AuditLogger and TestAuditLogger are dead code. Contributed by Vrushali C
This commit is contained in:
parent
149b903be3
commit
45382bf047
@ -176,21 +176,6 @@ log4j.appender.DNMETRICSRFA.layout.ConversionPattern=%d{ISO8601} %m%n
|
|||||||
log4j.appender.DNMETRICSRFA.MaxBackupIndex=1
|
log4j.appender.DNMETRICSRFA.MaxBackupIndex=1
|
||||||
log4j.appender.DNMETRICSRFA.MaxFileSize=64MB
|
log4j.appender.DNMETRICSRFA.MaxFileSize=64MB
|
||||||
|
|
||||||
#
|
|
||||||
# mapred audit logging
|
|
||||||
#
|
|
||||||
mapred.audit.logger=INFO,NullAppender
|
|
||||||
mapred.audit.log.maxfilesize=256MB
|
|
||||||
mapred.audit.log.maxbackupindex=20
|
|
||||||
log4j.logger.org.apache.hadoop.mapred.AuditLogger=${mapred.audit.logger}
|
|
||||||
log4j.additivity.org.apache.hadoop.mapred.AuditLogger=false
|
|
||||||
log4j.appender.MRAUDIT=org.apache.log4j.RollingFileAppender
|
|
||||||
log4j.appender.MRAUDIT.File=${hadoop.log.dir}/mapred-audit.log
|
|
||||||
log4j.appender.MRAUDIT.layout=org.apache.log4j.PatternLayout
|
|
||||||
log4j.appender.MRAUDIT.layout.ConversionPattern=%d{ISO8601} %p %c{2}: %m%n
|
|
||||||
log4j.appender.MRAUDIT.MaxFileSize=${mapred.audit.log.maxfilesize}
|
|
||||||
log4j.appender.MRAUDIT.MaxBackupIndex=${mapred.audit.log.maxbackupindex}
|
|
||||||
|
|
||||||
# Custom Logging levels
|
# Custom Logging levels
|
||||||
|
|
||||||
#log4j.logger.org.apache.hadoop.mapred.JobTracker=DEBUG
|
#log4j.logger.org.apache.hadoop.mapred.JobTracker=DEBUG
|
||||||
|
@ -1,154 +0,0 @@
|
|||||||
/**
|
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one
|
|
||||||
* or more contributor license agreements. See the NOTICE file
|
|
||||||
* distributed with this work for additional information
|
|
||||||
* regarding copyright ownership. The ASF licenses this file
|
|
||||||
* to you under the Apache License, Version 2.0 (the
|
|
||||||
* "License"); you may not use this file except in compliance
|
|
||||||
* with the License. You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
package org.apache.hadoop.mapred;
|
|
||||||
|
|
||||||
import java.net.InetAddress;
|
|
||||||
|
|
||||||
import org.apache.commons.logging.Log;
|
|
||||||
import org.apache.commons.logging.LogFactory;
|
|
||||||
import org.apache.hadoop.ipc.Server;
|
|
||||||
|
|
||||||
/** Manages MapReduce audit logs. Audit logs provides information about
|
|
||||||
* authorization/authentication events (success/failure).
|
|
||||||
*
|
|
||||||
* Audit log format is written as key=value pairs.
|
|
||||||
*/
|
|
||||||
class AuditLogger {
|
|
||||||
private static final Log LOG = LogFactory.getLog(AuditLogger.class);
|
|
||||||
|
|
||||||
static enum Keys {USER, OPERATION, TARGET, RESULT, IP, PERMISSIONS,
|
|
||||||
DESCRIPTION}
|
|
||||||
|
|
||||||
static class Constants {
|
|
||||||
static final String SUCCESS = "SUCCESS";
|
|
||||||
static final String FAILURE = "FAILURE";
|
|
||||||
static final String KEY_VAL_SEPARATOR = "=";
|
|
||||||
static final char PAIR_SEPARATOR = '\t';
|
|
||||||
|
|
||||||
// Some constants used by others using AuditLogger.
