big-data/hadoop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

YARN-9762. Add submission context label to audit logs. Contributed by Manoj Kumar

Browse Source
This commit is contained in:
Jonathan Hung 2019-09-23 11:42:41 -07:00
parent c30e495557
commit 3d78b1223d
3 changed files with 69 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ClientRMService.java
View File

@ -695,13 +695,15 @@ public SubmitApplicationResponse submitApplication(
" submitted by user " + user); " submitted by user " + user);
RMAuditLogger.logSuccess(user, AuditConstants.SUBMIT_APP_REQUEST, RMAuditLogger.logSuccess(user, AuditConstants.SUBMIT_APP_REQUEST,
"ClientRMService", applicationId, callerContext, "ClientRMService", applicationId, callerContext,
submissionContext.getQueue()); submissionContext.getQueue(),
submissionContext.getNodeLabelExpression());
} catch (YarnException e) { } catch (YarnException e) {
LOG.info("Exception in submitting " + applicationId, e); LOG.info("Exception in submitting " + applicationId, e);
RMAuditLogger.logFailure(user, AuditConstants.SUBMIT_APP_REQUEST, RMAuditLogger.logFailure(user, AuditConstants.SUBMIT_APP_REQUEST,
e.getMessage(), "ClientRMService", e.getMessage(), "ClientRMService",
"Exception in submitting application", applicationId, callerContext, "Exception in submitting application", applicationId, callerContext,
submissionContext.getQueue()); submissionContext.getQueue(),
submissionContext.getNodeLabelExpression());
throw e; throw e;
} }

53
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/RMAuditLogger.java
View File

@ -271,6 +271,16 @@ public static void logSuccess(String user, String operation, String target,
} }
} }
public static void logSuccess(String user, String operation, String target,
ApplicationId appId, CallerContext callerContext, String queueName,
String partition) {
if (LOG.isInfoEnabled()) {
LOG.info(
createSuccessLog(user, operation, target, appId, null, null, null,
callerContext, Server.getRemoteIp(), queueName, partition));
}
}
/** /**
* Create a readable and parseable audit log string for a successful event. * Create a readable and parseable audit log string for a successful event.
* *
@ -391,7 +401,8 @@ private static StringBuilder createStringBuilderForFailureLog(String user,
static String createFailureLog(String user, String operation, String perm, static String createFailureLog(String user, String operation, String perm,
String target, String description, ApplicationId appId, String target, String description, ApplicationId appId,
ApplicationAttemptId attemptId, ContainerId containerId, ApplicationAttemptId attemptId, ContainerId containerId,
Resource resource, CallerContext callerContext, String queueName) { Resource resource, CallerContext callerContext, String queueName,
String partition) {
StringBuilder b = createStringBuilderForFailureLog(user, StringBuilder b = createStringBuilderForFailureLog(user,
operation, target, description, perm); operation, target, description, perm);
if (appId != null) { if (appId != null) {
@ -410,6 +421,10 @@ static String createFailureLog(String user, String operation, String perm,
if (queueName != null) { if (queueName != null) {
add(Keys.QUEUENAME, queueName, b); add(Keys.QUEUENAME, queueName, b);
} }
if (partition != null) {
add(Keys.NODELABEL, partition, b);
}
return b.toString(); return b.toString();
} }
@ -420,7 +435,7 @@ static String createFailureLog(String user, String operation, String perm,
String target, String description, ApplicationId appId, String target, String description, ApplicationId appId,
ApplicationAttemptId attemptId, ContainerId containerId, Resource resource) { ApplicationAttemptId attemptId, ContainerId containerId, Resource resource) {
return createFailureLog(user, operation, perm, target, description, appId, return createFailureLog(user, operation, perm, target, description, appId,
attemptId, containerId, resource, null, null); attemptId, containerId, resource, null, null, null);
} }
/** /**
@ -492,7 +507,7 @@ public static void logFailure(String user, String operation, String perm,
CallerContext callerContext) { CallerContext callerContext) {
if (LOG.isWarnEnabled()) { if (LOG.isWarnEnabled()) {
LOG.warn(createFailureLog(user, operation, perm, target, description, LOG.warn(createFailureLog(user, operation, perm, target, description,
appId, null, null, null, callerContext, null)); appId, null, null, null, callerContext, null, null));
} }
} }
@ -501,7 +516,7 @@ public static void logFailure(String user, String operation, String perm,
CallerContext callerContext, String queueName) { CallerContext callerContext, String queueName) {
if (LOG.isWarnEnabled()) { if (LOG.isWarnEnabled()) {
LOG.warn(createFailureLog(user, operation, perm, target, description, LOG.warn(createFailureLog(user, operation, perm, target, description,
appId, null, null, null, callerContext, queueName)); appId, null, null, null, callerContext, queueName, null));
} }
} }
@ -533,7 +548,7 @@ public static void logFailure(String user, String operation, String perm,
String queueName) { String queueName) {
if (LOG.isWarnEnabled()) { if (LOG.isWarnEnabled()) {
LOG.warn(createFailureLog(user, operation, perm, target, description, LOG.warn(createFailureLog(user, operation, perm, target, description,
appId, null, null, null, null, queueName)); appId, null, null, null, null, queueName, null));
} }
} }
@ -581,6 +596,34 @@ public static void logFailure(String user, String operation, String perm,
} }
} }
/**
* Create a readable and parseable audit log string for a failed event.
*
* @param user User who made the service request.
* @param operation Operation requested by the user.
* @param perm Target permissions.
* @param target The target on which the operation is being performed.
* @param description Some additional information as to why the operation
* failed.
* @param appId ApplicationId in which operation was performed.
* @param callerContext Caller context
* @param queueName Name of queue.
* @param partition Name of labeled partition.
*
* <br><br>
* Note that the {@link RMAuditLogger} uses tabs ('\t') as a key-val delimiter
* and hence the value fields should not contains tabs ('\t').
*/
public static void logFailure(String user, String operation, String perm,
String target, String description, ApplicationId appId,
CallerContext callerContext, String queueName, String partition) {
if (LOG.isWarnEnabled()) {
LOG.warn(
createFailureLog(user, operation, perm, target, description, appId,
null, null, null, callerContext, queueName, partition));
}
}
/** /**
* A helper api to add remote IP address. * A helper api to add remote IP address.
*/ */

