[
https://issues.apache.org/jira/browse/HDDS-10460?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tanvi Penumudy updated HDDS-10460:
----------------------------------
Description:
We should refine audit logging for operations modifying bucket properties.
_How can this be useful?_
* Critical for consumers on earlier versions of Ozone who could potentially
run into known bugs: HDDS-7449 and HDDS-7526.
* Losing bucket replication properties/bucket encryption properties when one
(re)sets quota/bucket replication configurations poses significant risks.
* It is difficult for diagnosing the root cause when one runs into such issues
just by looking at the audit logs.
* Currently, the audit logs do not provide much insight into what properties
have been modified while performing bucket config re(set) operations.
As of today, we are only capturing basic information such as volume, bucket,
gdprEnabled, isVersionEnabled, storageType and owner properties for any given
bucket.
We should also be capturing bucket quota and replication-related properties.
was:
We should refine audit logging for operations that update bucket properties.
_How can be useful?_
* There can be consumers on a previous version of Ozone who could possibly run
into these known bugs: HDDS-7449 and HDDS-7526.
* Losing bucket replication properties/bucket encryption properties when one
(re)sets quota/bucket replication configurations can be a critical issue.
* It is difficult to diagnose the root cause when one runs into such issues
just by looking at the audit logs since they currently do not provide much
insight into what bucket properties have changed while (re)setting bucket
properties.
Currently, we are only capturing the following information: volume, bucket,
gdprEnabled, isVersionEnabled, storageType and owner properties for the given
bucket.
We should also capture bucket quota and replication-related properties.
> Refine audit logging for bucket property updation operations
> ------------------------------------------------------------
>
> Key: HDDS-10460
> URL: https://issues.apache.org/jira/browse/HDDS-10460
> Project: Apache Ozone
> Issue Type: Improvement
> Components: OM
> Reporter: Tanvi Penumudy
> Assignee: Tanvi Penumudy
> Priority: Major
>
> We should refine audit logging for operations modifying bucket properties.
> _How can this be useful?_
> * Critical for consumers on earlier versions of Ozone who could potentially
> run into known bugs: HDDS-7449 and HDDS-7526.
> * Losing bucket replication properties/bucket encryption properties when one
> (re)sets quota/bucket replication configurations poses significant risks.
> * It is difficult for diagnosing the root cause when one runs into such
> issues just by looking at the audit logs.
> * Currently, the audit logs do not provide much insight into what properties
> have been modified while performing bucket config re(set) operations.
> As of today, we are only capturing basic information such as volume, bucket,
> gdprEnabled, isVersionEnabled, storageType and owner properties for any given
> bucket.
> We should also be capturing bucket quota and replication-related properties.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
