Home Explore Help
Register Sign In
apache
/
hadoop
mirror of https://github.com/apache/hadoop.git
2
0
Fork 1
Files Issues 0 Wiki
Browse Source

HDFS-16979. RBF: Add proxyuser port in hdfsauditlog (#5552). Contributed by liuguanghua.

Reviewed-by: Inigo Goiri <inigoiri@apache.org>
Reviewed-by: Simbarashe Dzinamarira <sdzinamarira@linkedin.com>
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
LiuGuH 2 years ago
parent
bba663038d
commit
f6770dee47
3 changed files with 21 additions and 2 deletions
Split View Show Diff Stats
  1. 1 1
      hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/CallerContext.java
  2. 7 0
      hadoop-hdfs-project/hadoop-hdfs-rbf/src/test/java/org/apache/hadoop/hdfs/server/federation/router/TestRouterRpc.java
  3. 13 1
      hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java

+ 1 - 1
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/CallerContext.java
View File 

@@ -50,7 +50,7 @@ public final class CallerContext {
 
   public static final String CLIENT_ID_STR = "clientId";
 
   public static final String CLIENT_CALL_ID_STR = "clientCallId";
 
   public static final String REAL_USER_STR = "realUser";
 
-
 
+  public static final String PROXY_USER_PORT = "proxyUserPort";
 
   /** The caller context.
 
    *
 
    * It will be truncated if it exceeds the maximum allowed length in

+ 7 - 0
hadoop-hdfs-project/hadoop-hdfs-rbf/src/test/java/org/apache/hadoop/hdfs/server/federation/router/TestRouterRpc.java
View File 

@@ -17,6 +17,8 @@
 
  */
 
 package org.apache.hadoop.hdfs.server.federation.router;
 
 
+import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_CALLER_CONTEXT_MAX_SIZE_KEY;
 
+import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NAMENODE_AUDIT_LOG_WITH_REMOTE_PORT_KEY;
 
 import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NAMENODE_REDUNDANCY_CONSIDERLOAD_KEY;
 
 import static org.apache.hadoop.hdfs.server.federation.FederationTestUtils.addDirectory;
 
 import static org.apache.hadoop.hdfs.server.federation.FederationTestUtils.countContents;
 
@@ -25,6 +27,7 @@ import static org.apache.hadoop.hdfs.server.federation.FederationTestUtils.delet
 
 import static org.apache.hadoop.hdfs.server.federation.FederationTestUtils.getFileStatus;
 
 import static org.apache.hadoop.hdfs.server.federation.FederationTestUtils.verifyFileExists;
 
 import static org.apache.hadoop.hdfs.server.federation.MiniRouterDFSCluster.TEST_STRING;
 
+import static org.apache.hadoop.ipc.CallerContext.PROXY_USER_PORT;
 
 import static org.apache.hadoop.test.GenericTestUtils.assertExceptionContains;
 
 import static org.assertj.core.api.Assertions.assertThat;
 
 import static org.junit.Assert.assertArrayEquals;
 
@@ -209,10 +212,12 @@ public class TestRouterRpc {
 
     Configuration namenodeConf = new Configuration();
 
     namenodeConf.setBoolean(DFSConfigKeys.HADOOP_CALLER_CONTEXT_ENABLED_KEY,
 
         true);
 
+    namenodeConf.set(HADOOP_CALLER_CONTEXT_MAX_SIZE_KEY, "256");
 
     // It's very easy to become overloaded for some specific dn in this small
 
     // cluster, which will cause the EC file block allocation failure. To avoid
 
     // this issue, we disable considerLoad option.
 
     namenodeConf.setBoolean(DFS_NAMENODE_REDUNDANCY_CONSIDERLOAD_KEY, false);
 
+    namenodeConf.setBoolean(DFS_NAMENODE_AUDIT_LOG_WITH_REMOTE_PORT_KEY, true);
 
     cluster = new MiniRouterDFSCluster(false, NUM_SUBCLUSTERS);
 
     cluster.setNumDatanodesPerNameservice(NUM_DNS);
 
     cluster.addNamenodeOverrides(namenodeConf);
 
@@ -2116,6 +2121,8 @@ public class TestRouterRpc {
 
     // Real user is added to the caller context.
 
     assertTrue("The audit log should contain the real user.",
 
         logOutput.contains(String.format("realUser:%s", realUser.getUserName())));
 
+    assertTrue("The audit log should contain the proxyuser port.",
 
+        logOutput.contains(PROXY_USER_PORT));
 
   }
 
 
   @Test

+ 13 - 1
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
View File 

@@ -452,7 +452,7 @@ public class FSNamesystem implements Namesystem, FSNamesystemMBean,
 
   }
 
 
   private void appendClientPortToCallerContextIfAbsent() {
 
-    final CallerContext ctx = CallerContext.getCurrent();
 
+    CallerContext ctx = CallerContext.getCurrent();
 
     if (isClientPortInfoAbsent(ctx)) {
 
       String origContext = ctx == null ? null : ctx.getContext();
 
       byte[] origSignature = ctx == null ? null : ctx.getSignature();
 
@@ -462,6 +462,14 @@ public class FSNamesystem implements Namesystem, FSNamesystemMBean,
 
               .setSignature(origSignature)
 
               .build());
 
     }
 
+    ctx = CallerContext.getCurrent();
 
+    if (isFromProxyUser(ctx)) {
 
+      CallerContext.setCurrent(
 
+          new CallerContext.Builder(ctx.getContext(), contextFieldSeparator)
 
+              .append(CallerContext.PROXY_USER_PORT, String.valueOf(Server.getRemotePort()))
 
+              .setSignature(ctx.getSignature())
 
+              .build());
 
+    }
 
   }
 
 
   private boolean isClientPortInfoAbsent(CallerContext ctx){
 
@@ -469,6 +477,10 @@ public class FSNamesystem implements Namesystem, FSNamesystemMBean,
 
         || !ctx.getContext().contains(CallerContext.CLIENT_PORT_STR);
 
   }
 
 
+  private boolean isFromProxyUser(CallerContext ctx) {
 
+    return ctx != null && ctx.getContext() != null &&
 
+        ctx.getContext().contains(CallerContext.REAL_USER_STR);
 
+  }
 
   /**
 
    * Logger for audit events, noting successful FSNamesystem operations. Emits
 
    * to FSNamesystem.audit at INFO. Each event causes a set of tab-separated