|
|
||||||
|
|
||||||
// Some commonly used targets
|
|
||||||
static final String JOBTRACKER = "JobTracker";
|
|
||||||
|
|
||||||
// Some commonly used operations
|
|
||||||
static final String REFRESH_QUEUE = "REFRESH_QUEUE";
|
|
||||||
static final String REFRESH_NODES = "REFRESH_NODES";
|
|
||||||
|
|
||||||
// Some commonly used descriptions
|
|
||||||
static final String UNAUTHORIZED_USER = "Unauthorized user";
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* A helper api for creating an audit log for a successful event.
|
|
||||||
* This is factored out for testing purpose.
|
|
||||||
*/
|
|
||||||
static String createSuccessLog(String user, String operation, String target) {
|
|
||||||
StringBuilder b = new StringBuilder();
|
|
||||||
start(Keys.USER, user, b);
|
|
||||||
addRemoteIP(b);
|
|
||||||
add(Keys.OPERATION, operation, b);
|
|
||||||
add(Keys.TARGET, target ,b);
|
|
||||||
add(Keys.RESULT, Constants.SUCCESS, b);
|
|
||||||
return b.toString();
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Create a readable and parseable audit log string for a successful event.
|
|
||||||
*
|
|
||||||
* @param user User who made the service request to the JobTracker.
|
|
||||||
* @param operation Operation requested by the user
|
|
||||||
* @param target The target on which the operation is being performed. Most
|
|
||||||
* commonly operated targets are jobs, JobTracker, queues etc
|
|
||||||
*
|
|
||||||
* <br><br>
|
|
||||||
* Note that the {@link AuditLogger} uses tabs ('\t') as a key-val delimiter
|
|
||||||
* and hence the value fields should not contains tabs ('\t').
|
|
||||||
*/
|
|
||||||
static void logSuccess(String user, String operation, String target) {
|
|
||||||
if (LOG.isInfoEnabled()) {
|
|
||||||
LOG.info(createSuccessLog(user, operation, target));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* A helper api for creating an audit log for a failure event.
|
|
||||||
* This is factored out for testing purpose.
|
|
||||||
*/
|
|
||||||
static String createFailureLog(String user, String operation, String perm,
|
|
||||||
String target, String description) {
|
|
||||||
StringBuilder b = new StringBuilder();
|
|
||||||
start(Keys.USER, user, b);
|
|
||||||
addRemoteIP(b);
|
|
||||||
add(Keys.OPERATION, operation, b);
|
|
||||||
add(Keys.TARGET, target ,b);
|
|
||||||
add(Keys.RESULT, Constants.FAILURE, b);
|
|
||||||
add(Keys.DESCRIPTION, description, b);
|
|
||||||
add(Keys.PERMISSIONS, perm, b);
|
|
||||||
return b.toString();
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Create a readable and parseable audit log string for a failed event.
|
|
||||||
*
|
|
||||||
* @param user User who made the service request to the JobTracker.
|
|
||||||
* @param operation Operation requested by the user
|
|
||||||
* @param perm Target permissions like JobACLs for jobs, QueueACLs for queues.
|
|
||||||
* @param target The target on which the operation is being performed. Most
|
|
||||||
* commonly operated targets are jobs, JobTracker, queues etc
|
|
||||||
* @param description Some additional information as to why the operation
|
|
||||||
* failed.
|
|
||||||
*
|
|
||||||
* <br><br>
|
|
||||||
* Note that the {@link AuditLogger} uses tabs ('\t') as a key-val delimiter
|
|
||||||
* and hence the value fields should not contains tabs ('\t').
