From cd7cd94e3f214ecbf38714b7d0a5dd84f4057cc8 Mon Sep 17 00:00:00 2001
From: Chris Nauroth <cnauroth@apache.org>
Date: Thu, 23 Jan 2014 17:41:53 +0000
Subject: [PATCH] HDFS-5799. Make audit logging consistent across ACL APIs.
 Contributed by Chris Nauroth.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/HDFS-4685@1560766 13f79535-47bb-0310-9956-ffa450edef68
---
 .../hadoop-hdfs/CHANGES-HDFS-4685.txt         |  2 ++
 .../hdfs/server/namenode/FSNamesystem.java    | 20 +++++++++++++++----
 2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/hadoop-hdfs-project/hadoop-hdfs/CHANGES-HDFS-4685.txt b/hadoop-hdfs-project/hadoop-hdfs/CHANGES-HDFS-4685.txt
index f278ee3da2..238b3410a8 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/CHANGES-HDFS-4685.txt
+++ b/hadoop-hdfs-project/hadoop-hdfs/CHANGES-HDFS-4685.txt
@@ -56,3 +56,5 @@ HDFS-4685 (Unreleased)
 
     HADOOP-10213. Fix bugs parsing ACL spec in FsShell setfacl.
     (Vinay via cnauroth)
+
+    HDFS-5799. Make audit logging consistent across ACL APIs. (cnauroth)
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
index 9ed05ec827..a562bbed91 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
@@ -7327,6 +7327,7 @@ public BatchedListEntries<CachePoolEntry> listCachePools(String prevKey)
   }
 
   void modifyAclEntries(String src, List<AclEntry> aclSpec) throws IOException {
+    HdfsFileStatus resultingStat = null;
     FSPermissionChecker pc = getPermissionChecker();
     checkOperation(OperationCategory.WRITE);
     byte[][] pathComponents = FSDirectory.getPathComponentsForReservedPath(src);
@@ -7337,14 +7338,16 @@ void modifyAclEntries(String src, List<AclEntry> aclSpec) throws IOException {
       src = FSDirectory.resolvePath(src, pathComponents, dir);
       checkOwner(pc, src);
       dir.modifyAclEntries(src, aclSpec);
+      resultingStat = getAuditFileInfo(src, false);
     } finally {
       writeUnlock();
     }
     getEditLog().logSync();
-    logAuditEvent(true, "modifyAclEntries", src);
+    logAuditEvent(true, "modifyAclEntries", src, null, resultingStat);
   }
 
   void removeAclEntries(String src, List<AclEntry> aclSpec) throws IOException {
+    HdfsFileStatus resultingStat = null;
     FSPermissionChecker pc = getPermissionChecker();
     checkOperation(OperationCategory.WRITE);
     byte[][] pathComponents = FSDirectory.getPathComponentsForReservedPath(src);
@@ -7355,14 +7358,16 @@ void removeAclEntries(String src, List<AclEntry> aclSpec) throws IOException {
       src = FSDirectory.resolvePath(src, pathComponents, dir);
       checkOwner(pc, src);
       dir.removeAclEntries(src, aclSpec);
+      resultingStat = getAuditFileInfo(src, false);
     } finally {
       writeUnlock();
     }
     getEditLog().logSync();
-    logAuditEvent(true, "removeAclEntries", src);
+    logAuditEvent(true, "removeAclEntries", src, null, resultingStat);
   }
 
   void removeDefaultAcl(String src) throws IOException {
+    HdfsFileStatus resultingStat = null;
     FSPermissionChecker pc = getPermissionChecker();
     checkOperation(OperationCategory.WRITE);
     byte[][] pathComponents = FSDirectory.getPathComponentsForReservedPath(src);
@@ -7373,14 +7378,16 @@ void removeDefaultAcl(String src) throws IOException {
       src = FSDirectory.resolvePath(src, pathComponents, dir);
       checkOwner(pc, src);
       dir.removeDefaultAcl(src);
+      resultingStat = getAuditFileInfo(src, false);
     } finally {
       writeUnlock();
     }
     getEditLog().logSync();
-    logAuditEvent(true, "removeDefaultAcl", src);
+    logAuditEvent(true, "removeDefaultAcl", src, null, resultingStat);
   }
 
   void removeAcl(String src) throws IOException {
+    HdfsFileStatus resultingStat = null;
     FSPermissionChecker pc = getPermissionChecker();
     checkOperation(OperationCategory.WRITE);
     byte[][] pathComponents = FSDirectory.getPathComponentsForReservedPath(src);
@@ -7391,14 +7398,16 @@ void removeAcl(String src) throws IOException {
       src = FSDirectory.resolvePath(src, pathComponents, dir);
       checkOwner(pc, src);
       dir.removeAcl(src);
+      resultingStat = getAuditFileInfo(src, false);
     } finally {
       writeUnlock();
     }
     getEditLog().logSync();
-    logAuditEvent(true, "removeAcl", src);
+    logAuditEvent(true, "removeAcl", src, null, resultingStat);
   }
 
   void setAcl(String src, List<AclEntry> aclSpec) throws IOException {
+    HdfsFileStatus resultingStat = null;
     FSPermissionChecker pc = getPermissionChecker();
     checkOperation(OperationCategory.WRITE);
     byte[][] pathComponents = FSDirectory.getPathComponentsForReservedPath(src);
@@ -7409,9 +7418,12 @@ void setAcl(String src, List<AclEntry> aclSpec) throws IOException {
       src = FSDirectory.resolvePath(src, pathComponents, dir);
       checkOwner(pc, src);
       dir.setAcl(src, aclSpec);
+      resultingStat = getAuditFileInfo(src, false);
     } finally {
       writeUnlock();
     }
+    getEditLog().logSync();
+    logAuditEvent(true, "setAcl", src, null, resultingStat);
   }
 
   AclStatus getAclStatus(String src) throws IOException {