diff --git a/hadoop-common-project/hadoop-common/src/main/conf/log4j.properties b/hadoop-common-project/hadoop-common/src/main/conf/log4j.properties index 22a2117833..3752ad1c5a 100644 --- a/hadoop-common-project/hadoop-common/src/main/conf/log4j.properties +++ b/hadoop-common-project/hadoop-common/src/main/conf/log4j.properties @@ -176,21 +176,6 @@ log4j.appender.DNMETRICSRFA.layout.ConversionPattern=%d{ISO8601} %m%n log4j.appender.DNMETRICSRFA.MaxBackupIndex=1 log4j.appender.DNMETRICSRFA.MaxFileSize=64MB -# -# mapred audit logging -# -mapred.audit.logger=INFO,NullAppender -mapred.audit.log.maxfilesize=256MB -mapred.audit.log.maxbackupindex=20 -log4j.logger.org.apache.hadoop.mapred.AuditLogger=${mapred.audit.logger} -log4j.additivity.org.apache.hadoop.mapred.AuditLogger=false -log4j.appender.MRAUDIT=org.apache.log4j.RollingFileAppender -log4j.appender.MRAUDIT.File=${hadoop.log.dir}/mapred-audit.log -log4j.appender.MRAUDIT.layout=org.apache.log4j.PatternLayout -log4j.appender.MRAUDIT.layout.ConversionPattern=%d{ISO8601} %p %c{2}: %m%n -log4j.appender.MRAUDIT.MaxFileSize=${mapred.audit.log.maxfilesize} -log4j.appender.MRAUDIT.MaxBackupIndex=${mapred.audit.log.maxbackupindex} - # Custom Logging levels #log4j.logger.org.apache.hadoop.mapred.JobTracker=DEBUG @@ -334,4 +319,4 @@ log4j.appender.EWMA.maxUniqueMessages=${yarn.ewma.maxUniqueMessages} #log4j.appender.FSSTATEDUMP.layout=org.apache.log4j.PatternLayout #log4j.appender.FSSTATEDUMP.layout.ConversionPattern=%d{ISO8601} %p %c: %m%n #log4j.appender.FSSTATEDUMP.MaxFileSize=${hadoop.log.maxfilesize} -#log4j.appender.FSSTATEDUMP.MaxBackupIndex=${hadoop.log.maxbackupindex} \ No newline at end of file +#log4j.appender.FSSTATEDUMP.MaxBackupIndex=${hadoop.log.maxbackupindex} diff --git a/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/main/java/org/apache/hadoop/mapred/AuditLogger.java b/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/main/java/org/apache/hadoop/mapred/AuditLogger.java deleted file mode 100644 index d1ce94c651..0000000000 --- a/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/main/java/org/apache/hadoop/mapred/AuditLogger.java +++ /dev/null @@ -1,154 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.hadoop.mapred; - -import java.net.InetAddress; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.apache.hadoop.ipc.Server; - -/** Manages MapReduce audit logs. Audit logs provides information about - * authorization/authentication events (success/failure). - * - * Audit log format is written as key=value pairs. - */ -class AuditLogger { - private static final Log LOG = LogFactory.getLog(AuditLogger.class); - - static enum Keys {USER, OPERATION, TARGET, RESULT, IP, PERMISSIONS, - DESCRIPTION} - - static class Constants { - static final String SUCCESS = "SUCCESS"; - static final String FAILURE = "FAILURE"; - static final String KEY_VAL_SEPARATOR = "="; - static final char PAIR_SEPARATOR = '\t'; - - // Some constants used by others using AuditLogger. - - // Some commonly used targets - static final String JOBTRACKER = "JobTracker"; - - // Some commonly used operations - static final String REFRESH_QUEUE = "REFRESH_QUEUE"; - static final String REFRESH_NODES = "REFRESH_NODES"; - - // Some commonly used descriptions - static final String UNAUTHORIZED_USER = "Unauthorized user"; - } - - /** - * A helper api for creating an audit log for a successful event. - * This is factored out for testing purpose. - */ - static String createSuccessLog(String user, String operation, String target) { - StringBuilder b = new StringBuilder(); - start(Keys.USER, user, b); - addRemoteIP(b); - add(Keys.OPERATION, operation, b); - add(Keys.TARGET, target ,b); - add(Keys.RESULT, Constants.SUCCESS, b); - return b.toString(); - } - - /** - * Create a readable and parseable audit log string for a successful event. - * - * @param user User who made the service request to the JobTracker. - * @param operation Operation requested by the user - * @param target The target on which the operation is being performed. Most - * commonly operated targets are jobs, JobTracker, queues etc - * - *