|
|
||||||
*/
|
|
||||||
static void logFailure(String user, String operation, String perm,
|
|
||||||
String target, String description) {
|
|
||||||
if (LOG.isWarnEnabled()) {
|
|
||||||
LOG.warn(createFailureLog(user, operation, perm, target, description));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* A helper api to add remote IP address
|
|
||||||
*/
|
|
||||||
static void addRemoteIP(StringBuilder b) {
|
|
||||||
InetAddress ip = Server.getRemoteIp();
|
|
||||||
// ip address can be null for testcases
|
|
||||||
if (ip != null) {
|
|
||||||
add(Keys.IP, ip.getHostAddress(), b);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Adds the first key-val pair to the passed builder in the following format
|
|
||||||
* key=value
|
|
||||||
*/
|
|
||||||
static void start(Keys key, String value, StringBuilder b) {
|
|
||||||
b.append(key.name()).append(Constants.KEY_VAL_SEPARATOR).append(value);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Appends the key-val pair to the passed builder in the following format
|
|
||||||
* <pair-delim>key=value
|
|
||||||
*/
|
|
||||||
static void add(Keys key, String value, StringBuilder b) {
|
|
||||||
b.append(Constants.PAIR_SEPARATOR).append(key.name())
|
|
||||||
.append(Constants.KEY_VAL_SEPARATOR).append(value);
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,161 +0,0 @@
|
|||||||
/**
|
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one
|
|
||||||
* or more contributor license agreements. See the NOTICE file
|
|
||||||
* distributed with this work for additional information
|
|
||||||
* regarding copyright ownership. The ASF licenses this file
|
|
||||||
* to you under the Apache License, Version 2.0 (the
|
|
||||||
* "License"); you may not use this file except in compliance
|
|
||||||
* with the License. You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
package org.apache.hadoop.mapred;
|
|
||||||
|
|
||||||
import java.net.InetAddress;
|
|
||||||
import java.net.InetSocketAddress;
|
|
||||||
|
|
||||||
import org.apache.hadoop.conf.Configuration;
|
|
||||||
import org.apache.hadoop.ipc.ProtocolInfo;
|
|
||||||
import org.apache.hadoop.ipc.RPC;
|
|
||||||
import org.apache.hadoop.ipc.Server;
|
|
||||||
import org.apache.hadoop.ipc.TestRPC.TestImpl;
|
|
||||||
import org.apache.hadoop.ipc.TestRPC.TestProtocol;
|
|
||||||
import org.apache.hadoop.mapred.AuditLogger.Keys;
|
|
||||||
import org.apache.hadoop.net.NetUtils;
|
|
||||||
import org.junit.Test;
|
|
||||||
import static org.junit.Assert.assertEquals;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Tests {@link AuditLogger}.
|
|
||||||
*/
|
|
||||||
public class TestAuditLogger {
|
|
||||||
private static final String USER = "test";
|
|
||||||
private static final String OPERATION = "oper";
|
|
||||||
private static final String TARGET = "tgt";
|
|
||||||
private static final String PERM = "admin group";
|
|
||||||
private static final String DESC = "description of an audit log";
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Test the AuditLog format with key-val pair.
|
|
||||||
*/
|
|
||||||
@Test
|
|
||||||
public void testKeyValLogFormat() {
|
|
||||||
StringBuilder actLog = new StringBuilder();
|
|
||||||
StringBuilder expLog = new StringBuilder();
|
|
||||||
// add the first k=v pair and check
|
|
||||||
AuditLogger.start(Keys.USER, USER, actLog);
|
|
||||||
expLog.append("USER=test");
|
|
||||||
assertEquals(expLog.toString(), actLog.toString());
|
|
||||||
|
|
||||||
// append another k1=v1 pair to already added k=v and test
|
|
||||||
AuditLogger.add(Keys.OPERATION, OPERATION, actLog);
|
|
||||||
expLog.append("\tOPERATION=oper");
|
|
||||||
assertEquals(expLog.toString(), actLog.toString());
|
|
||||||
|
|
||||||
// append another k1=null pair and test
|
|
||||||
AuditLogger.add(Keys.PERMISSIONS, (String)null, actLog);
|
|
||||||
expLog.append("\tPERMISSIONS=null");
|
|
||||||
assertEquals(expLog.toString(), actLog.toString());
|
|
||||||
|
|
||||||
// now add the target and check of the final string
|
|
||||||
AuditLogger.add(Keys.TARGET, TARGET, actLog);
|
|
||||||
expLog.append("\tTARGET=tgt");
|
|
||||||
assertEquals(expLog.toString(), actLog.toString());
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Test the AuditLog format for successful events.