21
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestRMAuditLogger.java
View File

@ -293,16 +293,17 @@ private void testFailureLogFormatHelper(boolean checkIP, ApplicationId appId,
ApplicationAttemptId attemptId, ContainerId containerId, ApplicationAttemptId attemptId, ContainerId containerId,
CallerContext callerContext, Resource resource) { CallerContext callerContext, Resource resource) {
testFailureLogFormatHelper(checkIP, appId, attemptId, containerId, testFailureLogFormatHelper(checkIP, appId, attemptId, containerId,
callerContext, resource, null); callerContext, resource, null, null, null);
} }
private void testFailureLogFormatHelper(boolean checkIP, ApplicationId appId, private void testFailureLogFormatHelper(boolean checkIP, ApplicationId appId,
ApplicationAttemptId attemptId, ContainerId containerId, ApplicationAttemptId attemptId, ContainerId containerId,
CallerContext callerContext, Resource resource, CallerContext callerContext, Resource resource,
RMAuditLogger.ArgsBuilder args) { String queueName, String partition, RMAuditLogger.ArgsBuilder args) {
String fLog = args == null ? String fLog = args == null ?
RMAuditLogger.createFailureLog(USER, OPERATION, PERM, TARGET, DESC, RMAuditLogger.createFailureLog(USER, OPERATION, PERM, TARGET, DESC,
appId, attemptId, containerId, resource, callerContext, null) : appId, attemptId, containerId, resource, callerContext,
queueName, partition) :
RMAuditLogger.createFailureLog(USER, OPERATION, PERM, TARGET, DESC, RMAuditLogger.createFailureLog(USER, OPERATION, PERM, TARGET, DESC,
args); args);
StringBuilder expLog = new StringBuilder(); StringBuilder expLog = new StringBuilder();
@ -334,6 +335,12 @@ private void testFailureLogFormatHelper(boolean checkIP, ApplicationId appId,
expLog.append("\tCALLERSIGNATURE=signature"); expLog.append("\tCALLERSIGNATURE=signature");
} }
} }
if (queueName != null) {
expLog.append("\tQUEUENAME=" + QUEUE);
}
if (partition != null) {
expLog.append("\tNODELABEL=" + PARTITION);
}
if (args != null) { if (args != null) {
expLog.append("\tQUEUENAME=root"); expLog.append("\tQUEUENAME=root");
expLog.append("\tRECURSIVE=true"); expLog.append("\tRECURSIVE=true");
@ -364,10 +371,16 @@ private void testFailureLogFormat(boolean checkIP) {
testFailureLogFormatHelper(checkIP, APPID, ATTEMPTID, CONTAINERID, testFailureLogFormatHelper(checkIP, APPID, ATTEMPTID, CONTAINERID,
new CallerContext.Builder(CALLER_CONTEXT).setSignature(CALLER_SIGNATURE) new CallerContext.Builder(CALLER_CONTEXT).setSignature(CALLER_SIGNATURE)
.build(), RESOURCE); .build(), RESOURCE);
testFailureLogFormatHelper(checkIP, APPID, ATTEMPTID, CONTAINERID,
new CallerContext.Builder(CALLER_CONTEXT).setSignature(CALLER_SIGNATURE)
.build(), RESOURCE, QUEUE, null, null);
testFailureLogFormatHelper(checkIP, APPID, ATTEMPTID, CONTAINERID,
new CallerContext.Builder(CALLER_CONTEXT).setSignature(CALLER_SIGNATURE)
.build(), RESOURCE, QUEUE, PARTITION, null);
RMAuditLogger.ArgsBuilder args = new RMAuditLogger.ArgsBuilder() RMAuditLogger.ArgsBuilder args = new RMAuditLogger.ArgsBuilder()
.append(Keys.QUEUENAME, QUEUE).append(Keys.RECURSIVE, "true"); .append(Keys.QUEUENAME, QUEUE).append(Keys.RECURSIVE, "true");
testFailureLogFormatHelper(checkIP, null, null, null, null, null, testFailureLogFormatHelper(checkIP, null, null, null, null, null,
args); null, null, args);
} }
/** /**