- * Note that the {@link AuditLogger} uses tabs ('\t') as a key-val delimiter - * and hence the value fields should not contains tabs ('\t'). - */ - static void logSuccess(String user, String operation, String target) { - if (LOG.isInfoEnabled()) { - LOG.info(createSuccessLog(user, operation, target)); - } - } - - /** - * A helper api for creating an audit log for a failure event. - * This is factored out for testing purpose. - */ - static String createFailureLog(String user, String operation, String perm, - String target, String description) { - StringBuilder b = new StringBuilder(); - start(Keys.USER, user, b); - addRemoteIP(b); - add(Keys.OPERATION, operation, b); - add(Keys.TARGET, target ,b); - add(Keys.RESULT, Constants.FAILURE, b); - add(Keys.DESCRIPTION, description, b); - add(Keys.PERMISSIONS, perm, b); - return b.toString(); - } - - /** - * Create a readable and parseable audit log string for a failed event. - * - * @param user User who made the service request to the JobTracker. - * @param operation Operation requested by the user - * @param perm Target permissions like JobACLs for jobs, QueueACLs for queues. - * @param target The target on which the operation is being performed. Most - * commonly operated targets are jobs, JobTracker, queues etc - * @param description Some additional information as to why the operation - * failed. - * - *

- * Note that the {@link AuditLogger} uses tabs ('\t') as a key-val delimiter - * and hence the value fields should not contains tabs ('\t'). - */ - static void logFailure(String user, String operation, String perm, - String target, String description) { - if (LOG.isWarnEnabled()) { - LOG.warn(createFailureLog(user, operation, perm, target, description)); - } - } - - /** - * A helper api to add remote IP address - */ - static void addRemoteIP(StringBuilder b) { - InetAddress ip = Server.getRemoteIp(); - // ip address can be null for testcases - if (ip != null) { - add(Keys.IP, ip.getHostAddress(), b); - } - } - - /** - * Adds the first key-val pair to the passed builder in the following format - * key=value - */ - static void start(Keys key, String value, StringBuilder b) { - b.append(key.name()).append(Constants.KEY_VAL_SEPARATOR).append(value); - } - - /** - * Appends the key-val pair to the passed builder in the following format - * key=value - */ - static void add(Keys key, String value, StringBuilder b) { - b.append(Constants.PAIR_SEPARATOR).append(key.name()) - .append(Constants.KEY_VAL_SEPARATOR).append(value); - } -} diff --git a/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-jobclient/src/test/java/org/apache/hadoop/mapred/TestAuditLogger.java b/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-jobclient/src/test/java/org/apache/hadoop/mapred/TestAuditLogger.java deleted file mode 100644 index bc85703bc8..0000000000 --- a/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-jobclient/src/test/java/org/apache/hadoop/mapred/TestAuditLogger.java +++ /dev/null @@ -1,161 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.hadoop.mapred; - -import java.net.InetAddress; -import java.net.InetSocketAddress; - -import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.ipc.ProtocolInfo; -import org.apache.hadoop.ipc.RPC; -import org.apache.hadoop.ipc.Server; -import org.apache.hadoop.ipc.TestRPC.TestImpl; -import org.apache.hadoop.ipc.TestRPC.TestProtocol; -import org.apache.hadoop.mapred.AuditLogger.Keys; -import org.apache.hadoop.net.NetUtils; -import org.junit.Test; -import static org.junit.Assert.assertEquals; - -/** - * Tests {@link AuditLogger}. - */ -public class TestAuditLogger { - private static final String USER = "test"; - private static final String OPERATION = "oper"; - private static final String TARGET = "tgt"; - private static final String PERM = "admin group"; - private static final String DESC = "description of an audit log"; - - /** - * Test the AuditLog format with key-val pair. - */ - @Test - public void testKeyValLogFormat() { - StringBuilder actLog = new StringBuilder(); - StringBuilder expLog = new StringBuilder(); - // add the first k=v pair and check - AuditLogger.start(Keys.USER, USER, actLog); - expLog.append("USER=test"); - assertEquals(expLog.toString(), actLog.toString()); - - // append another k1=v1 pair to already added k=v and test - AuditLogger.add(Keys.OPERATION, OPERATION, actLog); - expLog.append("\tOPERATION=oper"); - assertEquals(expLog.toString(), actLog.toString()); - - // append another k1=null pair and test - AuditLogger.add(Keys.PERMISSIONS, (String)null, actLog); - expLog.append("\tPERMISSIONS=null"); - assertEquals(expLog.toString(), actLog.toString()); - - // now add the target and check of the final string - AuditLogger.add(Keys.TARGET, TARGET, actLog); - expLog.append("\tTARGET=tgt"); - assertEquals(expLog.toString(), actLog.toString()); - } - - /** - * Test the AuditLog format for successful events. - */ - private void testSuccessLogFormat(boolean checkIP) { - // check without the IP - String sLog = AuditLogger.createSuccessLog(USER, OPERATION, TARGET); - StringBuilder expLog = new StringBuilder(); - expLog.append("USER=test\t"); - if (checkIP) { - InetAddress ip = Server.getRemoteIp(); - expLog.append(Keys.IP.name() + "=" + ip.getHostAddress() + "\t"); - } - expLog.append("OPERATION=oper\tTARGET=tgt\tRESULT=SUCCESS"); - assertEquals(expLog.toString(), sLog); - - } - - /** - * Test the AuditLog format for failure events. - */ - private void testFailureLogFormat(boolean checkIP, String perm) { - String fLog = - AuditLogger.createFailureLog(USER, OPERATION, perm, TARGET, DESC); - StringBuilder expLog = new StringBuilder(); - expLog.append("USER=test\t"); - if (checkIP) { - InetAddress ip = Server.getRemoteIp(); - expLog.append(Keys.IP.name() + "=" + ip.getHostAddress() + "\t"); - } - expLog.append("OPERATION=oper\tTARGET=tgt\tRESULT=FAILURE\t"); - expLog.append("DESCRIPTION=description of an audit log\t"); - expLog.append("PERMISSIONS=" + perm); - assertEquals(expLog.toString(), fLog); - } - - /** - * Test the AuditLog format for failure events. - */ - private void testFailureLogFormat(boolean checkIP) { - testFailureLogFormat(checkIP, PERM); - testFailureLogFormat(checkIP, null); - } - - /** - * Test {@link AuditLogger} without IP set. - */ - @Test - public void testAuditLoggerWithoutIP() throws Exception { - // test without ip - testSuccessLogFormat(false); - testFailureLogFormat(false); - } - - /** - * A special extension of {@link TestImpl} RPC server with - * {@link TestImpl#ping()} testing the audit logs. - */ - @ProtocolInfo(protocolName = "org.apache.hadoop.ipc.TestRPC$TestProtocol") - private class MyTestRPCServer extends TestImpl { - @Override - public void ping() { - // test with ip set - testSuccessLogFormat(true); - testFailureLogFormat(true); - } - } - - /** - * Test {@link AuditLogger} with IP set. - */ - @Test - public void testAuditLoggerWithIP() throws Exception { - Configuration conf = new Configuration(); - // start the IPC server - Server server = new RPC.Builder(conf).setProtocol(TestProtocol.class) - .setInstance(new MyTestRPCServer()).setBindAddress("0.0.0.0") - .setPort(0).build(); - server.start(); - - InetSocketAddress addr = NetUtils.getConnectAddress(server); - - // Make a client connection and test the audit log - TestProtocol proxy = (TestProtocol)RPC.getProxy(TestProtocol.class, - TestProtocol.versionID, addr, conf); - // Start the testcase - proxy.ping(); - - server.stop(); - } -}