|
|
||||||
*/
|
|
||||||
private void testSuccessLogFormat(boolean checkIP) {
|
|
||||||
// check without the IP
|
|
||||||
String sLog = AuditLogger.createSuccessLog(USER, OPERATION, TARGET);
|
|
||||||
StringBuilder expLog = new StringBuilder();
|
|
||||||
expLog.append("USER=test\t");
|
|
||||||
if (checkIP) {
|
|
||||||
InetAddress ip = Server.getRemoteIp();
|
|
||||||
expLog.append(Keys.IP.name() + "=" + ip.getHostAddress() + "\t");
|
|
||||||
}
|
|
||||||
expLog.append("OPERATION=oper\tTARGET=tgt\tRESULT=SUCCESS");
|
|
||||||
assertEquals(expLog.toString(), sLog);
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Test the AuditLog format for failure events.
|
|
||||||
*/
|
|
||||||
private void testFailureLogFormat(boolean checkIP, String perm) {
|
|
||||||
String fLog =
|
|
||||||
AuditLogger.createFailureLog(USER, OPERATION, perm, TARGET, DESC);
|
|
||||||
StringBuilder expLog = new StringBuilder();
|
|
||||||
expLog.append("USER=test\t");
|
|
||||||
if (checkIP) {
|
|
||||||
InetAddress ip = Server.getRemoteIp();
|
|
||||||
expLog.append(Keys.IP.name() + "=" + ip.getHostAddress() + "\t");
|
|
||||||
}
|
|
||||||
expLog.append("OPERATION=oper\tTARGET=tgt\tRESULT=FAILURE\t");
|
|
||||||
expLog.append("DESCRIPTION=description of an audit log\t");
|
|
||||||
expLog.append("PERMISSIONS=" + perm);
|
|
||||||
assertEquals(expLog.toString(), fLog);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Test the AuditLog format for failure events.
|
|
||||||
*/
|
|
||||||
private void testFailureLogFormat(boolean checkIP) {
|
|
||||||
testFailureLogFormat(checkIP, PERM);
|
|
||||||
testFailureLogFormat(checkIP, null);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Test {@link AuditLogger} without IP set.
|
|
||||||
*/
|
|
||||||
@Test
|
|
||||||
public void testAuditLoggerWithoutIP() throws Exception {
|
|
||||||
// test without ip
|
|
||||||
testSuccessLogFormat(false);
|
|
||||||
testFailureLogFormat(false);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* A special extension of {@link TestImpl} RPC server with
|
|
||||||
* {@link TestImpl#ping()} testing the audit logs.
|
|
||||||
*/
|
|
||||||
@ProtocolInfo(protocolName = "org.apache.hadoop.ipc.TestRPC$TestProtocol")
|
|
||||||
private class MyTestRPCServer extends TestImpl {
|
|
||||||
@Override
|
|
||||||
public void ping() {
|
|
||||||
// test with ip set
|
|
||||||
testSuccessLogFormat(true);
|
|
||||||
testFailureLogFormat(true);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Test {@link AuditLogger} with IP set.
|
|
||||||
*/
|
|
||||||
@Test
|
|
||||||
public void testAuditLoggerWithIP() throws Exception {
|
|
||||||
Configuration conf = new Configuration();
|
|
||||||
// start the IPC server
|
|
||||||
Server server = new RPC.Builder(conf).setProtocol(TestProtocol.class)
|
|
||||||
.setInstance(new MyTestRPCServer()).setBindAddress("0.0.0.0")
|
|
||||||
.setPort(0).build();
|
|
||||||
server.start();
|
|
||||||
|
|
||||||
InetSocketAddress addr = NetUtils.getConnectAddress(server);
|
|
||||||
|
|
||||||
// Make a client connection and test the audit log
|
|
||||||
TestProtocol proxy = (TestProtocol)RPC.getProxy(TestProtocol.class,
|
|
||||||
TestProtocol.versionID, addr, conf);
|
|
||||||
// Start the testcase
|
|
||||||
proxy.ping();
|
|
||||||
|
|
||||||
server.stop();
|
|
||||||
}
|
|
||||||
}
|
|
Loading…
Reference in New Issue
Block a user