HDFS-15667. Audit log record the unexpected allowed result when delete (#2437)

hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java

@@ -3321,7 +3321,7 @@ public class FSNamesystem implements Namesystem, FSNamesystemMBean,
       throw e;
     }
     getEditLog().logSync();
-    logAuditEvent(true, operationName, src);
+    logAuditEvent(ret, operationName, src);
     if (toRemovedBlocks != null) {
       removeBlocks(toRemovedBlocks); // Incremental deletion of blocks
     }

hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuditLoggerWithCommands.java

@@ -51,6 +51,7 @@ import org.junit.Before;
 import org.junit.Test;
 import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_ALWAYS_USE_KEY;
 import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.fail;
 import org.mockito.Mockito;
 
@@ -1205,6 +1206,18 @@ public class TestAuditLoggerWithCommands {
     }
   }
 
+  @Test
+  public void testDeleteRoot() throws Exception {
+    Path srcDir = new Path("/");
+    fileSys = DFSTestUtil.getFileSystemAs(user1, conf);
+    boolean result = fileSys.delete(srcDir, true);
+    fileSys.close();
+    assertFalse(result);
+    String aceDeletePattern =
+        ".*allowed=false.*ugi=theDoctor.*cmd=delete.*";
+    verifyAuditLogs(aceDeletePattern);
+  }
+
   private void verifyAuditRestoreFailedStorageACE(
       FSNamesystem fsNamesystem, String arg) throws IOException {
     String operationName = fsNamesystem.getFailedStorageCommand(arg);