-Re: Enhancing AccessController
Marcelo Vanzin 2012-07-12, 23:42
On Thu, Jul 12, 2012 at 3:54 PM, Andrew Purtell <[EMAIL PROTECTED]> wrote:
>> For example, HDFS logs audit messages at INFO level today (IIRC), while HBase does so at TRACE level.
> This has been fixed.
Ah, good to know. It seems our git mirrors are a little bit out of date.
>> Well, the logging path wouldn't go away; this would just be an
>> extension for people who have might complicated needs than just
>> writing to log files. We're looking at maybe providing a similar thing
>> for HDFS. In the end, we don't want the easy way to be any different
>> than it is today, but at the same time have a system where doing more
>> complicated things is possible.
> This is the right approach, IMHO, build it into Hadoop core and then
> we can use it in a manner consistent with how core does.
My concern with trying to come up with a common solution for core
Hadoop and HBase is that the data being logged is fundamentally
different. Sure, you could have a silly logger that just takes a
string, but that's no better than hacking through the logging system,
which can be done today.
A proper interface would have proper types provided to the logger
(e.g., the "AuthResult" class currently private in AccessController).
And those cannot be shared among different services; maybe some base
type with common audit-related fields, but not much more than that.
Anyway, I'll clean up my code and post it on Jira instead of
elongating this thread. :-)