy[] policies) throws IOException { - final String operationName = "addECPolicies"; + final String operationName = "addErasureCodingPolicies"; String addECPolicyName = ""; checkOperation(OperationCategory.WRITE); List responses = new ArrayList<>(); @@ -7201,18 +7196,13 @@ void unsetErasureCodingPolicy(final String srcArg, resultingStat = FSDirErasureCodingOp.unsetErasureCodingPolicy(this, srcArg, pc, logRetryCache); success = true; - } catch (AccessControlException ace) { - logAuditEvent(success, operationName, srcArg, null, - resultingStat); - throw ace; } finally { writeUnlock(operationName); if (success) { getEditLog().logSync(); } + logAuditEvent(success, operationName, srcArg, null, resultingStat); } - logAuditEvent(success, operationName, srcArg, null, - resultingStat); } /** @@ -7220,14 +7210,20 @@ void unsetErasureCodingPolicy(final String srcArg, */ ErasureCodingPolicy getErasureCodingPolicy(String src) throws AccessControlException, UnresolvedLinkException, IOException { + final String operationName = "getErasureCodingPolicy"; + boolean success = false; checkOperation(OperationCategory.READ); FSPermissionChecker pc = getPermissionChecker(); readLock(); try { checkOperation(OperationCategory.READ); - return FSDirErasureCodingOp.getErasureCodingPolicy(this, src, pc); + final ErasureCodingPolicy ret = + FSDirErasureCodingOp.getErasureCodingPolicy(this, src, pc); + success = true; + return ret; } finally { - readUnlock("getErasureCodingPolicy"); + readUnlock(operationName); + logAuditEvent(success, operationName, null); } } @@ -7235,13 +7231,19 @@ ErasureCodingPolicy getErasureCodingPolicy(String src) * Get available erasure coding polices */ ErasureCodingPolicy[] getErasureCodingPolicies() throws IOException { + final String operationName = "getErasureCodingPolicies"; + boolean success = false; checkOperation(OperationCategory.READ); readLock(); try { checkOperation(OperationCategory.READ); - return FSDirErasureCodingOp.getErasureCodingPolicies(this); + final ErasureCodingPolicy[] ret = + FSDirErasureCodingOp.getErasureCodingPolicies(this); + success = true; + return ret; } finally { - readUnlock("getErasureCodingPolicies"); + readUnlock(operationName); + logAuditEvent(success, operationName, null); } } @@ -7249,13 +7251,19 @@ ErasureCodingPolicy[] getErasureCodingPolicies() throws IOException { * Get available erasure coding codecs and corresponding coders. */ HashMap getErasureCodingCodecs() throws IOException { + final String operationName = "getErasureCodingCodecs"; + boolean success = false; checkOperation(OperationCategory.READ); readLock(); try { checkOperation(OperationCategory.READ); - return FSDirErasureCodingOp.getErasureCodingCodecs(this); + final HashMap ret = + FSDirErasureCodingOp.getErasureCodingCodecs(this); + success = true; + return ret; } finally { - readUnlock("getErasureCodingCodecs"); + readUnlock(operationName); + logAuditEvent(success, operationName, null); } } diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java index 52b422c935..9265381b84 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java @@ -2298,7 +2298,7 @@ public AddECPolicyResponse[] addErasureCodingPolicies( ErasureCodingPolicy[] policies) throws IOException { checkNNStartup(); namesystem.checkSuperuserPrivilege(); - return namesystem.addECPolicies(policies); + return namesystem.addErasureCodingPolicies(policies); } @Override